Use the menus listed on the System page to define the switch's relationship to its environment. To display the System page, click System in the tree view. The Systemmenu page contains links to the following features:
Use the Asset page fields to configure and view general device information.
To display the Asset page, click System® General® Asset in the tree view.
Figure 6-1. Asset
The Asset page contains the following fields:
System Name (0 – 255 characters) — Use to assign device system name.
System Contact (0 – 255 characters) — Use to assign thecontact person's name.
System Location (0 – 255 characters) — Use to specify a system location.
Sys Object ID — The assigned System Object ID.
MAC Address — Displays the MAC address of the switch.
Sys Uptime — Displays the number of days, hours, and minutes since the last restart.
Date — Displays the current system date. The format is month, day, year (MM/DD/YY). For example, 11/01/05 is November 01, 2005.
Time — Displays the current system time. The format is hour, minute, second (HH:MM:SS). For example, 20:12:03 is 8:12:03 PM.
Unit No. — Displays the switch's position in the stack.
Service Tag — Displays the service reference number used when servicing the device.
Asset Tag (0 – 16 characters) — Displays the user-defined device reference.
Serial No. — Displays the device serial number.
Defining System Information
Open the Asset page.
Define the following fields: System Name, System Contact, System Location, and Asset Tag.
Click Apply Changes.
The system parameters are applied, and the device is updated.
Initiating a Telnet Session
Open the Asset page.
NOTE: The appropriate telnet parameters are set prior to initiating the telnet session. See "Configuring an Initial Telnet Password" for information. If the client has a Microsoft® Windows® environment, the program must be configured for telnet. If the client has a Unix environment, the telnet program must exist in the path.
Click Telnet.
The prompt appears, indicating that the system is ready to receive input.
Configuring Device Information Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapters in theCLI Reference Guide:
System Management Commands
SNMP Commands
Clock Commands
System Health
Use the Healthpageto view physical device information, including information about the switch's power and ventilation sources.
To display the Health page, click System® General® Health in the tree view.
Figure 6-2. Health
The Health page contains the following fields:
Unit No. — Displays the unit's position in the stack.
Power SupplyStatus — Displays the power supply status.
— The power supply is operating normally.
— The power supply is not operating normally.
Not Present — The power supply is currently not present.
FanStatus— Indicates the fan status. The PowerConnect 6224 has three fans, the 6248 has four fans.
— The fan is operating normally.
— The fan is not operating normally.
Not Present — A fan is currently not present.
Temperature — Displays the temperature at which the device is currently running.
Viewing System Health Information Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Versions
Use the Versions page to view information about the software versions currently running.
To display the Versions page, click System® General® Versions in the tree view.
Figure 6-3. Versions
The Versions page contains the following fields:
Unit No. — Displays the unit's position in the stack.
Boot Version — Displays the boot image version of active image.
Image1 Version — Displays the version number of one of the two available software images.
Image2 Version — Displays the version number of the other of the two available software images.
Current-Active — Displays the current software version running on the device.
Next-Active — Displays the software version to be loaded if the current version crashes.
Displaying Device Versions Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
System Resources
Use the System Resources page to view information about memory usage and task utilization.
To display the System Resources page, click System® General®System Resources in the tree view.
Figure 6-4. System Resources
The System Resources page contains the following fields:
Total Memory — Displays the total memory present on the switch.
Available Memory — Displays the available memory (Free for allocation) present on the switch.
Task Name — Name of the active task running on the switch.
Utilization (%) — Percentage of CPU time utilized by the corresponding task. It is calculated for a duration of 2 seconds.
Displaying System Resources Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Time Zone Configuration
Use the Time Zone Configuration to configure the time zone difference from Coordinated Universal Time (UTC).
To display the Time Zone Configuration page, click System® General®Time Zone Configuration in the tree view.
Figure 6-5. Time Zone Configuration
The Time Zone Configuration page contains the following fields:
Hours-offset — Set the hours difference from UTC. (Range: -12 to +13)
Minutes-offset — Set the minutes difference from UTC. (Range: 0–59)
Zone — Set the acronym of the time zone. (Range: 0–4 characters)
Defining the Time Zone Parameters
Open the Time Zone Configuration page.
Define thefields as needed.
Click Apply Changes.
The time zone settings are modified, and the device is updated.
Configuring Time Zone Settings Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands
Summer Time Configuration
Use the Summer Time Configuration page to specify a defined summer time duration and offset.
To display the Summer Time Configuration page, click System® General®Summer Time Configuration in the tree view.
Figure 6-6. Summer Time Configuration
The fields on the Summer Time Configuration page change when you select or clear the Recurring check box. The Summer Time Configuration page contains the following fields:
Recurring — Select the check box to indicate that the configuration is to be repeated every year.
Location — This field displays only when the Recurring check box is selected. The summer time configuration is predefined for the United States and European Union. To set the summer time for a location other than the USA or EU, select None.
Start Week — Select the starting week number. This field displays only when the Recurring check box is selected.
Start Day — Select the starting day number. This field displays only when the Recurring check box is selected.
Start Month — Select the starting month.
Start Time — Select the starting time in hh:mm format.
Start Date — Select the starting date. This field displays only when the Recurring check box is cleared.
Start Year — Select the starting year. This field displays only when the Recurring check box is cleared.
End Week — Select the ending week number. This field displays only when the Recurring check box is selected.
End Day — Select the ending day number. This field displays only when the Recurring check box is selected.
End Month — Select the ending month.
End Time — Select the ending time in hh:mm format.
End Date — Select the ending date. This field displays only when the Recurring check box is cleared.
End Year. — Select the ending year. This field displays only when the Recurring check box is cleared.
Offset — Set the number of minutes to add during summer time in the range 0 to 1440.
Zone — Set the acronym of the time zone to be displayed when summer time is in effect.
Defining the Summer Time Parameters
Open the Summer Time Configuration page.
Define thefields as needed.
Click Apply Changes.
The summer time settings are modified, and the device is updated.
Configuring Summer Time Parameters Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands
Clock Detail
Use the Clock Detail page to view information about the current time, time zone, and summer time settings.
To display the Clock Detail page, click System® General®Clock Detail in the tree view.
Figure 6-7. Clock Detail
The Clock Detail page provides information about the following clock features:
Current Time — This section displays the current time.
Time Zone — This section displays the time zone settings.
Summertime — This section displays the summer time settings.
Displaying Clock Detail Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands
Reset
Use the Reset page to reset the device.
To display the Reset page, click System® General® Reset in the tree view.
Figure 6-8. Reset
The Reset page contains the following fields:
Reset Unit No. — Use to select the device in the stack that needs to be reset.
Resetting the Device
Open the Reset page.
Click Reset Unit No.
Select either Individual Unit or All.
Click Apply Changes button.
When the confirmation message displays, click OK.
The selected device is reset. After the device is reset, enter a user name and password.
Configuring SNTP Settings
The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates only as an SNTP client and cannot provide time services to other systems.
Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above since it is itself a stratum 2 device.
The following is an example of stratums:
Stratum 0 — A real time clock is used as the time source, for example, a GPS system.
Stratum 1 — A server that is directly linked to a Stratum 0 time source is used. Stratum 1 time servers provide primary network time standards.
Stratum 2 — The time source is distanced from the Stratum 1 server over a network path. For example, a Stratum 2 server receives the time over a network link, through NTP, from a Stratum 1 server.
Information received from SNTP servers is evaluated based on the time level and server type.
SNTP time definitions are assessed and determined by the following time levels:
T1 — Time at which the original request was sent by the client.
T2 — Time at which the original request was received by the server.
T3 — Time at which the server sent a reply.
T4 — Time at which the client received the server's reply.
The device can poll Unicast and Broadcast server types for the server time.
Polling for Unicast information is used for polling a server for which the IP address is known. SNTP servers that have been configured on the device are the only ones that are polled for synchronization information. T1 through T4 are used to determine server time. This is the preferred method for synchronizing device time because it is the most secure method. If this method is selected, SNTP information is accepted only from SNTP servers defined on the device using the SNTP Serverspage.
Broadcast information is used when the server IP address is unknown. When a Broadcast message is sent from an SNTP server, the SNTP client listens to the message. If Broadcast polling is enabled, any synchronization information is accepted, even if it has not been requested by the device. This is the least secure method.
The device retrieves synchronization information, either by actively requesting information or at every poll interval. If Unicast and Broadcast polling are enabled, the information is retrieved in this order:
Information from servers defined on the device is preferred. If Unicast polling is not enabled or if no servers are defined on the device, the device accepts time information from any SNTP server that responds.
If more than one Unicast device responds, synchronization information is preferred from the device with the lowest stratum.
If the servers have the same stratum, synchronization information is accepted from the SNTP server that responded first.
MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
The SNTP menu page contains links to pages that allow you to configure SNTP parameters.
To display the SNTP page, click System® SNTP in the tree view.
Use the SNTP Global Settingspageto view and adjust SNTP parameters.
To display the SNTP Global Settingspage, click System®SNTP® Global Settings in the tree view.
Figure 6-9. SNTP Global Settings
The SNTP Global Settings page contains the following fields:
SNTP Client — Use drop-down list to enable or disable the client. If the client is disabled, some of the fields below are also disabled.
Poll Interval — Defines the interval (in seconds) at which the SNTP server is polled for Unicast information. The range is 60–1024 seconds.
Receive Broadcast Servers Update — If enabled, listens to the SNTP servers for Broadcast server time information on the selected interfaces. The device is synchronized whenever an SNTP packet is received, even if synchronization was not requested.
Receive Unicast Servers Update — If enabled, polls the SNTP servers defined on the device for Unicast server time information.
Defining SNTP Global Parameters
Open the SNTP Global Settings page.
Define thefields as needed.
Click Apply Changes.
The SNTP global settings are modified, and the device is updated.
Defining SNTP Global Parameters Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands.
SNTP Authentication
The SNTP Authentication page lets you enable SNTP authentication between the device and an SNTP server, and to select the desired SNTP server. Use the SNTP Authentication page to enable or disable SNTP authentication, to modify the authentication key for a selected encryption key ID, to designate the selected authentication key as a trusted key, and to remove the selected encryption key ID.
Click System® SNTP® Authentication in the tree view to display theSNTP Authentication page.
Figure 6-10. SNTP Authentication
The SNTP Authenticationpage contains the following fields:
SNTP Authentication — If enabled, requires authenticating an SNTP session between the device and an SNTP server.
Authentication— Type of authentication. System supports MD5 only.
