Back to Contents Page

Configuring Switching Information

Dell™ PowerConnect™ 6200 Series User's Guide

This section provides all system operations and general information for network security, ports, address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.

The Switching menu page contains links to the following features:

• Configuring Network Security
  
  
• Configuring Ports
  
  
• Configuring Traffic Mirroring
  
  
• Configuring Address Tables
  
  
• Configuring GARP
  
  
• Configuring the Spanning Tree Protocol
  
  
• Configuring VLANs
  
  
• Aggregating Ports
  
  
• Managing Multicast Support
  
  
• Configuring the Link Layer Discovery Protocol (LLDP)
  
  

Configuring Network Security

Use the Network Security menu page to set network security through port-based authentication, locked ports, DHCP Filtering configuration, and access control lists.

To display the Network Security page, click Switching® Network Security in the tree view.

The Network Security menu page contains links to the following features:

• Port Based Authentication
  
  
• Multiple Hosts
  
  
• Authenticated Users
  
  
• Port Security
  
  
• DHCP Filtering
  
  
• Access Control Lists
  
  
• ACL Bind Configuration
  
  

Port Based Authentication

In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bi-directional control. This is the default authentication mode.

The 802.1x network has three components:

• Authenticators — Specifies the port that is authenticated before permitting system access.
  
  
• Supplicants — Specifies host connected to the authenticated port requesting access to the system services.
  
  
• Authentication Server — Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services.
  
  

Use the Port Based Authentication page to configure general 802.1x parameters for a port.

To display the Port Based Authentication page, click Switching® Network Security® Port Based Authentication in the tree view.

Figure 8-1. Port Based Authentication

The Port Based Authentication page contains the following fields:

Global Parameters

Port Based Authentication State — Permits port-based authentication on the switch. The possible field values are:

Enable — Enables port-based authentication on the switch.

Disable — Disables port-based authentication on the switch.

Authentication Method — Selects the Authentication method used. The possible field values are:

Unconfigured — Indicates that an authentication method has not been selected.

None — Indicates that no authentication method is used.

RADIUS — Indicates that authentication occurs at the RADIUS server.

RADIUS, None — Indicates that authentication occurs at the RADIUS server. If the RADIUS server is not available, then no authentication method is used.

None, RADIUS — Indicates that no authentication method is used. If authentication is required, it occurs at the RADIUS server.

Guest VLAN — Specifies a guest VLAN for all ports. The possible field values are:

Unconfigured — The guest VLAN is not configured for all ports.

VLAN ID — Shows the ID of the VLANs that are configured on the system. Select the VLAN to use as the guest VLAN for all ports.

Interface Parameters

Interface — Selects the Unit and Port to be affected.

Guest VLAN Mode — Enables or disables the guest VLAN mode on this interface.

Admin Interface Control — Defines the port authorization state. The possible field values are:

Automode — Automatically detects the mode of the interface.

Authorized — Places the interface into an authorized state without being authenticated. The interface sends and receives normal traffic without client port-based authentication.

Unauthorized — Denies the selected interface system access by moving the interface into unauthorized state. The switch cannot provide authentication services to the client through the interface.

Current Interface Control — Displays the current port authorization state.

Periodic Re-Authentication — Reauthenticates the selected port periodically, when enabled.

Re-Authentication Period (300–4294967295) — Indicates the time span in which the selected port is reauthenticated. The field value is in seconds. The field default is 3600 seconds.

Re-Authenticate Now — Forces immediate port reauthentication, when selected.

Authentication Server Timeout (1–65535) — Defines the amount of time that lapses before the switch resends a request to the authentication server. The field value is in seconds. The field default is 30 seconds.

Resending EAP Identity Request (1–65535) — Defines the amount of time that lapses before EAP requests are resent. The field value is in seconds. The field default is 30 seconds.

Quiet Period (0–65535) — Defines the amount of time that the switch remains in the quiet state following a failed authentication exchange. The possible field range is 0–65535. The field value is in seconds. The field default is 60 seconds.

Supplicant Timeout (0–65535) — Defines the amount of time that lapses before EAP requests are resent to the user. The field value is in seconds. The field default is 30 seconds.

Max EAP Requests (1–10) — Defines the maximum number of times the switch can send an EAP request before restarting the authentication process if it does not receive a response. The possible field range is 1–10. The field default is 2 retries.

Displaying the Port Based Authentication Table

1. Open the Port Based Authentication page.
   
   
2. Click Show All.
   
   

The Port Based Authentication Table page opens, displaying the left side of the table:

Figure 8-2. Port Based Authentication Table

3. Use the horizontal scroll bar or click the right arrow at the bottom of the screen to display the right side of the table.
   
   
4. Use the Unit drop-down menu to view the Port Based Authentication Table for other units in the stack, if they exist.
   
   

Re-Authenticating One Port

1. Open the Port Based Authentication page.
   
   
2. Check Edit to select the Unit/Port to re-authenticate.
   
   
3. Check Reauthenticate Now.
   
   
4. Click Apply Changes.
   
   

The specified port is re-authenticated, and the device is updated.

Re-Authenticating Multiple Ports in the Port Based Authentication Table

1. Open the Port Based Authentication page.
   
   
2. Click Show All.
   
   

The Port Based Authentication Table displays.

3. Check Edit to select the Units/Ports to re-authenticate.
   
   
4. To re-authenticate on a periodic basis, set Periodic Re-Authentication to Enable, and specify a Re-Authentication Period for all desired ports.
   
   
5. To re-authenticate immediately, check Reauthenticate Now for all ports to be re- authenticated.
   
   
6. Click Apply Changes.
   
   

Specified ports are re-authenticated (either immediately or periodically), and the device is updated.

