Manuals

Configuring Switching Information: Dell PowerConnect 6200 Series User's Guide

Back to Contents Page

Configuring Switching Information

Dell™ PowerConnect™ 6200 Series User's Guide

Configuring Network Security

Configuring Ports

Configuring Traffic Mirroring

Configuring Address Tables

Configuring GARP

Configuring the Spanning Tree Protocol

Configuring VLANs

Aggregating Ports

Managing Multicast Support

Configuring the Link Layer Discovery Protocol (LLDP)

This section provides all system operations and general information for network security, ports, address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.

The Switching menu page contains links to the following features:

Configuring Network Security

Use the Network Security menu page to set network security through port-based authentication, locked ports, DHCP Filtering configuration, and access control lists.

To display the Network Security page, click Switching® Network Security in the tree view.

The Network Security menu page contains links to the following features:

Port Based Authentication

In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bi-directional control. This is the default authentication mode.

The 802.1x network has three components:

Authenticators — Specifies the port that is authenticated before permitting system access.
Supplicants — Specifies host connected to the authenticated port requesting access to the system services.
Authentication Server — Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the user is authorized to access system services.

Use the Port Based Authentication page to configure general 802.1x parameters for a port.

To display the Port Based Authentication page, click Switching® Network Security® Port Based Authentication in the tree view.

Figure 8-1. Port Based Authentication

The Port Based Authentication page contains the following fields:

Global Parameters

Port Based Authentication State — Permits port-based authentication on the switch. The possible field values are:

Enable — Enables port-based authentication on the switch.

Disable — Disables port-based authentication on the switch.

Authentication Method — Selects the Authentication method used. The possible field values are:

Unconfigured — Indicates that an authentication method has not been selected.

None — Indicates that no authentication method is used.

RADIUS — Indicates that authentication occurs at the RADIUS server.

RADIUS, None — Indicates that authentication occurs at the RADIUS server. If the RADIUS server is not available, then no authentication method is used.

None, RADIUS — Indicates that no authentication method is used. If authentication is required, it occurs at the RADIUS server.

Guest VLAN — Specifies a guest VLAN for all ports. The possible field values are:

Unconfigured — The guest VLAN is not configured for all ports.

VLAN ID — Shows the ID of the VLANs that are configured on the system. Select the VLAN to use as the guest VLAN for all ports.

Interface Parameters

Interface — Selects the Unit and Port to be affected.

Guest VLAN Mode — Enables or disables the guest VLAN mode on this interface.

Admin Interface Control — Defines the port authorization state. The possible field values are:

Automode — Automatically detects the mode of the interface.

Authorized — Places the interface into an authorized state without being authenticated. The interface sends and receives normal traffic without client port-based authentication.

Unauthorized — Denies the selected interface system access by moving the interface into unauthorized state. The switch cannot provide authentication services to the client through the interface.

Current Interface Control — Displays the current port authorization state.

Periodic Re-Authentication — Reauthenticates the selected port periodically, when enabled.

Re-Authentication Period (300–4294967295) — Indicates the time span in which the selected port is reauthenticated. The field value is in seconds. The field default is 3600 seconds.

Re-Authenticate Now — Forces immediate port reauthentication, when selected.

Authentication Server Timeout (1–65535) — Defines the amount of time that lapses before the switch resends a request to the authentication server. The field value is in seconds. The field default is 30 seconds.

Resending EAP Identity Request (1–65535) — Defines the amount of time that lapses before EAP requests are resent. The field value is in seconds. The field default is 30 seconds.

Quiet Period (0–65535) — Defines the amount of time that the switch remains in the quiet state following a failed authentication exchange. The possible field range is 0–65535. The field value is in seconds. The field default is 60 seconds.

Supplicant Timeout (0–65535) — Defines the amount of time that lapses before EAP requests are resent to the user. The field value is in seconds. The field default is 30 seconds.

Max EAP Requests (1–10) — Defines the maximum number of times the switch can send an EAP request before restarting the authentication process if it does not receive a response. The possible field range is 1–10. The field default is 2 retries.

Displaying the Port Based Authentication Table

Open the Port Based Authentication page.
Click Show All.

The Port Based Authentication Table page opens, displaying the left side of the table:

Figure 8-2. Port Based Authentication Table

Use the horizontal scroll bar or click the right arrow at the bottom of the screen to display the right side of the table.
Use the Unit drop-down menu to view the Port Based Authentication Table for other units in the stack, if they exist.

Re-Authenticating One Port

Open the Port Based Authentication page.
Check Edit to select the Unit/Port to re-authenticate.
Check Reauthenticate Now.
Click Apply Changes.

The specified port is re-authenticated, and the device is updated.

Re-Authenticating Multiple Ports in the Port Based Authentication Table

Open the Port Based Authentication page.
Click Show All.

The Port Based Authentication Table displays.

Check Edit to select the Units/Ports to re-authenticate.
To re-authenticate on a periodic basis, set Periodic Re-Authentication to Enable, and specify a Re-Authentication Period for all desired ports.
To re-authenticate immediately, check Reauthenticate Now for all ports to be re- authenticated.
Click Apply Changes.

Specified ports are re-authenticated (either immediately or periodically), and the device is updated.

Changing Administrative Port Control

Open the Port Based Authentication page.
Click Show All.

The Port Based Authentication Table displays.

Scroll to the right side of the table and select the Edit check box for each port to configure. Change Admin Port Control to Authorized, Unauthorized, or Automode as needed for chosen ports. Only Automode actually uses dot1x to authenticate. Authorized and Unauthorized are manual overrides.
Click Apply Changes.

Admin Port Control is updated for the specified ports, and the device is updated.

Enabling Port Based Authentication Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

802.1X Commands

Multiple Hosts

When a port is in multiple host mode, only a single switch needs to authenticate on that port. Once that occurs, any switch on that port is granted network access. If the port becomes unauthorized for any reason, then all switches lose their network access, and the authentication process must restart.

The Multiple Hosts page provides information for defining advanced port-based authentication settings for specific ports.

To display the Multiple Hosts page, click Switching® Network Security® Multiple Host in the tree view.

Figure 8-3. Multiple Hosts

The Multiple Hosts page contains the following fields:

Interface — Specifies the Unit and Port numbers on which to configure advanced port-based authentication settings.

Multiple Hosts — Enables or disables a single host to authorize multiple hosts for system access. This setting must be enabled in order to either disable ingress filtering, or to use port-lock security on the selected port.

Action on Single Host Violation — Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the client (supplicant) MAC address. The possible field values are:

Forward — Forwards the packets from an unknown source. However, the MAC address is not learned.

Discard — Discards the packets from any unlearned source. This is the default value.

Discard Shut Down — Discards the packet from any unlearned source and shuts down the port. Ports remain shut down until they are activated, or the switch is reset.

Traps — Enables or disables sending traps to the host if a violation occurs.

Trap Frequency (1–1000000) — Defines the time period by which traps are sent to the host. The default is 10 seconds. The security trap is sent once every 10 seconds with a count of the number of violations.

Status — Displays the host status. The possible field values are:

Authorized — Indicates that the port control is currently in auto mode and that clients have full port access.

Unauthorized — Indicates that the port control is Force Unauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated through the port.

Not in auto mode — Indicates that the port control is Forced Authorized, and clients have full port access.

Single-host Lock — Indicates that the port control is Auto and a single client has been authenticated through the port.

No Single Host — Indicates that Multiple Host is enabled.

Number of Violations — Displays the number of packets that arrived on the interface in single-host mode, from a host whose MAC address is not the client (supplicant) MAC address.

Displaying the Multiple Hosts Table

Open the Multiple Hosts page.
Click Show All.

The Multiple Host Table displays.

Figure 8-4. Multiple Host Table

Use the Unit drop-down menu to view the Multiple Host Table for other units in the stack, if they exist.

Enabling/Disabling Multiple Hosts for One Port

Open the Multiple Hosts page.
Select the Unit and Port to be affected in Interface.
Define variables as desired.
Click Apply Changes.

Multiple hosts is enabled for the specified port, and the device is updated.

Enabling/Disabling Multiple Hosts for Multiple Ports

Open the Multiple Hosts page.
Click Show All to display the Multiple Host Table.
Select the Edit check box associated with the ports to configure.
Change variables for desired ports.
Click Apply Changes.

Edited ports are updated, and the device is updated.

Configuring Advanced Port Authentication Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

802.1X Commands.

Authenticated Users

The Authenticated Users page displays user port access lists.

To display the Authenticated Users page, click Switching® Network Security® Authenticated Users in the tree view.

Figure 8-5. Authenticated Users

The Authenticated Users page contains the following fields:

User Name — Specifies one user from the list of users authorized through the RADIUS Server.

Port — Lists the port used for authentication.

Displaying Authenticated Users Using the CLI Command

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

802.1X Commands

Port Security

Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable by one of two methods: dynamically or statically. Note that both methods are used concurrently when a port is locked.

Dynamic locking implements a `first arrival' mechanism for Port Security. You specify how many addresses can be learned on the locked port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally. Once the limit is reached, no more addresses are learned on the port. Any packets with source MAC addresses that were not already learned are discarded. Note that you can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero.

Static locking allows you to specify a list of MAC addresses that are allowed on a port. The behavior of packets is the same as for dynamic locking: only packets with an allowable source MAC address can be forwarded.

To see the MAC learned on a specific port, add a static MAC to a port, or Delete static MAC entries, see Configuring Address Tables.

Disabled ports can only be activated from the Configuring Ports page.

To display the Port Security page, click Switching® Network Security® Port Security in the tree view.

Figure 8-6. Port Security

Interface — Select the Unit and Port or the LAG on which to configure port security settings.

Set Port — Enables locking the port/LAG. When a port is locked, all the current addresses that had been dynamically learned by the switch on that port are removed from the database

Action on Violation — Specifies action applied to packets arriving on the port/LAG. The field is grayed if the port/LAG is unlocked. Possible values are:

Discard — Discards the packets from any unlearned source. This is the default value.

Forward — Forwards the packets from an unknown source. The MAC address is not learned.

Shutdown — Discards the packet from any unlearned source and sends a trap. In addition, the ingress port is disabled.

Traps — Enables or disables sending a trap when a packet is received on a locked port/LAG.