Encryption Key ID — Contains a list of user-defined key IDs used to authenticate the SNTP server and device. Possible field values are 1–4294767295.
Authentication Key (1–8 Characters) — Displays the key used for authentication.
Trusted Key — Check to specify the encryption key used (Unicast) or uncheck to authenticate the SNTP server (Broadcast).
Remove Encryption Key ID — Check to remove the selected authentication key.
Adding an SNTP Authentication Key
Open the SNTP Authentication page.
Click Add.
The Add Authentication Key page displays:
Figure 6-11. Add Authentication Key
Define thefields as needed.
Click Apply Changes.
The SNTP authentication key is added, and the device is updated.
Displaying the Authentication Key Table
Open the SNTP Authentication page.
Click ShowAll.
The Authentication Key Table page displays:
Figure 6-12. Authentication Key Table
Removing an Authentication Key
Open the SNTP Authentication page.
Click ShowAll.
The Authentication Key Table page displays.
Select an Authentication Key Table entry by checking its the Remove check box.
Click Apply Changes.
The entry is removed, and the device is updated.
Defining SNTP Authentication Settings Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands.
SNTP Server
Use the SNTP Serverpageto view and modify information for enabling SNTP servers, and to add new SNTP servers.
To display the SNTP Serverpage, click System® SNTP® SNTP Server in the tree view.
Figure 6-13. SNTP Servers
The SNTP Servers page contains the following fields:
SNTP Server — Selects user-defined SNTP server IP address from a drop-down menu. Up to eight SNTP servers can be defined by using the Add button.
Encryption Key ID — Specifies user-defined key ID used to communicate between the SNTP server and device. The encryption key ID is defined in the SNTP Authentication page.
Priority (1–8) — Specifies the priority of this server entry in determining the sequence of servers to which SNTP requests are sent. Values are 1 to 8, and the default is 1. Servers with lowest numbers have priority.
Status — Displays the operating SNTP server status. The possible field values are:
Up — The SNTP server is currently operating normally.
Down — Indicates that a SNTP server is currently not available. For example, the SNTP server is currently not connected or is currently down.
In progress — The SNTP server is currently sending or receiving SNTP information.
Unknown — The progress of the SNTP information currently being sent is unknown. For example, the device is currently looking for an interface.
Last Response — Displays the last time a response was received from the SNTP server.
Remove SNTP Server— Removes a specified SNTP server from the SNTP Servers list when checked.
Adding an SNTP Server
Open the SNTP Serverspage.
Click Add.
The Add SNTP Server page displays.
Figure 6-14. Add SNTP Server
Define the fields as needed.
Click Apply Changes.
The SNTP server is added, and the device is updated.
Displaying the SNTP Servers Table
Open the SNTP Serverspage.
Click Show All.
The SNTP Servers Table page displays.
Figure 6-15. SNTP Servers Table
Modifying an SNTP Server
Open the SNTP Serverspage.
Click Show All.
TheSNTP Servers Table opens.
Click Edit next to the SNTP Server entry you wish to modify.
Modify therelevant fields.
Click Apply Changes.
The SNTP server information is updated.
Removing the SNTP Server
Open the SNTP Serverspage.
Click ShowAll.
TheSNTP Servers Table opens.
Select an SNTP Serverentry.
Check the Remove check box.
Click Apply Changes.
The entry is removed, and the device is updated.
Defining SNTP Servers Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Clock Commands.
Managing Logs
The switch may generate messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences. These messages are stored both locally on the platform and forwarded to one or more centralized points of collection for monitoring purposes as well as long term archival storage. Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on severity and generating component.
The in-memory log stores messages in memory based upon the settings for message component and severity. On stackable systems, this log exists only on the top of stack platform. Other platforms in the stack forward their messages to the top of stack log. Access to in-memory logs on other than the top of stack platform is not supported.
The persistent log is stored in persistent storage. Two types of persistent logs may be configured.
The first log type is the system startup log. The system startup log stores the first N messages received after system reboot. This log always has the log full operation attribute set to stop on full and can store up to 32 messages.
The second log type is the system operation log. The system operation log stores the last N messages received during system operation. This log always has the log full operation attribute set to overwrite. This log can store up to 1000 messages.
Either the system startup log or the system operation log stores a message received by the log subsystem that meets the storage criteria, but not both. In other words, on system startup, if the startup log is configured, it stores messages up to its limit. The operation log, if configured, then begins to store the messages.
The system keeps up to three versions of the persistent logs, named <FILE>0.txt, <FILE>1.txt, and <FILE>2.txt. Upon system startup, <FILE>2.txt is removed, <FILE>1.txt is renamed <FILE>2.txt, <FILE>0.txt is renamed <FILE>1.txt, <FILE>0.txt is created and logging begins into <FILE>0.txt. (Replace <FILE> in the above example to specify olog for the operation log and slog for the startup log.)
The local persistent logs can be retrieved by using the CLI, xmodem over the local serial cable, and TFTP.
To display the Logs menu page, click System® Logs in the tree view. Use this page to go to the following features:
Use the Global Settings page to enable logs globally, and to define log parameters. The Severity log messages are listed from the highest severity to the lowest.
To display the Global Settings page, click System® Logs® Global Settings in the tree view.
Figure 6-16. Global Settings
The Global Settings page contains the following fields:
Logging — Enables device global logs for Cache, File, and Server Logs. All logs which are printed to the console are saved to the log files. The possible field values are:
Enable — Enables saving logs in Cache (RAM), File (FLASH), and an External Server.
Disable — Disables saving logs. It is not possible to disable logging of logs that are printed to console.
Severity
Use the check boxes in this section to adjust the sensitivity of the console, persistent memory, and log files.
When you select a specific level, all of the levels above it are automatically selected. For example, if you select Error, the system automatically selects Error, Critical, Alert, and Emergency. If you deselect Error, all of the levels below (for example, Error, Warning, Notice, Informational, Debug) are deselected.
Emergency — The highest level warning level. If the device is down or not functioning properly, an emergency log is saved to the device.
Alert — The second highest warning level. An alert log is saved if there is a serious device malfunction, such as all device features being down.
Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs, for example, two device ports are not functioning, while the rest of the device ports remain functional.
Error — A device error has occurred, such as if a port is offline.
Warning — The lowest level of a device warning.
Notice — Provides the network administrators with device information.
Informational — Provides device information.
Debug — Provides detailed information about the log. Debugging should only be entered by qualified support personnel.
The check boxes appear under the following three columns:
Console — Logs sent to the console.
RAM Logs — Logs sent to the (Cache) RAM.
Log File — Logs sent to the File (FLASH).
Enabling Logs
Open the Global Settings page.
Select Enable in theLogging drop-down menu.
Use the check boxes to select log type and severity.
NOTE: When you select a severity level, all higher severity levels are automatically selected.
Click Apply Changes.
The log settings are saved, and the device is updated.
Enabling Global Logs Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Syslog Commands.
RAM Log Table
Use the RAM Log Table page to view information about specific RAM (cache) log entries, including the time the log was entered, the log severity, and a description of the log.
To display the RAM Log Table, click System® Logs® RAM Log in the tree view.
Figure 6-17. RAM Log Table
The RAM Log Table contains the following fields:
Log Index — Indicates the Log Number within the Log RAM Table.
Severity — The log severity.
Log Time — The time at which the log was entered in the Log RAM Table.
Component — The component being logged.
Description — The log description.
Removing Log Information
Open the RAM Log Table page.
Click Clear Log.
The log information is removed from the log file table, and the device is updated.
Removing Log Information Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Syslog Commands.
Log File
The Log File contains information about specific log entries, including the time the log was entered, the log severity, and a description of the log.
To display the Log File, click System® Logs® Log File in the tree view.
Figure 6-18. Log File
TheLog File Table page contains the following fields:
Log Index — The Log Number within the Log File Table.
Severity — The log severity.
Log Time — The time at which the log was entered in the Log File Table.
Component — The component being logged.
Description — The log description.
Removing Log Information
Open the Log File Table page.
Click Clear Log.
The log information is removed from the log file table, and the device is updated.
Removing Log Information Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Syslog Commands.
Remote Log Server Settings
Use theRemote Log Server Settingspage to view the available log servers, to define new log servers, and to set the severity of the log events sent to the server.
To display the Remote Log Server Settings page, click System® Logs® Remote Log Server.
Figure 6-19. Remote Log Server Settings
The Remote Log Server Settings page contains the following fields:
Log Server — Server to which logs can be sent.
UDP Port (1–65535) — Sets the UDP port from which the logs are sent. The default value is 514.
Facility — A user-defined application from which system logs are sent to the remote server. Only one facility can be assigned to a single server. If a second facility level is assigned, the first facility level is overridden. All applications defined for a device use the same facility on a server. The possible field values are from Local 0 to Local 7.
Description — Sets the server description. The maximum length is 64 characters.
Severity — Selects the log severity. Selecting a severity level automatically selects all higher severity levels.
Remove Log Server — Removes a server from the Log Serverlist. Checking the check box removes the server from the list. Leaving the box unchecked maintains the server in the list.
The Remote Log Server Settingspage also contains a severity list. The severity definitions are the same as the severity definitions on the RAM Log Table page.
Sending Logs to a Server
Open the Remote Log Server Settings page.
Define the UDP Port, Facility, and Description fields.
Select the log type and log severity by using the Log Parameterscheck boxes.
NOTE: When you select a severity level, all higher severity levels are automatically selected.
Click Apply Changes.
The log settings are saved, and the device is updated.
Adding a New Server
Open the Remote Log Server Settings page.
Click Add to display the Add Remote Log Serverpage.
NOTE: Before adding a new server, determine the IP address of the remote log server.
Figure 6-20. Add Remote Log Server Settings
Complete the fields in the dialog and click Apply Changes.
The Remote Log Server Settings page displays the server in the Log Server list only after you go back to the Remote Log Server Settings page.
Viewing/Removing a Log Server
Open the Remote Log Server Settings page.
Click Show All to display the Remote Log Servers Table page.
Figure 6-21. Show All Log Servers
To remove a server, check the corresponding Remove check box.
Click Apply Changes.
The server is removed, and the device is updated.
Working with Remote Server Logs Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Syslog Commands.
Defining IP Addressing
Use the IP Addressing page to assign management interface and default gateway IP addresses, negotiate with the Domain Name System, set a Default Domain Name, perform Host Name Mapping, and define ARP and DHCP parameters for the interfaces.
To display the IP Addressingpage, click System® IP Addressing in the tree view. Use this page to go to the following features:
Use the Management Interface menupage to assign the Management interface IP address, the Subnet Mask, the Default Gateway IP address, and to enable or disable the boot protocol.