Changing Administrative Port Control

1. Open the Port Based Authentication page.
   
   
2. Click Show All.
   
   

The Port Based Authentication Table displays.

3. Scroll to the right side of the table and select the Edit check box for each port to configure. Change Admin Port Control to Authorized, Unauthorized, or Automode as needed for chosen ports. Only Automode actually uses dot1x to authenticate. Authorized and Unauthorized are manual overrides.
   
   
4. Click Apply Changes.
   
   

Admin Port Control is updated for the specified ports, and the device is updated.

Enabling Port Based Authentication Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• 802.1X Commands
  
  

Multiple Hosts

When a port is in multiple host mode, only a single switch needs to authenticate on that port. Once that occurs, any switch on that port is granted network access. If the port becomes unauthorized for any reason, then all switches lose their network access, and the authentication process must restart.

The Multiple Hosts page provides information for defining advanced port-based authentication settings for specific ports.

To display the Multiple Hosts page, click Switching® Network Security® Multiple Host in the tree view.

Figure 8-3. Multiple Hosts

The Multiple Hosts page contains the following fields:

Interface — Specifies the Unit and Port numbers on which to configure advanced port-based authentication settings.

Multiple Hosts — Enables or disables a single host to authorize multiple hosts for system access. This setting must be enabled in order to either disable ingress filtering, or to use port-lock security on the selected port.

Action on Single Host Violation — Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the client (supplicant) MAC address. The possible field values are:

Forward — Forwards the packets from an unknown source. However, the MAC address is not learned.

Discard — Discards the packets from any unlearned source. This is the default value.

Discard Shut Down — Discards the packet from any unlearned source and shuts down the port. Ports remain shut down until they are activated, or the switch is reset.

Traps — Enables or disables sending traps to the host if a violation occurs.

Trap Frequency (1–1000000) — Defines the time period by which traps are sent to the host. The default is 10 seconds. The security trap is sent once every 10 seconds with a count of the number of violations.

Status — Displays the host status. The possible field values are:

Authorized — Indicates that the port control is currently in auto mode and that clients have full port access.

Unauthorized — Indicates that the port control is Force Unauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated through the port.

Not in auto mode — Indicates that the port control is Forced Authorized, and clients have full port access.

Single-host Lock — Indicates that the port control is Auto and a single client has been authenticated through the port.

No Single Host — Indicates that Multiple Host is enabled.

Number of Violations — Displays the number of packets that arrived on the interface in single-host mode, from a host whose MAC address is not the client (supplicant) MAC address.

Displaying the Multiple Hosts Table

1. Open the Multiple Hosts page.
   
   
2. Click Show All.
   
   

The Multiple Host Table displays.

Figure 8-4. Multiple Host Table

3. Use the Unit drop-down menu to view the Multiple Host Table for other units in the stack, if they exist.
   
   

Enabling/Disabling Multiple Hosts for One Port

1. Open the Multiple Hosts page.
   
   
2. Select the Unit and Port to be affected in Interface.
   
   
3. Define variables as desired.
   
   
4. Click Apply Changes.
   
   

Multiple hosts is enabled for the specified port, and the device is updated.

Enabling/Disabling Multiple Hosts for Multiple Ports

1. Open the Multiple Hosts page.
   
   
2. Click Show All to display the Multiple Host Table.
   
   
3. Select the Edit check box associated with the ports to configure.
   
   
4. Change variables for desired ports.
   
   
5. Click Apply Changes.
   
   

Edited ports are updated, and the device is updated.

Configuring Advanced Port Authentication Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• 802.1X Commands.
  
  

Authenticated Users

The Authenticated Users page displays user port access lists.

To display the Authenticated Users page, click Switching® Network Security® Authenticated Users in the tree view.

Figure 8-5. Authenticated Users

The Authenticated Users page contains the following fields:

User Name — Specifies one user from the list of users authorized through the RADIUS Server.

Port — Lists the port used for authentication.

Displaying Authenticated Users Using the CLI Command

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• 802.1X Commands
  
  

Port Security

Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable by one of two methods: dynamically or statically. Note that both methods are used concurrently when a port is locked.

Dynamic locking implements a `first arrival' mechanism for Port Security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally. Once the limit is reached, no more addresses are learned on the port. Any packets with source MAC addresses that were not already learned are discarded. Note that you can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero.

Static locking allows you to specify a list of MAC addresses that are allowed on a port. The behavior of packets is the same as for dynamic locking: only packets with an allowable source MAC address can be forwarded.

To see the MAC learned on a specific port, add a static MAC to a port, or Delete static MAC entries, see Configuring Address Tables.

Disabled ports can only be activated from the Configuring Ports page.

To display the Port Security page, click Switching® Network Security® Port Security in the tree view.

Figure 8-6. Port Security

Interface — Select the Unit and Port or the LAG on which to configure port security settings.

Set Port — Enables locking the port/LAG. When a port is locked, all the current addresses that had been dynamically learned by the switch on that port are removed from the database

Action on Violation — Specifies action applied to packets arriving on the port/LAG. The field is grayed if the port/LAG is unlocked. Possible values are:

Discard — Discards the packets from any unlearned source. This is the default value.

Forward — Forwards the packets from an unknown source. The MAC address is not learned.

Shutdown — Discards the packet from any unlearned source and sends a trap. In addition, the ingress port is disabled.

Traps — Enables or disables sending a trap when a packet is received on a locked port/LAG.

Trap Frequency (1–1000000) — Specifies amount of time (seconds) between traps.

Max Learned Addresses (0–100) — Specifies the maximum number of secure MAC addresses that can be learned on a port.

