43The Management Ports ⇒ Packet Filtering Window | Sunfire B1600

■Source – The frame’s TCP/UDP source address, netmask, and port range (between 0 and 65,535).

■Destination – The frame’s TCP/UDP destination address, netmask, and port range (between 0 and 65,535).

■Fragment – The rule will only match packets with the More Fragments (MF) bit set or with a fragment offset greater than zero. If fragment is not set, the rule will match both fragments and non-fragmented packets.

■Log – Logs any matching packets in the log buffer. The maximum number of entries stored in the log buffer is 64. When the buffer fills, it will wrap around and overwrite the oldest entries. Note that the log is stored in RAM and is lost when the switch is reset.

3.4.7.1Web Interface: Filtering Traffic to the Management Port

1.Open Management Port ⇒ Packet Filtering.

2.Specify the required rules.

3.Click Add.

The rule in the following example permits TCP traffic from source address 10.7.1.1 to destination address 10.8.1.1, using TCP ports 10 to 30.

FIGURE 3-43The Management Ports ⇒ Packet Filtering Window

Chapter 3 General Management of the Switch 3-135

Image 173

Sunfire B1600 Web Interface Filtering Traffic to the Management Port, 43The Management Ports ⇒ Packet Filtering Window

Contents

Page Page Page Page Contents General Management of the Switch Contents Page Contents Command-Line Reference Contents Page Contents Page Contents Management Information Base A-1 Glossary Glossary-1 Index Index-1 Page How This Book Is Organized Before You Read This BookPage Enable Accessing Sun DocumentationTypographic Conventions Related Documentation Sun Welcomes Your Comments Contacting Sun Technical Support Introduction Overview Switch ArchitectureWays of Accessing the Switch Management Application Up-link Ports Description of HardwareEthernet Ports Internal Ports SSC Exterior Panel Port LEDs Status LEDs Features of the Switch Introduction Page 2Switch Default Settings Switch Default Settings ARP Initial Configuration Sc console sscn/swt Connecting to the Switch InterfaceConfiguration Options Community Strings Enabling Snmp Management Access Trap Receivers Blade System Chassis Software Setup Guide Page General Management of the Switch Using the Web Interface Home Navigating the Web Browser Interface Panel Display Configuration Options1Web Page Configuration Buttons Main Menu 2Summary of Tasks You Can Perform Using the Web Agent 102 134 Displaying System Information Basic Configuration 3Switch Setup ⇒ System Identity Window Pass MIB Variables Identification Details Setting the IP Address Web Interface Specifying the Management Vlan and IP Details Manual Configuration 5Open Switch Setup ⇒ Network Identity Window MIB Variables Specifying the Management Vlan and IP Details Consoleconfig-if#ip address 10.1.0.2Consoleconfig#ip default-gateway Web Interface Using Dynamic IP Configuration Services Using DHCP/BOOTP Console#ip dhcp restart Console#ip dhcp restart Console#show ip interface MIB variables Using Dynamic IP Configuration Services Displaying Switch Software Versions Console#show version Use the following command to display version information 6MIB Versions Associated With Software Version Information MIB Variables Associated With Software Version Information Managing Firmware Downloading Switch Firmware From a ServerWeb Interface Downloading Switch Firmware Command-line Interface Dowloading Switch Firmware MIB Variables Associated With Downloading Firmware Consoleconfig#boot system opcodeConsole#copy tftp file 7MIB Variables Associated With Downloading Firmware Supported Web Interface Downloading a File of Configuration Settings Saving or Restoring Configuration SettingsDownloading Configuration Settings From a Server Page Consoleconfig#boot system config startup-new Configuring User Authentication Applies only to Radius server authentication Web Interface Configuring User Authentication To configure authentication parameters for local access Command-line Interface Configuring User Authentication 9MIB Variables Associated With User Authentication Configuring SnmpMIB variables Associated With User Authentication Web Interface Adding and Removing Community Strings Configuring Snmp Access MIB Variables Associated With Community Strings Consoleconfig#snmp-server community blueberry rw Web Interface