To deny a mac address, use the following | GE ML1200 instruction

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

To deny a mac address, use the following:

#port-security (port-security)##ps enable

(port-security)##deny mac=<address,list,range> port=<num,list,range> (port-security)##action port=<num,list,range>drop

Example 6-1views port security settings on a switch. Learning is enabled on port 1. This port has 6 stations connected to it with the MAC addresses as shown. Other ports have learning disabled and the MAC addresses are not configured on those ports.

Example 6-1: Viewing the port security settings

ML1200# show port-security

PORT	STATE	SIGNAL	ACTION	LEARN	COUNT	MAC ADDRESS
----	-----	------	------	-----	-----	-----------
1	ENABLE	LOG	NONE	ENABLE	6	00:e0:29:2a:f1:bd
						00:01:03:e2:27:89
						00:07:50:ef:31:40
						00:e0:29:22:15:85
						00:03:47:ca:ac:45
						00:30:48:70:71:23
2	ENABLE	NONE	NONE	DISABLE	0	Not Configured
3	ENABLE	NONE	NONE	DISABLE	0	Not Configured
4	ENABLE	NONE	NONE	DISABLE	0	Not Configured
5	ENABLE	NONE	NONE	DISABLE	0	Not Configured
6	ENABLE	NONE	NONE	DISABLE	0	Not Configured

ML1200(port-security)##

Example 6-2: Enabling learning on a port

ML1200(port-security)## learn port=3 enable

Port Learning Enabled on selected port(s)

ML1200(port-security)## show port-security

PORT	STATE	SIGNAL	ACTION	LEARN	COUNT	MAC ADDRESS
----	-----	------	------	-----	-----	-----------
1	ENABLE	LOG	NONE	ENABLE	6	00:e0:29:2a:f1:bd
						00:01:03:e2:27:89
						00:07:50:ef:31:40
						00:e0:29:22:15:85
						00:03:47:ca:ac:45
						00:30:48:70:71:23
2	ENABLE	NONE	NONE	DISABLE	0	Not Configured
3	ENABLE	NONE	NONE	ENABLE	0	Not Configured
4	ENABLE	NONE	NONE	DISABLE	0	Not Configured
5	ENABLE	NONE	NONE	DISABLE	0	Not Configured
6	ENABLE	NONE	NONE	DISABLE	0	Not Configured

ML1200(port-security)##

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–5

Image 111

GE ML1200 instruction manual To deny a mac address, use the following, Example 6-1 Viewing the port security settings