To display the Management Interface page, click System® IP Addressing® Management Interface in the tree view.
Figure 6-22.
Management Interface
Management Interface
The Management Interface page contains the following fields:
IP Address — Displays the management interface IP address.
Network Mask — The subnet mask of the source IP address.
NOTE: Each part of the IP address must start with a number other than zero. For example, IP addresses 001.100.192.6 and 192.001.10.3 are not valid.
Default Gateway — Sets the default gateway IP address.
Protocol — Use the drop-down menu to select Bootp, DCHP or None.
Management VLAN ID (1–4093) — Sets the Management VLAN ID in the range of 1–4093.
NOTICE: Changing the Management VLAN will disconnect your Web session.
Modifying Management Interface IP Address Parameters
Open theManagement Interface page.
Modify the IP address in the IP Addressfield.
Modify other fields as needed.
Click Apply Changes.
The parameters are modified, and the device is updated.
Defining IP Interface Parameters Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Routing Commands.
Domain Name Server (DNS)
The Domain Name System converts user-defined domain names into IP addresses. Each time a domain name is assigned, this service translates the name into a numeric IP address. For example, www.ipexample.com is translated to 192.87.56.2. Domain Name System servers maintain domain name databases and their corresponding IP addresses.
Use the Domain Name Server(DNS) page to enable and activate specific DNS servers.
To display the Domain Name Server page, click System® IP Addressing® Domain Name Serverin the tree view.
Figure 6-23. Domain Name Server
The Domain Name Server (DNS) page contains the following fields:
DNS Status — Enables or disables translating DNS names into IP addresses.
DNS Server — Contains a list of DNS servers. DNS servers are added in the Add DNS Server page.
Remove — When selected, removes the selected DNS server.
Adding a DNS Server
Open the Domain Name Server (DNS) page.
Click Add.
The Add DNS Server page displays:
Figure 6-24. Add DNS Server
Define the relevant fields.
Click Apply Changes.
The new DNS server is defined, and the device is updated.
Configuring DNS Servers Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Addressing Commands.
Default Domain Name
Use the Default Domain Namepageto view and define default DNS domain names.
To display the Default Domain Namepage, click System® IP Addressing® Default Domain Name.
Figure 6-25. Default Domain Name
The Default Domain Name page contains the following field:
Default Domain Name (0–255 characters) — Contains the user-defined default domain name. When configured, the default domain name is applied to all unqualified host names.
Defining DNS Domain Names Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Addressing Commands.
Host Name Mapping
Use the Host Name Mapping page to assign an IP address to a static host name. The Host Name Mapping pageprovides one IP address per host.
To display the Host Name Mapping page,click System® IP Addressing® Host Name Mapping.
Figure 6-26. Host Name Mapping
The Host Name Mapping page contains the following fields:
Host Name — Contains a list of host names. Host names are defined on the Add Static Host Name Mapping page. Each host provides one IP address.
IP Address — Provides an IP address that is assigned to the specified host name.
Remove Host Name — Removes the host name IP mapping when checked.
Adding Host Domain Names
Open the Host Name Mapping page.
Click Add.
The Add Static Host Name Mapping page displays:
Figure 6-27. Add Static Host Name Mapping
Define the relevant fields.
Click Apply Changes.
The IP address is mapped to the host name, and the device is updated.
Displaying the Static Host Name Mapping Table
Open the Host Name Mapping page.
Click ShowAll.
The Static Host Name Mapping Table displays:
Figure 6-28. Static Host Name Mapping Table
Removing a Host Name From IP Address Mapping
Open the Host Name Mapping page.
Click ShowAll.
The Host Name Mapping Table opens.
Select a Host Name Mapping Tableentry.
Check the Remove check box.
Click Apply Changes.
The Host Name Mapping Table entry is removed, and the device is updated.
Mapping an IP Address to Domain Host Names Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Addressing Commands.
ARP Table
Use the ARP Table page to view ARP parameters for IP interfaces. The ARP table displays the correlation between each MAC address and its corresponding IP address.
To display the ARP Table page, click System® IP Addressing® ARP in the tree view.
Figure 6-29. ARP Table
The ARP Table page contains the following fields:
IP Address — The station IP address, which is associated with the MAC address filled in below.
MAC Address — The station MAC address, which is associated in the ARP table with the IP address.
Viewing the ARP Table Using the CLI Command
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Addressing Commands.
UDP Relay
UDP Relay enables the device to forward specific UDP broadcasts from one interface to another. Typically, IP broadcast packets are not forwarded from one interface to another, but some applications use UDP broadcast to detect the availability of a service. Other services require UDP broadcast packets to be routed in order to provide services to clients on another subnet. UDP Relay also enables browsing from workstations to servers on different networks.
Use the UDP Relay page to add, show, or delete UDP Relay configuration.
To display the UDP Relay page,click System® IP Addressing® UDP Relay.
Figure 6-30. UDP Relay
The UDP Relay page contains the following fields:
Source IP Interface — The input IP interface that relays UDP packets. If this field is 255.255.255.255, UDP packets from all interfaces are relayed. The following address ranges are invalid:
0.0.0.0 to 0.255.255.255
127.0.0.0 to 127.255.255.255
UDP Destination Port (1–65535) — The destination UDP port ID number of UDP packets to be relayed. The following table lists UDP Port allocations.
UDP Port Number
Acronym
Application
7
Echo
Echo
11
SysStat
Active User
15
NetStat
NetStat
17
Quote
Quote of the day
19
CHARGEN
Character Generator
20
FTP-data
FTP Data
21
FTP
FTP
37
Time
Time
42
NAMESERVER
Host Name Server
43
NICNAME
Who is
53
DOMAIN
Domain Name Server
69
TFTP
Trivial File Transfer
111
SUNRPC
Sun Microsystems Rpc
123
NTP
Network Time
137
NetBiosNameService
NT Server to Station Connections
138
NetBiosDatagramService
NT Server to Station Connections
139
NetBios
SessionServiceNT Server to Station Connections
161
SNMP
Simple Network Management
162
SNMP-trap
Simple Network Management Traps
513
who
Unix Rwho Daemon
514
syslog
System Log
525
timed
Time Daemon
Destination Address — The IP interface that receives UDP packet relays. If this field is 0.0.0.0, UPD packets are discarded. If this field is 255.255.255.255, UDP packets are flooded to all IP interfaces.
Remove— Select the check box to remove the specified UDP Relay.
Adding UDP Relay Entry
Open the UDP Relay page.
Click Add to display the Add UDP Relay page:
Figure 6-31. Add UDP Relay
Complete the Source IP Interface, UDP Destination Port, and Destination Address fields.
Click Apply Changes.
The UDP Relay is added and the device is updated.
Click Back to return to the UDP Relay page.
NOTE: If UDP Relay is enabled, but no UDP port number is specified, the device by default forwards UDP Broadcast packets for the following services: IEN-116 Name Service (port 42), DNS (port 53), NetBIOS Name Server (port 137), NetBIOS Datagram Server (port 138), TACACS Server (Port 49), and Time Service (port 37).
Removing a UDP Relay Entry
Open the UDP Relay page.
Check the Remove check box next to the item to be deleted.
Click Apply Changes.
The UDP Relay entry is removed, and the device is updated.
Configuring UDP Relay Information Using the CLI
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
IP Addressing Commands.
Running Cable Diagnostics
Use the Diagnostics menu page to perform virtual cable tests for copper and fiber optics cables.
To display the Diagnostics page, click System® Diagnostics in the tree view.
Use the Integrated Cable Test for Copper Cables page to perform tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error which occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the down state, with the exception of the Approximated Cable Length test.
To display the Integrated Cable Test for Copper Cables page, click System® Diagnostics® Integrated Cable Test in the tree view.
Figure 6-32. Integrated Cable Test for Copper Cables
The Integrated Cable Test for Copper Cables page contains the following fields:
Interface — The interface to which the cable is connected.
Test Result — The cable test results. Possible values are:
No Cable — There is not a cable connected to the port.
Open Cable — The cable is open.
Short Cable — A short has occurred in the cable.
OK — The cable passed the test.
Fiber Cable — A fiber cable is connected to the port.
Cable Fault Distance — The distance from the port where the cable error occurred.
Last Update — The last time the port was tested.
Cable Length — The approximate cable length. This test can only be performed when the port is up and operating at 1 Gbps.
Performing a Cable Test
Ensure that both ends of the copper cable are connected to a device.
Open the Integrated Cable Test for Copper Cablespage.
Click Run Test.
The copper cable test is performed, and the results are displayed on the Integrated Cable Test for Copper Cables page.
Displaying Integrated Cable Test Results Table
Open the Integrated Cable Test for Copper Cablespage.
Click Show All.
Select the desired unit from the drop-down menu.
The web page displays the Integrated Cable Test Results Table page showing the results of previous tests for every port on the selected unit.
Figure 6-33. Integrated Cable Test Results Table
Performing Copper Cable Tests Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
PHY Diagnostics Commands.
Optical Transceiver Diagnostics
Use the Optical Transceiver Diagnostics page to perform tests on Fiber Optic cables.
To display the Optical Transceiver Diagnostics page, click System® Diagnostics® Optical Transceiver Diagnostics in the tree view.
NOTE: Optical transceiver diagnostics can be performed only when the link is present.
Figure 6-34. Optical Transceiver Diagnostics
The Optical Transceiver Diagnostics page contains the following fields:
Interface — The port IP address on which the cable is tested.
Temperature — The temperature (C) at which the cable is operating.
Voltage — The voltage at which the cable is operating.
Current — The current at which the cable is operating.
Output Power — The rate at which the output power is transmitted.
Input Power — The rate at which the input power is transmitted.
Transmitter Fault — Indicates if a fault occurred during transmission.
Loss of Signal — Indicates if a signal loss occurred in the cable.
Data Ready — Indicates the transceiver has achieved power up and data is ready.
NOTE: Finisar transceivers do not support the transmitter fault diagnostic testing. Fiber Optic analysis feature works only on SFPs that support the digital diagnostic standard SFF-4872.
Displaying Optical Transceiver Diagnostics Test Results Table
Use theAccess Profile page to define a profile and rules for accessing the device. You can limit access to specific management functions, to specific ingress interfaces, and/or to source IP address and/or source IP subnets.
Management access can be separately defined for each type of management access method, including, Web (HTTP), Secure web (HTTPS), Telnet, SSH, and SNMP.