Specifying Trap Management Stations Specifying Trap Managers and Trap Types Command-line Interface Specifying Trap Management Stations 10MIB Variables Associated With Trap Management MIB Variables Associated With Trap Management Vlan Configuration Configuring Global Network ProtocolsPage Web Interface Displaying Basic Vlan Information Displaying Basic Vlan Information Console#show bridge-ext Command-line Interface Displaying Basic Vlan Information 11MIB Variables Associated With Basic Vlan Information MIB Variables Associated With Basic Vlan Information MIB-II Command-line Interface Enabling Gvrp Enabling or Disabling Gvrp Global SettingWeb Interface Enabling or Disabling Gvrp Global Setting Web Interface Configuring VLANs Configuring VLANsMIB Variables Associated With Gvrp 12MIB Variables Associated With Gvrp See Adding Static Members to VLANs on Vlan Command-line Interface Vlan Configuration 13MIB Variables Associated With Vlan Configuration MIB Variables Associated With Vlan Configuration Port list Adding Static Members to VLANs Web Interface Adding Ports Manually to a Vlan 18The Switch Config ⇒ VLANs Window Command-line Interface Adding Ports Manually to a Vlan 14MIB Variables Associated With Adding Ports to a Vlan MIB Variables Associated With Adding Ports to a Vlan Multicast Configuration Configuring Igmp Snooping Parameters Web Interface Configuring Igmp Snooping Parameters 19The Switch Config ⇒ Broadcast & Multicast Window Console#show ip igmp snooping Command-line Interface Configuring Igmp Snooping Parameters 15MIB Variables Associated With Igmp Parameters Specifying Interfaces Connected to Multicast RoutersMIB Variables Associated With Igmp Parameters Page General Management of the Switch Console#show ip igmp snooping mrouter vlan Consoleconfig#ip igmp snooping vlan 1 mrouter ethernet NETP0 Read/create Octet string Multicast Router Web Interface Configuring Multicast Services Configuring Multicast Services General Management of the Switch MIB Variables Associated With Configuring Multicast Servcies Command-line Interface Configuring Multicast Services Web Interface Using Broadcast Storm Control Broadcast Storm Control Global Setting Command-line Interface Using Broadcast Storm Control 18MIB Variables Associated With Broadcast Storm Control MIB Variables Associated With Broadcast Storm Control Configuring Basic STA Settings Spanning Tree Algorithm Configuration General Management of the Switch Web Interface Configuring Basic STA Settings General Management of the Switch Consoleconfig#spanning-tree mode rst Command-line Interface Configuring Basic STA Settings 19MIB Variables Associated With Basic STA Settings MIB Variables Associated With Basic STA Settings Web Interface Configuring Advanced STA Settings Configuring Advanced STA Settings 20MIB Variables Associated With Advanced STA Settings Command-line Interface Configuring Advanced STA SettingsMIB variables Associated With Advanced STA Settings Web Interface Configuring Class of Service Class of Service ConfigurationSetting the Default Priority for Interfaces 25The Switch Config ⇒ Class of Service Command-line Interface Configuring Class of Service 21MIB Variables Associated With Class of Service MIB Variables Associated With Class of Service22IEEE 802.1p Default Priority Recommendations Mapping COS Values to Egress Queues 23IEEE 802.1p Traffic Types Web Interface Mapping COS Values to Traffic Classes Console#show queue cos-map ethernet NETP0 Command-line Interface Mapping COS Values to Traffic Classes Traffic Class Web Interace Setting the Service Weight for Traffic Classes Setting the Service Weight for Traffic Classes Mapping Layer 3/4 Priorities to COS Values Console#show queue bandwidth Queue ID Weight25Setting the Service Weight for Traffic Classes Consoleconfig#map ip precedence Web Interface Enabling Priority ServicesCommand-line Interface Enabling Priority Services Mapping IP Precedence Consoleconfig#no map ip precedenceMIB Variables Associated With Traffic Prioritisation 26MIB Variables Associated With Traffic Prioritization Web Interface Mapping IP Precedence MIB Variables Associated With Mapping IP Precedence Command-line Interface Mapping IP PrecedenceConsole#show map ip precedence ethernet SNP5 28MIB Variables Associated With Mapping IP Precedence Web Interface Mapping Dscp Priority 29Default Dscp