User manual D-LINK DES-6000

DES-6000 Modular Ethernet Switch User's Guide Second Edition (April 2001) 6DES6000..02 Printed In Taiwan RECYCLABLE TABLE OF CONTENTS ABOUT THIS GUIDE ................................................................................................................................................................V CONVENTIONS ............................................................................................................................................................................ V OVERVIEW OF THIS USER'S GUIDE.............................................................................................................................................. V INTRODUCTION........................................................................................................................................................................1 FAST ETHERNET TECHNOLOGY....................................................................................................................................................1 GIGABIT ETHERNET TECHNOLOGY ..............................................................................................................................................1 SWITCHING TECHNOLOGY ...........................................................................................................................................................2 FEATURES ....................................................................................................................................................................................2 Chassis.....................................................................................................................................................................................2 Modules....................................................................................................................................................................................3 CPU Module .............................................................................................................................................................................................3 10BASE-T/100BASE-TX Module............................................................................................................................................................3 100BASE-FX (MT-RJ) Module................................................................................................................................................................4 1000BASE-T (RJ-45) Module ..................................................................................................................................................................4 1000BASE-SX (SC) Module ....................................................................................................................................................................4 1000BASE-LX (SC) Module ....................................................................................................................................................................4 Power Supply Modules .............................................................................................................................................................................4 UNPACKING AND SETUP........................................................................................................................................................6 UNPACKING .................................................................................................................................................................................6 SETUP ..........................................................................................................................................................................................6 DESKTOP OR SHELF INSTALLATION .............................................................................................................................................7 RACK INSTALLATION ...................................................................................................................................................................7 INSTALLING MODULES.................................................................................................................................................................8 CONNECTING A TERMINAL...........................................................................................................................................................9 POWER ON....................................................................................................................................................................................9 Power Failure ........................................................................................................................................................................10 IDENTIFYING EXTERNAL COMPONENTS ......................................................................................................................11 FRONT PANEL ............................................................................................................................................................................11 SIDE PANELS..............................................................................................................................................................................11 OPTIONAL PLUG-IN MODULES ...................................................................................................................................................12 10BASE-T/100BASE-TX Module ...........................................................................................................................................12 100BASE-FX (MT-RJ) Module ..............................................................................................................................................12 1000BASE-T (RJ-45) Module ................................................................................................................................................13 1000BASE-SX (MT-RJ) Gigabit Module ...............................................................................................................................13 1000BASE-SX (SC) Gigabit Module......................................................................................................................................14 1000BASE-LX (SC) Gigabit Module .....................................................................................................................................14 Power Supply Modules ..........................................................................................................................................................15 LED INDICATORS ......................................................................................................................................................................15 CONNECTING THE SWITCH ...............................................................................................................................................16 SWITCH TO END NODE ...............................................................................................................................................................16 SWITCH TO HUB OR SWITCH ......................................................................................................................................................16 10BASE-T Device ..................................................................................................................................................................17 100BASE-TX Device ..............................................................................................................................................................17 1000BASE-T Device ..............................................................................................................................................................17 CABLE LENGTHS........................................................................................................................................................................18 SWITCH MANAGEMENT CONCEPTS................................................................................................................................19 LOCAL CONSOLE MANAGEMENT ...............................................................................................................................................19 Diagnostic (Console) Port (RS-232 DCE).............................................................................................................................19 IP ADDRESSES AND SNMP COMMUNITY NAMES ......................................................................................................................20 TRAPS ........................................................................................................................................................................................20 MIBS .........................................................................................................................................................................................21 PACKET FORWARDING ...............................................................................................................................................................22 Aging Time.............................................................................................................................................................................22 Filtering Database.................................................................................................................................................................22 SPANNING TREE ALGORITHM ....................................................................................................................................................22 STA Operation Levels ............................................................................................................................................................23 On the Bridge Level................................................................................................................................................................................23 On the Port Level ....................................................................................................................................................................................23 User-Changeable STA Parameters........................................................................................................................................24 Illustration of STA..................................................................................................................................................................24 PORT TRUNKING ........................................................................................................................................................................26 VLANS & BROADCAST DOMAINS.............................................................................................................................................26 MAC-based Broadcast Domains ...........................................................................................................................................27 802.1Q VLANs .......................................................................................................................................................................27 802.1Q VLAN Segmentation ..................................................................................................................................................................27 Sharing Resources Across 802.1Q VLANs.............................................................................................................................................28 802.1Q VLANs Spanning Multiple Switches .........................................................................................................................................28 Port-based VLANs .................................................................................................................................................................30 BROADCAST STORMS.................................................................................................................................................................31 Segmenting Broadcast Domains............................................................................................................................................31 Eliminating Broadcast Storms ...............................................................................................................................................31 USING THE CONSOLE INTERFACE...................................................................................................................................32 SETTING UP A CONSOLE............................................................................................................................................................32 CONNECTING TO THE SWITCH USING TELNET............................................................................................................................33 CONSOLE USAGE CONVENTIONS................................................................................................................................................33 FIRST TIME CONNECTING TO THE SWITCH.......................................................................................33 User Accounts Management ..................................................................................................................................................34 Save Changes.........................................................................................................................................................................35 LOGIN ON THE SWITCH CONSOLE BY REGISTERED USERS........................................................................................................36 