Management Access Lists contain the rules that determine which users can manage the device, and by which methods. Users can also be blocked from accessing the device.
Use the Access Profile page to configure Management Lists and apply them to specific interfaces.
To display the Access Profile page, click System® Management Security® Access Profiles in the tree view.
Figure 6-36. Access Profile
Access Profile — Shows the Access Profile.
Current Active Access Profile — Shows profile that is activated.
Set Active Access Profile — Activates the access profile.
RemoveProfile — When checked, removes an access profile from the Access Profile list.
NOTE: Assigning an access profile to an interface implies that access through other interfaces is denied. If an access profile is not activated, the device can be accessed by all.
Displaying the Access Profile
Open the Access Profile page.
Click Show All to display the Profile Rules Table page.
Figure 6-37. Profile Rules Table
Adding an Access Profile
Open the Access Profile page.
Click Add Profile.
The Add an Access Profile page displays.
Figure 6-38. Add an Access Profile
Enter the profile name in the Access Profile Name text box.
Complete the fields:
Management Method— Select from the dropdown box. The policy is restricted by the management chosen.
Interface— Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN.
Source IPAddress— Select the Source IP Address check box if the policy should have a rule based on the IP address of the client sending the management traffic. Fill in the source IP address and mask details in the fields provided. Note that Mask can be given in two formats: either dotted ip format (for example, 255.255.255.0) or prefix length (for example, 32)
Action— Choose the action to be performed when the rules selected above are matched. Use the dropdown box and choose Permit or Deny to permit or deny access.
Rule Priority— Configure priorities to the rules. The rules are validated against the incoming management request in the ascending order of their priorities. If a rule matches, action is performed and rules below are ignored. For example, if you configure Source IP 10.10.10.10 with priority 1 to Permit, and configure Source IP 10.10.10.10 with priority 2 to Deny, then access is permitted if the profile is active, and the second rule is ignored.
Click Apply Changes.
The new access profile is added, and the device is updated.
Activating an Access Profile
Open the Access Profile page.
Check Set Access Profile Active.
Click Apply Changes.
The access profile is enabled for the device.
Adding Rules to an Access Profile
Open the Access Profile page.
The Access Profile field shows the profile to which rules are added when the Add An Access Profile Rule page is displayed.
Click Add Rule.
The Add An Access Profile Rule page displays.
Figure 6-39. Add An Access Profile Rule
Complete the fields in the dialog:
Management Method— Select from the dropdown box. The policy is restricted by the management chosen.
Interface— Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN.
Source IP— Select the Source IP Address check box if the policy should have a rule based on the IP address of the client originating the management traffic. Fill in the source IP address and Mask details in the text boxes provided. Note that Mask can be given in two formats - either dotted ip format (for example, 255.255.255.0) or prefix length (for example, 32)
Action— Choose the action to be performed when the rules selected above are matched. Use the dropdown box and choose Permit or Deny to permit or deny access.
Rule Priority— Configure priorities to the rules. The rules are validated against the incoming management request in the ascending order of their priorities. If a rule matches, action is performed and rules below are ignored. For example, if you configure Source IP 10.10.10.10 with priority 1 to Permit, and configure Source IP 10.10.10.10 with priority 2 to Deny, then access is permitted if the profile is active, and the second rule is ignored.
Click Apply Changes.
The rule is added to the access profile, and the device is updated.
Removing a Rule
Open the Access Profile page.
Click Show All to display the Profile Rules Table page.
Select a rule.
Check the Removecheck box.
Click Apply Changes.
The rule is removed, and the device is updated.
Defining Access Profiles Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Management ACL Commands.
Authentication Profiles
User authentication occurs locally and on an external server. Use the Authentication Profiles page to select the user authentication method on the device.
To display the Authentication Profiles page, click System® Management Security® Authentication Profiles in the tree view.
Figure 6-40. Authentication Profiles
The Authentication Profiles page contains the following fields:
Authentication Profile Name
Displays lists to which user-defined authentication profiles are added. Use the radio buttons to apply the authentication profile to govern either Login or Enable part of the switch's operations, and to select one of two available lists:
Login — Allows you to login to the switch. Options are defaultList, networkList and any user-defined login authentication profiles.
Enable — Enables privilege mode.
Authentication Method
Optional Methods — User authentication methods. Possible options are:
None — No user authentication occurs.
Local — User authentication occurs at the device level; the device checks the user name and password for authentication.
RADIUS — User authentication occurs at the RADIUS server. For more information about RADIUS servers, see "RADIUS Settings."
TACACS+ — User authentication occurs at the TACACS+ server. For more information about TACACS+ servers, see "TACACS+ Settings."
Line — The line password is used for user authentication.
Enable — The enable password is used for authentication.
NOTE: User authentication occurs in the order the methods are selected. If an error occurs during the authentication, the next selected method is used. For example, if Local then RADIUS options are selected, the user is authenticated first locally and then through an external RADIUS server.
Selected Methods — The selected authentication method.
Remove — Removes the selected profile.
Adding an Authentication Profile
Open the Authentication Profilespage.
Click Add to display the Add Authentication Profile page.
Figure 6-41. Add Authentication Profile
Enter the profile name of 1 to 12 characters in the Profile Name field.
NOTE: The profile name should not include spaces.
Click Apply Changes.
A profile is created. You can activate an authentication profile using the System® Management Security®Select Authentication web page.
Modifying Authentication Profiles
Open the Authentication Profilespage.
Select an element from the list in the Authentication Profile Name field.
Select one or more Optional Methods by using the arrows.
Click Apply Changes.
The user authentication profile is updated to the device.
Removing an Authentication Profiles Entry
Open the Authentication Profilespage.
Click Show All.
The Authentication Profiles Table opens.
Figure 6-42. Authentication Profiles Table
Check the Remove check box next to the profile to be removed.
Click Apply Changes.
The entry is removed.
Configuring an Authentication Profile Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
AAA Commands.
Select Authentication
After authentication profiles are defined, youcan apply them to management accessmethods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2.
To display the Select Authentication page, click System® Management Security® Select Authentication in the tree view.
Figure 6-43. Select Authentication
The Select Authentication page contains the following fields:
Console — Authentication profiles used to authenticate console users.
Telnet — Authentication profiles used to authenticate Telnet users.
Secure Telnet (SSH) — Authentication profiles used to authenticate Secure Shell (SSH) users.SSH provides clients secure and encrypted remote connections to a device.
Secure HTTP and HTTP — Authentication method used for Secure HTTP access and HTTP access, respectively. Possible field values are:
None — No authentication method is used for access.
Local — Authentication occurs locally.
RADIUS — Authentication occurs at the RADIUS server.
TACACS+ — Authentication occurs at the TACACS+ server.
Local, None — Authentication first occurs locally.
RADIUS, None — Authentication first occurs at the RADIUS server. If authentication cannot be verified, no authentication method is used. Authentication cannot be verified if the remote server cannot be contacted to verify the user. If the remote server can be contacted, then the response from the remote server is always honored.
TACACS+, None — Authentication first occurs at the TACACS+ server. If authentication cannot be verified, no authentication method is used. Authentication cannot be verified if the remote server cannot be contacted to verify the user. If the remote server can be contacted, then the response from the remote server is always honored.
Local, RADIUS — Authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management method, the session is blocked.
Local, TACACS+ — Authentication first occurs locally. If authentication cannot be verified locally, the TACACS+ server authenticates the management method. If the TACACS+ server cannot authenticate the management method, the session is blocked.
RADIUS, Local — Authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is blocked.
TACACS+, Local — Authentication first occurs at the TACACS+ server. If authentication cannot be verified at the TACACS+ server, the session is authenticated locally. If the session cannot be authenticated locally, the session is blocked.
Local, RADIUS, None — Authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management method, the session is permitted.
RADIUS, Local, None — Authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.
Local, TACACS+, None — Authentication first occurs locally. If authentication cannot be verified locally, the TACACS+ server authenticates the management method. If the TACACS+ server cannot authenticate the management method, the session is permitted.
TACACS+, Local, None — Authentication first occurs at the TACACS+ server. If authentication cannot be verified at the TACACS+ server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.
Applying an Authentication Method List to Console Sessions
Open the Select Authentication page.
Select an authentication profile in the Consolefield.
Click Apply Changes.
Console sessions are assigned an authentication method List.
Applying an Authentication Profile to Telnet Sessions
Open the Select Authentication page.
Select an authentication profile in the Telnetfield.
Click Apply Changes.
Console sessions are assigned authentication profiles.
Applying an Authentication Profile to Secure Telnet (SSH) Sessions
Open the Select Authentication page.
Select an authentication profile in the Secure Telnet (SSH)field.
Click Apply Changes.
Secure Telnet (SSH) sessions are assigned authentication profiles.
Assigning HTTP Sessions an Authentication Sequence
Open the Select Authentication page.
Under HTTP, select an authentication method in the Optional Methods field and click the
right arrow button.
The selected authentication method moves to the Selected Methods field.
Repeat until the desired authentication sequence is displayed in the Selected Methods field.
Click Apply Changes.
HTTP sessions are assigned the authentication sequence.
Assigning Access Methods, Authentication Profiles, or Sequences Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
AAA Commands.
Assigning Secure HTTP Sessions an Authentication Sequence
Open the Select Authentication page.
Under Secure HTTP, select an authentication method in the Optional Methods field and
click the right arrow button.
The selected authentication method moves to the Selected Methods field.
Repeat until the desired authentication sequence is displayed in the Selected Methods field.
Click Apply Changes.
Secure HTTP sessions are assigned the authentication sequence.
Password Management
Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features, including:
Defining minimum password lengths
Password expiration
Preventing frequent password reuse
Locking out users out after failed login attempts
To display the Password Management page, click System® Management Security® Password Management in the tree view.
Figure 6-44. Password Management
The Password Management page contains the following fields:
Password Minimum Length (8–64) — Indicates the minimum password length, when checked. For example, the administrator can define that all line passwords must have at least 10 characters.
Enable Password Aging (1–365) — Indicates the amount of time that elapses before a password is aged out, when checked. The field value is from 1 to 365 days. The password aging feature functions only if the switch clock is synchronized to an SNTP server. See the "Clock Commands" section in the CLI Reference Guide for additional information.
Consecutive Passwords Before Reuse (1–10) — Indicates the amount of times a password is changed, before the password can be reused. The possible field values are 1 to 10.
NOTE: The user is notified to change the password prior to expiry. The Web users do not see this notification.