to COS MappingMapping Dscp Priority Console#show map ip dscp ethernet SNP5 Command-line Interface Mapping Dscp PriorityConsoleconfig#interface ethernet SNP5 MIB Variables Associated With Mapping Dscp to CoS Values Address Table SettingsDisplaying the Address Table Mac-address-table Interface ethernet NETP1 Command-line Interface Viewing the Address TablesWeb Interface Viewing the Address Tables MIB Variables Associated With the Address Tables Changing the Aging TimeWeb Interface Changing the Aging Time 30MIB Variables Associated With the Address Tables Consoleconfig#mac-address-table aging-time Command-line Interface Changing the Aging TimeMIB Variables Associated With Aging Time 31MIB Variables Associated With Aging Time Displaying Connection Status Port Configuration Web Interface Displaying Connection Status for the Ports See Configuring Interface Connections on 33The Up Links ⇒ Connections Status Window Console#show interfaces status ethernet NETP7 This example shows the connection status for Port NETP7 MIB Variables Associated With the Connection Status of Ports Read only Error1 Duplex Status Configuring Interface Connections Web Interface Configuring Interface Connections 34The Up Links ⇒ Status Window showing attribues of NETP0 33MIB Variables for Interface Connections Command-line Interface Configuring Interface Connections Read/write Bits Capabilities Configuring Aggregated Links Web Interface Dynamic Aggregated Links Lacp Dynamically Configuring an Aggregated Link with Lacp Consoleconfig#interface ethernet NETP0 Command-line Interface Dynamic Aggregated Links LacpConsoleconfig#interface ethernet NETP1 Console#show interfaces status port-channel 34MIB Variables Associated With Dynamic Aggregated Links MIB Variables Associated With Dynamic Aggregated Links Web Interface Statically Configuring an Aggregated Link Statically Configuring an Aggregated Link Consoleconfig#interface ethernet NETP3 Consoleconfig#interface port-channel 35MIB Variables Associated With Static Aggregated Links MIB Variables Associated With Static Aggregated Links Configuring Vlan Behavior for Interfaces Web Interface Configuring Vlan Behavior for Interfaces Modify the required settings for each interface Click Save 38The Up Links ⇒ VLANs Window cont’d 36MIB Variables Associated With Vlan Behavior of Interfaces MIB Variables Associated With Vlan Behavior of Interfaces Port Gvrp Read Octet string Name Configuring Static Addresses 39The Up Links ⇒ Static Addresses Window Web Interface Configuring Static Addresses MIB Variables Associated With Static Addresses Command-line Interface Configuring Static AddressesConsole#show mac-address-table ethernet NETP4 37MIB Variables Associated With Static Addresses Vlan Index Managing Interfaces for Spanning Tree Algorithm Displaying the Current Interface Settings for STA CLI displays this term Console#show spanning-tree ethernet NETP4 40The Up Links ⇒ Spanning Tree Window 38MIB Variables Associated With a Port’s STA Settings MIB Variables Associated With a Port’s STA Settings Configuring Interface Settings for STA Web Interface Configuring STA Settings for a Port 41The Up Links ⇒ Spanning Tree Window for NETP4 Command-line Interface Configuring STA Settings for a Port Checking the STA Protocol Status for Interfaces MIB Variables for Configuring a Port’s STA Settings39MIB Variables for Configuring a Port’s STA Settings 40MIB Variables Associated With a Port’s STA Status MIB Variables Associated With a Port’s STA StatusPage 43The Management Ports ⇒ Packet Filtering Window Web Interface Filtering Traffic to the Management Port Consoleconfig#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 Action Read/create Integer IP Port Monitoring Port and Management Traffic Configuring Port MirroringWeb Interface Configuring Port Mirroring 44The Monitoring ⇒ Port Mirroring Window Command-line Interface Configuring Port Mirroring 42MIB Variables Associated With Port Mirroring Showing Port StatisticsMIB Variables Associated With Port Mirroring 43Traffic Statistics 43Traffic Statistics 43Traffic Statistics 45The Monitoring ⇒ Port Statistics window Web Interface Viewing Port Statistics Scroll down the page to view Rmon statistics This example shows statistics for port SNP13 Command-line Interface Viewing Port Statistics 44MIB Variables Associated With Port Statistics