Create/Modify User Accounts.................................................................................................................................................................36 User Accounts Control Table..................................................................................................................................................................37 SETTING UP THE SWITCH...........................................................................................................................................................38 System Configuration.............................................................................................................................................................38 Configure IP Address..............................................................................................................................................................................39 Configure Console ..................................................................................................................................................................................40 Configure Switch Modules......................................................................................................................................................................40 Configure Ports .......................................................................................................................................................................................42 Configure Trunk Groups .........................................................................................................................................................................44 Configure Port Mirroring ........................................................................................................................................................................45 Configure Spanning Tree Protocol..........................................................................................................................................................46 Configure Filtering and Forwarding Table..............................................................................................................................................49 Configure VLANs & MAC-based Broadcast Domains ..........................................................................................................................55 Update Firmware and Configuration Files ...........................................................................................................................65 System Utilities ......................................................................................................................................................................66 Ping Test .................................................................................................................................................................................................66 Save Settings to TFTP Server .................................................................................................................................................................67 Save Switch History to TFTP Server ......................................................................................................................................................68 Clear Address Table................................................................................................................................................................................68 Management WEB ..................................................................................................................................................................................68 Community Strings and Trap Stations ...................................................................................................................................68 SWITCH MONITORING ................................................................................................................................................................69 Network Monitoring and Device Information........................................................................................................................69 Traffic Statistics ......................................................................................................................................................................................70 Browse Address Table ............................................................................................................................................................................74 Switch History ........................................................................................................................................................................................74 Device Status ..........................................................................................................................................................................................75 Browse GVRP Status ..............................................................................................................................................................................75 Browse GMRP Status .............................................................................................................................................................................76 IP Multicast and IGMP Information .......................................................................................................................................................76 RESETTING THE SWITCH ............................................................................................................................................................77 Factory Reset .........................................................................................................................................................................78 Logout ....................................................................................................................................................................................78 WEB-BASED NETWORK MANAGEMENT ........................................................................................................................79 INTRODUCTION ..........................................................................................................................................................................79 GETTING STARTED.....................................................................................................................................................................79 MANAGEMENT ...........................................................................................................................................................................79 Configuration.........................................................................................................................................................................80 IP Address...............................................................................................................................................................................................81 Switch Module ........................................................................................................................................................................................81 Advanced Settings...................................................................................................................................................................................83 Port Configuration...................................................................................................................................................................................84 Trunk Groups ..........................................................................................................................................................................................85 Port Mirroring .........................................................................................................................................................................................86 Spanning Tree Protocol...........................................................................................................................................................................86 Forwarding and Filtering.........................................................................................................................................................................88 IGMP ......................................................................................................................................................................................................92 VLANs & MAC-based Broadcast Domains ...........................................................................................................................................96 Management ........................................................................................................................................................................104 Community Strings and Trap Receivers ...............................................................................................................................................105 User Accounts Management .................................................................................................................................................................105 Console .................................................................................................................................................................................................106 Monitoring ...........................................................................................................................................................................107 Switch Overview...................................................................................................................................................................................108 Port Utilization......................................................................................................................................................................................109 Port Traffic Statistics ............................................................................................................................................................................109 Port Error Packet Statistics....................................................................................................................................................................110 Port Packet Analysis .............................................................................................................................................................................111 Browse Address Table ..........................................................................................................................................................................113 IP Multicast & IGMP Information ........................................................................................................................................................113 Browse GVRP Status ............................................................................................................................................................................114 Browse GMRP Status ...........................................................................................................................................................................114 Switch History ......................................................................................................................................................................................114 Device Status ........................................................................................................................................................................................115 Maintenance ........................................................................................................................................................................115 Firmware and Configuration Update.....................................................................................................................................................116 Save Settings to TFTP Server ...............................................................................................................................................................117 Save Switch History to TFTP Server ....................................................................................................................................................117 Clear Address Table..............................................................................................................................................................................118 Save Changes ........................................................................................................................................................................................118 Factory Reset ........................................................................................................................................................................................119 Restart System ......................................................................................................................................................................................119 TECHNICAL SPECIFICATIONS.........................................................................................................................................120 RJ-45 PIN SPECIFICATION .................................................................................................................................................122 SAMPLE CONFIGURATION FILE .....................................................................................................................................124 Commands: ...........................................................................................................................................................................................124 Notes about the Configuration File: ......................................................................................................................................................124 RUNTIME SOFTWARE DEFAULT SETTINGS................................................................................................................126 INDEX.......................................................................................................................................................................................127 TECHNICAL SUPPORT.........................................................................................................................................................128 WARRANTY..............................................................................................................................................................................129 REGISTRATION.......................................................................................................................................................................131 DES-6000 Modular Ethernet Switch User's Guide ABOUT THIS GUIDE This User's Guide tells you how to install your Modular Ethernet Switch, how to connect it to your Ethernet network, and how to set its configuration using either the built-in console interface or Web-based management. Conventions References in this manual to the DES-6000 are frequently written simply as "Switch" or "Switches" where the text applies to both models. Model numbers are normally used only to differentiate between specific Switches where necessary. Unless differentiated by model number, all information applies to both models. Overview of this User's Guide Chapter 1, "Introduction." Describes the Switch and its features. Chapter 2, "Unpacking and Setup." Helps you get started with the basic installation of the Switch. Chapter 3, "Identifying External Components." Describes the front panel, side panels, optional plug-in modules, and LED indicators of the Switch. Chapter 4, "Connecting the Switch." Tells how you can connect the Switch to your Ethernet network as well as providing an informational cable length table. Chapter 5, "Switch Management Concepts." Talks about Local Console Management via the RS-232 DCE console port and other aspects about how to manage the Switch. Chapter 6, "Using the Console Interface." Tells how to use the built-in console interface to change, set, and monitor Switch performance and security. Chapter 7, "Web-Based Network Management." Tells how to manage the Switch through an Internet browser. Appendix A, "Technical Specifications." Lists the technical specifications of the Switch. Appendix B, "RJ-45 Pin Specifications." Shows the details and pin assignments for the RJ-45 receptacle/connector. Appendix C, "Sample Configuration File." Appendix D, "Runtime Software Default Settings." About This Guide v Modular Ethernet Switch User's Guide 1 INTRODUCTION This section describes the features of the Switch, as well as giving some background information about Ethernet/Fast Ethernet, Gigabit Ethernet, and switching technology. Fast Ethernet Technology The growing importance of LANs and the increasing complexity of desktop computing applications are fueling the need for high performance networks. A number of high-speed LAN technologies are proposed to provide greater bandwidth and improve client/server response times. Among them, Fast Ethernet, or 100BASE-T, provides a non-disruptive, smooth evolution from the current 10BASE-T technology. The dominating market position virtually guarantees cost effective and high performance Fast Ethernet solutions in the years to come. 100Mbps Fast Ethernet is a standard specified by the IEEE 802.3 LAN committee. It is an extension of the 10Mbps Ethernet standard with the ability to transmit and receive data at 100Mbps, while maintaining the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Ethernet protocol. Gigabit Ethernet Technology Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and support for CSMA/CD protocol, full duplex, flow control, and management objects, but with a tenfold increase in theoretical throughput over 100Mbps Fast Ethernet and a one hundred-fold increase over 10Mbps Ethernet. Since it is compatible with all 10Mbps and 100Mbps Ethernet environments, Gigabit Ethernet provides a straightforward upgrade without wasting a company's existing investment in hardware, software, and trained personnel. The increased speed and extra bandwidth offered by Gigabit Ethernet is essential to coping with the network bottlenecks that frequently develop as computers and their busses get faster and more users use applications that generate more traffic. Upgrading key components, such as your backbone and servers to Gigabit Ethernet can greatly improve network response times as well as significantly speed up the traffic between your subnets. Gigabit Ethernet enables fast optical fiber connections to support video conferencing, complex imaging, and similar data-intensive applications. Likewise, since data transfers occur 10 times faster than Fast Ethernet, servers outfitted with Gigabit Ethernet NIC's are able to perform 10 times the number of operations in the same amount of time. In addition, the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost-effective method to take advantage of today and tomorrow's rapidly improving switching and routing internetworking technologies. And with expected advances in the coming years in silicon technology and digital signal processing that will enable Gigabit Ethernet to eventually operate over unshielded twisted-pair (UTP) Introduction 1 Modular Ethernet Switch User's Guide cabling, outfitting your network with a powerful 1000Mbps-capable backbone/server connection creates a flexible foundation for the next generation of network technology products. Switching Technology Another key development pushing the limits of Ethernet technology is in the field of switching technology. A switch bridges Ethernet packets at the MAC address level of the Ethernet protocol transmitting among connected Ethernet, Fast Ethernet, or Gigabit Ethernet LAN segments. Switching is a cost-effective way of increasing the total network capacity available to users on a local area network. A switch increases capacity and decreases network loading by making it possible for a local area network to be divided into different segments which don't compete with each other for network transmission capacity, giving a decreased load on each. The switch acts as a high-speed selective bridge between the individual segments. Traffic that needs to go from one segment to another (from one port to another) is automatically forwarded by the switch, without interfering with any other segments (ports). This allows the total network capacity to be multiplied, while still maintaining the same network cabling and adapter cards. For Fast Ethernet or Gigabit Ethernet networks, a switch is an effective way of eliminating problems of chaining hubs beyond the "two-repeater limit." A switch can be used to split parts of the network into different collision domains, for example, making it possible to expand your Fast Ethernet network beyond the 205 meter network diameter limit for 100BASE-TX networks. Switches supporting both traditional 10Mbps Ethernet and 100Mbps Fast Ethernet are also ideal for bridging between existing 10Mbps networks and new 100Mbps networks. Switching LAN technology is a marked improvement over the previous generation of network bridges, which were characterized by higher latencies. Routers have also been used to segment local area networks, but the cost of a router and the setup and maintenance required make routers relatively impractical. Today's switches are an ideal solution to most kinds of local area network congestion problems. Features The DES-6000 Modular switch is designed for easy installation and high performance in an environment where traffic on the network and the number of users increases continuously. Switch features include: Chassis The chassis is the main unit that modules and power supplies are installed into. A CPU module and a power supply module come preinstalled in the chassis. Chassis features include: Eight slots for installing networking modules (plus one slot reserved for the CPU) Two slots for installing redundant power supply modules 21.3 Gigabit/sec. (Gbps) backplane switching fabric Hot-swappable design for power supply modules Networking modules warm-swappable (except CPU module) 2 Introduction Modular Ethernet Switch User's Guide Ears and screws for rack mounting Modules The following describes the optional plug-in modules available for the switch. CPU Module A single CPU module must be present and must be installed in first (uppermost) slot. Layer 2 switching based on MAC address & VLAN ID. Store and Forward packet switching. Broadcast Storm rate filtering. Supports static filtering (based on MAC address). Supports IEEE 802.1Q VLAN (Static VLAN). Proprietary simplified Port-based VLANs IEEE 802.1d Spanning Tree support. Address table: 12K MAC address per switch 96 Static VLAN Entries (in IEEE 802.1Q VLANs mode) Supports 802.1p priority queuing (2 priority queues) Port Aggregation (Port-Trunking) Capability Port Mirroring IGMP snooping Head Of Line (HOL) Blocking Prevention RS-232 port for out-of-band management and system configuration Telnet Remote Configuration TFTP software upgrades, settings file and switch log uploads Web-based management SNMP Agents: MIB-II (RFC 1213) RMON MIB (RFC 1757) Bridge MIB (RFC 1493) SLIP Supports four RMON (1,2,3,9) groups Port Security BootP support Support for DHCP Client 10BASE-T/100BASE-TX Module 16 10BASE-T/100BASE-TX ports Fully compliant with IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX All 10/100Mbps ports support NWay auto-negotiation Back pressure Flow Control support for Half-duplex mode Introduction 3 Modular Ethernet Switch User's Guide IEEE 802.3x-compliant Flow Control support for Full-duplex Per port packet buffer: 0.5 Mbytes 100BASE-FX (MT-RJ) Module 12 100BASE-FX (MT-RJ) Fast Ethernet ports Fully compliant with IEEE 802.3u 100BASE-FX Back pressure Flow Control support for Half-duplex mode IEEE 802.3x compliant Flow Control support for Full-duplex Per port packet buffer: 0.5 Mbytes 1000BASE-T (RJ-45) Module 2-port, front-panel module Store and forward packet switching Connects to 1000BASE-T devices only at full-duplex and auto-negotiating. 2 1000BASE-T (RJ-45) Gigabit Ethernet ports Fully compliant with IEEE 802.3ab Fully compliant with IEEE 802.1Q/P Back pressure Flow Control support for Half-duplex mode IEEE 802.3x compliant Flow Control support for Full-duplex 1000BASE-SX (SC) Module 2 1000BASE-SX (SC) Gigabit Ethernet ports Fully compliant with IEEE 802.3z Support Full-duplex operation only IEEE 802.3x-compliant Flow Control support Per port packet buffer: 2 Mbytes 1000BASE-LX (SC) Module 2 1000BASE-LX (SC) Gigabit Ethernet ports Fully compliant with IEEE 802.3z Support Full-duplex operation only IEEE 802.3x-compliant Flow Control support Per port packet buffer: 2 Mbytes Power Supply Modules Dual power modules design Current sharing design Full redundant feature design to ensure continuous operation If one power module fails, the other will take over all current supply automatically. Hot-swappable/Hot-pluggable Power management functions enabled Revolving handle design 4 Introduction Modular Ethernet Switch User's Guide Input: 90 ~ 264 VAC, 47 ~ 63Hz Output: 3.3V: 4A ~ 60A 12V: 0.1A ~ 2A Introduction 5 Modular Ethernet Switch User's Guide 2 UNPACKING AND SETUP This chapter provides unpacking and setup information for the Switch. Unpacking Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the following items: One switch chassis One management module (pre-installed in uppermost slot) One power supply module (pre-installed) One mounting kit: four mounting brackets and screws Four rubber feet with adhesive backing One AC power cord One console cable One printed copy of the quickstart guide One printed copy of this user's guide One CD-ROM containing this user's guide If any item is found missing or damaged, please contact your local reseller for replacement. Setup The setup of the Switch can be performed using the following steps: The surface must support at least 5 kg. The power outlet should be within 1.82 meters (6 feet) of the device. Visually inspect the power cord and see that it is secured fully to the AC power connector. Make sure that there is proper heat dissipation from and adequate ventilation around the Switch. Do not place heavy objects on the Switch. 6 Unpacking and Setup Modular Ethernet Switch User's Guide Desktop or Shelf Installation When installing the Switch on a desktop or shelf, the rubber feet included with the device must be first attached. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation space between the device and the objects around it. Figure 2-1. Switch installed on a Desktop or Shelf Rack Installation The Switch can be mounted in an EIA standard size, 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets on the Switch's front panel (one on each side) and secure them with the screws provided. Figure 2-2. Attaching the mounting brackets to the Switch Then, use the screws provided with the equipment rack to mount the Switch in the rack. Unpacking and Setup 7 Modular Ethernet Switch User's Guide Installing Modules The DES-6000 supports up to 9 modules which can be installed into the module bays. Networking modules are warm-swappable, meaning they can be added and removed while power to the switch is ON. After warmswapping a networking module, the switch will automatically be rebooted. Make sure to use the Save Changes command to save the current configuration to NV-RAM before warm-swapping modules. The CPU module, however, is NOT hot-swappable. Removing or inserting the CPU module while the power is on may cause irreparable damage to the module and/or to the Switch itself. Further, make sure you have unplugged the power cord from the removable power supply module before inserting or removing it from the Switch. CAUTION: Due to the high energy present in this system, extreme caution should be exercised whenever adding or removing system components. No element of this system may be installed or removed except by an authorized technician. Figure 2-3. Removing a Blank Slot Cover Modules can be installed into any free slot, except the CPU module which must be installed in the uppermost (top) slot. To install a module, simply remove a blank slot cover and slide the module along the guide rails until it snaps firmly in place. 