Contents

GE Multilin MultiLink ML1200 Managed Field Switch Canadian Emissions Statement Electrical Safety requirements Table of Contents Access 10-1 10-310-5 10-19 10-710-12 10-13 15-5 14-915-1 15-4 18-3 17-1417-16 18-1 Multilink ML1200 Managed Field Switch Introduction Getting StartedInspecting the Package and Product ML1200 Order Codes Performance Specifications Alarm Relay Contacts Sinusoidal Vibration DNV To 4 G Interrupts ISO9001 Applicable Council Directive According toCE Compliance Low voltage directive EN60950-1 EMC Directive North America CULus UL60950-1 C22.2 No Command Line Interface Firmware Console SetupConsole Connection Automatic IP Address Configuration Console ScreenLogging In for the First Time Step Setting the IP Parameters Using Console Port ML1200# save Ipconfig ip=ip-address mask=subnet-mask dgw=gatewayML1200# reboot An example is shown below Privilege Levels Enable user-name User Management Help Help command stringCommand Enter Command string TAB First character of the command TAB Following example illustrates logging out from a session Following example, the TAB key completes the commandExiting Logout Example shown in the previous section, the URL is Secure site will issue the certificate check shown belowEnerVista Secure Web Management Make sure you use Https secure Http and not Http in the URL Login screen To add a user, use the add button Select the Administration User Mgmt User Accounts menu item Introduction Introduction Introduction Modifying the Privilege Level To exit or logout, click on the logout button Confirm the logout by selecting OK in the pop-up window Selecting the Proper Version ML1200 Firmware UpdatesUpdating through the Command Line Updating Multilink ML1200 Firmware ML1200# xmodem get type=app Https//IP address of the switch Introduction Introduction Overview Multilink ML1200 Managed Field Switch Product Description Product Description Product Description Four-Port Copper Module, C1 Module Mdix PoE power pass-through, C2 Module MDIX, 10/100Mb 4-port Two -Port 10 Mb mm Fiber ST Modules Two-Port Fiber Modules, 2@ 100Mb fiber Packet Prioritization, 802.1p QOS SFP Gigabit 1000Mbps port modules Managed Network Firmware for Multilink ML1200-Series Frame Buffering and Flow Control Management Software included Features and BenefitsManaged switching for high performance Ethernet LANs Features Fiber-Built-In Product Description Applications Example Example Multilink ML1200 Managed Field Switch Installation Locating Multilink ML1200 SwitchesPreparation Connecting Ethernet Media FiberCopper Twisted Pair CAT Twisted Pair CAT 3, 4 Gigabit SFP Small Form-factor Pluggable Optical Transceivers H7 Module H8 HD Module HE HJ ModuleHK Module DIN-Rail Mounting the Multilink ML1200 Mechanical Installation Installation Powering the Multilink ML1200 Managed Field Switch Electrical Installation 3 ML1200 Port Module PM Installation Ground Pinout information for above connectorRequest to Send Transceiver Data Multilink ML1200 Managed Field Switch Operation Switching FunctionalityFunctionality Status LEDs Auto-Cross Mdix and Auto-negotiation, for RJ-45 portsFor Multilink ML1200 models /ML1200 Flow-control, Ieee 802.3x standard Typical Power Budget Calculations for ML1200 PM’s with Fiber Media H4, HH Mb FX 2 ML1200 Modules Multilink ML1200 Managed Field Switch Port Modules 2.2 C7 Module, 2@10Mb multi-mode FX-ST twist lock Module CB Module, 2 Ports @100Mbps single-mode FX-SC-type, Sgl.M CC Module, 4 @100Mb multi-mode FX , Mtrj Small-Form-factor 2.10 C1 Module Twisted Pair, 10/100Mb, 4-Port PoE LEDs Summary SFPs, Gigabit 1000Mbps port modules Before Calling for Assistance Operation Multilink ML1200 Managed Field Switch IP Addressing IP Address and System InformationOverview Edit the IP address information Importance of an IP Address Dhcp and bootpBootp Database Configuring DHCP/bootp/Manual/AUTO Click Edit Select the Administration System menu item ML1200access## exit ML1200# Using TelnetTelnet enabledisable ML1200access## telnet enable Show session Kill session id=session Select the Administration Telnet menu itemDefault port for telnet is Telnet ipaddress port=port number ML1200# show session For example Setting Parameters Setting Serial Port ParametersSystem Parameters Set timezone GMT=+ or hour=0-14 min=0-59 Date and TimeSnmp Setvar sysnamesyscontactsyslocation =string Set timeformat format=1224 Syntax for other date and time commands areFollowing command sequence sets the daylight location Network Time ML1200sntp## sync hour=5 ML1200sntp## sntp enable ML1200# sntpML1200sntp## exit IP Addressing IP Addressing System Configuration Saving and Loading Command LineConfig file # Restricted Rights System Names, passwords Displaying configurationSyntax show config module=module-name Where module-name can be More ’show config’ command output ML1200# show config module=snmp Hardware Saving Configuration Select Y. The ML1200 will promptSelect N Save format=v2v3 Show host command displays the host table entries # Restricted Rights Script File Saving and Loading EnerVista Software IP Addressing Host Names IP Addressing Kill Config option using SWM Erasing Configuration IP Addressing Lacp settings STP, Rstp settingsPort/Tag Vlan settings IP-Access and Host Table settings ML1200# kill config IPv6 Introduction to IPv6What’s changed in IPV6? 3 IPv6 Addressing Syntax ftp IPv6 address ftp to an IPv6 station Configuring IPv6Syntax ping6 IPv6 address pings an IPv6 station Syntax show ipv6 displays the IPv6 information Syntax telnet IPv6 address telnet to an IPv6 station List of commands in this chapter Description Multilink ML1200 Managed Field Switch Access ConsiderationsSecuring Access Passwords Port Security Feature Ps enabledisable CommandsFor example, using the configure port-securitycommand Learn port=number-list enabledisable show port-security ML1200port-security## allow ML1200port-security## ps enableML1200port-security## ps disable Allowing MAC Addresses Example 6-2 Enabling learning on a port Example 6-1 Viewing the port security settingsML1200port-security## learn port=3 enable To deny a mac address, use the following Save the port-security configuration use the save command ML1200port-security## signal port=3 logandtrapExample 6-4 Removing MAC addresses from specific ports Access Considerations Security Logs Example 6-5 Configuring port security Example 6-6 Security log commands Set logsize size=1-1000ML1200# show log Removeall AccessShow ip-access Authorized Managers ML1200# access ML1200access## exitExample 6-7 Allowing/blocking specific IP addresses After enabling the EnerVista Secure Web Management software Configuring Port Security with EnerVista Software Access Considerations Access Considerations Logs Authorized Managers Access Considerations Access Considerations Multilink ML1200 Managed Field Switch Access Using Radius Introduction to2 802.1x Protocol 802.1x network components 802.1x authentication details Auth Configuring 802.1x through the Command Line InterfaceShow auth configports Auth enabledisable Show-statscommand displays 802.1x related statistics Show-stats port=numTrigger-reauthport=numlistrange Example 7-1 Setting port control parameters ExampleOn following ML1200auth## show-port backend Setting port control parameters ML1200auth## ML1200auth## shoW-port reauth Commands To edit the port settings, click on the edit icon Select the Configuration Radius Port Access menu item Access Using Radius Access Using Radius After all the port characteristics are enabled Introduction to TACACS+ Multilink ML1200 Managed Field Switch Access using TACACS+ TACACS+ Packet TACACS+ Flow Tacacs packet format Packet type Possible values are Show tacplus statusservers Configuring TACACS+ through the Command Line InterfaceTacplus enabledisable Example 8-1 below, illustrates how to configure TACACS+ Example 8-1 Configuring TACACS+ ML1200user## tacplus enableML1200user## tacplus disable Access Using TACACS+ Access Using TACACS+ Access Using TACACS+ Port Mirroring Multilink ML1200 Managed Field Switch Port Mirroring Setup Port-mirror Port Mirroring using the Command Line InterfacePrtmr enabledisable Show port-mirror Device Port SetupDevice command enters the device configuration mode Setport command configures the port characteristics ML1200device## exit ML1200# Example 9-1 Port setupML1200# device ML1200device## show port Flowcontrol xonlimit=value xofflimit=value Where the rxthreshold value can be from 4 to 30 default isFlow Control Back Pressure ML1200device## show port=11 Back pressure and flow control