MIB Variables Associated With Port Statistics Out Discards Deferred CRC/Alignment 45SNMP Traffic Statistics Showing Snmp Statistics Open Monitoring ⇒ Snmp Statistics Web Interface Viewing Snmp Statistics 47The Monitoring Snmp Statistics Window Console#show snmp Command-line Interface Viewing Snmp Statistics 46MIB Variables Associated With Snmp Statistics Configuring Message LogsMIB Variables Associated With Snmp Statistics 47Error Levels Web Interface Configuring Message Logs 48The Monitoring ⇒ Logs Window Command-line Interface Configuring Message Logs 48MIB Variables Associated With Message Logs MIB Variables Associated With Message LogsPage Command-Line Reference Console Connection Using the Command-Line InterfaceAccessing the CLI Telnet Connection Consoleconfig-if#ip address 10.1.0.1 Console#show startup-config Entering CommandsConsoleconfig#username admin password 0 smith Keywords and Arguments Minimum Abbreviation Command CompletionGetting Help on Commands Consoleshow interfaces ? Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup 1Command Modes Exec Commands Console#configure Configuration Commands 3CLI Editing Keystrokes Command-Line Processing2Configuration Modes 4Command Groups Command Groups 166 General Commands Detailed Command DescriptionEnable Syntax Disable Configure Show history Reload 1.6 end Quit Exit Copy Flash/File Commands Syntax Console#copy file tftp Delete Console#delete test2.cfg 2.3 dir 5File Information Following example shows how to display all file information Whichboot Console#whichboot Boot system 6System Management Commands System Management CommandsConsoleconfig#boot system config startup Hostname Username Consoleconfig#hostname ServerChassis357Default User Names and Passwords Enable password Ip http port Consoleconfig#enable password level 15 0 admin Ip http server Jumbo frame Logging on Logging history 8Error Levels Console#clear logging Consoleconfig#logging history ramClear logging Show logging Show startup-config Console#show startup-config Show running-config Console#show running-config Show system None Console#show users Show usersShow version Example Authentication Commands 9Authentication Commands Authentication login Consoleconfig#authentication login radius Radius-server port Radius-server host Radius-server key Consoleconfig#radius-server key green Radius-server retransmit Radius-server timeoutDefault Setting Command Mode Console#show radius-server Show radius-server Tacacs-server port Tacacs-server host Tacacs-server key 10SNMP Commands Snmp CommandsShow tacacs-server Console#show tacacs-server Snmp-server community Snmp-server contact Consoleconfig#snmp-server community alpha rwConsoleconfig#snmp-server contact Paul Snmp-server host Consoleconfig#snmp-server location WC-19Snmp-server location Consoleconfig#snmp-server host 10.1.19.23 batman version Snmp-server enable traps Show snmp Console#show snmp Line Line Commands11Line Commands Login Password No password is specified Password-thresh Exec-timeout Silent-time Show line Console#show line IP Commands Ip address Ip dhcp restart Ip dhcp client-identifier Syntax Ip default-gateway Show ip redirects Show ip interface Console#show ip redirects Ping Ip filter Port number is not checked. The fragments option is allowed General Configuration Example Checking for code values Example Address filtersExample Checking for fragments Example Checking for port numbers Consoleconfig#ip filter permit tcp 192.168.1.0 0.0 0.0.0.0Show ip filter Console#show ip filter Interface Interface Commands13Interface Commands Description Speed-duplex Negotiation Consoleconfig#interface ethernet NETP5Consoleconfig-if#speed-duplex 100half Capabilities Consoleconfig#interface ethernet SNP11 SNP0-15 1000full Flowcontrol Consoleconfig#interface ethernet NETP7 Following example enables flow control on port NETP7 Shutdown Switchport broadcast packet-rate Enabled for all ports Packets per second Console#clear counters ethernet SNP5 Clear countersShow interfaces status Vlan vlan-idRange Console#show interfaces status ethernet SNP11 Show interfaces counters Console#show interfaces counters ethernet NETP7 Show interfaces switchport Shows all interfaces 14Address Table Commands Address Table CommandsConsole#show interfaces switchport ethernet NETP7 Action Mac-address-table static Console#clear mac-address-table