Enable Login Attempts (1–5) — When selected, enables locking a user out of the device when a faulty password is used a defined number of times. For example, if the number of login attempts has been defined as five and the user attempts to log on five times with an incorrect password, the device locks the user out on the sixth attempt. When this happens, a super user must re-enable the user account. The field range is 1 to 5 attempts.
Defining Password Constraints
Open the Password Management page.
Define the relevant fields.
Click Apply Changes.
The password constraints are defined, and the device is updated.
Defining Password Constraints Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Password Management Commands.
Local User Database
Use theLocal User Database page to define passwords, access rights for users and reactivate users whose accounts have been suspended.
To display the Local User Databasepage, click System® Management Security® Local User Database in the tree view.
Figure 6-45. Local User Database
The Local User Database page contains the following fields:
User Name — List of users.
Access Level — User access level. The lowest user access level is 1 (readonly), and 15 (readwrite) is the highest. To suspend a user's access, set level to 0 (only a level 15 user has this ability).
Confirm Password — Confirms the user-defined password.
Remove — When selected, removes users from the local user database.
Assigning Access Rights to a User
Open the Local User Databasepage.
Select a user in the User Name field.
Define the fields as needed.
Click Apply Changes.
The user's access rights and passwords are defined, and the device is updated.
Adding a User to the Local User Database
Open the Local User Databasepage.
Click Add to display the Add Userpage.
The Add a New User page is displayed.
Figure 6-46. Add a New User
Complete the fields.
Click Apply Changes.
The new user is defined, and the device is updated.
NOTE: You can define as many as eight local users on the device.
Displaying Users on the Local User Database
Open the Local User Databasepage.
Click Show All to display the Local User Table page.
All members of the local user database are displayed.
Figure 6-47. Local User Table
Removing Users From the Local User Database
Open the Local User Databasepage.
Click Show All to display the Local User Table page.
Select a User Name.
Check Remove.
Click Apply Changes.
The user is removed, and the device is updated.
Assigning Users With CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
AAA Commands.
Line Passwords
Use the Line Password page to define line passwords for management methods.
To display the Line Password page, click System® Management Security® Line Password in the tree view.
Figure 6-48. Line Password
The Line Password page contains the following fields:
Line Mode — Drop-down menu specifies device access through a Console, Telnet, or Secure Telnet (SSH) session.
Line Password (8 – 64 characters) — The line password for accessing the device through a console, Telnet, or Secure Telnet session. The password appears in the ***** format.
Confirm Password(8 – 64 characters) — Confirms the new line password. The password appears in the ***** format.
Defining Line Passwords
Open the Line Password page.
Select device access through a Console, Telnet, or Secure Telnet (SSH) session.
Define the Line Password field for the type of session you use to connect to the device.
Confirm the Line Password.
Click Apply Changes.
The line password for the type of session is defined, and the device is updated.
Assigning Line Passwords Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
AAA Commands.
Enable Password
Use the Enable Password page to set a local password to control access to normal and privilege levels.
To display the Enable Password page, click System® Management Security® Enable Password in the tree view.
Figure 6-49. Enable Password
The Enable Password page contains the following fields:
Enable Password (8–64 characters) — The Enable password for controlling access to normal and privilege levels. The password appears in the ***** format.
Confirm Enable Password — Confirms the new Enable password. The password appears in the ***** format.
Defining Enable Passwords
Open the Enable Password page.
Specify the Enablepassword.
Confirm the Enable password.
Click Apply Changes.
The Enable password is set.
Assigning Enable Passwords Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
AAA Commands.
TACACS+ Settings
The device provide Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides centralized security for validation of users accessing the device.
TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services:
Authentication — Provides authentication during login and through user names and user-defined passwords.
Authorization — Performed at login. Once the authentication session is completed, an authorization session starts using the authenticated user name. The TACACS+ server checks the user privileges.
The TACACS+ protocol ensures network security through encrypted protocol exchanges between the device and TACACS+ server.
The TACACS+ Settings page contains both user-defined and the default TACACS+ settings for the inband management port.
To display the TACACS+ Settings page, click System® Management Security® TACACS+ in the tree view.
Figure 6-50. TACACS+ Settings
The TACACS+ Settings page contains the following fields:
Host Name / IP Address — Specifies the TACACS+ Server.
Priority (0–65535) — Specifies the order in which the TACACS+ servers are used. The default is 0.
Authentication Port (0–65535) — The port number through which the TACACS+ session occurs. The default is port 49.
Key String (0–128 Characters) — Defines the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server. This key must match the encryption used on the TACACS+ server. Check Use Default to use the default value.
Timeout for Reply (1–30) — The amount of time that passes before the connection between the device and the TACACS+ server times out. The field range is from 1 to 30 seconds. Check Use Default to select the factory-default value.
Status — The connection status between the device and the TACACS+ server. The possible field values are:
Connected — There is currently a connection between the device and the TACACS+ server.
Not Connected — There is not currently a connection between the device and the TACACS+ server.
The fields in the Default Parameters section of the page contain values that are automatically applied to new TACACS+ servers.
Key String (0–128 Characters) — Enter the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server.
Timeout for Reply (1–30) — Enter the global user configuration time that passes before the connection between the device and the TACACS+ times out.
Defining TACACS+ Parameters
Open the TACACS+ Settings page.
Define the fields as needed.
Click Apply Changes.
The TACACS+ settings are updated to the device.
Adding a TACACS+ Server
Open the TACACS+ Settings page.
Click Add.
The Add TACACS+ Host page displays.
Figure 6-51. Add TACACS+ Host
Define the fields as needed.
Click Apply Changes.
The TACACS+ server is added, and the device is updated.
Displaying a TACACS+ Servers List
Open the TACACS+ Settings page.
Click Show All.
The TACACS+ Servers Table opens.
Figure 6-52. TACACS+ Servers Table
Removing a TACACS+ Server from the TACACS+ Servers List
Open the TACACS+ Settings page.
Click Show All.
The TACACS+ Servers Table opens.
Select a TACACS+ Servers Tableentry.
Select the Remove check box.
Click Apply Changes.
The TACACS+ server is removed, and the device is updated.
Defining TACACS+ Servers Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
TACACS+ Commands.
RADIUS Settings
Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The RADIUS server maintains a user database, which contains per-user authentication information. RADIUS servers provide a centralized authentication method for:
Telnet Access
Web Access
Console to Switch Access
Access Control Port (802.1x)
The RADIUS Settingspage contains both user-defined and the default RADIUS settings.
To display the RADIUS Settingspage, click System Management® Security® RADIUS Settings in the tree view.
Figure 6-53. RADIUS Settings
The RADIUS Settings page contains the following fields:
IP Address — IP address of the RADIUS server.
Priority (0–65535) — Indicates the port priority. The possible values are from 0 to 65535.
Authentication Port (0–65535) — Identifies the authentication port that is used to verify the RADIUS server authentication.
Number of Retries (1–10) — Number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are from 1 to 10. The default value is 3. If no host-specific value is specified, the global value applies to each host. Check Use Default to use the user-defined default value.
Timeout for Reply (1–30) — Amount of the time in seconds the device waits for an answer from the RADIUS server before timing out. Possible field values are from 1 to 30. The default value is 3. If no host-specific value is specified, the global value applies to each host. Check Use Default to use the user-defined default value.
Deadtime (0–2000) — Amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is from 0 to 2000. If no host-specific value is specified, the global value applies to each host. Check Use Default to use the user-defined default value.
Key String (0–128 Characters) — Key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This key must match the RADIUS encryption. If no host-specific value is specified, the global value applies to each host. Check Use Default to use the user-defined default value.
Source IP Address — IP Address of device accessing the RADIUS server. Check Use Default to use the user-defined default value.
Usage Type — Drop-down box used to select RADIUS usage type.
NOTE: Default parameters in this page are user-defined.
Default Retries (1–10) — Default number of transmitted requests sent to RADIUS server before a failure occurs.
Default Timeout for Reply (1–30) — The default amount of the time (in seconds) the device waits for an answer from the RADIUS server before timing out. Possible field values are from 1 to 30.
Default Deadtime (0–2000) — Specifies the default amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is from 0 to 2000.
Default Key String (0–128 characters) — Default key string used for authenticating and encrypting all RADIUS-communications between the device and the RADIUS server. This key must match the RADIUS encryption.
Source IP Address — Default IP Address of a device accessing the RADIUS server.
Adding a RADIUS Server
Open the RADIUS Settingspage.
Click Add.
The Add RADIUS Serverpage displays.
Figure 6-54. Add RADIUS Server
Define the fields in the dialog.
Click Apply Changes.
The new RADIUS server is added, and the device is updated.
Defining RADIUS Parameters
Open the RADIUS Settingspage.
Define the fields in the dialog.
Click Apply Changes.
The RADIUS settings are updated to the device.
Modifying the RADIUS Server settings
Open the RADIUS Settingspage.
Click Show All.
The RADIUS Servers Table displays.
Figure 6-55. RADIUS Servers Table
Click the Edit link for the selected entry.
From the RADIUS Settings page, change the settings for the RADIUS server.
Click Apply Changes.
The RADIUS Server settings are modified, and the device is updated.
Removing a RADIUS Server for the RADIUS Servers List
Open the RADIUS Settingspage.
Click Show All.
The RADIUS Servers Table displays.
Select a RADIUS Server and check Remove.
Click Apply Changes.
The RADIUS server is removed from the list.
Defining RADIUS Servers Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Radius Commands.
Telnet Server
Use theTelnet Serverpage to enable or disable telnet service on the switch or to modify the telnet port.
To display the Telnet Server page, click System® Management Security®Telnet Server.
Figure 6-56. Telnet Server
The Telnet Server page contains the following fields:
New Telnet Sessions — Controls the administrative mode for inbound telnet sessions. If you set the mode to Block, new telnet sessions are not allowed, but existing sessions are not interrupted. The default value is Allow.
Telnet Port Number — Port number on which telnet session can be initiated. This port will be used for new inbound Telnet session on the switch. After you modify the telnet server port, new inbound telnet sessions use the new port and existing telnet sessions are not affected.
Modifying Telnet Server Settings
Open the Telnet Server Configurationpage.
Configure the relevant fields.
Click Apply Changes.
The settings are saved, and the device is updated.
Configuring the Telnet Server Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Telnet Server Commands
Denial of Service
Denial of Service refers to the exploitation of a variety of vulnerabilities which would interrupt the service of a host or make a network unstable. Use the Denial of Service page to configure settings to help prevent denial of service attacks.
To display the Denial of Service page, click System® Management Security®Denial of Service in the tree view.