Defining a Locked Port

1. Open the Port Security page.
   
   
2. Select an interface type and number.
   
   
3. Select Locked on the Set Port drop-down menu.
   
   
4. Complete the remaining fields.
   
   
5. Click Apply Changes.
   
   

The locked port/LAG is added to the Port Security table, and the device is updated.

Viewing the Port Security Table

1. Open the Port Security page.
   
   
2. Click Show All.
   
   

The Port Security Table displays.

Figure 8-7. Port Security Table

3. Use the Unit drop-down menu to view the Port Security Table for other units in the stack, if they exist.
   
   

Defining Multiple Locked Ports

1. Open the Port Security page.
   
   
2. Click Show All.
   
   

The Port Security Table displays.

3. Click Edit for each port whose parameters are to be changed.
   
   
4. Fields can now be edited as needed for these ports.
   
   
5. Click Apply Changes.
   
   

The changes are made to the Port Security table, and the device is updated.

Configuring Port Security with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Address Table Commands
  
  

DHCP Filtering

DHCP Filtering is a useful feature that can be employed as a security measure against unauthorized DHCP servers. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address. The server configures the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine. This gives the attacker the possibility of snooping traffic for passwords or employing a `man-in-the-middle' attack. DHCP Filtering works by allowing the administrator to configure each port as either a trusted port or an untrusted port. The port that has the authorized DHCP server should be configured as a trusted port. Any DHCP responses received on a trusted port are forwarded. All other ports should be configured as untrusted. Any DHCP (or BootP) responses received are discarded.

To display the DHCP Filtering page, click Switching® Network Security® DHCP Filtering in the tree view.

Figure 8-8. DHCP Filtering

The DHCP Filtering page contains the following fields:

DHCP Filtering Global Mode — Turns DHCP Filtering on and off. The default is Disabled.

Interface — Specifies the Unit and Port or LAG affected. Choose the desired Unit and Port for LAG from the drop-down menus.

DHCP Trust Mode — Enables or disables trust mode. The default value is Disable.

Adding DHCP Filtering

1. Open the DHCP Filtering page.
   
   
2. Specify the Interface or LAG to be affected.
   
   
3. Set DHCP Filtering Global Mode and DHCP Filtering Trust Mode to desired settings.
   
   
4. Click Apply Changes.
   
   

The device is updated.

Displaying the DHCP Filtering Interface Configuration Table

1. Open the DHCP Filtering page.
   
   
2. Click Show All.
   
   

The DHCP Filtering Table page displays all Ports, the Units they are on, and their DHCP Trust Modes.

Figure 8-9. DHCP Filtering Interface Configuration Table

3. Use the Unit drop-down menu to view the DHCP Filtering Table for other units in the stack, if they exist.
   
   

Configuring DHCP Filtering on Multiple Ports

1. Open the DHCP Filtering page.
   
   
2. Click Show All.
   
   

The DHCP Filtering Interface Configuration Table displays.

3. Click Edit for each port to configure.
   
   
4. Enable or Disable the DHCP Trust Mode field as needed for these ports.
   
   
5. Click Apply Changes.
   
   

The changes are made to the DHCP Filtering Interface Configuration table, and the device is updated.

Configuring DHCP Filtering using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• DHCP Filtering Commands
  
  

IP ACL Configuration

Access control lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 100 ACLs. However, the hardware resources are limited and may not be able to fully support 100 completely populated ACLs.

Packets can be filtered on ingress. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped.

ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. The total number of rules that can be defined for each ACL is 10.

Use the IP ACL Configuration page to add or remove IP-based ACLs.

To display the IP ACL Configuration page, click Switching® Network Security® Access Control Lists® IP Access Control Lists® Configuration in the tree view.

Figure 8-10. IP ACL Configuration

The IP ACL Configuration page contains the following fields:

IP ACL Name — Specifies user-defined name for the ACL.

Remove — Removes the IP ACL selected in the IP ACL field.

Adding an IP-based ACL

1. Open the IP ACL Configuration page.
   
   
2. Click Add.
   
   

The Add IP ACL page displays.

Figure 8-11. Add IP ACL

3. Enter the desired ACL Name in the related entry field.
   
   
4. Click Apply Changes.
   
   

The IP-based ACL is added, and the device is updated.

Removing an IP-based ACL

1. Open the IP ACL Configuration page, and select the ACL to be deleted from the IP ACL drop-down menu.
   
   
2. Check the Remove ACL check box.
   
   
3. Click Apply Changes.
   
   

The IP-based ACL is removed, and the device is updated.

Displaying IP ACLs

1. Open the IP ACL Configuration page.
   
   
2. Click Show All.
   
   

All IP ACLs and their related data display in the IP ACL Table.

Figure 8-12. IP ACL Table

Adding an IP-based ACL Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• ACL Commands
  
  

IP ACL Rule Configuration

Use the IP ACL Rule Configuration page to define rules for IP-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can specify to assign traffic to a particular queue, filter on some traffic, change VLAN tag, shut down a port, and/or redirect the traffic to a particular port.

NOTICE: There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and the packet is dropped.

To display the IP ACL Rule Configuration page, click Switching® Network Security® Access Control Lists® IP Access Control Lists® Rule Configuration in the tree view.

Figure 8-13. IP ACL - Rule Configuration (Standard)

The IP ACL Rule Configuration page contains the following fields:

IP ACL Name — Specifies an existing IP ACL. To set up a new IP ACL use the "IP ACL Configuration" page.

Rule ID — Selects or creates user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked. Up to 10 rules can be created for each ACL.

Action — Selects the ACL forwarding action. Choose from the drop-down menu options to apply a forwarding action. Possible values are:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6.

Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to.

Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to.

Logging — Enables logging for a particular ACL when the check box is selected. Logging is supported for Deny action only.

Match Every — Requires a packet to match the criteria of this ACL. Click the check box to apply this criteria. Match Every is exclusive to the other filtering rules, so if checked, the other rules on the screen aren't accessible.

Protocol — Requires a packet's protocol to match the protocol listed here. Click the check box to apply this criteria, then select one of the following:

Select from List — Select from the drop-down list of protocols on which the rule can be based.

Match to Value — Click to add a user-defined Protocol ID by which packets are matched to the rule.

Source IP Address — Requires a packet's source port IP address to match the address listed here. Click the check box and enter an address to apply this criteria.

Wild Card Mask — Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. This field is required when Source IP Address is checked.

Source L4 Port — Requires a packet's TCP/UDP source port to match the port listed here. Click the check box to apply this criteria, then select one of the following from the drop-down menu:

Select From List — Click to select from a list of source ports on which the rule can be based.

Match to Port — Click to add a user-defined Port ID by which packets are matched to the rule.

Destination IP Address — Requires a packet's destination port IP address to match the address listed here. Click the check box and enter an address to apply this criteria.

Wild Card Mask — Specifies the Destination IP address wildcard mask. This field is required when Destination IP Address is checked.

Destination L4 Port — Requires a packet's TCP/UDP destination port to match the port listed here. Click the check box to apply this criteria, then select one of the following:

Select From List — Select from a list of destination ports on which the rule can be based.

Match to Port — Click to add a user-defined Port ID by which packets are matched to the rule.

Service Type fields

Select one of the following three Match fields to use in matching packets to ACLs:

IP DSCP — Matches the packet DSCP value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Select From List — Select from a list of DSCP keyword values.

Match to Port — Click to add a user-defined Port ID.

IP Precedence — Matches the packet IP Precedence value to the rule when checked. Enter the IP Precedence value to match. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

IP TOS Bits — Matches on the Type of Service bits in the IP header when checked.

TOS Bits — Requires the bits in a packet's TOS field to match the two-digit hexadecimal number entered here.

TOS Mask — Specifies the bit positions that are used for comparison against the IP TOS field in a packet.

Remove — Removes a Rule ID when Remove is checked and Apply Changes is clicked.

Modifying an IP-based Rule

NOTE: Rules can be modified only when the ACL to which they belong is not bound to an interface.

1. Open the IP ACL Rule Configuration page.
   
   
2. Select the desired ACL from the IP ACL drop-down menu.
   
   
3. Select the desired rule from the Rule ID drop-down menu.
   
   
4. Modify the remaining fields as needed.
   
   
5. Click Apply Changes.
   
   

The IP-based rule is modified, and the device is updated.

Adding a New Rule to an IP-based ACL

1. Open the IP ACL Rule Configuration page.
   
   
2. Select the desired ACL from the IP ACL drop-down menu.
   
   
3. Select Create Rule from the Rule ID drop-down menu and enter a new ID number.
   
   
4. Define the remaining fields as needed.
   
   
5. Click Apply Changes.
   
   

The new rule is assigned to the specified IP-based ACL.

Defining an IP-based ACL Rule Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• ACL Commands
  
  

MAC ACL Configuration

The MAC ACL Configuration page allows network administrators to define a MAC-based ACL. For an explanation of ACLs, see "IP ACL Configuration."

To display the MAC ACL Configuration page, click Switching® Network Security® Access Control Lists® MAC Access Control Lists® Configuration in the tree view.

Figure 8-14. MAC ACL Configuration

The MAC ACL Configuration page contains the following fields:

MAC ACL Name — User-defined ACL name.

Rename MAC ACL — To rename the MAC ACL, select the check box and enter a new MAC ACL name in the field.

Remove — Click this field, then click the Apply Changes button to delete the MAC ACL listed in the MAC ACL field.

Adding a MAC-based ACL

1. Open the MAC ACL Configuration page.
   
   
2. Click Add to display the Add MAC ACL page.
   
   

Figure 8-15. Add MAC ACL

3. Enter the desired MAC ACL Name in the entry field.
   
   
4. Click Apply Changes.
   
   

The MAC-based ACL is added, and the device is updated.

Removing a MAC-based ACL

1. Open the MAC ACL Configuration page, and select the ACL to be removed from the MAC ACL drop-down menu.
   
   
2. Select the Remove check box.
   
   
3. Click Apply Changes.
   
   

The MAC-based ACL is removed, and the device is updated.

Displaying MAC ACLs

1. Open the MAC ACL Configuration page.
   
   
2. Click Show All.
   
   

All MAC ACLs and their related data are displayed on screen.

Figure 8-16. MAC ACL Table

Configuring MAC-based ACLs Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• ACL Commands
  
  

MAC ACL Rule Configuration

Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list.

To display the MAC ACL Rule Configuration page, click Switching® Network Security® Access Control Lists® MAC Access Control Lists® Rule Configuration in the tree view.

Figure 8-17. MAC ACL - Rule Configuration

The MAC ACL Rule Configuration page contains the following fields:

MAC ACL Name — Specifies an existing MAC ACL. To set up a new MAC ACL use the MAC ACL Configuration page.

Rule Id — Selects or creates a user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked.

Action — Selects the ACL forwarding action, which can be one of the following values:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6.

Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to.

Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to.

Logging — Click the check box to enable logging for this ACL. This feature is supported for the Deny action only.

Match Every — Requires a packet to match the criteria of this ACL. Click the check box to apply this criteria.

Class of Service — Requires a packet's CoS to match the CoS value listed here. Click the check box and enter a CoS value between 0 and 7 to apply this criteria.