8 Unpacking and Setup Modular Ethernet Switch User's Guide Figure 2­4. Installing a Module Connecting a Terminal The DES-6000 can perform basic switching functions without special configuration, but to use the Switch's advanced features you must first configure the unit through a terminal (a VT-100 serial data terminal or a computer running a VT-100 emulator). The connection is made through the Switch's Diagnostic RS-232 port, which is configured at the factory as follows: Baud Rate: Data Bits: Parity: Stop Bits: Flow Control: 9600 8 none 1 None The RS-232 port has a nine-socket D-shell connector with IBM-type DCE wiring, and can be connected to the terminal using an off-the-shelf RS-232 cable with the proper connectors for the terminal and the DES-6000. Power on Power up the DES-6000 as follows: 1. Make sure the power module is properly installed in the device. 2. Plug the device end of the supplied power cord firmly into the power inlet on the DES-6000's front panel of the redundant power supply. 3. Plug the outlet end of the power cord firmly into a suitable AC outlet. 4. Observe the DES-6000's LED indicators to make sure the Switch is operating correctly. The DES-6000's LED indicators operate as follows during a normal power-up: Unpacking and Setup 9 Modular Ethernet Switch User's Guide All indicators blink momentarily to indicate a system reset. The Power indicator flashes for about 20 seconds while the switch prepares its run-time software and performs a self-test. The Power indicator begins shining steadily, and the remaining indicators begin reflecting port and system status. Power Failure As a precaution, the Switch should be unplugged in case of an impending power failure. When power is resumed, plug the Switch back in. 10 Unpacking and Setup Modular Ethernet Switch User's Guide 3 IDENTIFYING EXTERNAL COMPONENTS This chapter describes the front panel, side panels, optional plug-in modules, and LED indicators of the Switch Front Panel The front panel of the Switch consists nine slide-in module slots for networking modules, two slide-in module slots for power supply modules, an RS-232 communication port, and LED indicators. Figure 3-1. Front panel view of the Switch Comprehensive LED indicators display the conditions of the Switch and status of the network. A description of these LED indicators follows (see LED Indicators). An RS-232 DCE console port is used to diagnose the Switch via a connection to a terminal (or PC) and Local Console Management. Nine slide-in module slots installing networking modules and the CPU module. Two slide-in module slots for installing power supply modules. Side Panels The left side panel of the Switch contains four system fans. The right side panel contains heat vents. The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave adequate space at the rear and sides of the Switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure. Identifying External Components 11 Modular Ethernet Switch User's Guide Optional Plug-in Modules The DES-6000 Modular Ethernet Switch is able to accommodate a range of plug-in modules in order to increase functionality and performance. 10BASE-T/100BASE-TX Module Figure 3-2. 16-port, 10/100BASE-TX module 16-port, front-panel module. Connects to 10BASE-T and 100BASE-TX devices at full- or half-duplex. Supports Category 3, 4, 5 or better UTP or STP connections of up to 100 meters each. 100BASE-FX (MT-RJ) Module Figure 3-3. 12-port, 100BASE-FX (MT-RJ) module 12-port, front-panel module. Connects to 100BASE-FX devices at full- or half-duplex. 12 100BASE-FX (MT-RJ) Fast Ethernet ports 12 Identifying External Components Modular Ethernet Switch User's Guide Fully compliant with IEEE 802.3u 100BASE-FX Back pressure Flow Control support for Half-duplex mode IEEE 802.3x compliant Flow Control support for Full duplex Per port packet buffer: 0.5 Mbytes Supports multi-mode fiber-optic cable connections of up to 412 meters in half-duplex or 2 km in full-duplex mode. 1000BASE-T (RJ-45) Module Figure 3-4. 2-port, 1000BASE-T (RJ-45) module 2-port, front-panel module Store and forward packet switching Connects to 1000BASE-T devices only at full-duplex and auto-negotiating. 2 1000BASE-T (RJ-45) Gigabit Ethernet ports Fully compliant with IEEE 802.3ab Fully compliant with IEEE 802.1Q/P Back pressure Flow Control support for Half-duplex mode IEEE 802.3x compliant Flow Control support for Full-duplex 1000BASE-SX (MT-RJ) Gigabit Module Figure 3-5. Two-port, 1000BASE-SX (MT-RJ) module Two-port, front panel module. Connects to a 1000BASE-SX device at full duplex. Identifying External Components 13 Modular Ethernet Switch User's Guide 2 1000BASE-SX (MT-RJ) Gigabit Ethernet ports Fully compliant with IEEE 802.3z Supports Full-duplex operation only IEEE 802.3x-compliant Flow Control support Per port packet buffer: 2 Mbytes 1000BASE-SX (SC) Gigabit Module Figure 3-6. Two-port, 1000BASE-SX gigabit module Two-port, front-panel module. Connects to 1000BASE-SX devices at full duplex. 2 1000BASE-SX (SC) Gigabit Ethernet ports Fully compliant with IEEE 802.3z Support Full-duplex operation only IEEE 802.3x-compliant Flow Control support Per port packet buffer: 2 Mbytes 1000BASE-LX (SC) Gigabit Module Figure 3-7. Two-port, 1000BASE-LX gigabit module Two-port, front-panel module. Connects to 1000BASE-LX devices at full duplex. 2 1000BASE-LX (SC) Gigabit Ethernet ports Fully compliant with IEEE 802.3z Supports full-duplex operation only IEEE 802.3x-compliant Flow Control support Per port packet buffer: 2 Mbytes 14 Identifying External Components Modular Ethernet Switch User's Guide Power Supply Modules Dual power modules design with current sharing design Full redundant feature design to ensure continuous operation If one power module failed, the other will take over all current supply automatically. Hot-swappable/Hot-pluggable capability Power management functions Input: 90 ~ 264 VAC, 47 ~ 63Hz Output: 3.3V: 4A ~ 60A 12V: 0.1A ~ 2A LED Indicators The LED indicators of the Switch include CPU Status, Console, Power OK, and Utilization. The following shows the LED indicators for the Switch along with an explanation of each indicator. Figure 3-8. The Switch LED indicators CPU Status This leftmost indicator on the front panel displays the current status of the switch. The LED will blink while the Power-On Self-Test (POST) is running during startup. It will light a steady green after the POST test to indicate the switch is powered on and operating properly. It will light amber when an error occurs during startup and the switch is therefore not functioning. Console This indicator is lit green when the switch is being managed through the embedded console management program. The console program is accessed either through the out-of-band RS-232 console port using a straight-through serial cable or in-band via Telnet. When a secured connection is established, this LED is lit. The indicator blinks when the console RS-232 is accessed. Power OK This indicator lights green when the CPU module of the switch is receiving power and functioning properly. Utilization These indicators display the percentage of utilization on the CPU in the switch. Identifying External Components 15 Modular Ethernet Switch User's Guide 4 CONNECTING THE SWITCH This chapter describes how to connect the Switch to your Ethernet network as well as providing an informational cable length table. Switch to End Node End nodes include PCs outfitted with a Network Interface Card (NIC) and most routers. For twisted-pair (copper) connections, the RJ-45 UTP ports on NICs and most routers are MDI-II. When using a normal straight-through cable, an MDI-II port must connect to an MDI-X port. An end node can be connected to the Switch via a two-pair Category 3, 4, 5 UTP/STP straight cable (be sure to use Category 5 UTP or STP cabling for 100BASE-TX Fast Ethernet connections). The end node should be connected to any of the sixteen ports (1x - 16x) on the 10BASE-T/100BASE-TX module. The LED indicators for the port the end node is connected to are lit according to the capabilities of the NIC. If LED indicators are not illuminated after making a proper connection, check the PC's LAN card, the cable, switch conditions, and connections. The following LED indicator states are possible for an end node to switch connection: 1. The 100M indicator comes ON for a 100 Mbps and stays OFF for 10 Mbps. 2. The Link/Act indicator lights up upon hooking up a PC that is powered on. Switch to Hub or Switch These connections can be accomplished in a number of ways. For twisted-pair (copper) connections, the most important consideration is that when using a normal, straight-through cable, the connection should be made between a normal crossed port (Port 1x, 2x, etc.) and an Uplink (MDI-II) port. If you are using a crossover cable, the connection can be made from a normal crossed port to another crossed port. A 10BASE-T hub or switch can be connected to the Switch via a two-pair Category 3, 4 or 5 UTP/STP straight cable. A 100BASE-TX hub or switch can be connected to the Switch via a four-pair Category 5 UTP/STP straight cable. If the other switch or hub contains an unused Uplink port, we suggest connecting the other device's Uplink (MDI-II) port to any of the switch's (MDI-X) ports (1x - 16x 100BASE-TX ports). If the other device does not have an unused Uplink port, make the connection with a crossover cable from any of the twisted-pair ports on the switch to any normal twisted-pair port on the hub. 16 Connecting The Switch Modular Ethernet Switch User's Guide 10BASE-T Device For a 10BASE-T device, the Switch's LED indicators should display the following: 100M speed indicator is OFF. Link/Act indicator is ON. 100BASE-TX Device For a 100BASE-TX device, the Switch's LED indicators should display the following: 100M speed indicator is ON. Link/Act indicator is ON. 1000BASE-T Device For a 1000BASE-T device, the Switch's LED indicators should display the following: Link/Act indicator is ON. Connecting The Switch 17 Modular Ethernet Switch User's Guide Cable Lengths Standard 1000BASE-SX Media Type 50/125µm Multimode Fiber 50/125µm Multimode Fiber 62.5/125µm Multimode Fiber 62.5/125µm Multimode Fiber 50/125µm Multimode Fiber 50/125µm Multimode Fiber 62.5/125µm Multimode Fiber 10µ Single-mode Fiber Category 5e UTP Cable (1000Mbps) 50/125µm Multimode Fiber (half-duplex operation) 50/125µm Multimode Fiber (full-duplex operation) 62.5/125µm Multimode Fiber (half-duplex operation) 52.5/125µm Multimode Fiber (full-duplex operation) Category 5 UTP Cable (100Mbps) Category 3 UTP Cable (10Mbps) MHz/km Rating 400 500 160 200 400 500 500 Maximum Distance 500 Meters 550 Meters 220 Meters 275 Meters 500 Meters 550 Meters 550 Meters 5000 Meters 100 Meters 1000BASE-LX 1000BASE-T 100BASE-FX 400 Meters 2000 Meters 400 Meters 2000 Meters 100BASE-TX 100 Meters 10BASE-T 100 Meters 18 Connecting The Switch Modular Ethernet Switch User's Guide 5 SWITCH MANAGEMENT CONCEPTS This chapter discusses many of the features used to manage the switch, and explains many concepts and important points regarding these features. Configuring the Switch to implement these concepts is discussed in detail in the next chapters. Local Console Management Local console management involves the administration of the Switch via a direct connection to the RS-232 DCE console port. This is an Out-Of-Band connection, meaning that it is on a different circuit than normal network communications, and thus works even when the network is down. The local console management connection involves a terminal or PC running terminal emulation software to operate the Switch's built-in console program (see Chapter 6, "Using the Console Interface"). Using the console program, a network administrator can manage, control and monitor the many functions of the Switch. Hardware components in the Switch allow it to be an active part of a manageable network. These components include a CPU, memory for data storage, other related hardware, and SNMP agent firmware. Activities on the Switch can be monitored with these components, while the Switch can be manipulated to carry out specific tasks. Diagnostic (Console) Port (RS-232 DCE) Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running terminal emulation program (such as HyperTerminal, which is automatically installed with Microsoft Windows) a to the RS-232 DCE console port of the Switch. Switch management using the RS-232 DCE console port is called Local Console Management to differentiate it from management done via management platforms, such as IBM NetView, HP OpenView, etc. The console port is set for the following configuration: Baud rate: Data width: Parity: Stop bits: Flow Control none 9,600 8 bits none 1 Make sure the terminal or PC you are using to make this connection is configured to match these settings. If you are having problems making this connection on a PC, make sure the emulation is set to VT-100 or ANSI. If you still don't see anything, try hitting + r to refresh the screen. Switch Management Concepts 19 Modular Ethernet Switch User's Guide IP Addresses and SNMP Community Names Each Switch has its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP, etc.). You must provide the switch with an IP Address to meet the specification of your networking address scheme. In addition, you can also set an IP Address