Broadcast Storms Broadcast-protect enabledisable Rate-thresholdport=portlistrange rate=frames/secShow broadcast-protect Example 9-3 Preventing broadcast storms Link Loss Alert ML1200device## show port=3 Example 9-4 Link loss alert Select the Configuration Port Mirroring menu item Port Setup Port Mirroring and Setup Port Mirroring and Setup Broadcast Storm menu Port Mirroring and Setup Vlan Description Multilink ML1200 Managed Field Switch Vlan Vlan Tag Vlan vs. Port Vlan Multilink ML1200 supports up to 32 VLANs per switch 10-4 Configuring Port VLANs through the Command Line Interface Set vlan type=porttagnoneAdd id=vlan Id name=vlan name port=numberlistrange Show vlan type=porttag id=vlanid Start vlan=namenumberlistrangeSave Edit id=vlan Id name=vlan name port=numberlistrange Vlan VID=1 Currently assigned Port VLANs are displayed as follows Select the Configuration Vlan Port-Based menu item 10-9 10-10 10-11 Show-port port=portlistrange Configuring Tag VLANs through the Command Line Interface 10-13 Example 10-1 Converting Port Vlan to Tag Vlan ML1200tag-vlan##add id=20 name=marketing port=3-5 Converting Port Vlan to Tag Vlan ML1200tag-vlan##set-port port=3-5 filter status=enable Name engineering Status Active Port Mode Status Tagged 10-19 Next step is to define the VLANs needed. To do that Click On Configuration vlan tag-based Menu 10-21 Select the Configuration Vlan Tag-Based Tagging menu 10-23 10-24 Gvrp Concepts Vlan Registration over Garp Vlan Registration Over Garp Gvrp Operations Vlan assignment in Gvrp enabled switches Port settings for Gvrp operations Show-vlanStatic vlan=VID ML1200gvrp## static vlan=10 ML1200gvrp## show-vlan Gvrp optionsExample 11-1 Converting a dynamic Vlan to a static Vlan ML1200# gvrp ML1200gvrp## show-vlan 11-6 Show-forbid Configuring Gvrp through the Command Line InterfaceGvrp Operation Notes Show gvrp Example 11-2 Configuring Gvrp To configure Gvrp Select the Configuration Vlan Gvrp menu itemGvrp options on 11-10 Features and Operation Spanning Tree Protocol STP STP default values Show stp configports Configuring STP Example 12-2 Viewing STP ports Example 12-1 Viewing STP configuration Show active-stp Stp enabledisableStp Set stp type=stprstp Example 12-3 Enabling STP Example 12-3shows how to enable STP using the above commands Timers forward-delay=4-30 hello=1-10 age=6-40 ML1200stp##show stp ports Example 12-4 Configuring STP parameters Configuring STP parameters ML1200stp##cost port=2 value=20 ML1200stp##port port=1 status=enable Designated Root Priority 15535 Rstp concepts Rapid Spanning Tree Protocol Transition from STP to Rstp 13-3 Rstp Configuring Rstp through the Command Line InterfaceRstp enabledisable Normal Rstp 13-5 Example 13-2 Reviewing the Rstp port parameters Path cost as defined in Ieee 802.1d / 802.1w Forceversion stprstpShow-forceversion Port port=numberlistrange status=enabledisable Show-timers ML1200rstp##show stp config Example 13-4 Configuring Rstp Configuring Rstp ML1200rstp##priority port=2 value=100 ML1200rstp##port port=1 status=disable Romode add port=portlistrange romode del port=portlistrange Syntax for the romode command on Rstp is shown below ML1200rstp##romode add port=1,2 Example 13-5 Configuring smart RSTP, ring-only mode 13-15 Status Indicates whether STP or Rstp is enabled 13-17 Path cost defined in Ieee 802.1d and 802.1w 13-19 Click the Edit button to configure Rstp Then Save Enable Status 13-22 Multilink ML1200 Managed Field Switch Quality of Service QoS OverviewQoS Concepts IP Precedence DiffServ and QoS IP Precedence ToS Field in an IP Packet Header Qos Configuring QoS through the Command Line InterfaceSet-weightweight=0-7 Show-portweight Set-untagport=portlistrange priority=highlow tag=0-7 Port weight settingsShow qos command displays the QoS settings Show qos type=porttagtos port=portlistrange Example 14-1 Configuring QoS Following example shows how to configure QoS Configuring QoS ML1200qos##set-weight weight=4 ML1200qos##show-portweight 14-9 14-10 14-11 14-12 Igmp Concepts Multilink ML1200 Managed Field Switch Igmp Igmp Figure below shows a network running Igmp Isolating multicast traffic in a network IP Multicast Filters Igmp Support Reserved Addresses Excluded from IP Multicast Igmp Filtering Igmp Configuring Igmp through the