Secondary CoS — Requires a packet's secondary CoS to match the CoS value listed here. Click the check box and enter a CoS value between 0 and 7 to apply this criteria.

Destination MAC Address — Requires a packet's destination port MAC address to match the address listed here. Click the check box and enter an address to apply this criteria.

Destination MAC Mask — If desired, enter the MAC Mask associated with the Destination MAC to match.

EtherType — Requires a packet's EtherType to match the EtherType listed here. Click the check box and select from a list or enter the EtherType ID:

Select from List — Select desired EtherType from the drop-down menu.

Match to Value — Enter the desired port number to match.

Source MAC Address — Requires a packet's source port MAC address to match the address listed here. Click the check box and enter an address to apply this criteria.

Source MAC Mask — If desired, enter the MAC mask for the source MAC address to match.

Vlan Id — Requires a packet's VLAN ID to match the ID listed here. Click the check box and enter the VLAN ID to apply this criteria. Possible field values are 1–4093.

Secondary Vlan — Requires a packet's secondary VLAN ID to match the ID listed here. Click the check box and enter the secondary VLAN ID to apply this criteria. Possible field values are 1–4093.

Remove — Removes the MAC ACL Rule when Remove is checked and Apply Changes is clicked.

Modifying a MAC-based Rule

NOTE: Rules can be modified only when the ACL to which they belong is not bound to an interface.

1. Open the MAC ACL Rule Configuration page.
   
   
2. Select the desired ACL from the MAC ACL drop-down menu.
   
   
3. Select the desired rule from the Rule ID drop-down menu.
   
   
4. Modify the remaining fields as needed.
   
   
5. Click Apply Changes.
   
   

The MAC-based rule is modified, and the device is updated.

Adding a New Rule to a MAC-based ACL

1. Open the MAC ACL Rule Configuration page.
   
   
2. Select the desired ACL from the MAC ACL drop-down menu.
   
   
3. Specify Create New Rule for Rule ID.
   
   
4. Enter a new ID number.
   
   
5. Define the remaining fields as needed.
   
   
6. Click Apply Changes.
   
   

The new rule is assigned to the specified MAC-based ACL.

Removing a Rule From a MAC-based ACL

1. Select an ACL.
   
   
2. Select a rule from the Rule ID drop-down menu.
   
   
3. Check the Remove check box.
   
   
4. Click Apply Changes.
   
   

The MAC-based ACL is removed, and the device is updated.

Defining a MAC-based ACL Rule Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• ACL Commands
  
  

ACL Bind Configuration

When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the ACL Bind Configuration page to assign ACL lists to ACL Priorities and Interfaces.

From the Web interface, you can configure the ACL rule in the ingress direction so that the rule applies to packets coming into the port. From the CLI, you can configure the ACL rule in either the ingress or egress direction. Egress ACLs implement security rules on the traffic flowing out of the port. You can apply ACLs to any physical (including 10G) interface, LAG, or routing port.

To display the ACL Bind Configuration page, click Switching® Network Security® Access Control Lists® Binding Configuration in the tree view.

Figure 8-18. ACL Bind Configuration

The ACL Bind Configuration page contains the following fields:

Interface — Radio buttons permit selection of interface by Unit/port, LAG, or VLAN.

Select an ACL — Selects the ACL type to which incoming packets are matched. Packets can be matched to either IP-based or MAC-based ACLs.

Assign ACL Priority — Assigns the priority of this ACL. If more than one ACL is applied to an interface, then the match criteria for the highest priority ACLs are checked first.

Assigning an ACL to an Interface

1. Open the ACL Bind Configuration page.
   
   
2. In the Interface field, specify the Unit and Port, LAG, or VLAN to configure.
   
   
3. Select the IP or MAC ACL in the Select an ACL field.
   
   

NOTE: Whenever an ACL is assigned on a port, LAG, or VLAN, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets.

4. Specify the priority in Assign ACL Priority.
   
   
5. Click Apply Changes.
   
   

The ACL is attached to the specified interface(s).

Removing an Interface from an ACL

1. Open the ACL Bind Configuration page.
   
   
2. Click Show All.
   
   
3. In the Interface field, specify the Unit and Port, LAG, or VLAN to view the ACL bindings for that interface.
   
   
4. Select the Remove check box for one or more ACLs to remove.
   
   
5. Click Apply Changes.
   
   

The specified ACL(s) are removed from the interface.

Assigning ACL Membership Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• ACL Commands
  
  

Configuring Ports

The Ports menu page provides links for configuring port functionality, including advanced features such as storm control and port mirroring, and for performing virtual port tests.

To display the page, click Switching® Ports in the tree view. The Ports menu page contains links to the following features:

• Global Parameters
  
  
• Port Configuration
  
  
• Protected Port Configuration
  
  
• LAG Configuration
  
  
• Storm Control
  
  

Global Parameters

Use the Global Parameters to configure Flow Control. Flow Control allows traffic from one switch to be throttled for a specified period of time, and is defined for switches that are directly connected. Flow Control can only be set for ports configured as full-duplex mode of operation. Since ports set to auto negotiate may not be added as LAG members, LAG member ports cannot have flow control configured to auto.

NOTE: Flow Control is incompatible with head of line blocking prevention mode. The switch can operate in either mode, but not at the same time.

To display the Global Parameters page, click Switching® Ports® Global Parameters in the tree view.

Figure 8-19. Global Port Parameters

The Global Parameters page contains the following field:

Flow Control — Select enabled or disabled from the drop-down menu. This command affects all ports in the stack. The default value is enabled.

Enable — Turns on the ingress back pressure mechanism of the switch.