Trap Frequency (1–1000000) — Specifies amount of time (seconds) between traps.

Max Learned Addresses (0–100) — Specifies the maximum number of secure MAC addresses that can be learned on a port.

Defining a Locked Port

Open the Port Security page.
Select an interface type and number.
Select Locked on the Set Port drop-down menu.
Complete the remaining fields.
Click Apply Changes.

The locked port/LAG is added to the Port Security table, and the device is updated.

Viewing the Port Security Table

Open the Port Security page.
Click Show All.

The Port Security Table displays.

Figure 8-7. Port Security Table

Use the Unit drop-down menu to view the Port Security Table for other units in the stack, if they exist.

Defining Multiple Locked Ports

Open the Port Security page.
Click Show All.

The Port Security Table displays.

Click Edit for each port whose parameters are to be changed.
Fields can now be edited as needed for these ports.
Click Apply Changes.

The changes are made to the Port Security table, and the device is updated.

Configuring Port Security with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

DHCP Filtering

DHCP Filtering is a useful feature that can be employed as a security measure against unauthorized DHCP servers. A known attack is when an unauthorized DHCP server responds to a client that is requesting an IP address. The server configures the gateway for the client to be equal to the IP address of the server. At that point, the client sends all of its IP traffic destined to other networks to the unauthorized machine. This gives the attacker the possibility of snooping traffic for passwords or employing a `man-in-the-middle' attack. DHCP Filtering works by allowing the administrator to configure each port as either a trusted port or an untrusted port. The port that has the authorized DHCP server should be configured as a trusted port. Any DHCP responses received on a trusted port are forwarded. All other ports should be configured as untrusted. Any DHCP (or BootP) responses received are discarded.

To display the DHCP Filtering page, click Switching® Network Security® DHCP Filtering in the tree view.

Figure 8-8. DHCP Filtering

The DHCP Filtering page contains the following fields:

DHCP Filtering Global Mode — Turns DHCP Filtering on and off. The default is Disabled.

Interface — Specifies the Unit and Port or LAG affected. Choose the desired Unit and Port for LAG from the drop-down menus.

DHCP Trust Mode — Enables or disables trust mode. The default value is Disable.

Adding DHCP Filtering

Open the DHCP Filtering page.
Specify the Interface or LAG to be affected.
Set DHCP Filtering Global Mode and DHCP Filtering Trust Mode to desired settings.
Click Apply Changes.

The device is updated.

Displaying the DHCP Filtering Interface Configuration Table

Open the DHCP Filtering page.
Click Show All.

The DHCP Filtering Table page displays all Ports, the Units they are on, and their DHCP Trust Modes.

Figure 8-9. DHCP Filtering Interface Configuration Table

Use the Unit drop-down menu to view the DHCP Filtering Table for other units in the stack, if they exist.

Configuring DHCP Filtering on Multiple Ports

Open the DHCP Filtering page.
Click Show All.

The DHCP Filtering Interface Configuration Table displays.

Click Edit for each port to configure.
Enable or Disable the DHCP Trust Mode field as needed for these ports.
Click Apply Changes.

The changes are made to the DHCP Filtering Interface Configuration table, and the device is updated.

Configuring DHCP Filtering using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

DHCP Filtering Commands

IP ACL Configuration

Access control lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 100 ACLs. However, the hardware resources are limited and may not be able to fully support 100 completely populated ACLs.

Packets can be filtered on ingress. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped.

ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications. The total number of rules that can be defined for each ACL is 10.

Use the IP ACL Configuration page to add or remove IP-based ACLs.

To display the IP ACL Configuration page, click Switching® Network Security® Access Control Lists® IP Access Control Lists® Configuration in the tree view.

Figure 8-10. IP ACL Configuration

The IP ACL Configuration page contains the following fields:

IP ACL Name — Specifies user-defined name for the ACL.

Remove — Removes the IP ACL selected in the IP ACL field.

Adding an IP-based ACL

Open the IP ACL Configuration page.
Click Add.

The Add IP ACL page displays.

Figure 8-11. Add IP ACL

Enter the desired ACL Name in the related entry field.
Click Apply Changes.

The IP-based ACL is added, and the device is updated.

Removing an IP-based ACL

Open the IP ACL Configuration page, and select the ACL to be deleted from the IP ACL drop-down menu.
Check the Remove ACL check box.
Click Apply Changes.

The IP-based ACL is removed, and the device is updated.

Displaying IP ACLs

Open the IP ACL Configuration page.
Click Show All.

All IP ACLs and their related data display in the IP ACL Table.

Figure 8-12. IP ACL Table

Adding an IP-based ACL Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

ACL Commands

IP ACL Rule Configuration

Use the IP ACL Rule Configuration page to define rules for IP-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can specify to assign traffic to a particular queue, filter on some traffic, change VLAN tag, shut down a port, and/or redirect the traffic to a particular port.

NOTICE: There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and the packet is dropped.

To display the IP ACL Rule Configuration page, click Switching® Network Security® Access Control Lists® IP Access Control Lists® Rule Configuration in the tree view.

Figure 8-13. IP ACL - Rule Configuration (Standard)

The IP ACL Rule Configuration page contains the following fields:

IP ACL Name — Specifies an existing IP ACL. To set up a new IP ACL use the "IP ACL Configuration" page.

Rule ID — Selects or creates user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked. Up to 10 rules can be created for each ACL.

Action — Selects the ACL forwarding action. Choose from the drop-down menu options to apply a forwarding action. Possible values are:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6.

Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to.

Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to.

Logging — Enables logging for a particular ACL when the check box is selected. Logging is supported for Deny action only.

Match Every — Requires a packet to match the criteria of this ACL. Click the check box to apply this criteria. Match Every is exclusive to the other filtering rules, so if checked, the other rules on the screen aren't accessible.

Protocol — Requires a packet's protocol to match the protocol listed here. Click the check box to apply this criteria, then select one of the following:

Select from List — Select from the drop-down list of protocols on which the rule can be based.

Match to Value — Click to add a user-defined Protocol ID by which packets are matched to the rule.

Source IP Address — Requires a packet's source port IP address to match the address listed here. Click the check box and enter an address to apply this criteria.

Wild Card Mask — Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. This field is required when Source IP Address is checked.

Source L4 Port — Requires a packet's TCP/UDP source port to match the port listed here. Click the check box to apply this criteria, then select one of the following from the drop-down menu:

Select From List — Click to select from a list of source ports on which the rule can be based.

Match to Port — Click to add a user-defined Port ID by which packets are matched to the rule.

Destination IP Address — Requires a packet's destination port IP address to match the address listed here. Click the check box and enter an address to apply this criteria.

Wild Card Mask — Specifies the Destination IP address wildcard mask. This field is required when Destination IP Address is checked.

Destination L4 Port — Requires a packet's TCP/UDP destination port to match the port listed here. Click the check box to apply this criteria, then select one of the following:

Select From List — Select from a list of destination ports on which the rule can be based.

Match to Port — Click to add a user-defined Port ID by which packets are matched to the rule.

Service Type fields

Select one of the following three Match fields to use in matching packets to ACLs:

IP DSCP — Matches the packet DSCP value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Select From List — Select from a list of DSCP keyword values.

Match to Port — Click to add a user-defined Port ID.

IP Precedence — Matches the packet IP Precedence value to the rule when checked. Enter the IP Precedence value to match. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

IP TOS Bits — Matches on the Type of Service bits in the IP header when checked.

TOS Bits — Requires the bits in a packet's TOS field to match the two-digit hexadecimal number entered here.

TOS Mask — Specifies the bit positions that are used for comparison against the IP TOS field in a packet.

Remove — Removes a Rule ID when Remove is checked and Apply Changes is clicked.

Modifying an IP-based Rule

NOTE: Rules can be modified only when the ACL to which they belong is not bound to an interface.

Open the IP ACL Rule Configuration page.
Select the desired ACL from the IP ACL drop-down menu.
Select the desired rule from the Rule ID drop-down menu.
Modify the remaining fields as needed.
Click Apply Changes.

The IP-based rule is modified, and the device is updated.

Adding a New Rule to an IP-based ACL

Open the IP ACL Rule Configuration page.
Select the desired ACL from the IP ACL drop-down menu.
Select Create Rule from the Rule ID drop-down menu and enter a new ID number.
Define the remaining fields as needed.
Click Apply Changes.

The new rule is assigned to the specified IP-based ACL.

Defining an IP-based ACL Rule Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

ACL Commands

MAC ACL Configuration

The MAC ACL Configuration page allows network administrators to define a MAC-based ACL. For an explanation of ACLs, see "IP ACL Configuration."

To display the MAC ACL Configuration page, click Switching® Network Security® Access Control Lists® MAC Access Control Lists® Configuration in the tree view.

Figure 8-14. MAC ACL Configuration

The MAC ACL Configuration page contains the following fields:

MAC ACL Name — User-defined ACL name.

Rename MAC ACL — To rename the MAC ACL, select the check box and enter a new MAC ACL name in the field.

Remove — Click this field, then click the Apply Changes button to delete the MAC ACL listed in the MAC ACL field.

Adding a MAC-based ACL

Open the MAC ACL Configuration page.
Click Add to display the Add MAC ACL page.

Figure 8-15. Add MAC ACL

Enter the desired MAC ACL Name in the entry field.
Click Apply Changes.

The MAC-based ACL is added, and the device is updated.

Removing a MAC-based ACL

Open the MAC ACL Configuration page, and select the ACL to be removed from the MAC ACL drop-down menu.
Select the Remove check box.
Click Apply Changes.

The MAC-based ACL is removed, and the device is updated.

Displaying MAC ACLs

Open the MAC ACL Configuration page.
Click Show All.

All MAC ACLs and their related data are displayed on screen.

Figure 8-16. MAC ACL Table

Configuring MAC-based ACLs Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

ACL Commands

MAC ACL Rule Configuration

Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list.

To display the MAC ACL Rule Configuration page, click Switching® Network Security® Access Control Lists® MAC Access Control Lists® Rule Configuration in the tree view.

Figure 8-17. MAC ACL - Rule Configuration

The MAC ACL Rule Configuration page contains the following fields:

MAC ACL Name — Specifies an existing MAC ACL. To set up a new MAC ACL use the MAC ACL Configuration page.

