Allied Telesis 2.6.1 manual Virtual Local Area Networks VLANs

Page 72

72

AT-8800 Series Switch User Guide

Table 9: Example output from the SHOW SWITCH PORT INTRUSION command.

Switch Port Information

----------------------------------------------------------------------------

Port 2 - 13 intrusion(s) detected

00-00-c0-1d-2c-f8 00-90-27-87-a5-22 00-00-cd-01-00-4a 00-d0-b7-4d-93-c0 08-00-5a-a1-02-3f 00-d0-b7-d5-5f-a9 00-b0-d0-20-d1-01 00-90-99-0a-00-49 00-10-83-05-72-83 00-00-cd-00-45-9e 00-00-c0-ad-a3-d0 00-a0-24-8e-65-3c 00-90-27-32-ad-61

----------------------------------------------------------------------------

A switch port can be manually locked before it reaches the learning limit, by using the command:

ACTIVATE SWITCH PORT={port-listALL} LOCK

Addresses can be manually added to a port locked list up to a total of 256 MAC addresses, and the learning limit can be extended to accommodate them, by using the command:

ADD SWITCH FILTER ACTION={FORWARDDISCARD} DESTADDRESS=macadd

PORT=port [ENTRY=entry] [LEARN] [VLAN={vlanname1..4094}]

Learned addresses on locked ports can be saved as part of the switch configuration, so that they will be part of the configuration after a power cycle, using the command:

CREATE CONFIG=filename

If the configuration is not saved when there is a locked list for a port, the learning process begins again after the switch is restarted.

Virtual Local Area Networks (VLANs)

A Virtual LAN (VLAN) is a logical, software-defined subnetwork. It allows similar devices on the network to be grouped together into one broadcast domain, irrespective of their physical position in the network. Multiple VLANs can be used to group workstations, servers, and other network equipment connected to the switch, according to similar data and security requirements.

Decoupling logical broadcast domains from the physical wiring topology offers several advantages, including the ability to:

Move devices and people with minimal, or no, reconfiguration

Change a device’s broadcast domain and access to resources without physically moving the device, by software reconfiguration or by moving its cable from one switch port to another

Isolate parts of the network from other parts, by placing them in different VLANs

Share servers and other network resources without losing data isolation or security

Direct broadcast traffic to only those devices which need to receive it, to reduce traffic across the network