Command Line InterfaceIgmp enable/disable Show igmp command displays the Igmp status Show-group Show-portShow-router ML1200igmp## show-router Following example shows how to configure IgmpExample 15-1 Configuring Igmp ML1200igmp## show-port Configuring Igmp ML1200igmp## mcast enable ML1200igmp## mcast disable 15-11 15-12 Snmp Concepts Multilink ML1200 Managed Field Switch Snmp Snmp SNMPv1 standards TrapsStandards Enterprise Traps Intruder RFC 2271-2275 SNMPv3 Configuring Snmp through the Command Line Interface Show-view id=id Following example shows how to configure SnmpShow-trap id=id# Show-group id=id Example 16-1 Configuring Snmp Configuring Snmp ML1200snmpv3## show-view id=1 ML1200snmpv3## show-groupML1200snmpv3## show-group id=1 ML1200snmpv3## show-view ML1200snmpv3## show-user id=2 ML1200snmpv3## show-accessML1200snmpv3## show-access id=1 ML1200snmpv3## show-user 16-11 Multiple managers can be added as shown below 16-13 16-14 Rmon Configuring Rmon ML1200rmon## exit ML1200# ML1200rmon## show rmon event Mail Multilink ML1200 Managed Field Switch Miscellaneous Smtp enabledisable Show smtp configrecipientsSmtp Server command configures the global Smtp server settings Delete id=1-5Server ip=ip-addr port=1-65535 retry=0-3 domain=domain ML1200smtp##show smtp config Statistics Following figure displays the port statistics for group Optimizing serial connection in HyperTerminal Serial Connectivity History Show historyShow version Ping through the Command Line Interface PingPing through EnerVista Secure Web Management software Changing the Command Line Prompt PromptSet prompt prompt string Example 17-2 Typical system event log Command Line Interface ExampleSystem Events Following example illustrates a typical event log EnerVista Example Select the Configuration Statistics Log Statistics menu item 17-13 Main Commands Command Reference Set commands are listed below Set password sets the current user passwordSet timeout sets the system inactivity time out Authorization commands are shown below Configuration commandsSnmp enables or disables Snmp Alarm commands are shown below Vlan Registration over Garp for details Device commands are shown below Rapid Spanning Tree Protocol for additional details Setqos configures QOS configuration usage Spanning Tree Protocol STP for additional details Passwd change the user password 17-20 Following command-line interface settings are available Multilink ML1200 Managed Field Switch Modbus ProtocolModbus Configuration Command Line Interface Settings ML1200# access ML1200access## modbus enable ML1200access## show modbusML1200access## modbus port=602 Select the Configuration Access Modbus menu item EnerVista Settings Memory Mapping Modbus Memory MapModbus memory map Sheet 1 Modbus memory map Sheet 2 Modbus memory map Sheet 3 Modbus memory map Sheet 4 Modbus memory map Sheet 5 Modbus memory map Sheet 6 Modbus memory map Sheet 7 Modbus memory map Sheet 8 Modbus memory map Sheet 9 Modbus memory map Sheet 10 Modbus memory map Sheet 11 Modbus memory map Sheet 12 Modbus memory map Sheet 13 Modbus memory map Sheet 14 Modbus memory map Sheet 15 Modbus memory map Sheet 16 Modbus memory map Sheet 17 Modbus memory map Sheet 18 Modbus memory map Sheet 19 Modbus memory map Sheet 20 Modbus memory map Sheet 21 Modbus memory map Sheet 22 Modbus memory map Sheet 23 Modbus memory map Sheet 24 Modbus memory map Sheet 25 Modbus memory map Sheet 26 Modbus memory map Sheet 27 Modbus memory map Sheet 28 Modbus memory map Sheet 29 Modbus memory map Sheet 30 Modbus memory map Sheet 31 Modbus memory map Sheet 32 Modbus memory map Sheet 33 Format Codes 18-38 Changes to the Manual Multilink ML1200 Managed Field Switch Appendix aRevision History Change Notes GE Multilin Warranty Statement Warranty Multilin Power Consumption 48 V DC, 24 V DC and 125 V DC Power, Theory of Operation Applications for DC Powered Ethernet Switches ML1200, -48 V, 24 V, 125 V DC Installation UL Requirements for DC-powered units Operation DC Power Input Appendix C Internal DC Dual- Source Power Input Power Supply Internal, -48VDC Dual-Source Specifications for Multilink ML1200 Field Switch Chapter C Internal DC DUAL-SOURCE Power Input Option Dual-Source Option Theory of Operation Features and Benefits of the Dual-Source Design Installation