Disable — Restores the switch operation to head of line blocking prevention.

Enabling Ingress Backpressure

1. Open the Ports Global Parameters page.
   
   
2. Select Enable from the drop-down menu in the Flow Control field.
   
   
3. Click Apply Changes.
   
   
4. Ingress backpressure is now enabled.
   
   

Configuring Flow Control Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Ethernet Configuration Commands
  
  

Port Configuration

Use the Port Configuration page to define port parameters.

To display the Port Configuration page, click Switching® Ports® Port Configuration in the tree view.

Figure 8-20. Port Configuration

The Port Configuration page contains the following fields:

Port — Specifies the Unit and Port for which port parameters are defined.

Description (0–64 Characters) — Provides a brief interface description, such as Ethernet.

Admin Status — Enables (Up) or disables (Down) traffic forwarding through the port.

Current Port Status — Specifies whether the port is currently operational or non-operational.

Current Port Speed — Displays the actual synchronized port speed (bps).

Admin Port Speed — Forces the port speed to the selected value — 10M, 100M, 1000M or 10000M.

Maximum Frame Size (1518–9216)— Specifies the threshold beyond which packets exceeding this size are dropped. Default is 1518.

Admin Duplex — Specifies the port duplex mode. Options are Full or Half.

Full — Indicates that the interface supports transmission between the switch and the client in both directions simultaneously.

Half — Indicates that the interface supports transmission between the switch and the client in only one direction at a time.

Current Duplex Mode — Displays the synchronized port duplex mode.

Auto Negotiation — Enables Auto Negotiation on the port.
Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode and flow control abilities to its partner.

Current Auto Negotiation — Displays the current Auto Negotiation setting.

Admin Advertisement — Specifies the capabilities to be advertised by the port. The possible field values are:

Max Capability — Indicates that all port speeds and Duplex mode settings can be accepted.

10 Half — Indicates that the port is advertising a 10 mbps speed and half Duplex mode setting.

10 Full — Indicates that the port is advertising a 10 mbps speed and full Duplex mode setting.

100 Half — Indicates that the port is advertising a 100 mbps speed and half Duplex mode setting.

100 Full — Indicates that the port is advertising a 100 mbps speed and full Duplex mode setting.

1000 Full — Indicates that the port is advertising a 1000 mbps speed and full Duplex mode setting.

MDI/MDX — Allows the switch to decipher between crossed and uncrossed cables.

Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are match up properly. When two hubs/switches are connected to each other, or two end stations are connected to each other, a crossover cable is used ensure that the correct pairs are connected.

Possible values are:

On — Allows the switch to detect the type of connection.

Off — Requires the correct cable type for connecting to the switch.

Auto — The value is set automatically.

Current MDI/MDX—Indicates the current switch MDX settings. Possible field values are:

MDI — The current MDI setting is MDI.

MDX — The current MDI setting is MDX.

Auto — The value is set automatically.

LAG — Displays LAG number if this port is a member of a LAG.

Defining Port Parameters

1. Open the Port Configuration page.
   
   
2. Select a unit and port in the Unit and Port fields.
   
   
3. Define the available fields on the screen.
   
   
4. Click Apply Changes.
   
   

The port parameters are saved to the switch.

Displaying the Port Table

1. Open the Port Configuration page.
   
   
2. Click Show All.
   
   

The Port Configuration Table displays.

Figure 8-21. Port Configuration Table

3. Use the Unit drop-down menu to view the Port Configuration Table for other units in the stack, if they exist.
   
   

Copying Port Configuration Settings

1. Open the Port Configuration page.
   
   
2. Click Show All.
   
   

The Port Configuration Table displays.

3. Specify the Unit and Port you are copying from in Copy Parameters From.
   
   
4. Click Copy To for each Port to receive these parameters.
   
   
5. Click Apply Changes.
   
   

The Port Configuration settings are copied, and the device is updated.

Modifying Port Configuration Settings for Multiple Ports

1. Open the Port Configuration page.
   
   
2. Click Show All.
   
   

The Port Configuration Table displays.

3. Click Edit for each Port to modify.
   
   
4. Edit the Port Configuration fields as needed.
   
   
5. Click Apply Changes.
   
   

The Port Configuration settings are modified, and the device is updated.

Configuring Ports with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Ethernet Configuration Commands
  
  

Protected Port Configuration

Use the Protected Port Configuration page to specify a Layer 2 security feature, Private VLAN Edge (PVE) ports, that provides port-based security between ports that are members of the same VLAN. Traffic from protected ports is sent only to the uplink ports and cannot be sent to other ports within the VLAN.

To display the Port Configuration page, click Switching® Ports® Protected Port Configuration in the tree view.

Figure 8-22. Protected Port Configuration

The Protected Port Configuration page contains the following fields:

Port — Specifies the Unit and Port for which port parameters are defined.

Protected Group ID — Drop-down menu used to assign a port to Group 0, 1, or 2.

Remove Group Name — Check this box to disassociate the selected port from the protected group.

Displaying the Protected Port Table

1. Open the Protected Port Configuration page.
   
   
2. Click Show All.
   
   

The Protected Ports Summary table displays.

Figure 8-23. Protected Port Summary Table

3. Select the Remove check box and click Apply Changes to disassociate a port from a protected group.
   
   
4. Use the Unit drop-down menu to view the Protected Port Summary table for other units in the stack, if they exist.
   
   

Adding Protected Port Groups

1. Open the Protected Port Configuration page.
   
   
2. Click Add.
   
   

The Add Protected Group displays.