Rule Id — Selects or creates a user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked.

Action — Selects the ACL forwarding action, which can be one of the following values:

Permit — Forwards packets which meet the ACL criteria.

Deny — Drops packets which meet the ACL criteria.

Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6.

Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to.

Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to.

Logging — Click the check box to enable logging for this ACL. This feature is supported for the Deny action only.

Match Every — Requires a packet to match the criteria of this ACL. Click the check box to apply this criteria.

Class of Service — Requires a packet's CoS to match the CoS value listed here. Click the check box and enter a CoS value between 0 and 7 to apply this criteria.

Secondary CoS — Requires a packet's secondary CoS to match the CoS value listed here. Click the check box and enter a CoS value between 0 and 7 to apply this criteria.

Destination MAC Address — Requires a packet's destination port MAC address to match the address listed here. Click the check box and enter an address to apply this criteria.

Destination MAC Mask — If desired, enter the MAC Mask associated with the Destination MAC to match.

EtherType — Requires a packet's EtherType to match the EtherType listed here. Click the check box and select from a list or enter the EtherType ID:

Select from List — Select desired EtherType from the drop-down menu.

Match to Value — Enter the desired port number to match.

Source MAC Address — Requires a packet's source port MAC address to match the address listed here. Click the check box and enter an address to apply this criteria.

Source MAC Mask — If desired, enter the MAC mask for the source MAC address to match.

Vlan Id — Requires a packet's VLAN ID to match the ID listed here. Click the check box and enter the VLAN ID to apply this criteria. Possible field values are 1–4093.

Secondary Vlan — Requires a packet's secondary VLAN ID to match the ID listed here. Click the check box and enter the secondary VLAN ID to apply this criteria. Possible field values are 1–4093.

Remove — Removes the MAC ACL Rule when Remove is checked and Apply Changes is clicked.

Modifying a MAC-based Rule

NOTE: Rules can be modified only when the ACL to which they belong is not bound to an interface.

Open the MAC ACL Rule Configuration page.
Select the desired ACL from the MAC ACL drop-down menu.
Select the desired rule from the Rule ID drop-down menu.
Modify the remaining fields as needed.
Click Apply Changes.

The MAC-based rule is modified, and the device is updated.

Adding a New Rule to a MAC-based ACL

Open the MAC ACL Rule Configuration page.
Select the desired ACL from the MAC ACL drop-down menu.
Specify Create New Rule for Rule ID.
Enter a new ID number.
Define the remaining fields as needed.
Click Apply Changes.

The new rule is assigned to the specified MAC-based ACL.

Removing a Rule From a MAC-based ACL

Select an ACL.
Select a rule from the Rule ID drop-down menu.
Check the Remove check box.
Click Apply Changes.

The MAC-based ACL is removed, and the device is updated.

Defining a MAC-based ACL Rule Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

ACL Commands

ACL Bind Configuration

When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the ACL Bind Configuration page to assign ACL lists to ACL Priorities and Interfaces.

From the Web interface, you can configure the ACL rule in the ingress direction so that the rule applies to packets coming into the port. From the CLI, you can configure the ACL rule in either the ingress or egress direction. Egress ACLs implement security rules on the traffic flowing out of the port. You can apply ACLs to any physical (including 10G) interface, LAG, or routing port.

To display the ACL Bind Configuration page, click Switching® Network Security® Access Control Lists® Binding Configuration in the tree view.

Figure 8-18. ACL Bind Configuration

The ACL Bind Configuration page contains the following fields:

Interface — Radio buttons permit selection of interface by Unit/port, LAG, or VLAN.

Select an ACL — Selects the ACL type to which incoming packets are matched. Packets can be matched to either IP-based or MAC-based ACLs.

Assign ACL Priority — Assigns the priority of this ACL. If more than one ACL is applied to an interface, then the match criteria for the highest priority ACLs are checked first.

Assigning an ACL to an Interface

Open the ACL Bind Configuration page.
In the Interface field, specify the Unit and Port, LAG, or VLAN to configure.
Select the IP or MAC ACL in the Select an ACL field.

NOTE: Whenever an ACL is assigned on a port, LAG, or VLAN, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets.

Specify the priority in Assign ACL Priority.
Click Apply Changes.

The ACL is attached to the specified interface(s).

Removing an Interface from an ACL

Open the ACL Bind Configuration page.
Click Show All.
In the Interface field, specify the Unit and Port, LAG, or VLAN to view the ACL bindings for that interface.
Select the Remove check box for one or more ACLs to remove.
Click Apply Changes.

The specified ACL(s) are removed from the interface.

Assigning ACL Membership Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

ACL Commands

Configuring Ports

The Ports menu page provides links for configuring port functionality, including advanced features such as storm control and port mirroring, and for performing virtual port tests.

To display the page, click Switching® Ports in the tree view. The Ports menu page contains links to the following features:

Global Parameters

Use the Global Parameters to configure Flow Control. Flow Control allows traffic from one switch to be throttled for a specified period of time, and is defined for switches that are directly connected. Flow Control can only be set for ports configured as full-duplex mode of operation. Since ports set to auto negotiate may not be added as LAG members, LAG member ports cannot have flow control configured to auto.

NOTE: Flow Control is incompatible with head of line blocking prevention mode. The switch can operate in either mode, but not at the same time.

To display the Global Parameters page, click Switching® Ports® Global Parameters in the tree view.

Figure 8-19. Global Port Parameters

The Global Parameters page contains the following field:

Flow Control — Select enabled or disabled from the drop-down menu. This command affects all ports in the stack. The default value is enabled.

Enable — Turns on the ingress back pressure mechanism of the switch.

Disable — Restores the switch operation to head of line blocking prevention.

Enabling Ingress Backpressure

Open the Ports Global Parameters page.
Select Enable from the drop-down menu in the Flow Control field.
Click Apply Changes.
Ingress backpressure is now enabled.

Configuring Flow Control Using the CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Ethernet Configuration Commands

Port Configuration

Use the Port Configuration page to define port parameters.

To display the Port Configuration page, click Switching® Ports® Port Configuration in the tree view.

Figure 8-20. Port Configuration

The Port Configuration page contains the following fields:

Port — Specifies the Unit and Port for which port parameters are defined.

Description (0–64 Characters) — Provides a brief interface description, such as Ethernet.

Admin Status — Enables (Up) or disables (Down) traffic forwarding through the port.

Current Port Status — Specifies whether the port is currently operational or non-operational.

Current Port Speed — Displays the actual synchronized port speed (bps).

Admin Port Speed — Forces the port speed to the selected value — 10M, 100M, 1000M or 10000M.

Maximum Frame Size (1518–9216)— Specifies the threshold beyond which packets exceeding this size are dropped. Default is 1518.

Admin Duplex — Specifies the port duplex mode. Options are Full or Half.

Full — Indicates that the interface supports transmission between the switch and the client in both directions simultaneously.

Half — Indicates that the interface supports transmission between the switch and the client in only one direction at a time.

Current Duplex Mode — Displays the synchronized port duplex mode.

Auto Negotiation — Enables Auto Negotiation on the port.
Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode and flow control abilities to its partner.

Current Auto Negotiation — Displays the current Auto Negotiation setting.

Admin Advertisement — Specifies the capabilities to be advertised by the port. The possible field values are:

Max Capability — Indicates that all port speeds and Duplex mode settings can be accepted.

10 Half — Indicates that the port is advertising a 10 mbps speed and half Duplex mode setting.

10 Full — Indicates that the port is advertising a 10 mbps speed and full Duplex mode setting.

100 Half — Indicates that the port is advertising a 100 mbps speed and half Duplex mode setting.

100 Full — Indicates that the port is advertising a 100 mbps speed and full Duplex mode setting.

1000 Full — Indicates that the port is advertising a 1000 mbps speed and full Duplex mode setting.

MDI/MDX — Allows the switch to decipher between crossed and uncrossed cables.

Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are match up properly. When two hubs/switches are connected to each other, or two end stations are connected to each other, a crossover cable is used ensure that the correct pairs are connected.

Possible values are:

On — Allows the switch to detect the type of connection.

Off — Requires the correct cable type for connecting to the switch.

Auto — The value is set automatically.

Current MDI/MDX—Indicates the current switch MDX settings. Possible field values are:

MDI — The current MDI setting is MDI.

MDX — The current MDI setting is MDX.

Auto — The value is set automatically.

LAG — Displays LAG number if this port is a member of a LAG.

Defining Port Parameters

Open the Port Configuration page.
Select a unit and port in the Unit and Port fields.
Define the available fields on the screen.
Click Apply Changes.

The port parameters are saved to the switch.

Displaying the Port Table

Open the Port Configuration page.
Click Show All.

The Port Configuration Table displays.

Figure 8-21. Port Configuration Table

Use the Unit drop-down menu to view the Port Configuration Table for other units in the stack, if they exist.

Copying Port Configuration Settings

Open the Port Configuration page.
Click Show All.

The Port Configuration Table displays.

Specify the Unit and Port you are copying from in Copy Parameters From.
Click Copy To for each Port to receive these parameters.
Click Apply Changes.

The Port Configuration settings are copied, and the device is updated.

Modifying Port Configuration Settings for Multiple Ports

Open the Port Configuration page.
Click Show All.

The Port Configuration Table displays.

Click Edit for each Port to modify.
Edit the Port Configuration fields as needed.
Click Apply Changes.

The Port Configuration settings are modified, and the device is updated.

Configuring Ports with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Ethernet Configuration Commands

Protected Port Configuration

Use the Protected Port Configuration page to specify a Layer 2 security feature, Private VLAN Edge (PVE) ports, that provides port-based security between ports that are members of the same VLAN. Traffic from protected ports is sent only to the uplink ports and cannot be sent to other ports within the VLAN.

To display the Port Configuration page, click Switching® Ports® Protected Port Configuration in the tree view.

Figure 8-22. Protected Port Configuration

The Protected Port Configuration page contains the following fields:

Port — Specifies the Unit and Port for which port parameters are defined.

Protected Group ID — Drop-down menu used to assign a port to Group 0, 1, or 2.

Remove Group Name — Check this box to disassociate the selected port from the protected group.

Displaying the Protected Port Table

Open the Protected Port Configuration page.
Click Show All.

The Protected Ports Summary table displays.