Connect 802.1Q-compatible switches together through one port on each switch

Software Release 2.6.1 C613-02039-00 REV A

Page 71 Page 73
Image 72
Page 71 Page 73
Contents AT-8800 Series Switch Page Contents Operating the switch AT-8800 Series Switch User GuideMaintenance and Troubleshooting Page Introducing the AT-8800 Series Switch Why Read this User Guide?Chapter Where To Find More Information AT-8800 Series Switch Documentation SetFeatures of the AT-8800 Series Switch Online Technical SupportIntroduction Management Features Software FeaturesSpecial Feature Licences Do if You Clear Flash Memory Completely on Getting Started with the Command Line Interface CLI This ChapterConnecting a Terminal or PC Terminal Communication ParametersParameters for terminal communication Value Enter the password at the password prompt Getting Started with the Command Line Interface CLILogging Assigning an IP AddressSetting Routes To change the IP address for an interface, enter the commandChanging a Password Choosing a PasswordTo add a static route, enter the command Using the Commands Not availableGetting Command Line Help To display the current help file, enter the commandAliases Enabling Special Feature Licences Setting System ParametersGetting Started with the Graphical User Interface GUI Getting Started with the Graphical User Interface GUIWhat is the GUI? Accessing the Switch via the GUIBrowser and PC Setup Supported browsers and operating systemsHttp Proxy Servers Establishing a Connection to the Switch See Option 3 Connecting to an Installed Switch onSee Option 1 Configuring the Switch before Installation on See Option 2 Installing the Switch into the LAN onOption 1 Configuring the Switch before Installation Use this procedure ifSee Http Proxy Servers on page 23 for more information Option 2 Installing the Switch into the LAN Default username is managerAt the login prompt, enter the user name and password Plug the switch into the LANSee Secure Access on page 29 for more information Assign the vlan1 interface an IP addressOption 3 Connecting to an Installed Switch Find out the IP address of the switch’s interfaceSelect a PC If necessary, bypass the Http proxy serverSecure Access Create a Security Officer user accountThen enter the password for CIPHER, sbr4y3 To enable system security, use the commandTo create an RSA key pair, use the command System Status System StatusUsing the GUI Navigation and Features Configuration MenuUsing Configuration Pages Quality of Service and traffic filtersAn example of a configuration page with a selection table Editable Fields Management Menu Monitoring MenuDiagnostics Menu Changing the PasswordContext Sensitive GUI Help Saving Configuration Entered with the GUI Combining GUI and CLI ConfigurationConfiguring Multiple Devices To upgrade the GUI Then delete the GUI resource file, using the commandLoad the new file onto the switch Upgrading the GUITroubleshooting Install the new file as the preferred GUIPoint your web browser at the switch’s IP address Accessing the Switch via the GUI Deleting Temporary FilesTraffic Flow Solution SolutionsIP Addresses and Dhcp Time and NTPLoading Software Page Using Scripts on User Accounts and PrivilegesSnmp and MIBs on A Security Officer prompt looks likeLogin Normal Mode and Security Mode To display the current operating mode, enter the commandOperating the switch Specific Parameters Remote Management Storing Files in Flash MemoryUsing Scripts Example output from the Show File commandSaving the Switch’s Configuration Storing Multiple ScriptsLoading and Uploading Files File Naming ConventionsFile extensions and file types Extension File type/function Loading Files SPASetting Loader Defaults Example Load a Patch File Using HttpTo load a patch file Configure the Loader Download the patch fileUploading Files From the Switch Example Upload a Configuration File Using TftpMore information To upload a log fileUpgrading Switch Software Example Upgrade to a New Software Release Using To upgrade to a new software releaseLoad the new release file onto the switch Enter the licence password for the software release Make the release the default permanent releaseEnter licence information for the release Test the releaseExample Upgrade to a new patch file To upgrade to a new patch fileCheck that the file is successfully loaded Using the Built-in Editor Snmp and MIBsWhere interface is the name of an interface, such as vlan11 For More About Operations and FacilitiesAT-8800 Series Switch User Guide Switch Ports Enabling and Disabling Switch PortsTo enable or disable a switch port, use the commands To display information about switch ports, use the commandSTP Autonegotiation of Port Speed and Duplex Mode Port Trunking Speed 10/100Show VLAN=ALL Layer 2 Switching Packet Storm ProtectionPort Mirroring Port security Example output from the Show Switch Port Intrusion command Virtual Local Area Networks VLANsVlan Tagging TpidFormat of user priority and Vlan data in an Ethernet frame Vlan Membership using Vlan Tags Vlan membership of example of a network using tagged ports Vlan Membership of Untagged PacketsMember ports Creating VLANs Vlans with untagged portsTo add tagged ports to a VLAN, use the command To destroy a VLAN, use the commandSummary of Vlan tagging rules Protected VLANsVlan Interaction with STPs and Trunk Groups Layer 2 Switching Process Generic Vlan Registration Protocol GvrpIngress Rules Learning Process Forwarding Process Layer 2 Filtering Example output from the Show Switch Filter command Quality of Service Egress RulesSpanning Tree Protocol STP Spanning Tree ModesSpanning Tree and Rapid Spanning Tree Port States Spanning tree port states State MeaningRapid Spanning Tree port states State Meaning Configuring STP SET STP=stpnameALL PRIORITY=0..65535 Example output from the Show STP command Do not occur Switch Max Age Parameter MeaningTo display STP port information, use the command 94AT-8800 Series Switch User Guide Example output from the Show STP Port commandTo show STP counters, use the command 96AT-8800 Series Switch User Guide ReceiveTransmit DiscardedInterfaces to Layer 3 Protocols Igmp SnoopingDisable Igmpsnooping Example output from the Show IP Igmp command Group ListTriggers EventDescription ParametersLayer Then use either of the following commands Displays the interfaces enabled for IP routing FigureInternet Protocol IP IP MulticastingRouting Information Protocol RIP Novell IPXLayer 103 Example output from the Show IPX Circuit command AppleTalkResource Reservation Protocol Rsvp Layer 105Page Maintenance and Troubleshooting How the Switch Starts Up Switch startup messagesHow to Avoid Problems Set system territoryWatch for software updates What to Do if You Clear Flash Memory Completely If you accidentally do this, you will need toWhat to Do if Passwords are Lost What to Do if the PPP Link Disconnects RegularlyGetting the Most Out of Technical Support Resetting Switch Defaults Checking Connections Using PingTo get debugging output, enter the command Maintenance and Troubleshooting 113Troubleshooting IP Configurations To set Ping defaults, enter the commandStop a Ping that is in progress, enter the command Telnet FailsTroubleshooting Dhcp IP Addresses Your switch is acting as a Dhcp clientYour switch is acting as a Dhcp server Maintenance and Troubleshooting 115Troubleshooting IPX Configurations To check that the PPP link is active, enter the commandLocal Workstations Can Not Access Remote Servers No Routes are Visible to the Remote RouterUsing Trace Route for IP Traffic Check route tablesTo halt a trace route that is in progress, enter the command
Top Page Image Contents