for a gateway router. This becomes necessary when the network management station is located on a different IP network as the Switch, making it necessary for management packets to go through a router to reach the network manager, and vice-versa. For security, you can set in the Switch a list of IP Addresses of the network managers that you allow to manage the Switch. You can also change the default Community Name in the Switch and set access rights of these Community Names. Traps Traps are messages that alert you of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the network manager (trap managers). The following lists the types of events that can take place on the Switch. System resets Errors Status changes Topology changes Operation You can also specify which network managers may receive traps from the Switch by setting a list of IP Addresses of the authorized network managers. Trap managers are special users of the network who are given certain rights and access in overseeing the maintenance of the network. Trap managers will receive traps sent from the Switch; they must immediately take certain actions to avoid future failure or breakdown of the network. The following are trap types a trap manager will receive: Cold Start This trap signifies that the Switch has been powered up and initialized such that software settings are reconfigured and hardware systems are rebooted. A cold start is different from a factory reset. Warm Start This trap signifies that the Switch has been rebooted, however the Power-On Self-Test (POST) is skipped. Authentication Failure This trap signifies that someone has tried to logon to the switch using an invalid SNMP community name. The switch automatically stores the source IP address of the unauthorized user. New Root This trap indicates that the Switch has become the new root of the Spanning Tree, the trap is sent by a bridge soon after its election as the new root. This implies that upon expiration of the Topology Change Timer the new root trap is sent out immediately after the Switch's selection as a new root. Topology Change A Topology Change trap is sent by the Switch when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition. 20 Switch Management Concepts Modular Ethernet Switch User's Guide Link Change Event This trap is sent whenever the link of a port changes from link up to link down or from link down to link up. Port Partition This trap is sent whenever a port is partitioned as a result of more than sixty-one collisions on the port (i.e., is automatically partitioned). The number of collisions that triggers this trap is the same at either 10Mbps or 100Mbps. Broadcast Storm This trap is sent whenever the port reaches the broadcast storm rising or falling threshold. Power Supply Module Inserted This trap is sent whenever a redundant power supply module is installed in the switch. Power Supply Module Removed This trap is sent whenever a redundant power supply module is removed in the switch. Bad Power This trap is sent whenever a redundant power supply is receiving AC power but not supplying DC power to the switch. Power Supply Module Inserted This trap is sent whenever a redundant power supply is installed in the switch. Power Supply Module Temperature Warning This trap is sent whenever the temperature of a redundant power supply module measures over 80° C (176° F). Power Supply Module Voltage Warning This trap is sent whenever a redundant power supply generates DC current over 3.9 volts. Power Supply Module Current Warning This trap is sent whenever a redundant power supply generates DC current over 60 amps. System Fan Failure This trap is sent whenever one of the four system fans in the switch fails. Power Fan1 Failure This trap is sent whenever one of the two fans on a redundant power supply module fails. Power Fan2 Failure This trap is sent whenever one of the two fans on a redundant power supply module fails. MIBs Management information and counters are stored in the Switch in the Management Information Base (MIB). The Switch uses the standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMP-based network manager software. In addition to the standard MIBII, the Switch also supports its own proprietary enterprise MIB as an extended Management Information Base. These MIBs may also be retrieved by specifying the MIB's Object-Identity (OID) at the network manager. MIB values can be either read-only or read-write. Read-only MIBs variables can be either constants that are programmed into the Switch, or variables that change while the Switch is in operation. Examples of read-only constants are the number of ports and types of ports. Examples of read-only variables are the statistics counters such as the number of errors that have occurred, or how many kilobytes of data have been received and forwarded through a port. Read-write MIBs are variables usually related to user-customized configurations. Examples of these are the Switch's IP Address, Spanning Tree Algorithm parameters, and port status. If you use a third-party vendors' SNMP software to manage the Switch, a diskette listing the Switch's propriety enterprise MIBs can be obtained by request. If your software provides functions to browse or modify MIBs, you can also get the MIB values and change them (if the MIBs' attributes permit the write operation). This process however can be quite involved, since you must know the MIB OIDs and retrieve them one by one. Switch Management Concepts 21 Modular Ethernet Switch User's Guide Packet Forwarding The Switch learns the network configuration and uses this information to forward packets. This reduces the traffic congestion on the network, because packets, instead of being transmitted to all segments, are transmitted to the destination only. Example: if Port 1 receives a packet destined for a station on Port 2, the Switch transmits that packet through Port 2 only, and transmits nothing through the other ports. Aging Time The Aging Time is a parameter that affects the auto-learn process of the Switch in terms of the network configuration. Dynamic Entries, which make up the auto-learned-node address, are aged out of the address table according to the Aging Time that you set. The Aging Time can be from 10 seconds to 9999 seconds. A very long Aging Time can result with the out-ofdate Dynamic Entries that may cause incorrect packet filtering/forwarding decisions. On the other hand, if the Aging Time is too short, many entries may be aged out soon, resulting in a high percentage of received packets whose source addresses cannot be found in the address table, in which case the Switch will broadcast the packet to all ports, negating many of the benefits of having a switch. Filtering Database A switch uses a filtering database to segment the network and control communications between segments. It also filters packets off the network for intrusion control (MAC Address filtering). For port filtering, each port on the switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the same port as where it originated. This keeps local packets from disrupting communications on other parts of the network. For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address defined by the user, the switch will discard the packet. Filtering includes: 1. Dynamic filtering Automatic learning and aging of MAC addresses and their location on the network. Filtering occurs to keep local traffic confined to its segment. 2. MAC address filtering The manual entry of specific MAC addresses to be filtered from the network. 3. Filtering done by the Spanning Tree Protocol Can filter packets based on topology, making sure that signal loops don't occur. 4. Filtering done for VLAN integrity Packets from a member of a VLAN (VLAN 2, for example) destined for a device on another VLAN (VLAN 3) will be filtered. Spanning Tree Algorithm The Spanning Tree Algorithm (STA) in the Switch allows you to create alternative paths (with multiple switches or other types of bridges) in your network. These backup paths are idle until the Switch determines that a problem has developed in the primary paths. When a primary path is lost, the switch providing the alternative path will automatically go into service with no operator intervention. This automatic network reconfiguration provides maximum uptime to network users. The concept of the Spanning Tree Algorithm is a 22 Switch Management Concepts Modular Ethernet Switch User's Guide complicated and complex subject and must be fully researched and understood. Please read the following before making any changes. Network loop detection and prevention With STA, there will be only one path between any two LANs. If there is more than one path, forwarded packets will loop indefinitely. STA detects any looped path and selects the path with the lowest path cost as the active path, while blocking the other path and using it as the backup path. Automatic topology re-configuration When the path for which there is a backup path fails, the backup path will be automatically activated, and STA will automatically re-configure the network topology. STA Operation Levels STA operates on two levels: the bridge level and the port level. On the bridge level, STA calculates the Bridge Identifier for each Switch, then sets the Root Bridge and the Designated Bridges. On the port level, STA sets the Root Port and Designated Ports. Details are as follows: On the Bridge Level Root Bridge The switch with the lowest Bridge Identifier is the Root Bridge. Naturally, you will want the Root Bridge to be the best switch among the switches in the loop to ensure the highest network performance and reliability. Bridge Identifier This is the combination of the Bridge Priority (a parameter that you can set) and the MAC address of the switch. Example: 4 00 80 c8 00 01 00, where 4 is the Bridge Priority. A lower Bridge Identifier results in a higher priority for the switch, and thus increases it probably of being selected as the Root Bridge. Designated Bridge From each LAN segment, the attached Bridge that has the lowest Root Path Cost to the Root Bridge is the Designated Bridge. It forwards data packets for that LAN segment. In cases where all Switches have the same Root Path Cost, the switch with the lowest Bridge Identifier becomes the Designated Bridge. Root Path Cost The Root Path Cost of a switch is the sum of the Path Cost of the Root Port and the Root Path Costs of all the switches that the packet goes through. The Root Path Cost of the Root Bridge is zero. Bridge Priority This is a parameter that users can set. The smaller the number you set, the higher the Bridge Priority is. The higher the Bridge Priority, the better the chance the Switch will be selected as the Root Bridge. On the Port Level Root Port Each switch has a Root Port. This is the port that has the lowest Path Cost to the Root Bridge. In case there are several such ports, then the one with the lowest Port Identifier is the Root Port. Designated Port This is the port on each Designated Bridge that is attached to the LAN segment for which the switch is the Designated Bridge. Port Priority The smaller this number, the higher the Port Priority is. With higher Port Priority, the higher the probability that the port will be selected as the Root Port. Path Cost This is a changeable parameter and may be modified according to the STA specification. The 1000Mbps segment has an assigned Path Cost of 4, the 100Mbps segment has an assigned Path Cost of 19, and each 10Mbps segment has an assigned Path Cost of 100, based on the STA specifications. Switch Management Concepts 23 Modular Ethernet Switch User's Guide User-Changeable STA Parameters The factory default setting should cover the majority of installations. However, it is advisable to keep the default settings as set at the factory, unless it is absolutely necessary. The user changeable parameters in the Switch are as follows: Bridge Priority A Bridge Priority can be from 0 to 65535. 0 is equal to the highest Bridge Priority. Bridge Hello Time The Hello Time can be from 1 to 10 seconds. This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge. If you set a Hello Time for your Switch, and it is not the Root Bridge, the set Hello Time will be used if and when your Switch becomes the Root Bridge. Note: The Hello Time cannot be longer than the Max. Age. occur. Otherwise, a configuration error will Bridge Max. Age The Max. Age can be from 6 to 40 seconds. At the end of the Max. Age, if a BPDU has still not been received from the Root Bridge, your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge. If it turns out that your Switch has the lowest Bridge Identifier, it will become the Root Bridge. Bridge Forward Delay The Forward Delay can be from 4 to 30 seconds. This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state. Observe the following formulas when you set the above parameters: 1. 2. Max. Age 2 x (Forward Delay - 1 second) Max. Age 2 x (Hello Time + 1 second) Port Priority A Port Priority can be from 0 to 255. The lower the number, the greater the probability the port will be chosen as the Root Port. Illustration of STA A simple illustration of three Bridges (or the Switch) connected in a loop is depicted in Figure 5-1. In this example, you can anticipate some major network problems if the STA assistance is not applied. For instance, if Bridge 1 broadcasts a packet to Bridge 2, Bridge 2 will broadcast it to Bridge 3, and Bridge 3 will broadcast it to Bridge 1 and so on. The broadcast packet will be passed indefinitely in a loop, causing a serious network failure. To alleviate network loop problems, STA can be applied as shown in Figure 5-2. In this example, STA breaks the loop by blocking the connection between Bridge 1 and 2. The decision to block a particular connection is based on the STA calculation of the most current Bridge and Port settings. Now, if Bridge 1 broadcasts a packet to Bridge 3, then Bridge 3 will broadcast it to Bridge 2 and the broadcast will end there. STA setup can be somewhat complex. Therefore, you are advised to keep the default factory settings and STA will automatically assign root bridges/ports and block loop connections. However, if you need to customize the STA parameters, refer to Table 5-1. 