Figure 8-23. Protected Port Summary Table

Select the Remove check box and click Apply Changes to disassociate a port from a protected group.
Use the Unit drop-down menu to view the Protected Port Summary table for other units in the stack, if they exist.

Adding Protected Port Groups

Open the Protected Port Configuration page.
Click Add.

The Add Protected Group displays.

Figure 8-24. Add Protected Port

Use the drop-down menu to assign the numeric designation 0, 1, or 2 to the Protected Group ID.
Enter a Protected Group Name (1–32 characters).
Click Apply Changes.

The Protected Group settings are copied, and the device is updated.

Configuring Protected Ports With CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

switchport protected Commands

LAG Configuration

Link Aggregation allows one or more full duplex Ethernet links to be aggregated together to form a Link Aggregation Group (LAG). The switch can treat LAG as if it were a single link.

To display the LAG Configuration page, click Switching® Ports® LAG Configuration in the tree view.

Figure 8-25. LAG Configuration

The LAG Configuration page contains the following fields:

LAG — Contains a list of LAG numbers.

LAG Type — The port types that comprise the LAG.

Description (0–64 Characters) — Description of the port.

Admin Status — Enables or disables traffic forwarding through the selected LAG.

Current LAG Status — Indicates whether the selected LAG is Up or Down.

Defining LAG Parameters

Open the LAG Configuration page.
Select a LAG in the LAG field.
Define the available fields on the screen.
Click Apply Changes.

The LAG parameters are saved to the switch.

Displaying the LAG Configuration Table

Open the LAG Configuration page.
Click Show All.
The LAG Configuration Table displays.

Figure 8-26. LAG Configuration Table

Editing LAG Parameters

Open the LAG Configuration page.
Click Show All.
The LAG Configuration Table displays.
Check Edit for all LAGs to be modified.
Admin Status and Description can now be edited as needed.
Click Apply Changes.

The LAG parameters are saved to the switch.

Configuring LAGs with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Port Channel Commands

Storm Control

A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out.

Your switch measures the incoming broadcast/multicast/unknown unicast packet rate per port and discards packets when the rate exceeds the defined value. Storm control is enabled per interface, by defining the packet type and the rate at which the packets are transmitted.

Use the Storm Control page to enable and configure storm control.

To display the Storm Control interface, click Switching® Ports® Storm Control in the tree view.

Figure 8-27. Storm Control

The Storm Control page contains the following fields:

Port — Specifies the Unit and Port for which storm control is enabled.

Storm Control Mode — Specifies the mode of broadcast affected by storm control.

Broadcast — If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Multicast — If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Unknown Unicast — If the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Storm Control Admin Mode — Enables or Disables Storm Control.

Storm Control Rate Threshold (0–100%) — Specifies the maximum rate at which unknown packets are forwarded. The range is a percent of the total threshold.

Defining Storm Control Port Parameters

Open the Storm Control interface.
Edit the fields on the screen.
Click Apply Changes.

The storm control port parameters are saved to the switch.

Displaying the Storm Control Settings Table

Open the Storm Control interface.
Click Show All.

The Storm Control Settings Table displays.

Figure 8-28. Storm Control Settings Table

Use the Unit drop-down menu to view the Storm Control Settings Table for other units in the stack, if they exist.

Modifying Broadcast Control

Open the Storm Control interface.
Click Show All.

The Storm Control Settings Table displays.

Check Edit for each port that Broadcast Control is to be modified.
Edit Broadcast Control as needed.
Click Apply Changes.

The storm control port parameters are saved to the switch.

Configuring Storm Control with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Ethernet Configuration Commands

Configuring Traffic Mirroring

Traffic mirroring allows the user to configure the switch to send copies of packets on a port that is being mirrored to the mirroring port. The mirroring can be port-based or flow-based.

Use the Traffic Mirroring menu page to define port mirroring sessions and configure flow-based mirroring.

To display this page, click Switching® Traffic Mirroring in the tree view. The Traffic Mirroring menu page contains links to the following features:

Port Mirroring

Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port. You have the ability to configure how traffic is mirrored on a source port. Packets that are received on the source port, that are transmitted on a port, or are both received and transmitted, can be mirrored to the destination port.

The packet that is copied to the destination port is in the same format as the original packet on the wire. This means that if the mirror is copying a received packet, the copied packet is VLAN tagged or untagged as it was received on the source port. If the mirror is copying a transmitted packet, the copied packet is VLAN tagged or untagged as it is being transmitted on the source port.

To display the Port Mirroring page, click Switching® Traffic Mirroring® Port Mirroring in the tree view.

Figure 8-29. Port Mirroring

The Port Mirroring page contains the following fields:

Session — Specifies the monitoring session.

Admin Mode — Enables or Disables the port mirroring.

Destination Port — Select the port to which port traffic may be copied.

Reset Session — Allows you to reset the port monitoring session.

Source Port — Lists the source ports that have been added from the Add Source Port page.

Type — Shows the type traffic monitored on the source port.

Adding a Port Mirroring Session

NOTE: A Port will be removed from a VLAN or LAG when it becomes a destination mirror.

Open the Port Mirroring page.
Click Add to display the Add Source Port page.

Figure 8-30. Add Source Port

Configure the following fields:

Session — Select the session to monitor.

Source Port —Select the unit and port from which traffic is mirrored. Up to four source ports can be mirrored to a destination port.

Type — Specifies the type of traffic monitored. Possible field values are:

TX — Monitors transmitted packets only.

RX — Monitors received packets only.

TX and RX — Monitors transmitted and received packets.

Click Apply Changes.

The new port mirroring session is enabled for the unit and port, and the device is updated. The source port appears in the Source Port table on the Port Mirroring page.

Modifying a Port Mirroring Session

Open the Port Mirroring page.
Modify the fields.
Click Apply Changes.

The port mirroring session fields are modified, and the device is updated.

Removing a Port Mirroring Session

Open the Port Mirroring page.
Select the Reset Session check box.
Click Apply Changes.

The port mirroring session is removed, and the device is updated.

Configuring a Port Mirroring Session Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Port Monitor Commands

Flow Based Mirroring

The flow based mirroring feature builds upon the Diffserv component in QoS. In QoS, the user creates traffic classes to define match criteria, then policies to define the action to be taken on that traffic class.

Flow based mirroring allows the user to copy certain types of traffic to a single destination port. This provides flexibility – instead of mirroring all ingress or egress traffic on a port, the switch can mirror a subset of that traffic. You can configure the switch to mirror flows based on Layer 2, Layer 3, and Layer 4 information.

Use the Flow Based Mirroring page to specify flow-based mirroring ports.

To display the Flow Based Mirroring page, click Switching® Traffic Mirroring® Flow Based Mirroring in the tree view.

Figure 8-31. Flow Based Mirroring

The Flow Based Mirroring page contains the following fields:

Policy Name — Selects policy to associate with a traffic class. Policy Name is defined using the Diffserv "Policy Configuration" web page.

Member Classes — Selects the traffic class associated with this policy. Member Class is defined using the Diffserv "Class Configuration" web page.

Copy to Interface — When checked, this feature permits packets to be copied to either a unit/port or LAG.

Copying Mirroring to a Destination Port

Open the Flow Based Mirroring page.
Specify Policy Name and Member Class, and select the destination unit and port to be affected in Copy to Interface.
Click Apply Changes.

The flow-based mirroring details are copied to the specified port, and the device is updated.

Configuring Flow-based Mirroring Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

QOS Commands

Configuring Address Tables

MAC addresses are stored in either the static or dynamic address table. Static addresses are defined by you. Dynamic addresses are learned by the system, and are erased after a time-out. A packet addressed to a destination stored in one of the tables is forwarded immediately to the ports. The static and dynamic address tables can be sorted by Interface, VLAN ID, or VLAN Name. In addition, addresses can be added to the static and dynamic address tables.

To display the Address Tables menu page, click Switching® Address Tables in the tree view. The Address Tables menu page contains links to the following features:

Static Address Table

The Static MAC Address page contains a list of static MAC addresses. A static address can be added and removed from the Static MAC Address Table.

To display the Static MAC Address page, click Switching® Address Tables® Static Address Table in the tree view.

Figure 8-32. Static MAC Address

The Static MAC Address page contains the following fields:

Interface — Specifies the Unit and Port or LAG to which the static MAC address is applied. To view addresses for a different Unit/Port or LAG, change the Interface listed here.

VLAN ID - MAC Address — Specifies VLAN ID attached to the MAC Address and the MAC address(es) included in the current static address list.

NOTE: Only MAC addresses assigned to the specified interface and VLAN are displayed.

Status — Specifies status of the MAC address. Possible values are:

Permanent — The MAC address is permanent.

Secure — Guarantees that a locked port MAC address is not deleted.

Delete on Reset — The MAC address is deleted when the switch is reset.

Delete on Timeout — The MAC address is deleted when a timeout occurs.

Adding a Static MAC Address

Open the Static MAC Address page.
Click Add.

The Add Static MAC Address page displays.

Figure 8-33. Adding Static MAC Address

Complete the fields as needed.
Click Apply Changes.

The new static address is added to the Static MAC Address Table, and the device is updated.

Modifying a Static Address in the Static MAC Address Table

Open the Static MAC Address page.
Modify the fields.
Click Apply Changes.

The static MAC address is modified, and the device is updated.

Displaying the Static MAC Address Table

Open the Static MAC Address page.
Click Show All.

The Static MAC Address Table displays all existing static MAC addresses.

Figure 8-34. Static MAC Address Table

Removing a Static Address from the Static Address Table

Open the Static MAC Address page.
Click Show All to display the Static MAC Address Table.
Check the Remove check box for the address to be removed.
Click Apply Changes.

The static address is deleted, and the device is updated.

Configuring Static Address Parameters Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

Dynamic Address Table

The Dynamic Address Table page contains fields for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting key. Packets forwarded to an address stored in the address table are forwarded directly to those ports.

The Dynamic Address Table also contains information about the aging time before a dynamic MAC address is removed from the table.

To display the Dynamic Address Table, click Switching® Address Tables® Dynamic Address Table in the tree view.

Figure 8-35. Dynamic Address Table

The Dynamic Address Table contains the following fields:

Address Aging (10–1000000) — Specifies aging time in seconds before a dynamic MAC address is erased. The default value is 300 seconds.