Figure 8-24. Add Protected Port

3. Use the drop-down menu to assign the numeric designation 0, 1, or 2 to the Protected Group ID.
   
   
4. Enter a Protected Group Name (1–32 characters).
   
   
5. Click Apply Changes.
   
   

The Protected Group settings are copied, and the device is updated.

Configuring Protected Ports With CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• switchport protected Commands
  
  

LAG Configuration

Link Aggregation allows one or more full duplex Ethernet links to be aggregated together to form a Link Aggregation Group (LAG). The switch can treat LAG as if it were a single link.

To display the LAG Configuration page, click Switching® Ports® LAG Configuration in the tree view.

Figure 8-25. LAG Configuration

The LAG Configuration page contains the following fields:

LAG — Contains a list of LAG numbers.

LAG Type — The port types that comprise the LAG.

Description (0–64 Characters) — Description of the port.

Admin Status — Enables or disables traffic forwarding through the selected LAG.

Current LAG Status — Indicates whether the selected LAG is Up or Down.

Defining LAG Parameters

1. Open the LAG Configuration page.
   
   
2. Select a LAG in the LAG field.
   
   
3. Define the available fields on the screen.
   
   
4. Click Apply Changes.
   
   

The LAG parameters are saved to the switch.

Displaying the LAG Configuration Table

1. Open the LAG Configuration page.
   
   
2. Click Show All.
   
   
3. The LAG Configuration Table displays.
   
   

Figure 8-26. LAG Configuration Table

Editing LAG Parameters

1. Open the LAG Configuration page.
   
   
2. Click Show All.
   
   
3. The LAG Configuration Table displays.
   
   
4. Check Edit for all LAGs to be modified.
   
   
5. Admin Status and Description can now be edited as needed.
   
   
6. Click Apply Changes.
   
   

The LAG parameters are saved to the switch.

Configuring LAGs with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Port Channel Commands
  
  

Storm Control

A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out.

Your switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value. Storm control is enabled per interface, by defining the packet type and the rate at which the packets are transmitted.

Use the Storm Control page to enable and configure storm control.

To display the Storm Control interface, click Switching® Ports® Storm Control in the tree view.

Figure 8-27. Storm Control

The Storm Control page contains the following fields:

Port — Specifies the Unit and Port for which storm control is enabled.

Storm Control Mode — Specifies the mode of broadcast affected by storm control.

Broadcast — If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Multicast — If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Unknown Unicast — If the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Storm Control Admin Mode — Enables or Disables Storm Control.

Storm Control Rate Threshold (0–100%) — Specifies the maximum rate at which unknown packets are forwarded. The range is a percent of the total threshold.

Defining Storm Control Port Parameters

1. Open the Storm Control interface.
   
   
2. Edit the fields on the screen.
   
   
3. Click Apply Changes.
   
   

The storm control port parameters are saved to the switch.

Displaying the Storm Control Settings Table

1. Open the Storm Control interface.
   
   
2. Click Show All.
   
   

The Storm Control Settings Table displays.

Figure 8-28. Storm Control Settings Table

3. Use the Unit drop-down menu to view the Storm Control Settings Table for other units in the stack, if they exist.
   
   

Modifying Broadcast Control

1. Open the Storm Control interface.
   
   
2. Click Show All.
   
   

The Storm Control Settings Table displays.

3. Check Edit for each port that Broadcast Control is to be modified.
   
   
4. Edit Broadcast Control as needed.
   
   
5. Click Apply Changes.
   
   

The storm control port parameters are saved to the switch.

Configuring Storm Control with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Ethernet Configuration Commands
  
  

Configuring Traffic Mirroring

Traffic mirroring allows the user to configure the switch to send copies of packets on a port that is being mirrored to the mirroring port. The mirroring can be port-based or flow-based.

Use the Traffic Mirroring menu page to define port mirroring sessions and configure flow-based mirroring.

To display this page, click Switching® Traffic Mirroring in the tree view. The Traffic Mirroring menu page contains links to the following features:

• Port Mirroring
  
  
• Flow Based Mirroring
  
  

Port Mirroring

Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port. You have the ability to configure how traffic is mirrored on a source port. Packets that are received on the source port, that are transmitted on a port, or are both received and transmitted, can be mirrored to the destination port.

The packet that is copied to the destination port is in the same format as the original packet on the wire. This means that if the mirror is copying a received packet, the copied packet is VLAN tagged or untagged as it was received on the source port. If the mirror is copying a transmitted packet, the copied packet is VLAN tagged or untagged as it is being transmitted on the source port.

To display the Port Mirroring page, click Switching® Traffic Mirroring® Port Mirroring in the tree view.

Figure 8-29. Port Mirroring

The Port Mirroring page contains the following fields:

Session — Specifies the monitoring session.

Admin Mode — Enables or Disables the port mirroring.

Destination Port — Select the port to which port traffic may be copied.

Reset Session — Allows you to reset the port monitoring session.

Source Port — Lists the source ports that have been added from the Add Source Port page.

Type — Shows the type traffic monitored on the source port.

Adding a Port Mirroring Session

NOTE: A Port will be removed from a VLAN or LAG when it becomes a destination mirror.

1. Open the Port Mirroring page.
   
   
2. Click Add to display the Add Source Port page.
   
   

Figure 8-30. Add Source Port

3. Configure the following fields:
   
   

Session — Select the session to monitor.

Source Port —Select the unit and port from which traffic is mirrored. Up to four source ports can be mirrored to a destination port.

Type — Specifies the type of traffic monitored. Possible field values are:

TX — Monitors transmitted packets only.

RX — Monitors received packets only.

TX and RX — Monitors transmitted and received packets.

4. Click Apply Changes.
   
   

The new port mirroring session is enabled for the unit and port, and the device is updated. The source port appears in the Source Port table on the Port Mirroring page.