24 Switch Management Concepts Modular Ethernet Switch User's Guide Figure 5-1. Before Applying the STA Rules Figure 5-2. After Applying the STA Rules STA parameters Bridge Priority Settings lower the #, higher the priority 1 - 10 sec. 6 - 40 sec. Effects Increases chance of becoming the Root Bridge No effect, if not Root Bridge Compete for Root Bridge, if BPDU is not received High # delays the change in state Comment Avoid, if the switch is used in workgroup level of a large network Never set greater than Max. Age Time Avoid low number for unnecessary reset of Root Bridge Max. Age 2 x (Forward Delay - 1) Max. Age 2 x (Hello Time + 1) Disable a port for security or problem isolation Hello Time Max. Age Time Forward Delay 4 - 30 sec. Port Level STA parameters Enable/Disable Enable/ Disable lower the #, higher the priority Enable or disable this LAN segment Increases chance of become Root Port Port Priority Table 5-1. User-selective STA parameters Switch Management Concepts 25 Modular Ethernet Switch User's Guide Port Trunking Port trunking is used to combine a number of ports together to make a single high-bandwidth data pipeline. The participating parts are called members of a trunk group, with one port designated as the anchor of the group. Since all members of the trunk group must be configured to operate in the same manner, all settings changes made to the anchor port are applied to all members of the trunk group. Thus, when configuring the ports in a trunk group, you only need to configure the anchor port. The Switch supports up to 16 trunk groups. Each module on the switch supports up to two trunk groups except gigabit modules, which support a single trunk group. The Switch treats all ports in a trunk group as a single port. As such, trunk ports will not be blocked by Spanning Tree. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent. A trunk connection can be made with any other switch that maintains host-to-host data streams over a single trunk port. Switches that use a load-balancing scheme that sends the packets of a host-to-host data stream over multiple trunk ports cannot have a trunk connection with the Switch. VLANs & Broadcast Domains VLANs are a collection of users or switch ports grouped together in a secure, autonomous broadcast and multicast domain. The main purpose of setting up VLANs on a network is to limit the range and effects of broadcast packets, which can develop into broadcast storms and seriously impair network performance. Three types of VLANs and broadcast domains are implemented on the switch: 802.1Q VLANs, port-based VLANs, and MAC-based broadcast domains. Only one of the three types can be active on the switch at any given time, however. Thus, you will need to choose the type of VLAN or broadcast domain you wish to setup on your network and configure the switch accordingly. MAC-based broadcast domains and port-based VLANs are limited to the switch and devices directly connected to it, while 802.1Q VLANs support IEEE 802.1Q tagging, which enables them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant). All VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All broadcast, multicast, and unknown packets entering the switch on a particular VLAN or broadcast domain will only be forwarded to the stations (MAC-based) or ports (802.1Q and Port-based) that are members of that VLAN or broadcast domain. 802.1Q VLANs can also be setup to limit unicast packets to members of a particular VLAN, thus providing a degree of security to your network. Another benefit of 802.1Q and port-based VLANs is that you can change the network topology without physically moving stations or changing cable connections. Stations can be `moved' to another VLAN and thus communicate with members and share resources on the new VLAN, simply by changing the port VLAN settings from one VLAN (the sales VLAN, for example) to another VLAN (the marketing VLAN). This allows VLANs to accommodate network moves, changes and additions with the utmost flexibility. MAC-based broadcast domains, on the other hand, allow a station to be physically moved yet still belong to the same broadcast domain without having to change configuration settings. The untagging feature of IEEE 802.1Q VLANs allows VLANs to work with legacy switches and NICs that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span multiple 802.1Qcompliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally. 26 Switch Management Concepts Modular Ethernet Switch User's Guide MAC-based Broadcast Domains The Switch supports up to 12 MAC-based broadcast domains, which are by their nature, limited to the switch itself and the devices connected directly to it. Since MAC addresses are hard-wired into a station's network interface card (NIC), MAC-based broadcast domains enable network managers to move a station to a different physical location on the network and have that station automatically retain its broadcast domain membership. This provides the network with a high degree of flexibility since even notebook PC's can plug into any available port on a network and communicate with the same people and use the same resources that have been allocated to the broadcast domain in which it is a member. Since MAC-based broadcast domains do not restrict the transmission of known unicast frames to other broadcast domains, they can only be used to define limited broadcast domains. As such, they are best implemented on networks where stations are frequently moving, for example where people using notebook PCs are constantly plugging into different parts of the network. Setting up MAC-based broadcast domains is a relatively straight-forward process. Simply create the broadcast domain by assigning it a name (description) and add MAC addresses for the stations that will be members. 802.1Q VLANs The Switch supports up to 2048 802.1Q VLANs. 802.1Q VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department. On 802.1Q VLANs, NICs do not need to be able to identify 802.1Q tags in packet headers. NICs send and receive normal Ethernet packets. If the packet's destination lies on the same segment, communications take place using normal Ethernet protocols. Even though this is always the case, when the destination for a packet lies on another Switch port, VLAN considerations come into play to decide if the packet gets dropped by the Switch or delivered. There are two key components to understanding 802.1Q VLANs; Port VLAN ID numbers (PVIDs) and VLAN ID numbers (VIDs). Both variables are assigned to a switch port, but there are important differences between them. A user can only assign one PVID to each switch port. The PVID defines which VLAN a packet belongs to when packets need to be forwarded to another switch port or somewhere else on the network. On the other hand, a user can define a port as a member of multiple VLANs (VIDs), allowing the segment connected to it to receive packets from many VLANs on the network. These two variables control a port's ability to transmit and receive VLAN traffic, and the difference between them provides network segmentation, while still allowing resources to be shared across more than one VLAN. 802.1Q VLAN Segmentation The following example is helpful in explaining how 802.1Q VLAN segmentation works. Take a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 and has the Port VLAN ID number 2 (PVID=2). If the destination lies on another port (found through a normal forwarding table lookup), the Switch then looks to see if the other port (Port 10) is a member of VLAN 2 (and can therefore receive VLAN 2 packets). If port 10 is not a member of VLAN 2, then the packet will be dropped by the Switch and will not reach its destination. If Port 10 is a member of VLAN 2, the packet will go through. This selective forwarding feature based on VLAN criteria is how VLANs segment networks. The key point being that Port 1 will only transmit on VLAN 2, because it's Port VLAN ID number is 2 (PVID=2). Switch Management Concepts 27 Modular Ethernet Switch User's Guide Sharing Resources Across 802.1Q VLANs Network resources such as printers and servers however, can be shared across 802.1Q VLANs. This is achieved by setting up overlapping VLANs as shown in the diagram below. Figure 5-3. Example of typical VLAN configuration In the above example, there are three different 802.1Q VLANs and each port can transmit packets on one of them according to their Port VLAN ID (PVID). However, a port can receive packets on all VLANs (VID) that it belongs to. The assignments are as follows: Port Port 1 Port 4 Port 13 Port 16 Port 9 PVID 1 1 2 2 3 Ports 1,4,9 9,13,16 1,4,9,13,16 VID 1 2 3 Table 5-2. VLAN assignments for Figure 5-4 The server attached to Port 9 is shared by VLAN 1 and VLAN 2 because Port 9 is a member of both VLANs (it is listed as a member of VID 1 and 2). Since it can receive packets from both VLANs, all ports can successfully send packets to it. Ports 1 and 4 send these packets on VLAN 1 (their PVID=1), and Ports 13 and 16 send these packets on VLAN 2 (PVID=2). The third VLAN (PVID=3) is used by the server to transmit files that had been requested on VLAN 1 or 2 back to the computers. All computers that use the server will receive transmissions from it since they are all located on ports which are members of VLAN 3 (VID=3). 802.1Q VLANs Spanning Multiple Switches 802.1Q VLANs can span multiple switches as well as your entire network. Two considerations to keep in mind while building VLANs of this sort are whether the switches are IEEE 802.1Q-compliant and whether VLAN packets should be tagged or untagged. Definitions of relevant terms are as follows: 28 Switch Management Concepts Modular Ethernet Switch User's Guide Tagging The act of putting 802.1Q VLAN information into the header of a packet. Tagging ports will put the VID number, priority, and other VLAN information into all packets that flow into and out it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact. Tagging is used to send packets from one 802.1Q-compliant device to another. Untagging The act of stripping 802.1Q VLAN information out of the packet header. Untagging ports will take all VLAN information out of all packets that flow into and out of a port. If the packet doesn't have a VLAN tag, the port will not alter the packet, thus keeping the packet free of VLAN information. Untagging is used to send packets from an 802.1Q-compliant switch to a non-compliant device. Ingress port A port on a switch where packets are flowing into the switch. If an ingress port has the Ingress Filter enabled, the switch will examine each packet to determine whether or not it is a VLAN member and then take one of two actions: if the port is not a member of a VLAN, the packet will be dropped; if the port is a member of a VLAN, then the packet will be forwarded. Otherwise, if the Ingress Filter is disabled, then the switch will process any packet received at this port in its normal fashion. Egress port A port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and tagging decisions must be made. If an egress port is connected to an 802.1Q-compliant device, tagging should be enabled so the other device can take VLAN data into account when making forwarding decisions (this allows VLANs to span multiple switches). If an egress connection is to a noncompliant switch or end-station, tags should be stripped so the (now normal Ethernet) packet can be read by the receiving device. VLANs Over 802.1Q-compliant Switches When switches maintaining the same VLANs are 802.1Q-compliant, it is possible to use tagging. Tagging puts 802.1Q VLAN information into each packet header, enabling other 802.1Q-compliant switches that receive the packet to know how to treat it. Upon receiving a tagged packet, an 802.1Q-compliant switch can use the information in the packet header to maintain the integrity of VLANs, carry out priority forwarding, etc. Data transmissions between 802.1Q-compliant switches take place as shown below. Switch Management Concepts 29 Modular Ethernet Switch User's Guide Figure 5-4. Data transmissions between 802.1Q-compliant switches In the above example, step 4 is the key element. Because the packet has 802.1Q VLAN data encoded in its header, the ingress port can make VLAN-based decisions about its delivery: whether server #2 is attached to a port that is a member of VLAN 2 and thus, should the packet be delivered; the queuing priority to give to the packet, etc. It can also perform these functions for VLAN 1 packets as well, and, in fact, for any tagged packet it receives regardless of the VLAN number. If the ingress port in step 4 were connected to a non-802.1Q-compliant device and was thus receiving untagged packets, it would tag its own PVID onto the packet and use this information to make forwarding decisions. As a result, the packets coming from the non-compliant device would automatically be placed on the ingress ports VLAN and could only communicate with other ports that are members of this VLAN. Port-based VLANs In port-based VLANs, broadcast, multicast and unknown packets will be limited to within the VLAN. Thus, port-based VLANs effectively segment your network into broadcast domains. Furthermore, ports can only belong to a single VLAN. Because port-based VLANs are uncomplicated and fairly rigid in their implementation, they are best used for network administrators who wish to quickly and easily set up VLANs in order to limit the effect of broadcast packets on their network. 