Clear Table — Clears all dynamic MAC address data from the table when checked and Apply Changes is clicked.

The Dynamic Address Table can be queried by:

Interface — Specifies Unit and Port queried for an address.

LAG — Specifies the LAG queried for an address.

MAC Address — Specifies the MAC address queried for an address.

VLAN ID — Specifies the VLAN number (to which the MAC address is attached) that is queried for an address.

The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports. The Current Address Table contains the following fields:

VLAN ID — Displays the VLAN Tag value.

MAC Address— Displays the MAC address.

Interface — Displays the port number.

Defining the Aging Time

Open the Dynamic Address Table page.
Define the Address Aging field.
Click Apply Changes.

The aging time is modified, and the device is updated.

Querying the Dynamic Address Table

Open the Dynamic Address Table page.
Define the parameter by which to query the Dynamic Address Table.

Entries can be queried by Interface, LAG, MAC Address, or VLAN ID.

Click Query to query the Dynamic Address Table.

Removing Data From the Dynamic Address Table

Open the Dynamic Address Table page.
Check Clear Table.
Click Apply Changes.

The Dynamic Address Table is cleared of all data.

Querying and Sorting Dynamic Addresses Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

Configuring GARP

Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or membership-style information. GARP defines a set of switches interested in a given network attribute, such as VLAN or multicast address. The GARP Timers page is accessible from the GARP menu page.

To display the GARP menu page, click Switching® GARP in the tree view.

GARP Timers

The GARP Timers page contains fields for enabling GARP on the switch.

To display the GARP Timers page, click Switching® GARP® GARP Timers in the tree view.

Figure 8-36. GARP Timers

The GARP Timers page contains the following fields:

Interface — Specifies the Unit and Port or LAG on which the GARP timer is enabled.

GARP Join Timer (10–100) — Displays time, in centiseconds, that PDUs are transmitted. The possible field value is 10-100. The default value is 100 centisecs.

GARP Leave Timer (30–600) — Displays time lapse, in centiseconds, that the switch waits before leaving its GARP state. Leave time is activated by a Leave All Time message sent/received, and cancelled by the Join message received. Leave time must be greater than or equal to three times the join time. The possible field value is 30–600. The default value is 60 centisecs.

GARP Leave All Timer (200–6000) — Displays time lapse, in centiseconds, that all switches wait before leaving the GARP state. The leave all time must be greater than the leave time. The possible field value is 200–6000. The default value is 1000 centisecs.

Defining GARP Timers

Open the GARP Timers page.
Complete the fields.
Click Apply Changes.

The parameters are copied to the selected ports or LAGs in the GARP Timers Table, and the device is updated.

Displaying Parameters in the GARP Timers Table

Open the GARP Timers page.
Click Show All.

The GARP Timers Table displays.

Figure 8-37. GARP Timers Table

Use the Unit drop-down menu to view the GARP Timers Table for other units in the stack, if they exist.

Copying GARP Timers Settings

Open the GARP Timers page.
Click Show All.

The GARP Timers Table displays.

Specify the Unit and Port you are copying from in Copy Parameters From.
Click Copy To for each Interface to receive these parameters.
Click Apply Changes.

The GARP Timers settings are copied, and the device is updated.

Modifying GARP Timers Settings for Multiple Ports

Open the GARP Timers page.
Click Show All.

The GARP Timers Table displays.

Click Edit for each Interface to modify.
Edit the GARP Timers fields as needed.
Click Apply Changes.

The GARP Timers settings are modified, and the device is updated.

Defining GARP Timers Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

GVRP Commands

Configuring the Spanning Tree Protocol

The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Classic STP, Multiple STP, and Rapid STP.

Classic STP provides a single path between end stations, avoiding and eliminating loops. For information on configuring Classic STP, see "STP Global Settings."

Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces. Each instance of the Spanning Tree behaves in the manner specified in IEEE 802.1w, Rapid Spanning Tree (RSTP), with slight modifications in the working but not the end effect (chief among the effects, is the rapid transitioning of the port to `Forwarding'). The difference between the RSTP and the traditional STP (IEEE 802.1d) is the ability to configure and recognize full duplex connectivity and ports which are connected to end stations, resulting in rapid transitioning of the port to `Forwarding' state and the suppression of Topology Change Notification. These features are represented by the parameters `pointtopoint' and `edgeport'. MSTP is compatible to both RSTP and STP. It behaves appropriately to STP and RSTP bridges. A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge.

To display the Spanning Tree menu page, click Switching® Spanning Tree in the tree view. This Spanning Tree page contains links to the following STP procedures:

STP Global Settings

The STP Global Settings page contains fields for enabling STP on the switch.

To display the STP Global Settings page, click Switching® Spanning Tree® Global Settings in the tree view.

Figure 8-38. Spanning Tree Global Settings

The STP Global Settings page contains the following fields:

Spanning Tree Status — Enables or disables RSTP, STP, or MSTP on the switch.

STP Operation Mode — Specifies the STP mode by which STP is enabled on the switch. Possible field values are: Classic STP, Rapid STP, and Multiple STP.

BPDU Handling — Specifies Bridge Protocol Data Unit (BPDU) packet handling when the spanning tree is disabled on an interface. The possible field values are Filtering and Flooding. The default value is Flooding.

STP BPDU Protection — Disables a port in case a new switch tries to enter the already existing topology of STP. This keeps switches not originally part of an STP from influencing the STP topology.

If set to Enable, when a BPDU is received on an edge port, that port is disabled. Once the port has been disabled it requires manual-intervention to be re-enabled.

Bridge Settings

Priority (0–61440) — Specifies the bridge priority value. When switches or bridges are running STP, each are assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge.

Hello Time (1–10) — Specifies the switch Hello time, which indicates the amount of time in seconds a root bridge waits between configuration messages. The default value is 2.

Max Age (6–40) — Specifies the switch maximum age time, which indicates the amount of time in seconds a bridge waits before implementing a topological change. The default value is 20.

Forward Delay (4–30) — Specifies the switch forward delay time, which indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets. The default value is 15.

Designated Root Status

Bridge ID — Displays the bridge ID.

Root Bridge ID — Specifies the root bridge ID.

Root Port — Displays port number that offers the lowest-cost path from this bridge to the root bridge. It is significant when the bridge is not the root. The default is zero.

Root Path Cost — Displays the cost of the path from this bridge to the root.

Topology Changes Counts — Displays the total amount of STP state changes that have occurred.

Last Topology Change — Displays the total amount of time since the last topographic change. The time is displayed in day/hour/minute/second format, for example, 5 hours 10 minutes and 4 seconds.

Defining STP Global Parameters

Open the STP Global Settings page.
Select Enable in the Spanning Tree Status field.
Specify the type of STP mode in the STP Operation Mode field, and define the remaining settings.
Click Apply Changes.

STP is enabled on the switch.

Modifying STP Global Parameters:

Open the STP Global Settings page.
Modify the fields on this page as needed.
Click Apply Changes.

The STP parameters are modified, and the device is updated.

Defining STP Global Parameters Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

STP Port Settings

Use the STP Port Settings page to assign STP properties to individual ports.

To display the STP Port Settings page, click Switching® Spanning Tree® STP Port Settings in the tree view.

Figure 8-39. STP Port Settings

The STP Port Settings page contains the following fields:

Select a Port — Specifies the Unit and Port on which STP is enabled.

STP — Enables or disables STP on the port.

Fast Link — Enables Fast Link mode for the port when checked. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. STP convergence can take 30–60 seconds in large networks.

Port State—Indicates the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:

Disabled — STP is currently disabled on the port. The port forwards traffic while learning MAC addresses.

Blocking — The port is currently blocked and cannot be used to forward traffic or learn MAC addresses.

Listening — The port is currently in the listening mode. The port cannot forward traffic nor can it learn MAC addresses.

Learning — The port is currently in the learning mode. The port cannot forward traffic, however, it can learn new MAC addresses.

Forwarding — The port is currently in the forwarding mode. The port can forward traffic and learn new MAC addresses.

STP Root Guard — Prevents the root of a Spanning Tree instance from changing unexpectedly. When a root bridge has root guard enabled and a superior BPDU arrives, that port is moved to a root-inconsistent state, which equates to the listening state. The root bridge is enforced.

Role — Displays the role this port has in the STP topology.

Speed — Displays speed at which the port is operating.

Path Cost (0–200000000) — Specifies the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is being rerouted. A value of zero means the path cost is set according to the port's speed. The default value is 0.

Priority (0–240) — Specifies priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The default value is 128.

Designated Bridge ID — Displays the ID of the designated bridge.

Designated Port ID— Displays the ID of the selected port.

Designated Cost — Displays cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.

LAG — Displays LAG to which the port is attached.

Enabling STP on a Port

Open the STP Port Settings page.
Specify the unit and port to be enabled in the Select a Port field.
Select Enable in the STP field.
Edit the Fast Link, STP Root Guard, Path Cost, and Priority fields as needed.
Click Apply Changes.

The STP is enabled on the port.

Modifying STP Port Properties

Open the STP Port Settings page.
Modify the Fast Link, STP Root Guard, Path Cost, and the Priority fields as needed.
Click Apply Changes.

The STP port parameters are modified, and the device is updated.

Displaying the STP Port Table

Open the STP Port Settings page.
Click Show All.

The STP Port Table displays.

Figure 8-40. STP Port Table

Use the Unit drop-down menu to view the STP Port Table for other units in the stack, if they exist

Modifying STP Port Settings for Multiple Ports

Open the STP Port Settings page.
Click Show All.

The STP Port Table displays.

Click Edit for each Port to modify.
Edit the STP Port settings as needed.
Click Apply Changes.

The STP Port settings are modified, and the device is updated.

Applying Fast Link to a Port

Open the STP Port Settings page.
Click Show All.

The STP Port Table displays.

Click Edit for each Port to modify.
Check Fast Link to enable Fast Link mode for a port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up.
Click Apply Changes.

The STP Port parameters are modified for the selected ports, and the device is updated.

Defining STP Port Settings Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

STP LAG Settings

Use the STP LAG Settings page to assign STP aggregating ports parameters.

To display the STP LAG Settings page, click Switching® Spanning Tree® STP LAG Settings in the tree view.