dynamic Clear mac-address-table dynamicShow mac-address-table Console#show mac-address-table Mac-address-table aging-time Show mac-address-table aging-time 15Port Security Commands Port Security CommandsPort security Console#show mac-address-table aging-time Following example enables port security of port SNP5 Spanning-tree Spanning Tree Commands16Spanning Tree Commands Spanning-tree mode Spanning-tree forward-time Consoleconfig#spanning-tree mode rstp Spanning-tree hello-time Spanning-tree max-age Spanning-tree priority Spanning-tree pathcost method Consoleconfig#spanning-tree priority Spanning-tree cost Consoleconfig#spanning-tree pathcost method longSpanning-tree transmission-limit Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Spanning-tree edge-port Spanning-tree protocol-migration Spanning-tree link-type Show spanning-tree Rstp 17VLAN Commands Vlan Commands Vlan Vlan database Consoleconfig-vlan#vlan 105 name RD5 media ethernet Interface vlan Switchport modeConsoleconfig-if#ip address 192.168.1.254 Switchport acceptable-frame-types Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Default Setting Switchport forbidden vlan Show vlan Vlan id Gvrp and Bridge Extension Commands18GVRP and Bridge Extension Commands Consoleconfig#interface ethernet SNP1 Switchport gvrpShow gvrp configuration Console#show gvrp configuration Garp timer Show garp timer Bridge-ext gvrp Show garp timerConsole#show garp timer ethernet SNP1 Show bridge-ext Command Usage 19IGMP Snooping Commands Igmp Snooping Commands Ip igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Show ip igmp snooping Consoleconfig#ip igmp snooping version Show mac-address-table multicast Ip igmp snooping query-count Consoleconfig#ip igmp snooping querierIp igmp snooping querier Ip igmp snooping query-interval Consoleconfig#ip igmp snooping query-count Ip igmp snooping query-max-response-time Consoleconfig#ip igmp snooping query-interval Ip igmp snooping router-port-expire-time Consoleconfig#ip igmp snooping query-max-response-time Ip igmp snooping vlan mrouter Consoleconfig#ip igmp snooping router-port-expire-time Show ip igmp snooping mrouter Console#show ip igmp snooping mrouter Priority Commands20Priority Commands Switchport priority default Queue bandwidth Queue bandwidth weight1...weight4 Queue cos-map Consoleconfig#queue bandwidth 1 3 5 21IEEE 802.1p Default Priority Recommendations Show queue bandwidth Show queue cos-map Console#show queue cos-map ethernet SNP11 Map ip precedence Global Configuration Map ip precedence ip-precedence-value cos cos-value Map ip precedence Interface Configuration Map ip dscp Global Configuration 22Default Dscp to COS Mapping Map ip dscp Interface Configuration Show map ip precedence Show map ip dscp Map ip dscp ethernet SNP1 Port monitor Mirror Port Commands23Mirror Port Commands Show port monitor Link Aggregation Commands Guidelines for Creating Aggregated Links 24Link Aggregation CommandsChannel-group Lacp Lacp No lacp Consoleconfig#interface ethernet NETP0 Management Information Base Table A-1Supported MIBs Supported MIBs Table A-4Sun Private Enterprise Traps Supported TrapsTable A-2Sun Private Enterprise MIB Page Troubleshooting Diagnosing Port Connections Diagnosing Switch IndicatorsAccessing the Management Interface Appendix B Troubleshooting B-3 Table B-1Log Messages Using System LogsLog Messages Console#show interfaces statuss e 1/1 Error MessagesCommand-Line Error Detection Command Line Errors System ErrorsTable B-2System Error Messages Table B-3Command Line Error Messages Appendix B Troubleshooting B-7 Line mode vty can not use console parameter Table B-4Web Interface Error Messages Web Interface Errors Illegal Snmp trap IP address Appendix B Troubleshooting B-11 Table B-4Web Interface Error Messages Appendix B Troubleshooting B-13 Table B-4Web Interface Error Messages Specifications Table C-1Switch Architecture Switch Architecture Table C-2Management Features Management Features Standards PowerEnvironmental Appendix C Specifications C-5 Page Bandwidth Glossary Garp Vlan Convergence for topology changes Access method and physical layer specifications1000BASE-T Fast Ethernet Defines frame extensions for Vlan tagging Link Aggregation Control Protocol Access to this switch Management servicesBlocks and error-corrected Efficiency of the networkPage Index Page Index-3