30 Switch Management Concepts Modular Ethernet Switch User's Guide For the most secure implementation, make sure that end stations are directly connected to the switch. Attaching a hub, switch or other repeater to a port causes all stations attached to the repeater to become members of the Port-based VLAN. To setup port-based VLANs, simply select one of 24 VLAN ID numbers, name the VLAN and specify which ports will be members. All other ports will automatically be forbidden membership, even dynamically as a port can belong to only one VLAN. Broadcast Storms Broadcast storms are a common problem on today's networks. Basically, they consist of broadcast packets that flood and/or are looped on a network causing noticeable performance degradation and, in extreme cases, network failure. Broadcast storms can be caused by network loops, malfunctioning NICs, bad cable connections, and applications or protocols that generate broadcast traffic, among others. In effect, broadcast storms can originate from any number of sources, and once they are started, they can be self-perpetuating, and can even multiply the number of broadcast packets on the network over time. In the best case, network utilization will be high and bandwidth limited until the hop counts for all broadcast packets have expired, whereupon the packets will be discarded and the network will return to normal. In the worst case, they will multiply, eventually using up all the network bandwidth (although network applications will usually crash long before this happens), and cause a network meltdown. Broadcast storms have long been a concern for network administrators with routers traditionally being used to prevent their occurrence, and if that failed, to at least limit their scope. However, with the advent of VLANs, switches are now able to limit broadcast domains better and cheaper than routers. Also, many switches, including the DES-6000 series, have broadcast sensors and filters built into each port to further control broadcast storms. Segmenting Broadcast Domains VLANs can be used to segment broadcast domains. They do this by forwarding packets only to ports in the same VLAN. Thus, broadcast packets will only be forwarded to ports that are members of the same VLAN. Other parts of the network are effectively shielded. As a result, the smaller the broadcast domain, the less effect a broadcast storm will have. Because VLANs are implemented at each switch port, they can be quite effective in limiting the scope of broadcast storms. Eliminating Broadcast Storms SNMP agents can be programmed to monitor the number of broadcast packets on switch ports and act on the data. When the number of broadcast packets on a given port rise past an assigned threshold, an action can be triggered. When enabled, the usual action is to block the port to broadcast frames, which discards all broadcast frames arriving at the port from the attached segment. Not only does this isolate the broadcast domain, but it actually starts removing broadcast packets from the affected segment. When the number of broadcast packets falls to an acceptable level (below a falling threshold), the SNMP agent can remove the blocking condition, returning the port to its normal operational state. In the DES-6000 switch, the default rising threshold is met when more than 500 broadcast packets per second are being detected on a specified port. Once the rising threshold is surpassed for a duration of more than 5 seconds, it will trigger the broadcast storm rising action configured by the user. The default falling threshold is met if there are less than 250 broadcast packets per second. It is triggered once the duration is at least 30 seconds. The actions can easily be defined by using a normal SNMP management program or through the console interface. Switch Management Concepts 31 Modular Ethernet Switch User's Guide 6 USING THE CONSOLE INTERFACE Your Modular Ethernet Switch supports a console management interface that allows you to set up and control your Switch, either with an ordinary terminal (or terminal emulator), or over the network using the TCP/IP Telnet protocol. You can use this facility to perform many basic network management functions. In addition, the console program will allow you to set up the Switch for management using an SNMP-based network management system. This chapter describes how to use the console interface to access the Switch, change its settings, and monitor its operation. Setting Up A Console First-time configuration must be carried out through a "console," that is, either (a) a VT100-type serial data terminal, or (b) a computer running communications software set to emulate a VT100. The console must be connected to the Diagnostics port. This is an RS-232 port with a 9-socket D-shell connector and DCE-type wiring. Make the connection as follows: 1. Obtain suitable cabling for the connection. You can use either (a) a "null-modem" RS-232 cable or (b) an ordinary RS-232 cable and a null-modem adapter. One end of the cable (or cable/adapter combination) must have a 9-pin D-shell connector suitable for the Diagnostics port; the other end must have a connector suitable for the console's serial communications port. 2. Power down the devices, attach the cable (or cable/adapter combination) to the correct ports, and restore power. 3. Set the console to use the following communication parameters for your terminal: 9600 baud No parity checking (sometimes referred to as "no parity") 8 data bits (sometimes called a "word length" of 8 bits) 1 stop bit (sometimes referred to as a 1-bit stop interval) VT-100/ANSI compatible Arrow keys enabled A typical console connection is illustrated below: 32 Using the Console Interface Modular Ethernet Switch User's Guide Figure 6-1. Example of a console connection Connecting to the Switch Using Telnet Once you have set an IP address for your Switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the Switch. Most of the screens are identical, whether accessed from the console port or from a Telnet interface. You can also use a Web-based browser to manage the Switch. See the next chapter, "Web-Based Network Management," for further information. Console Usage Conventions The console interface makes use of the following conventions: 1. Items in can be toggled on or off using the space bar. 2. Items in [square brackets] can be changed by typing in a new value. You can use the backspace and delete keys to erase characters behind and in front of the cursor. 3. The up and down arrow keys, the left and right arrow keys, the tab key and the backspace key, can be used to move between selected items. It is recommended that you use the tab key and backspace key for moving around the console. 4. Items in UPPERCASE are commands. Moving the selection to a command and pressing will execute that command, e.g., SAVE or EXIT. Please note that the command APPLY only applies for the current session. Use Save Changes from the main menu for permanent changes. An asterisk "*" indicates a change has been made but won't take effect until the Switch has been rebooted. First Time Connecting To The Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch. Note: The passwords used to access the Switch are case sensitive; therefore, "S" is not the same as "s." When you first connect to the Switch, you will be presented with the first login screen (shown below). Press Ctrl+R (hold down the Ctrl key, press the R key, and release both keys) to call up the screen, if the initial login screen does not appear. Also Ctrl+R can be used at any time to refresh the screen. Using the Console Interface 33 Modular Ethernet Switch User's Guide Figure 6-2. Initial Screen, first time connecting to the Switch Press or in the username and password fields. You will be given access to the main menu shown below: Figure 6-3. Main Menu The first user automatically gets Administrator privileges (See Table 6-1). It is recommended to create at least one Administrator-level user for the Switch. User Accounts Management User accounts are accounts setup on the Switch which allow access to the switch management features. From the screen above, move the cursor to the User Accounts Management menu and press Enter, then the Users Accounts Management menu appears. 1. Choose Create/Modify User Accounts from the User Accounts Management menu and the Add/Modify User Accounts menu appears. 2. Enter the new user name, assign an initial password, and then confirm the new password. Determine whether the new user should have Administrator or Normal User privileges. (Use the space bar to toggle between the two options). 3. Press APPLY to let the user addition take effect. 4. Press Esc. to return to the previous screen or Ctrl+T to go to the root screen. 34 Using the Console Interface Modular Ethernet Switch User's Guide 5. To see a listing of all user accounts and access levels, press Esc. Then choose View/Delete User Accounts. The View/Delete User Accounts screen appears. Administrator and Normal User Privileges There are two levels of user privileges: Administrator and Normal User. Some menu selections available to users with Administrator privileges may not be available to Normal Users. The main menus shown are the menus for the two types of users: The following table summarizes Administrator and Normal User privileges: Menu Administrator Normal User Privilege Configuration Network Monitoring Community Stations Strings and Trap Read/Write Read/Write Read/Write Read/Write Yes, read only. Yes, read only. Yes, read only. Yes, read only. Update Firmware and Configuration Files User Accounts Management Create/Modify User Accounts View/ Delete User Accounts System Utilities Read/Write Read/Write Read/Write No No Yes, (Ping Test); read only for rest. No No Factory Reset Restart System Read/Write Read/Write Table 6-1. Administrator and Normal User Privileges After establishing a User Account with Administrator-level privileges, press Esc. twice. Then choose the Save Changes menu (see below). Pressing any key will return to the main menu. You are now ready to operate the Switch. Save Changes The Switch has two levels of memory normal RAM and non-volatile or NV-RAM. Settings need to be changed in all screens by clicking on the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take effect. Some settings, though, require you to restart the Switch before they will take effect. Restarting the Switch will erase all settings in RAM and reload them from the NV-RAM. Thus, it is necessary to save all settings to the NV-RAM before restarting the Switch. In order to retain any modifications made in the current session, it is necessary to choose Save Changes from the main menu. The following screen will appear to indicate your new settings have been processed: Using the Console Interface 35 Modular Ethernet Switch User's Guide Figure 6-4. Save Changes screen After the settings have been saved to NV-RAM, they will become the default settings for the Switch, and they will be used every time it is powered on, reset or rebooted. The only exception to this is a factory reset, which will clear all settings and restore them to their initial values listed in the Appendix, which were present when the Switch was purchased. Login On The Switch Console By Registered Users To log in once you have created a registered user, 1. Type in your username and press . 2. Type in your password and press . 3. The main menu screen will be displayed based on your Administrator or Normal User access level or privilege. Create/Modify User Accounts To add or change your user password: 1. Choose Users Accounts Management from the main menu. The following User Accounts Management menu appears: 36 Using the Console Interface Modular Ethernet Switch User's Guide Figure 6-5. User Accounts Management menu 2. Choose Create/Modify User Accounts. The following screen appears: Figure 6-6. Add/Modify User Accounts screen 3. Type in your Username and press . 4. If you are an old user, type in the Old Password and press . 5. Type in the New Password you have chosen, and press . Type in the same new password in the following field to verify that you have not mistyped it. 6. Determine whether the new user should have Normal User or Administrator privileges. 7. Choose the APPLY command to let the password change take effect. This method can also be used by an Administrator-level user to change another user's password. User Accounts Control Table Access to the console, whether using the console port or via Telnet, is controlled using a user name and password. Up to three of these user names can be defined. The console interface will not let you delete the current logged-in user, however, in order to prevent accidentally deleting all of the users with Administrator privilege. Only users with the Administrator privilege can delete users. Using the Console Interface 37 Modular Ethernet Switch User's Guide To view a user account: Choose User Accounts Control Table from the User Accounts Management menu. The following screen appears: Figure 6-7. User Accounts Control Table This screen is used to configure a users access level and delete user accounts. To change a users access level, place the cursor on the access level field for the user and press the to toggle. To delete a user account, toggle the Delete field of the user you wish to remove to Yes. Press APPLY to let the changes take effect. Setting Up The Switch This section will help prepare the Switch user by describing the System Configuration, Update Firmware and Configuration Files, Save Changes, and System Utilities menus and their respective sub-menus. System Configuration Choose System Configuration to access the first item of the Switch's main menu. The following menu appears: Figure 6-8. System Configuration menu 38 Using the Console Interface Modular Ethernet Switch User's Guide You will need to change some settings to allow you to be able to manage the Switch from an SNMP-based Network Management System or to be able to access the Switch using the Telnet protocol. See the next chapter for Web-based network management information. Configure IP Address The Switch needs to have a TCP/IP address assigned to it so that an in-band network management system (Web-based, Telnet, etc.) can find it on the network. The IP Address Configuration screen allows you to change the settings for the two different interfaces used on the Switch: the Ethernet interface used for inband communication, and the SLIP interface used over the console port for out-of-band communication. Choose Configure IP Address to access the first item on the System Configuration menu. The following screen appears: Figure 6-9. IP Address Configuration screen The fields listed under the Current Settings