Figure 8-41. STP LAG Settings

The STP LAG Settings page contains the following fields:

Select a LAG — Specifies the LAG number for which you want to modify STP settings.

STP — Enables or disables STP on the LAG. Default is enable.

Fast Link — Enables Fast Link mode for the LAG. If Fast Link mode is enabled for a LAG, the Port State is automatically placed in the Forwarding state when the LAG is up. Fast Link mode optimizes the time it takes for the STP protocol to converge. STP convergence can take 30–60 seconds in large networks.

Port State — Displays current STP state of a LAG. If enabled, the LAG state determines what forwarding action is taken on traffic. If the bridge discovers a malfunctioning LAG, the LAG is placed in the Broken state. Possible LAG states are:

Disabled — STP is currently disabled on the LAG. The LAG forwards traffic while learning MAC addresses.

Blocking — The LAG is blocked and cannot be used to forward traffic or learn MAC addresses.

Listening — The LAG is in the listening mode and cannot forward traffic or learn MAC addresses.

Learning — The LAG is in the learning mode and cannot forward traffic, but it can learn new MAC addresses.

Forwarding — The LAG is currently in the forwarding mode, and it can forward traffic and learn new MAC addresses.

Broken — The LAG is currently malfunctioning and cannot be used for forwarding traffic.

Role — Displays the role this port has in the STP topology.

Path Cost (0–200000000) — Specifies amount the LAG contributes to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is being rerouted. Default is 0.

Priority (0–240) — Specifies priority value of the LAG. The priority value influences the LAG choice when a bridge has two looped ports. The priority value is between 0–240.

Designated Bridge ID — Displays designated bridge ID.

Designated Port ID — Displays designated port ID.

Designated Cost — Displays cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.

Modifying the LAG STP Parameters for One LAG

Open the STP LAG Settings page.
Select a LAG from the Select a LAG drop-down menu.
Modify the fields as needed.
Click Apply Changes.

The STP LAG parameters are modified, and the device is updated.

Displaying the STP LAG Table

Open the STP LAG Settings page.
Click Show All.

The STP LAG Table displays.

Figure 8-42. STP LAG Table

From the table Fast Link and STP Root Guard can be enabled or disabled for an individual LAG by clicking Fast Link, making the selections, and then clicking Apply Changes.

Modifying LAG STP Parameters for Multiple LAGs

Open the STP LAG Settings page.
Click Show All.

The STP LAG Table displays.

Check Edit for all LAGs to be modified.
Modify the fields as needed.
Click Apply Changes.

The STP LAG parameters are modified for the selected LAGs, and the device is updated.

Defining STP LAG Settings Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

Rapid Spanning Tree

Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster convergence of the spanning tree without creating forwarding loops.

To display the Rapid Spanning Tree page, click Switching® Spanning Tree® Rapid Spanning Tree in the tree view.

Figure 8-43. Rapid Spanning Tree

The Rapid Spanning Tree page contains the following fields:

Interface — Determines if RSTP is enabled on a Unit/Port or on a LAG. Click Unit/Port or LAG to specify the type of interface, then select the Unit/Port or LAG to configure from the drop-down menu.

State — Displays the spanning tree state for the port.

Role — Displays the spanning tree role for the port in the STP topology.

Mode — Displays the administrative mode and if its enabled or disabled.

Fast Link Operational Status — Indicates if Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state. This setting can be changed from the "STP Port Settings" or "STP LAG Settings" page.

Point to Point Operational Status — Displays the Point-to-Point operating state.

To establish communications over a point-to-point link, the originating PPP first sends Link Control Protocol (LCP) packets to configure and test the data link. After a link is established and optional facilities are negotiated as needed by the LCP, the originating PPP sends Network Control Protocols (NCP) packets to select and configure one or more network layer protocols. When each of the chosen network layer protocols has been configured, packets from each network layer protocol can be sent over the link. The link remains configured for communications until explicit LCP or NCP packets close the link, or until some external event occurs. This is the actual switch port link type.

Displaying the Rapid Spanning Tree (RSTP) Table

Open the Rapid Spanning Tree (RSTP) page.
Click Show All.

The Rapid Spanning Tree Table displays.

Figure 8-44. Rapid Spanning Tree Table

Use the Unit drop-down menu to view the Rapid Spanning Tree Table for other units in the stack, if they exist.

Defining Rapid STP Parameters Using the CLI Command

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

MSTP Settings

The Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces. MSTP is compatible with both RSTP and STP; a MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge.

To display the MSTP Settings page, click Switching® Spanning Tree® MSTP Settings in the tree view.

Figure 8-45. MSTP Settings

The MSTP Settings page contains the following fields divided into two sections, Global Settings and Instance Settings:

Region Name (1–32 characters) — Specifies a user-defined MST region name.

Revision (0–65535) — Specifies unsigned 16-bit number that identifies the revision of the current MST configuration. The revision number is required as part of the MST configuration. Default is 0.

Max Hops (1–40) — Specifies the total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out. Default is 20.

Instance ID — Specifies the ID of the spanning tree instance. The field range is 1–15, and default is 1.

Included VLANs — Maps the selected VLANs to the selected instance. Every VLAN belongs to one instance only.

Priority (0–61440) — Specifies the switch priority for the selected spanning tree instance. The default value is 32768.

Bridge ID — Indicates the bridge ID of the selected instance.

Root Bridge ID of the root bridge which is the one with the lowest path cost.

Root Port — Indicates the root port of the selected instance.

Root Path Cost — Indicates the path cost of the selected instance.

Modifying MSTP Settings:

Open the MSTP Settings page.
Modify the fields in the Global Settings and Instance Settings sections as needed.
Click Apply Changes.

The MSTP parameters are modified, and the device is updated.

Displaying the MSTP VLAN to Instance Mapping Table

Open the MSTP Settings page.
Click Show All.

The MSTP Settings Table displays.

Figure 8-46. MSTP Settings Table

To modify the Instance ID for one or more VLANs, check Edit for the desired VLANs.
Make needed changes to Instance IDs. Enter a value of 0 to remove the VLAN-to-Instance mapping.
Click Apply Changes.

The Instance IDs are modified for the selected VLANs, and the device is updated.

Defining MST Instances Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

MSTP Interface Settings

Use the MSTP Interface Settings page to assign MSTP settings to specific interfaces.

To display the MSTP Interface Settings page, click Switching® Spanning Tree® MSTP Interface Settings in the tree view.

Figure 8-47. MSTP Interface Settings

The MSTP Interface Settings page contains the following fields:

Instance ID — Selects the MSTP instances configured on the switch. Possible field range is 1–15.

Interface — Selects either a Unit/Port or LAG for this MSTP instance.

Port State — Indicates whether the port is enabled or disabled in the specific instance.

Port Type — Indicates whether MSTP treats the port as a point-to-point port or a port connected to a hub and whether the port is internal to the MST region or a boundary port. If the port is a boundary port, it also indicates whether the switch on the other side of the link is working in RSTP or STP mode

Role — Indicates the port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are:

Root — Provides the lowest cost path to forward packets to root switch.

Designated — Indicates the port or LAG through which the designated switch is attached to the LAN.

Alternate — Provides an alternate path to the root switch from the interface.

Backup — Provides a backup path to the designated LAN. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment.

Disabled — Indicates the port is not participating in the Spanning Tree.

Priority — Defines the interface priority for the specified instance. The priority range is 0–240 in steps of 16. The default value is 128.

Path Cost (0–200000000) — Indicates the port contribution to the Spanning Tree instance. The range should always be 0–200,000,000. The default value is determined by the port's speed. The default value is:

Port Channel-20,000
1000 mbps (giga)-20,000
100 mbps-200,000
10 mbps-2,000,000

Designated Bridge ID — Displays the bridge ID number that connects the link or shared LAN to the root.

Designated Port ID — Displays the port ID number on the designated bridge that connects the link or the shared LAN to the root.

Designated Cost — Displays cost of the path from the link or the shared LAN to the root.

Assigning MSTP Interface Settings

Open the MSTP Interface Settings page.
Select an Instance ID from the drop-down menu.
Specify Port or LAG, then select the interface from the related drop-down menu.
Specify Interface Priority and Path Cost.
Click Apply Changes.

The interface settings are saved, and the device is updated.

Displaying the MSTP Interface Settings Table

Open the MSTP Settings page.
Click Show All.

The MSTP Interface Table displays.

Figure 8-48. MSTP Interface Table

Use the Unit drop-down menu to view the MSTP Interface Table for other units in the stack, if they exist.
To modify the port priority or path cost for one or more interfaces, check Edit for the desired interfaces.
Make the needed changes to the values in the Port Priority or Path Cost columns.
Click Apply Changes.

The fields are modified for the selected Interfaces, and the device is updated.

Defining MSTP Interfaces Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Spanning Tree Commands

Configuring VLANs

Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic.

A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN.

Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.

To display the VLAN menu page, click Switching® VLAN in the tree view. This VLAN page contains links to the following features:

VLAN Membership

Use the VLAN Membership page to define VLAN groups stored in the VLAN membership table. Your switch supports up to 4094 VLANs. However, you can actually create only 4092 VLANs because:

VLAN 1 is the default VLAN of which all ports are members, and
VLAN 4095 is designated as the "Discard VLAN."

Valid VLANs that can be created are 2–4093. VLAN 4094 is reserved.

To display the VLAN Membership page, click Switching® VLAN® VLAN Membership in the tree view.

Figure 8-49. VLAN Membership

The VLAN Membership page is divided into two sections. The top section contains fields that define the entire VLAN's membership. The bottom section contains tables that define membership settings for specific Ports and LAGs on this VLAN. Following are the VLAN Membership fields:

Show VLAN — Selects the VLAN to display. Use either the VLAN ID or VLAN Name drop-down menu to select the VLAN.

VLAN Name (0–32) — Indicates the user-defined VLAN name. This field is defined using the Add button. Valid names can range from 0–32 characters in length.

Status—Indicates the VLAN type. Possible values are:

Dynamic — Indicates the VLAN was dynamically created through GVRP.

Static — Indicates the VLAN is user-defined and may be modified.

Default — Indicates the VLAN is the default VLAN.