Figure 6-57. Denial of Service
The Denial of Service page contains the following fields:
Denial of Service SIP=DIP — Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address.
Denial of Service First Fragment — Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller than the configured minimum TCP header size (Min TCP Hdr Size).
Denial of Service Min TCP Hdr Size — Specify the minimum TCP header size allowed. If First Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header smaller then this configured value.
Denial of Service TCP Fragment — Enabling TCP Fragment DoS prevention causes the switch to drop packets that have an IP fragment offset equal to one.
Denial of Service TCP Flag — Enabling TCP Flag DoS prevention causes the switch to drop packets that meet any of the following conditions:
TCP flag SYN set and TCP source port less than 1024
TCP control flags set to 0 and TCP sequence number set to 0
TCP flags FIN, URG, and PSH set and TCP sequence number set to 0
Both TCP flags SYN and FIN set
Denial of Service L4 Port — Enabling L4 Port DoS prevention causes the switch to drop packets that have the TCP/UDP source port equal to TCP/UDP destination port.
Denial of Service ICMP — Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size (ICMP Pkt Size).
Denial of Service Max ICMP Pkt Size — Specify the maximum ICMP packet size to allow. If ICMP DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this configured value.
Configuring Denial of Service Settings
Open the Denial of Service page.
Specify the desired settings.
Click Apply Changes.
The device is updated with the new settings.
Configuring Denial of Service Settings Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Denial of Service Commands.
Defining SNMP Parameters
Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports SNMP version 1, SNMP version 2, and SNMP version 3.
NOTE: By default, SNMPv2 is automatically enabled on the device. To enable SNMPv3, a local engine ID must be defined for the device. The local engineID is by default set to the switch MAC address, however when the switch operates in a stacking mode, it is important to manually configure the local engineID for the stack. This local engineID must be defined so that it is unique within the network. It is important to do this because the default engineID in a stack is the MAC address of the master unit, which may change if the master unit fails and another unit takes over the stack. For information on how to configure the local engine ID, see "SNMP Global Parameters."
SNMP v1 and v2
The SNMP agent maintains a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB). The MIB presents the variables controlled by the agent. The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network. Access rights to the SNMP agent are controlled by access strings.
SNMP v3
SNMP v3 also applies access control and a new traps mechanism to SNMPv1 and SNMPv2 PDUs. In addition, theUser Security Model (USM) is defined for SNMPv3 and includes:
Authentication — Provides data integrity and data origin authentication.
Privacy — Protects against disclosure of message content. Cipher-Bock-Chaining(CBC) is used for encryption. Either authentication is enabled on an SNMP message, or both authentication and privacy are enabled on an SNMP message. However privacy cannot be enabled without authentication.
Timeliness — Protects against message delay or message redundancy. The SNMP agent compares incoming message to the message time information.
The device supports SNMP notification filters based on Object IDs (OID). OIDs are used by the system to manage device features. SNMP v3 supports the following features:
Security
Feature Access Control
Traps
Authentication or Privacy Keys are modified in the SNMPv3 User Security Model (USM).
Use the SNMP page to define SNMP parameters. To display the SNMP page, click System® SNMP in the tree view.
SNMP Global Parameters
Use the Global Parameterspageto enable SNMP and Authentication notifications.
To display the Global Parameterspage, clickSystem® SNMP® Global Parameters in the tree view.
Figure 6-58. Global Parameters
The Global Parameters page contains the following parameters:
Local Engine ID (6 – 32 hexadecimal characters) — Sets local SNMP engine ID.
Use Default — Configures the device to use the default SNMP EngineID.
SNMP Traps — Enables or disables the device sending SNMP notifications.
Authentication Trap — Enables or disables the device sending SNMP traps when authentication fails.
Setting Local SNMP Engine ID
Open the Global Parameterspage.
Type desired hexadecimal ID into the Local Engine ID field.
Click Apply Changes.
The new Local Engine ID is set, and the device is updated.
Using Default SNMP Engine ID
Open the Global Parameterspage.
Click the Use Default check box.
Click Apply Changes.
The default SNMP engine ID, based on the MAC address, is created and the device is updated.
Enabling SNMP Traps
Open the Global Parameterspage.
Select Enable in the SNMP Traps field.
Click Apply Changes.
SNMP notifications are enabled, and the device is updated.
Enabling Authentication Trap
Open the Global Parameterspage.
Select Enable in the Authentication trap field.
Click Apply Changes.
Authentication notifications are enabled, and the device is updated.
Enabling SNMP Notifications Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
SNMP View Settings
Use this page to create views that define which features of the device are accessible, and which are blocked. You can create a view that includes or excludes OIDs corresponding to interfaces.
Use the SNMP View Settings page to define SNMP views.
To display the SNMP View Settings page, click System® SNMP® View Settings in the tree view.
Figure 6-59. SNMP View Settings
The SNMP View Settings page contains the following fields:
View Name — Contains a list of user-defined views. A view name can contain a maximum of 30 alphanumeric characters.
OID Subtree — Specifies a valid SNMP OID string that can include meta characters like *.
View Type — Specifies whether the objectIDs in the view are included or excluded.
Remove— Check to remove displayed view type.
Adding a View
Open the SNMP View Settingspage.
Click Add.
The Add View page displays:
Figure 6-60. Add View
Define therelevant fields.
Click Apply Changes.
The SNMP view is added, and the device is updated.
Displaying the View Table
Open the SNMP View Settings page.
Click Show All.
The View Table page displays:
Figure 6-61. View Table
Removing SNMP Views
Open the SNMP View Settings page.
Click Show All.
The View Table page displays.
Select an SNMP view.
Check the Remove check box.
Click Apply Changes.
The SNMP view is removed, and the device is updated.
Defining SNMP Views Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
Access Control Group
Use the Access Control Group page to view information for creating SNMP groups, and to assign SNMP access privileges. Groups allow network managers to assign access rights to specific device features or features aspects.
To display the Access Control Group page, click System® SNMP® Access Control in the tree view.
Figure 6-62. Access Control Group
The Access Control Group page contains the following fields:
Group Name — Contains a list of user-defined groups to which access control rules are applied. A group name can contain a maximum of 30 alphanumeric characters.
Security Model — Defines the SNMP version attached to the group. The possible field values are:
SNMPv1 — SNMPv1 is defined for the group.
SNMPv2 — SNMPv2 is defined for the group.
SNMPv3 — SNMPv3 User Security Model (USM) is defined for the group.
Security Level — The security level attached to the group. Security levels apply to SNMPv3 groups only. The possible field values are:
noauth no priv — Neither Authentication nor Privacy security levels are assigned to the group.
auth nopriv — Authenticates SNMP messages without encrypting them.
auth priv — Authenticates SNMP messages and encrypts them.
Context Prefix (1–30) — This field permits the user to specify the context name by entering the first 1 to 30 characters of the context name.
Operation — Defines group access rights. The possible field values are:
Read — Select a view that restricts management access to viewing the contents of the agent. If no view is selected, all objects except the community-table, SNMPv3 user and access tables can be viewed.
Write — Select a view that permits management read-write access to the contents of the agent.
Notify — Select a view that permits sending SNMP traps or informs.
Adding SNMP Groups
Open the Access Control Configuration page.
Click Add.
The Add an Access Control Configuration page displays:
Figure 6-63. Add an Access Control Configuration
Define the fields as needed.
Click Apply Changes.
The group is added, and the device is updated.
Displaying the Access Table
Open the Access Control Configuration page.
Click Show All.
The Access Table page displays:
Figure 6-64. Access Table
Removing a Group
Open the Access Control Configuration page.
Click Show All.
The Access Table opens.
Select a group.
Check Remove.
Click Apply Changes.
The group is removed, and the device is updated.
Defining SNMP Access Control Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
SNMPv3 User Security Model (USM)
Use the SNMPv3 User Security Model (USM) page to assign system users to SNMP groups and to define the user authentication method.
To display the SNMPv3 User Security Model (USM) page, click System® SNMP® User Security Model in the tree view.
Figure 6-65. SNMPv3 User Security Model (USM)
The SNMPv3 User Security Model (USM) page contains the following fields:
User Name — Contains a list of user-defined user names.
Group Name — Contains a list of user-defined SNMP groups. SNMP groups are defined in the Access Control Group page.
Engine ID — Selects whether the selected user is associated to a local or to a specified remote SNMPv3 enabled device.
Remote Engine ID — Indicates that the user is configured on a remote SNMPv3 enabled device.
Authentication Method — Specifies the authentication method used to authenticate users. The possible field values are:
None — No user authentication is used.
MD5 — Users are authenticated using the HMAC-MD5-96 authentication level. The user should specify a password.
SHA — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password.
Password — Modifies the user defined password for the group. Passwords can contain a maximum of 32 characters. Passwords are defined only if the authentication method is MD5 or SHA Password. You define the password on the Add Local User page.
Privacy — Specifies whether or not the authentication key is to be used. Choose one of the following values:
None — Do not use an authentication key.
des — Use a CBC-DES Symmetric Encryption Password for the authentication key.
des-key — Use an HMAC-MD5-96 Authentication Pre-generated key.
Authentication Key(MD5-16; SHA-20 HEX character pairs) — Specify the authentication key. An authentication key is defined only if the authentication method is MD5 or SHA.
Remove — Removes the specified user from the specified group when checked.
Adding SNMPv3 Local Users to a Group
Open the SNMPv3 User Security Model page.
Click AddLocal User.
The Add Local User page displays:
Figure 6-66. Add Local User
Define therelevant fields.
Click Apply Changes.
The user is added to the group, and the device is updated.
Adding SNMPv3 Remote Users to a Group
Open the SNMPv3 User Security Model page.
Click Add Remote User.
The Add Remote User page displays:
Figure 6-67. Add Remote User
Define therelevant fields.
Click Apply Changes.
The user is added to the group, and the device is updated.
Viewing the User Security Model Table
Open the SNMPv3 User Security Model (USM) page.
Click Show All.
The User Security Model Table displays:
Figure 6-68. User Security Model Table
Removing a User Security Model Table Entry
Open the User Security Model page.
Click Show All.
The User Security Model Table page displays.
Select an entry.
Check the Remove check box.
Click Apply Changes.
The entry is removed, and the device is updated.
Defining SNMP Users Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
Communities
Access rights are managed by defining communities on the SNMPv1, 2 Community page. When the community names are changed, access rights are also changed. SNMP Communities are defined only for SNMP v1 and SNMP v2.
To display the SNMPv1, 2 Community page, click System® SNMP® Communities in the tree view.