Modifying a Port Mirroring Session

1. Open the Port Mirroring page.
   
   
2. Modify the fields.
   
   
3. Click Apply Changes.
   
   

The port mirroring session fields are modified, and the device is updated.

Removing a Port Mirroring Session

1. Open the Port Mirroring page.
   
   
2. Select the Reset Session check box.
   
   
3. Click Apply Changes.
   
   

The port mirroring session is removed, and the device is updated.

Configuring a Port Mirroring Session Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Port Monitor Commands
  
  

Flow Based Mirroring

The flow based mirroring feature builds upon the Diffserv component in QoS. In QoS, the user creates traffic classes to define match criteria, then policies to define the action to be taken on that traffic class.

Flow based mirroring allows the user to copy certain types of traffic to a single destination port. This provides flexibility – instead of mirroring all ingress or egress traffic on a port, the switch can mirror a subset of that traffic. You can configure the switch to mirror flows based on Layer 2, Layer 3, and Layer 4 information.

Use the Flow Based Mirroring page to specify flow-based mirroring ports.

To display the Flow Based Mirroring page, click Switching® Traffic Mirroring® Flow Based Mirroring in the tree view.

Figure 8-31. Flow Based Mirroring

The Flow Based Mirroring page contains the following fields:

Policy Name — Selects policy to associate with a traffic class. Policy Name is defined using the Diffserv "Policy Configuration" web page.

Member Classes — Selects the traffic class associated with this policy. Member Class is defined using the Diffserv "Class Configuration" web page.

Copy to Interface — When checked, this feature permits packets to be copied to either a unit/port or LAG.

Copying Mirroring to a Destination Port

1. Open the Flow Based Mirroring page.
   
   
2. Specify Policy Name and Member Class, and select the destination unit and port to be affected in Copy to Interface.
   
   
3. Click Apply Changes.
   
   

The flow-based mirroring details are copied to the specified port, and the device is updated.

Configuring Flow-based Mirroring Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• QOS Commands
  
  

Configuring Address Tables

MAC addresses are stored in either the static or dynamic address table. Static addresses are defined by you. Dynamic addresses are learned by the system, and are erased after a time-out. A packet addressed to a destination stored in one of the tables is forwarded immediately to the ports. The static and dynamic address tables can be sorted by Interface, VLAN ID, or VLAN Name. In addition, addresses can be added to the static and dynamic address tables.

To display the Address Tables menu page, click Switching® Address Tables in the tree view. The Address Tables menu page contains links to the following features:

• Static Address Table
  
  
• Dynamic Address Table
  
  

Static Address Table

The Static MAC Address page contains a list of static MAC addresses. A static address can be added and removed from the Static MAC Address Table.

To display the Static MAC Address page, click Switching® Address Tables® Static Address Table in the tree view.

Figure 8-32. Static MAC Address

The Static MAC Address page contains the following fields:

Interface — Specifies the Unit and Port or LAG to which the static MAC address is applied. To view addresses for a different Unit/Port or LAG, change the Interface listed here.

VLAN ID - MAC Address — Specifies VLAN ID attached to the MAC Address and the MAC address(es) included in the current static address list.

NOTE: Only MAC addresses assigned to the specified interface and VLAN are displayed.

Status — Specifies status of the MAC address. Possible values are:

Permanent — The MAC address is permanent.

Secure — Guarantees that a locked port MAC address is not deleted.

Delete on Reset — The MAC address is deleted when the switch is reset.

Delete on Timeout — The MAC address is deleted when a timeout occurs.

Adding a Static MAC Address

1. Open the Static MAC Address page.
   
   
2. Click Add.
   
   

The Add Static MAC Address page displays.

Figure 8-33. Adding Static MAC Address

3. Complete the fields as needed.
   
   
4. Click Apply Changes.
   
   

The new static address is added to the Static MAC Address Table, and the device is updated.

Modifying a Static Address in the Static MAC Address Table

1. Open the Static MAC Address page.
   
   
2. Modify the fields.
   
   
3. Click Apply Changes.
   
   

The static MAC address is modified, and the device is updated.

Displaying the Static MAC Address Table

1. Open the Static MAC Address page.
   
   
2. Click Show All.
   
   

The Static MAC Address Table displays all existing static MAC addresses.

Figure 8-34. Static MAC Address Table

Removing a Static Address from the Static Address Table

1. Open the Static MAC Address page.
   
   
2. Click Show All to display the Static MAC Address Table.
   
   
3. Check the Remove check box for the address to be removed.
   
   
4. Click Apply Changes.
   
   

The static address is deleted, and the device is updated.

Configuring Static Address Parameters Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

• Address Table Commands
  
  

Dynamic Address Table

The Dynamic Address Table page contains fields for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting key. Packets forwarded to an address stored in the address table are forwarded directly to those ports.

The Dynamic Address Table also contains information about the aging time before a dynamic MAC address is removed from the table.

To display the Dynamic Address Table, click Switching® Address Tables® Dynamic Address Table in the tree view.

Figure 8-35. Dynamic Address Table

The Dynamic Address Table contains the following fields:

Address Aging (10–1000000) — Specifies aging time in seconds before a dynamic MAC address is erased. The default value is 300 seconds.

Clear Table — Clears all dynamic MAC address data from the table when checked and Apply Changes is clicked.

The Dynamic Address Table can be queried by:

Interface — Specifies Unit and Port queried for an address.

LAG — Specifies the LAG queried for an address.

MAC Address — Specifies the MAC address queried for an address.

VLAN ID — Specifies the VLAN number (to which the MAC address is attached) that is queried for an address.

The