Unauthenticated Users — Allows unauthorized switches to access this VLAN when Enable is selected.

Remove VLAN — Removes the displayed VLAN from the VLAN Membership Table when checked.

The VLAN Membership tables display which Ports and LAGs are members of the VLAN, and whether they're tagged (T), untagged (U), or forbidden (F). The tables have two rows: Static and Current. Only the Static row is accessible from this page. The Current row is updated either dynamically through GVRP or when the Static row is changed and Apply Changes is clicked.

There are two tables in this section of the page:

Ports — Displays and assigns VLAN membership to ports. To assign membership, click in Static for a specific port. Each click toggles between U, T, and blank. See the following table for definitions.

LAGs — Displays and assigns VLAN membership to LAGs. To assign membership, click in Static for a specific LAG. Each click toggles between U, T, and blank. See the following table for definitions.

Table 8-1. VLAN Port Membership Definitions

Port Control	Definition
T	Tagged: the interface is a member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information.
U	Untagged: the interface is a VLAN member. Packets forwarded by the interface are untagged.
F	Forbidden: indicates that the interface is forbidden from becoming a member of the VLAN.
Blank	Blank: the interface is not a VLAN member. Packets associated with the interface are not forwarded.

Adding New VLANs

Open the VLAN Membership page.
Click Add.

The Add VLAN page displays.

Figure 8-50. Add VLAN

Enter a new VLAN ID and VLAN Name.
Click Apply Changes.

The new VLAN is added, and the device is updated.

Assigning VLAN Membership to a Port or LAG

Open the VLAN Membership page.
Select a VLAN from the VLAN ID or VLAN Name drop-down menu.
In the VLAN Port Membership Table, assign a value by clicking in the Static row for a specific Port/LAG. Each click toggles between U, T, and blank (not a member).
Click Apply Changes.

The Port or LAG is assigned to the VLAN with the selected designation, the Current row is updated with the designation, and the device is updated.

Modifying VLAN Membership Groups

Open the VLAN Membership page.
Select a VLAN from the VLANID or VLAN Name drop-down menu.
Modify the fields as needed.
In the VLAN Port Membership Table, change a Port or LAG value by clicking in the Static row for that Port/LAG. Each click toggles between U, T, and blank (not a member).
Click Apply Changes.

The VLAN membership information is modified, the Current row is updated with any changes in designation, and the device is updated.

Removing a VLAN

Open the VLAN Membership page.
Select a VLAN from the VLAN ID or VLAN Name drop-down menu.
Check the Remove VLAN check box.
Click Apply Changes.

The selected VLAN is removed, and the device is updated.

Defining VLAN Membership Groups and Assigning Ports/LAGs Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

VLAN Port Settings

In a port-based VLAN, untagged traffic is bridged through specified ports based on the receiving ports PVID. Port-based VLANs can help optimize network traffic patterns because broadcast, multicast, and unknown unicast packets are sent only to ports that are members of the VLAN. Packets that are received with a VLAN tag uses that VLAN ID for the switching process.

Use the VLAN Port Settings page to identify a port as part of a VLAN, as well as to define and modify VLAN port parameters.

To display the VLAN Port Settings page, click Switching® VLAN® Port Settings in the tree view.

Figure 8-51. VLAN Port Settings

The VLAN Port Settings page contains the following fields:

Ports — Specifies the Unit and Port included in the VLAN.

Port VLAN Mode — Indicates the port mode. Possible values are:

General — The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode).

Access — The port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port (packet type) cannot be designated. It is also not possible to enable/disable ingress filtering on an access port.

Trunk — The port belongs to more than one VLAN, and all ports are tagged (except for an optional single native VLAN).

PVID (1–4093) | 4095 — Assigns a VLAN ID to untagged packets. The possible values are 1–4093 or 4095.

Frame Type — Specifies frame type accepted on the port. Default is Admit All. Possible values are:

Admit Tag Only—Indicates that only tagged frames are accepted on the port.

Admit All—Indicates that both tagged and untagged frames are accepted on the port.

Ingress Filtering — Enables or disables Ingress filtering on the port. Ingress filtering discards frames where the VLAN tag does not match the port VLAN membership.

Assigning Port Settings

Open the VLAN Port Settings page.
Select the port to which you want to assign settings from the Unit and Port drop-down menus.
Complete the remaining fields on the page.
Click Apply Changes.

The VLAN port settings are defined, and the device is updated.

Displaying the VLAN Port Table

Open the VLAN Port Settings page.
Click Show All.

The VLAN Port Table displays.

Figure 8-52. VLAN Port Table

NOTE: If an Access port is chosen, the packet types that are accepted on the port (packet type) cannot be designated. It is also not possible to enable or disable ingress filtering on an access port.

Use the Unit drop-down menu to view the VLAN Port Table for other units in the stack, if they exist.

Modifying Settings for Multiple Ports

Open the VLAN Port Settings page.
Click Show All.

The VLAN Port Table displays.

Click Edit for each Port to modify.
Edit fields as needed.
Click Apply Changes.

The VLAN port settings are modified, and the device is updated.

Assigning Ports to VLAN Groups Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

VLAN LAG Settings

Use the VLAN LAG Settings page to map a LAG to a VLAN. Untagged packets entering the switch are tagged with the LAGs ID specified by the PVID.

To display the VLAN LAG Settings page, click Switching® VLAN® LAG Settings in the tree view.

Figure 8-53. VLAN LAG Settings

The VLAN LAG Settings page contains the following fields:

LAG — Specifies the LAG number included in the VLAN.

Port VLAN Mode — Indicates the Port VLAN mode for the LAG. Possible values are:

General — The LAG belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode).

Access — The LAG belongs to a single, untagged VLAN.

Trunk — The LAG belongs to more than one VLAN, and all ports are tagged (except for an optional single native VLAN).

PVID (1–4093)| 4095 — Assigns a VLAN ID to untagged packets. The possible field values are 1–4093 or 4095.

Frame Type — Specifies packet type accepted by the LAG. Admit Tag Only is the default. Possible values are:

Admit Tag Only — Only tagged packets are accepted by the LAG.

Admit All — Tagged and untagged packets are both accepted by the LAG.

Ingress Filtering — Enables or disables Ingress filtering by the LAG. Ingress filtering discards packets where the VLAN tag does not match the LAG VLAN membership.

Assigning VLAN LAG Settings

Open the VLAN LAG Settings page.
Select a LAG from the LAG drop-down menu
Complete the remaining fields on the page.
Click Apply Changes.

The VLAN LAG parameters are defined, and the device is updated.

Displaying the VLAN LAG Table

Open the VLAN LAG Settings page.
Click Show All.

The VLAN LAG Table displays.

Figure 8-54. VLAN LAG Table

Modifying Settings for Multiple LAGs

Open the VLAN LAG Settings page.
Click Show All.

The VLAN LAG Table displays.

Click Edit for each LAG to modify.
Edit fields as needed.
Click Apply Changes.

The VLAN LAG settings are modified, and the device is updated.

Assigning LAGs to VLAN Groups Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

Bind MAC to VLAN

Use the Bind MAC to VLAN page to map a MAC entry to the VLAN table. After the source MAC address and the VLAN ID are specified, the MAC to VLAN configurations are shared across all ports of the switch. The MAC to VLAN table supports up to 128 entries.

To display the Bind MAC to VLAN page, click Switching® VLAN® Bind MAC to VLAN in the tree view.

Figure 8-55. Bind MAC to VLAN

The Bind MAC to VLAN page contains the following fields:

MAC Address — Specifies MAC Address for a VLAN.

Bind to VLAN (1–4093) — Specifies VLAN to which the MAC is to be bound.

Assigning Bind MAC to VLAN Settings

Open the Bind MAC to VLAN page.
Enter the MAC Address to bind to the VLAN.
Enter the VLAN to which the MAC Address is to be bound.
Click Apply Changes.

The listed MAC Address and VLAN are now bound, and the device is updated.

Displaying the VLAN LAG Table

Open the Bind MAC to VLAN page.
Click Show All.

The MAC - VLAN Bind Table displays.

Figure 8-56. MAC - VLAN Bind Table

Modifying VLAN for Multiple MAC Addresses

Open the Bind MAC to VLAN page.
Click Show All.

The MAC - VLAN Bind Table displays.

Click Edit for each MAC Address with a VLAN to modify.
Edit the Bind to VLAN fields.
Click Apply Changes.

The MAC to VLAN settings are modified, and the device is updated.

Removing a MAC - VLAN Entry

Open the Bind MAC to VLAN page.
Click Show All.

The MAC - VLAN Bind Table displays.

Check Remove for each entry to remove.
Click Apply Changes.

The entry/entries are removed, and the device is updated.

Binding MACs to VLANs Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

Bind IP Subnet to VLAN

An IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table, an entry is specified through a source IP address, network mask, and the desired VLAN ID. The IP Subnet to VLAN configurations are shared across all ports of the switch. There can be up to 64 entries configured in this table.

Use the Bind IP Subnet to VLAN page to assign an IP Subnet to a VLAN.

To display the Bind IP Subnet to VLAN page, click Switching® VLAN® Bind IP Subnet to VLAN in the tree view.

Figure 8-57. Bind IP Subnet to VLAN

The Bind IP Subnet to VLAN page contains the following fields:

IP Address — Specifies packet source IP address.

Subnet Mask — Specifies packet source IP subnet mask.

Bind to VLAN (1–4093) — Specifies VLAN to which the IP Address is assigned.

Binding an IP Subnet to a VLAN

Open the Bind IP Subnet to VLAN page.
Enter the IP Address to bind to the VLAN.
Enter the IP Subnet associated with the IP address.
Enter the VLAN ID to which the IP address and subnet mask are assigned.
Click Apply Changes.

The listed VLAN and IP Subnet are now bound, and the device is updated.

Displaying the IP Subnet - VLAN Bind Table

Open the Bind IP Subnet to VLAN page.
Click Show All.
The IP Subnet - VLAN Bind Table displays.

Figure 8-58. IP Subnet - VLAN Bind Table

Modifying the VLAN Bound to Multiple IP Addresses

Open the Bind IP Subnet to VLAN page.
Click Show All.

The IP Subnet - VLAN Bind Table displays.

Click Edit for each entry to modify.
Edit the fields as needed.
Click Apply Changes.