Figure 6-69. SNMPv1, 2 Community
The SNMPv1, 2 Community page contains the following fields:
Community String — Contains a list of user-defined community strings that act as a password and are used to authenticate the SNMP management station to the device. A community string can contain a maximum of 20 characters.
SNMP Management Station — Contains a list of management station IP address for which community strings have been defined.
Basic — EnablesSNMP Basic mode for the selected community. The possible field values are:
Access Mode — Defines the access rights of the community. The possible field values are:
Read-Only — Community has read only access to the MIB objects configured in the view.
Read-Write — Community has read/modify access to the MIB objects configured in the view.
Super User — Community has read/modify access to all MIB objects.
View Name — Contains a list of user-defined SNMP views.
Advanced — Contains a list of user-defined groups. When SNMP Advanced mode is selected, the SNMP access control rules comprising the group are enabled for the selected community. The Advanced mode also enables SNMP groups for specific SNMP communities. The SNMP Advanced mode is defined only with SNMPv3.
Remove — When checked, removes a community.
Adding a New Community
Open the SNMPv1, 2 Community page.
Click Add.
The Add SNMPv1,2 Communitypage displays:
Figure 6-70. Add SNMPv1,2 Community
Complete the relevant fields.
In addition to the fields in the SNMPv1, 2 Community page, the Add SNMPv1,2 Community page contains the All (0.0.0.0) field, which indicates that the community can be used from any management station.
Click Apply Changes.
The new community is saved, and the device is updated.
Displaying Communities
Open the SNMPv1, 2 Community page.
Click Show All.
The Basic Tablepage displays.
Figure 6-71. Basic Table
Removing Communities
Open the SNMPv1, 2 Community page.
Click Show All.
The Basic Table page displays.
Select a community and check the Remove check box.
Click Apply Changes.
The community entry is removed, and the device is updated.
Configuring Communities Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
Notification Filter
Use the Notification Filter page to set filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect. The Notification Filter page also allows you to filter notifications.
To display the Notification Filter page, click System® SNMP® Notification Filters in the tree view.
Figure 6-72. Notification Filter
The Notification Filter page contains the following fields:
Notification Filter Name — Contains a list of user-defined notification filters. A notification filter name can contain a maximum of 30 characters.
New Object Identifier Tree — Displays the OID configured for the selected filter. This field can be edited.
Filter Type — Indicates whether informs or traps are sent regarding the OID to the trap recipients.
Excluded — Restricts sending OID traps or informs.
Included — Sends OID traps or informs.
Adding SNMP Filters
Open the Notification Filter page.
Click Add.
The Add Filter page displays:
Figure 6-73. Add Filter
Define the relevant fields.
Click Apply Changes.
The new filter is added, and the device is updated.
Displaying the Filter Table
Open the Notification Filter page.
Click Show All.
The Filter Table page appears, which displays all of the filters configured for the selected filter name:
Figure 6-74. Show Notification
Removing a Filter
Open the Notification Filter page.
Click Show All.
The Show Notification page displays.
Select the Filter Table entry.
Check Remove.
The filter entry is removed, and the device is updated.
Configuring Notification Filters Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
Notification Recipients
Use the Notification Recipients pageto view information for defining filters that determine whether traps are sent to specific users, and the trap type sent. SNMP notification filters provide the following services:
Identifying Management Trap Targets
Trap Filtering
Selecting Trap Generation Parameters
Providing Access Control Checks
To display the Notification Recipients page, click System® SNMP® Notification Recipient in the tree view.
Figure 6-75. Notification Recipients
The Notification Recipients page contains the following fields:
Recipient IP — Contains a user-defined list of notification recipients IP addresses.
Notification Type — The type of notification sent. The possible field values are:
Trap — Traps are sent.
Inform — Informs are sent.
SNMPv1,2 — SNMP versions 1 or 2 are enabled for the selected recipient. The possible field values are:
Community String — Displays the community string to be sent with the notification.
Notification Version — Determines the notification version. The possible field values are:
SNMP V1 — SNMP version 1 traps are sent. If Inform is selected as the Notification Type, SNMPv1 cannot be selected.
SNMP V2 — SNMP version 2 traps or informs are sent.
SNMPv3 — SNMP version 3 is enabled for the selected recipient. The possible field values are:
User Name — Select the existing user to generate notifications.
Security Level — The security level attached to notifications. The possible field values are:
NoAu NoPriv — The packet is neither authenticated nor encrypted.
Auth NoPriv — The packet is authenticated.
Auth Priv — The packet is both authenticated and encrypted.
UDP Port (1–65535) — UDP port used to send notifications. The default is 162.
Filter Name — Check this check box to apply a user-defined SNMP filter (selected from the drop-down menu) to notifications.
Timeout (1–300) — Amount of time (seconds) the device waits before resending informs. The default is 15 seconds.
Retries (1–255) — Maximum number of times the device resends an inform request. The default is 3.
Adding a New Notification Recipient
Open the Notification Recipients page.
Click Add.
TheNotification Recipients page displays:
Figure 6-76. Add Notification Recipient
Define the relevant fields.
Click Apply Changes.
The notification recipient is added, and the device is updated.
Displaying the Notification Recipients Tables
Open Notification Recipientspage.
Click Show All.
The Notification Recipient Tables page opens:
Figure 6-77. Notification Recipient Tables
Removing Notification Recipients
Open the Notification Recipientspage.
Click Show All.
The Notification Recipient Tables page open.
Select the Remove check box for one or more notification recipients in the SNMPV1,2
Notification Recipient and/or SNMPv3 Notification Recipient Tables.
Click Apply Changes.
The recipients are removed, and the device is updated.
Defining SNMP Notification Recipients Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
SNMP Commands.
Managing Files
Use the File Managementmenu page to manage device software, the image file, and the configuration files. Files can be downloaded or uploaded through a TFTP server. The system handles two versions of the software. The system running an older software version will ignore (not load) a configuration file created by the newer software version. When a configuration file created by the newer software version is discovered by the system running an older version of the software, the system will display an appropriate warning to the user.
Management File Overview
The management file structure consists of the following files:
Startup configuration file — Retains the exact device configuration when the device is powered down or rebooted. The startup file maintains configuration commands, and configuration commands from the running configuration file can be saved to the startup file.
Running configuration file — Contains all startup file commands, as well as all commands entered during the current session. After the device is powered down or rebooted, all commands stored in the running configuration file are lost. During the startup process all commands in the startup file are copied to the running configuration file and applied to the device. During the session, all new commands entered are added to the commands existing in the running configuration file. Commands are not overwritten. To update the startup file, before powering down the device the running configuration file must be copied to the startup configuration file. The next time the device is restarted, the commands are copied back into the running configuration file from the startup configuration file.
Backup Configuration File — Contains a backup copy of the device configuration. The backup file changes when the running configuration file or the startup file is copied to the backup file. The commands copied into the file replace the existing commands saved in the backup file. The backup file contents can be copied to either the running configuration or the startup configuration files. You can also copy to the backup file and the startup file from a remote TFTP server, or you can copy from the backup and startup file to a remote server.
Image Files — System images are saved in two Flash sectors called images (Image 1 and Image 2). The active imagestores the active copy; while the other image stores a second copy. The device boots and runs from the activeimage. If the active image is corrupt, the system automatically boots from the non-active image. This is a safety feature for faults occurring during the boot upgrade process.
To display the File Management page, click System® File Management in the tree view.
File System
Use the File System pages to view a list of the files on the device.
To display the File System page, click System® File Management® File System in the tree view.
Figure 6-78. File System
The File System page contains the following fields:
File Name — Text field lists the names of the files on the file systems.
Image Description (0-128) — Use this field to configure and display a description of the image. Enter up to 128 characters for the description.
Size — Displays size of the specified file.
Remove — Select to remove the specified file.
Flash Memory Details — Displays condition of the flash memory.
Total Bytes — Displays amount of flash memory in use.
Free Bytes — Displays amount of available flash memory.
Removing Files
Open the File System page.
Use the File Name field to select the file you want to remove.
Check the Remove box.
Click Apply Changes.
The file is removed.
Viewing Files Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Configuration and Image Files Commands
Active Images
Use the Active Images page to set the boot image.
To display the Active Imagespage, click System® File Management® Active Imagesin the tree view.
Figure 6-79. Active Images
The Active Images page contains the following fields:
Unit — Identifies the unit number of the system in the stack.
Active Image — Displays name of current active image.
Version — Displays version number of the current active image.
After Reset — Drop-down menu selects the image to be active after the next reset.
Version — Displays version number of the image that will be active after the next reset.
File Download From Server
Use the File Download From Serverpage to download configuration (ASCII) and image (binary) files from the TFTP server to the device.
To display the File Download From Serverpage, click System® File Management® File Download in the tree view.
Figure 6-80. File Download From Server
The File Download From Server page contains the following fields:
Firmware Download — When selected, indicates that the firmware file is to be downloaded. If this option is selected, the Configuration Downloadfields are grayed out.
Configuration Download — When selected, indicates that the configuration file is to be downloaded. If Configuration Downloadis selected, the Firmware Downloadfields are grayed out.
Firmware Download
TFTP Server IP Address — TFTP server IP address from which firmware files are downloaded.
Source File Name (1 – 32 characters) — Filename of the file on the tftp server, with the relative path from tftpboot directory. For example, if TFTP is configured on a remote server, with tftpboot directory as e:\tftp, and file test.scris present in e:\tftp\latest\test.scr, then you would enter \latest\test.scr.
Configuration Download
TFTP Server IP Address — TFTP Server IP Address through which the configuration files are downloaded.
Source File Name (1 – 32 characters) — Name of the file on the TFTP server.
Destination File Name — The destination file to which to the configuration files is downloaded. Possible values are:
Startup Configuration — Downloads the startup configuration files.
Backup Configuration — Downloads the backup configuration files.
Downloading Files
Open the File Download From Serverpage.
Verify the IP address of the TFTP server and ensure that the software image or boot file to be
downloaded is available on the TFTP server.
Complete the TFTP Server IP Address and Source File Name (full path without TFTP server
IP address) fields.
NOTE: It is recommended that you not overwrite the active image.
Click Apply Changes.
NOTE: After you start a file download, the page refreshes and a transfer status field appears to indicate the number of bytes transferred. The Web interface is blocked until the file download is complete.
Figure 6-81. File Download Progress
The software is downloaded to the device.
Downloading Files Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Configuration and Image Files Commands.
File Upload
Use the File Upload to Server page to upload configuration (ASCII) and image (binary) files from the device to the TFTP server.