heading are those that are presently being used by the Switch. Those fields listed under the Restart Settings heading will be used after the Switch has been restarted. Fields that can be set include: Get IP from Determines whether the Switch should get it's IP Address settings from the user (Manual), a BootP server, or a DHCP server. Manual ­ When manual is chosen, the switch will use the IP Address, Subnet Mask and Default Gateway settings defined in this screen upon being rebooted. BootP ­ Sends out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned on a central BOOTP server; if this option is set the Switch will first look for a BOOTP server to provide it with this information before using the supplied settings. DHCP ­ Causes the switch to act as a DHCP client and obtain IP settings from the DHCP server on your network. IP Address Determines the IP address used by the Switch for receiving SNMP and Telnet communications. These fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number between 0 and 255. This address should be a unique address on the network. The same IP address is shared by both the SLIP and Ethernet network interfaces. Subnet Mask Bitmask that determines the subnet that the Switch is on. Should be of the form xxx.xxx.xxx.xxx, where each xxx is a number between 0 and 255. If no subnetting is being done, the value should be 255.0.0.0 for a Class A network address, 255.255.0.0 for a Class B network, and 255.255.255.0 for a Class C network. Using the Console Interface 39 Modular Ethernet Switch User's Guide Default Gateway IP address that determines where frames with a destination outside the current subnet should be sent. This is usually the address of a router or a host acting as an IP gateway. If your network is not part of an internetwork you can leave this field blank. Configure Console You can use the Console Options screen to choose whether to use the Switch's RS-232C serial port for console management or for out-of-band TCP/IP communications using SLIP. You can also set the bit rate used for SLIP communications. Choose Configure Console to access the last item on the System Configuration menu. The following screen appears: Figure 6-10. Console Options screen The following fields can be set: Settings on Restart: Console Timeout This is a security feature which measures the time that the console connection is inactive. Possible values are 2 mins, 5 mins, 10 mins, 15 mins, or Never. After the time expires the console will automatically log off. Serial Port Determines whether the RS-232 serial port should be used for out-of-band (SLIP) management or for console management, starting from the next time the Switch is restarted. In this field, you can toggle between SLIP or Console. Baud Rate Determines the serial port bit rate that will be used the next time the Switch is restarted. Applies only when the serial port is being used in SLIP mode; it does not apply when the port is set for Console. Available speeds are 2400, 9600, 19,200 and 38,400 bits per second. The default setting in this Switch version is 9600. The top of the screen displays the current settings for Console Timeout and Serial Port as well as the Baud Rate, Data Bits, and Stop Bit for Out of Band and Console settings, respectively. Configure Switch Modules The Switch Module Configuration screen shows various pieces of information about your Switch, and allows you to set the System Name, System Location, and System Contact. These settings can be retrieved from the Switch using SNMP requests, allowing these settings to be used for network management purposes. Choose Configure Switch Modules to access the second item on the System Configuration menu. The following screen appears: 40 Using the Console Interface Modular Ethernet Switch User's Guide Figure 6-11. Switch Module Configuration screen The fields you can set are: System Name Corresponds to the SNMP MIB II variable system.sysName, and is used to give a name to the Switch for administrative purposes. The Switch's fully qualified domain name is often used, provided a name has been assigned. System Location Corresponds to the SNMP MIB II variable system.sysLocation, and is used to indicate the physical location of the Switch for administrative purposes. System Contact Corresponds to the SNMP MIB II variable sysContact, and is used to give the name and contact information for the person responsible for administering the Switch. Switch Module Information This screen allows you to view information for each module in your switch, including the Module, Type, and Hardware Version. Press Switch Module Information on the Switch Module Configuration screen to access the Switch Module Information screen: Figure 6-12. Switch Module Information screen Advanced Settings The Configure Advanced Switch Features screen allows you to set Head Of Line Blocking Prevention as well as to enable or disable auto-partitioning on all ports. Press ADVANCED SETTINGS on the Switch Module Configuration screen to access the Configure Advanced Switch Features screen: Using the Console Interface 41 Modular Ethernet Switch User's Guide Figure 6-13. Configure Advanced Switch Features screen The fields you can set are: Auto-Partition Capability on All Ports When this function is enabled, if too many consecutive collisions occur on an individual port, the port will be blocked off until a good packet is seen on the wire. If a port is partitioned, the Switch can only transmit data onto the connected segment, not receive it. Head Of Line (HOL) Blocking Prevention Enables or disables Head-Of-Line Blocking Prevention. Head-of Line blocking occurs when a packet originating on Port 1, for instance, needs to be forwarded to Ports 2 and 3. If Port 2 is occupied (causing the packet to be held in memory until the port is free), the packet destined for Port 3 will also be delayed, even though Port 3 may be free. Cumulatively, these delays can have a noticeable effect on overall network performance. Enabling HOL Blocking Prevention prevents Head-of-Line blocking from occurring, meaning that the packet destined for Port 3 gets delivered immediately. Configure Ports The Port Configuration screen allows you to change settings for a particular port. Figure 6-14. Port Configuration screen Items in the above window are defined as follows: Module Specify the module containing the port you wish to configure. Port Specify the port you wish to configure. Port Type Specifies the speed and cable type of the selected port. 42 Using the Console Interface Modular Ethernet Switch User's Guide State Enables or disables the port. This amounts to turning the port on or off. Speed/Duplex Selects the desired Speed and Duplex settings for the port. Possibilities include: Auto, 100M/Full, 100M/Half, 10M/Full, or 10M/Half. Choosing Auto enables NWay auto-configuration on the port. If the port is a Gigabit Ethernet port, 1000M/Full will be displayed in this field. Gigabit ports also support auto-negotiation. Flow Ctrl Toggles flow control On or Off. Flow control is useful during periods of heavy network activity when the Switch's buffers can receive too much traffic and fill up faster than the Switch can forward the information. In such cases, the Switch will intervene and tell the transmitting device to pause to allow the information in the port buffer to be sent. Priority Selects Normal, High or Low. The Switch has two packet queues where incoming packets wait to be processed for forwarding; a high priority and low priority queue. The high priority queue should only be used for data in which latency can have adverse affects on the function of an application, such as video or audio data, where latency can produce distorted sounds and images. Packets in the low priority queue will not be processed unless the High priority queue is empty. Setting the port priority to High will deliver all packets arriving at the port to the high priority queue, a Low setting will send them all to the low priority queue. The Normal setting causes the port to examine the packet for an IEEE 802.1p/Q priority tag. If no tag exists, the packet will be sent to the low priority queue. If the priority tag field in the packet header contains a value of 0-3, the packet will be placed in the low priority queue; a value of 4-7 causes the packet to be placed in the high priority queue. Port Lock When Enabled, automatic learning for all stations connected to this port will stop and entries in the Forwarding Table for all devices residing on this port will age out. The only traffic this port will allow is traffic from machines whose MAC address is manually entered in the Static Forwarding Table. Broadcast Storm Rising Action This setting will be activated when a Broadcast Storm Rising Threshold is met. When triggered, the port can be configured to Do Nothing, Blocking or Block & Trap. The Do Nothing setting causes the switch to operate normally, in other words, ignore the broadcast storm condition. The Blocking setting causes the port to drop all broadcast frames, thus isolating the broadcast storm. Block & Trap performs the same action as Blocking, except it also sends a trap to the designated Trap Recipient informing them of the situation. For more information on broadcast storms, please refer to the previous chapter. Broadcast Storm Rising Threshold This setting defines a ceiling for the number of broadcast packets per second on this port. Once met, the Broadcast Storm Rising Action (above) will be triggered. The assigned number should be high enough to allow normal broadcast packets (which comprise significant traffic) to be let through, while being low enough so that broadcast storms can be detected early. Broadcast Storm Falling Action This setting will be activated when the Broadcast Storm Rising Threshold and then the Broadcast Storm Falling Threshold are each met. This setting can be configured to Do Nothing, Forwarding or Forward & Trap. The Do Nothing setting causes the switch to operate normally, that is, to ignore the situation. If the port had met the Broadcast Storm Rising Action criteria and started Blocking broadcast packets, it will continue doing so. The Forwarding setting causes the port to begin forwarding broadcast frames, thus removing the Blocking state imposed by the Broadcast Storm Rising Action. Forward & Trap performs the same action as Forwarding, except it also sends a trap to the designated Trap Recipient informing them of the situation. Broadcast Storm Falling Threshold This setting defines the number of broadcast packets per second on this port which will trigger the Broadcast Storm Falling Action (above). This threshold will only trigger an action if the Broadcast Storm Rising Threshold has first been reached. The assigned number should be high enough to allow normal broadcast packets (which comprise significant traffic) to be let through as early as possible, while being low enough so that broadcast storms are completely eliminated. Using the Console Interface 43 Modular Ethernet Switch User's Guide STP Port State This setting displays the ports current state as controlled by the Spanning Tree Protocol. Link Status The current speed, duplex mode and flow control status for the specific port. Press APPLY to refresh the link status after changing settings. Press APPLY to let the changes take effect. If you wish these changes to become permanent, return to the main menu and choose Save Changes. Configure Trunk Groups Ports on the switch can be grouped together in a single logical port called a trunk. This is discussed in detail in the Port Trunking section of the "Switch Management Concepts" chapter of this manual. The switch supports 2 trunk groups per module, except for the Gigabit Ethernet modules ­ these modules support multiple trunk groups consisting of ports from each module. Gigabit Trunk Groups must consist of ports that are all the same media type (for example, SX, LX, or ­T). To set up a trunk group, choose Configure Trunk Groups on the System Configuration menu. The following screen appears: Figure 6-15. Trunk Group Configuration screen Trunk Groups consisting of 10/100 Mbps ports (all on a single 10/100M Fast Ethernet module) can be configured by choosing 10/100m Port Trunk Settings. Figure 6-16. 10/100M Trunk Group Configuration screen 44 Using the Console Interface Modular Ethernet Switch User's Guide Trunk Groups consisting of Gigabit Ethernet ports can be configured by choosing Giga Port Trunk Settings. Figure 6-17. Giga Port Trunk Group Configuration screen The fields you can set are: Anchor The anchor port is the master port of the trunk group. Since all ports in a trunk group must have the same settings, any changes made to the settings of the anchor port will automatically be applied to all ports in the group. The anchor port must fall within the port range and be included as a member port. Name Enter the desired group name. In the example pictured above the first trunk group designates a trunk connection to a switch in the Sales department. Members Select between 2 to 8 ports to be members of the trunk group. In the example above, the first trunk group can comprise ports 1-8, as shown in the Port Range field. The 8 dashes (-) in the members field represent the 8 ports that can be members of the group; the first dash represents Port 1, etc. Position the cursor over the dashes representing ports you wish to be members and hit the . This changes the dash to a `V' and designates the port as a member of the trunk group. State Enables or disables this trunk group. Be careful when disabling trunk groups as the connections will return to normal operation and may cause signal loops. Clear will deselect all ports and erase the name of the trunk group. Port Range is a read-only field which lists the ports that can be members of the trunk group. Press APPLY to let the changes take effect. Configure Port Mirroring The switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port. This is useful for network monitoring and troubleshooting purposes. Choose Configure Port Mirroring on the System Configuration menu to access the following screen: Using the Console Interface 45