To display the File Upload to Server page, click System® File Management® File Upload in the tree view.
Figure 6-82. File Upload to Server
The File Upload to Server page contains the following fields:
Firmware Upload — Indicates that the firmware file is to be uploaded. If Firmware Upload is selected, the Configuration Uploadfields are grayed out.
Configuration Upload — Indicates that the configuration file is uploaded. If Configuration Uploadis selected, the Firmware Uploadfields are grayed out.
Software Image Upload
TFTP Server IP Address — TFTP server IP address to which the software image is uploaded.
Destination File Name (1 – 32 characters) — The name which the file will have after it is uploaded.
Transfer File Name — Selects the source file to upload.
Configuration Upload
TFTP Server IP Address — TFTP server IP address to which the configuration file is uploaded.
Destination File Name (1 – 32 characters) — The name which the file will have after it is uploaded.
Transfer File Name — Selects the source file to upload. Valid field values are:
Running Configuration — Uploads the running configuration file.
Startup Configuration — Uploads the startup config files.
Backup Configuration — Uploads the backup config files.
Uploading Files
Open the File Upload to Server page.
Define the applicable fields in the page.
Click Apply Changes.
NOTE: After you start a file upload, the page refreshes and a transfer status field appears to indicate the number of bytes transferred. The Web interface is blocked until the file upload is complete.
Figure 6-83. File Upload Progress
The software is uploaded to the server.
Uploading Files Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Configuration and Image Files Commands.
Copy Files
The Copy Files web page gives you a means to:
Copy images within the file system
Copy images to and from remote servers.
Back up images to local or remote systems
Restore images from local or remote systems
Back up the configuration files within the file system.
To display the Copy Files page, click System® File Management® Copy in the tree view.
Figure 6-84. Copy Files
The Copy Files page contains the following fields:
Copy Master Firmware — Specifies that a software image file should be copied.
Source — The software image source file from which the file is copied.
Destination — The destination unit to which the file is copied.
Copy Configuration — Specifies that a configuration file should be copied.
Source — The configuration source file (running, startup, backup) from which the file is copied.
Destination — The destination configuration file (running, startup, backup) to which the file is copied.
Restore Configuration Factory Default — Specifies that the factory configuration default files should be reset when checked. Unchecked maintains the current configuration settings.
Copying Files
Open the Copy Files page.
Select Copy or Restore, and complete the fields.
Click Apply Changes.
The file is copied.
Copying Files Using CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Configuration and Image Files Commands
Defining Advanced Settings
Use Advanced Settings to set miscellaneous global attributes of the device. The changes to these attributes are applied only after the device is reset. Click System®Advanced Settings in the tree view to display the Advanced Settings page.
The Advanced Settings page contains a link for configuring general settings.
General Settings
Use the General Settings page to define general device parameters.
To display the General Settings page, click System® Advanced Settings® General in the tree view.
Figure 6-85. General Settings
The General Settings page contains the following fields:
Attribute — Maximum number of RAM Log tableentries. The default value is 200 entries.
After Reset — Maximum number of entries after the device is reset. By entering a value in this column, memory is allocated to the field table.
Resizing RAM Log Entry Allocation
Open the General Settings page.
Enter desired new value in the After Reset field.
Click Apply Changes.
The space allocated to RAM log entries will take effect after the next device reset.
Viewing General Settings Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
Syslog Commands
Defining Stacking
Use the Stacking menus to set the stacking characteristics of the device. The changes to these attributes are applied only after the device is reset. Click System®Stacking in the tree view to display the Stacking page. Use this page to go to the following features:
Use the Unit Configuration page to define general device parameters.
To display the Unit Configuration page, click System® Stacking®Unit Configurationin the tree view.
Figure 6-86. Unit Configuration
The Unit Configuration page contains the following fields:
Switch ID — Specifies unit to be configured.
Change Switch ID to — Changes unit number of the selected unit.
Master — Select to make this unit a master (management) unit in preference to another unit. The default value for this setting is Unassigned.
Management Status — Shows whether the selected unit is a Management Unit or a Stack Member.
Hardware Management Preference — Management preference by hardware configuration to be considered for selection as Management unit.
Admin Management Preference — Determines whether this unit is capable of becoming the master switch. Values range from Disable (the unit cannot support Master Switch function) to Preference 15. The higher value means that the unit is more desirable than another unit with lower value for running the management function. An additional value is Unassigned, which means that preference is not configured, and election of the Master is left to the stack units.
Switch Type — Hardware ID given to the system to determine the type of switch.
Preconfigured Model Identifier — A 16-byte character string to identify the pre-configured model of the selected unit.
Plugged-in Model Identifier — A 16-byte character string to identify the plugged-in model of the selected unit.
Switch Status — Displays the status of the selected unit. The possible values are:
OK — The unit is in place and functioning.
Unsupported — The unit is in place, but can not function as a member of the stack.
Code Mismatch — The software of the switch does not match the master unit software.
Config Mismatch — The configuration of the switch does not match the master unit configuration.
Not Present — The selected unit is not present.
Switch Description — 80-byte data field used to identify the device.
Expected Code Type — Displays the expected code identifier.
Detected Code Version — Running code version release number and version number.
Detected Code in Flash — Release number and version number of the code detected in flash.
Up Time — Displays how long the unit has been running since its last reset.
Remove Switch — Select to remove switch from the stack.
Defining Unit Configuration
Open the Unit Configuration page.
Enter desired new values in the fields.
Click Apply Changes.
The changes will take effect after the next device reset.
Remove Switch
Open the Unit Configuration page.
Check Remove Switch.
Click Apply Changes.
The changes will take effect after the next device reset.
Add Unit
Use the Add Unit page to define general device parameters.
To display the Supported Switches page, click System® Stacking®Unit Configuration in the tree view, then click Add Unit.
Figure 6-87. Add Unit
The Add Unit page contains the following fields:
Switch ID — Displays the switch ID of the selected switch in the Stack. This can be altered to renumber the switch ID of the selected switch by admin users. Only users with an access level of 15 can change this field by using the Web interface.
Switch Type — Identifies the hardware ID given to the switch.
Adding a Unit
Open the Unit Configuration page.
Click Add Unit.
The Add Unit page appears.
Enter desired new value in the Switch ID field.
Select the desired value from the Switch Type drop-down list.
Click Apply Changes.
The changes will take effect after the next device reset.
Viewing Unit Configuration Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Stack Summary
Use the Stack Summary page to view a summary of switches participating in the stack.
To display the Stack Summary page, click System® Stacking®Stack Summaryin the tree view.
Figure 6-88. Stack Summary
The Stacking Summary page contains the following fields:
Switch ID — ID of the unit. The maximum number of units allowed in the stack is 8.
Management Status — This field indicates whether the switch is the management switch, a stack member, or the status is unassigned.
Pre-configured Model Identifier — This field displays the 16-character field assigned by the device manufacturer to identify the pre-configured device.
Plugged-in Model Identifier — This field displays the 16-character field assigned by the device manufacturer to identify the plugged-in device.
Switch Status — Indicates the unit status. There are five possible state values:
OK — The unit is in place and functioning properly.
Unsupported — The unit is not allowed to stack.
Code Mismatch — The software image in this unit does not match that being used in the master switch of the stack.
Config Mismatch — The configuration file in this unit do not match that being used in the master switch of the stack.
Not Present — The unit is not there.
Firmware Version — Indicates the detected version of code on this unit.
Viewing Stack Summary Using the CLI Command
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Supported Switches
Use the Supported Switches page to view information regarding each type of supported switch for stacking, and information regarding the supported switches.
To display the Supported Switches page, click System® Stacking® Supported Switches in the tree view.
Figure 6-89. Supported Switches
The Supported Switches page contains the following fields:
Supported Switches — Drop-down list permits selection of switches supported.
Switch Index— Specifies the index into the database of the supported switch types.
Switch Type — Hardware ID given to the switch.
Switch Model ID — Displays a 16-byte character string to identify the model of the supported switch.
Description — Displays a 256-byte data field used to identify the device.
Management Preference — Determines whether this unit is capable of becoming the master switch. If the value is set to zero then the unit cannot support Master Switch function. The higher value means that the unit is more desirable than another unit with lower value for running the management function. The device manufacturer sets the initial value of this field.
Expected Code Type — Displays the release number and version number of the code expected.
Viewing Supported Switch Characteristics
Open the Supported Switches page.
Select desired switch from the Supported Switch drop-down list.
Viewing Supported Switches Using the CLI Commands
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Stack Port Summary
Use the Stack Port Summary page to view the stackable ports present. This screen displays the unit, the stackable interface, the configured mode of the interface, the running mode as well as the link status and link speed of the stackable port.
To display the Stack Port Summary page, click System® Stacking®Stack Port Summary in the tree view.
Figure 6-90. Stack Port Summary
The Stack Port Summary page contains the following fields:
Unit — ID number of the unit.
Interface — Identifies the stack interface assigned to the unit.
Configured Stack Mode — Indicates whether or not each unit is able to participate in the stack.
Running Stack Mode — Indicates whether or not each unit is actually participating in the stack.
Link Status — Indicates whether or not the stack interface for each unit is operating.
Link Speed (Gb/s) — Indicates the nominal speed of each unit's link.
Viewing Stack Port Summary Using the CLI Command
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Stack Port Counters
Use the Stack Port Counters page to view the transmitted and received statistics, including data rate and error rate.
To display the Stack Port Counters page, click System® Stacking® Stack Point Counters in the tree view.
Figure 6-91. Stack Port Counters
The Stack Port Counters page contains the following fields:
Unit — Indicates the subordinate switch being viewed.
Interface — Indicates the name of the interface.
Data Rate (Mb/s) — Indicates the speed at which the data is transmitted.
Transmit Error Rate (Errors/sec) — Indicates the number of errors transmitted per second.
Total Errors — Total number of errors transmitted.
Data Rate (Mb/s) — Indicates the speed at which the data is received.
Receive Error Rate (Errors/sec) — Indicates the number of errors received per second.
Total Errors — Total number of errors received.
Viewing Stack Port Counters
Open the Stack Port Counters page.
Viewing Stack Port Counters Using the CLI Command
For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:
System Management Commands
Stack Port Diagnostics
The Stack Port Diagnostics page is intended for Field Application Engineers (FAEs) and developers only.
Offers subject to change, not combinable with all other offers. Taxes, shipping, handling and other fees apply. U.S. Dell Home and Home Office new purchases only. Dell reserves the right to cancel orders arising from pricing or other errors.
— The power supply is operating normally.
— The power supply is not operating normally.