The Bind to VLAN settings are modified, and the device is updated.

Removing a MAC - IP Subnet Entry

Open the Bind IP Subnet to VLAN page.
Click Show All.

The IP Subnet - VLAN Bind Table displays.

Check Remove for each entry to remove.
Click Apply Changes.

The entry/entries are removed, and the device is updated.

Binding IP Subnets to VLANs Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

Protocol Group

In a protocol-based VLAN, traffic is bridged through specified ports based on the VLAN's protocol. User-defined packet filters determine if a particular packet belongs to a particular VLAN. Protocol-based VLANs are most often used in situations where network segments contain hosts running multiple protocols.

Use the Protocol Group page to configure which EtherTypes go to which VLANs, and then enable certain ports to use these settings.

To display the Protocol Group page, click Switching® VLAN® Protocol Group in the tree view.

Figure 8-59. Protocol Group

The Protocol Group page contains the following fields:

Protocol Group — Displays the name associated with the protocol group ID. Create a new group by clicking the Add button.

Protocol — Specifies protocol associated with this group.

VLAN ID (1–4093) — Specifies VLAN ID associated with this group.

Interface — Selects the interface(s) to add or remove from this group. Highlight the interfaces to be in the protocol group and click the right arrow. Interfaces displayed in right-hand column are part of the protocol group.

Remove Protocol Group — Removes the protocol group displayed on screen when checked and Apply Changes is clicked. To remove multiple groups at the same time, click Show All and use the Remove checkboxes on the Protocol Group Table.

Adding a Protocol Group

Open the Protocol Group page.
Click Add.

The Add Protocol Group page displays.

Figure 8-60. Add Protocol Group

Enter a new Protocol Group Name and a VLAN ID to associate with this group.
Return to the Protocol Group page.
Select the Protocol Group that you added, then select the protocol.
In the first Interface column, click to highlight the interfaces to be added to the protocol group. (To select multiple interfaces, press <Shift> (to select contiguous interfaces) or <Ctrl> (non-contiguous interfaces) when clicking.)
Click the right arrow.

Selected interfaces move to the second column. All interfaces in this column are part of the protocol group.

Click Apply Changes.

The protocol group is added, and the device is updated.

Modifying VLAN Protocol Group Settings

Open the Protocol Group page.
Specify the protocol to be modified from the Protocol Group ID drop-down menu.
Change Protocol or VLAN ID as needed.
To add an Interface to the group, click to highlight the desired interface in the first column. (To select multiple interfaces, press <Shift> (to select contiguous interfaces) or <Ctrl> (non-contiguous interfaces) when clicking.)
Click the right arrow.

Selected interface moves to the second column. All interfaces in this column are part of the protocol group.

To remove an Interface from the group, click to highlight the desired interface in the second column.
Click the left arrow.

Selected interface is removed from the second column.

Click Apply Changes.

The VLAN protocol group parameters are modified, and the device is updated.

Removing Multiple Protocols From the Protocol Group Table

Open the Protocol Group page.
Click Show All.

The Protocol Group Table displays.

Figure 8-61. Protocol Group Table

Check Remove for the protocol groups you want to remove.
Click Apply Changes.

The protocol is removed, and the device is updated.

Configuring Protocol Groups Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

VLAN Commands

GVRP Parameters

The GARP VLAN Registration Protocol provides a mechanism that allows networking switches to dynamically register (and de-register) VLAN membership information with the MAC networking switches attached to the same segment, and for that information to be disseminated across all networking switches in the bridged LAN that support GVRP.

The operation of GVRP relies upon the services provided by the Generic Attribute Registration Protocol (GARP). GVRP can create up to 1024 VLANs.

Use the GVRP Global Parameters page to enable GVRP globally. You can also enable GVRP on a per-interface basis.

To display the GVRP Global Parameters page, click Switching® VLAN® GVRP Parameters in the tree view.

Figure 8-62. GVRP Global Parameters

The GVRP Global Parameters page contains the following fields:

GVRP Global Status — Enables or disables GVRP on the switch. GVRP is disabled by default.

Interface — Specifies the Unit and Port or LAG for which GVRP is enabled.

GVRP State — Enables or disables GVRP on the specified interface.

Dynamic VLAN Creation — Enables or disables VLAN creation through GVRP.

GVRP Registration — Enables or disables GVRP Registration.

Enabling GVRP On the Switch

Open the GVRP Global Parameters page.
Select Enable in the GVRP Global Status field.
Click Apply Changes.

GVRP is enabled on the switch.

Enabling VLAN Registration Through GVRP

Open the GVRP Global Parameters page.
Select Enable in the GVRP Global Status field for the desired interface.
Select Enable in the GVRP Registration field.
Click Apply Changes.

GVRP VLAN Registration is enabled on the port, and the device is updated.

Displaying the GVRP Port Parameters Table

Open the GVRP Global Parameters page.
Click Show All.

The GVRP Port Parameters Table displays.

Figure 8-63. GVRP Port Parameters Table

Use the Unit drop-down menu to view the GVRP Port Parameters Table for other units in the stack, if they exist.

Copying GVRP Parameters

Open the GVRP Global Parameters page.
Click Show All.

The GVRP Port Parameters Table displays.

Specify the Port or LAG you are copying from in Copy Parameters From.
Click Copy To for each Interface/LAG to receive these parameters.
Click Apply Changes.

The GVRP Port Parameter settings are copied, and the device is updated.

Modifying GVRP Parameters for Multiple Ports

Open the GVRP Global Parameters page.
Click Show All.

The GVRP Port Parameters Table displays.

Click Edit for each Interface/LAG to modify.
Edit the GVRP Port Parameter fields as needed.
Click Apply Changes.

The GVRP Port Parameter settings are modified, and the device is updated.

Configuring GVRP Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

GVRP Commands

Aggregating Ports

Link Aggregation allows one or more full duplex (FDX) Ethernet links to be aggregated together to form a Link Aggregation Group (LAG). This allows the networking switch to treat the LAG as if it is a single link.

Static LAGs are supported. When a port is added to a LAG as a static member, it neither transmits nor receives LACPDUs.

To display the Link Aggregation menu page, click Switching® Link Aggregation in the tree view. The Link Aggregation page contains links to the following features:

LACP Parameters

Link Aggregation is initiated and maintained by the periodic exchanges of LACPDUs. Use the LACP Parameters page to configure LACP LAGs.

To display the LACP Parameters page, click Switching® Link Aggregation® LACP Parameters in the tree view.

Figure 8-64. LACP Parameters

The LACP Parameters page is divided into two sections: Global Parameters and Port Parameters. Following are the fields on this page:

Global Parameters

LACP System Priority (1–65535) — Indicates the LACP priority value for global settings. The default value is 1.

Port Parameters

Interface— Specifies the unit and port number to which timeout and priority values are assigned.

LACP Port Priority (1–65535) — Specifies LACP priority value for the specified port. The default value is 1.

LACP Timeout — Specifies Administrative LACP timeout. Possible values are:

Short — Specifies a short timeout value.

Long — Specifies a long timeout value. This is the default.

Defining Link Aggregation Parameters

Open the LACP Parameters page.
Complete the fields as needed.
Click Apply Changes.

The parameters are defined, and the device is updated.

Displaying the LACP Parameters Table

Open the LACP Parameters page.
Click Show All.

The LACP Parameters Table displays.

Figure 8-65. LACP Parameters Table

Use the Unit drop-down menu to view the LACP Parameters Table for other units in the stack, if they exist.

Modifying LACP Parameters for Multiple Ports

Open the LACP Parameters page.
Click Show All.

The LACP Parameters Table displays.

Click Edit for each Port to modify.
Edit the fields as needed.
Click Apply Changes.

The LACP Parameter settings are modified, and the device is updated.

Configuring LACP Parameters Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

LACP Commands

LAG Membership

Your switch supports 18 LAGs per system, and eight ports per LAG. Use the LAG Membership page to assign ports to LAGs and LACPs.

To display the LAG Membership page, click Switching® Link Aggregation® LAG Membership in the tree view.

Figure 8-66. LAG Membership

The LAG Membership page contains a table with the following fields:

LACP — Aggregates a LAG port to LACP membership. For ports with a number in the LAG row, you can click in the LACP row to toggle LACP "on." Each click toggles between L (LACP) and blank (no LACP).

LAG — Adds a port to a LAG, and indicates the specific LAG to which the port belongs. Each click toggles through the LAG numbers, 1–18, and then back to blank (no LAG assigned).

Adding a Port to a LAG

Open the LAG Membership page.
Click in the LAG row to toggle the port to the desired LAG.

The LAG number displays for that port. The LAG number increases each time you click until the number reaches 18 and then returns to blank (no LAG assigned).

Click Apply Changes.

The port is assigned to the selected LAG, and the device is updated.

Adding a LAG Port to an LACP

Open the LAG Membership page.
Click in the LACP row to toggle the desired LAG port to L.

NOTE: The port must be assigned to a LAG before it can be aggregated to an LACP.

Click Apply Changes.

The LAG port is aggregated to the LACP, and the device is updated.

Assigning Ports to LAGs and LACPs Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Port Channel Commands

LAG Hash Configuration

Use the LAG HASH algorithm to set the traffic distribution mode on the aggregator link. You can set the HASH type for each trunk.

To display the LAG Hash Configuration page, click Switching® Link Aggregation® LAG Hash Configuration in the tree view.

Figure 8-67. LAG Hash Configuration

The LAG Hash Configuration page contains the following fields:

LAG — The drop-down menu lists the LAG numbers.

Hash Algorithm Type — The HASH algorithm for unicast traffic flows can be one of the following types:

Source MAC, VLAN, EtherType, SourceModule and Port Id
Destination MAC, VLAN, EtherType, SourceModule and Port Id
Source IP and Source TCP/UDP Port (default)
Destination IP and Destination TCP/UDP Port
Source/Destination MAC, VLAN, EtherType, source MODID/port
Source/Destination IP and source/destination TCP/UDP port

Configuring the LAG Hash

Open the LAG Hash Configuration page.
Select the LAG to configure and the hash algorithm to assign to the LAG.
Click Apply Changes.

The parameters are modified, and the device is updated.

Configuring the LAG Hash Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Port Channel Commands

LAG Hash Summary

The LAG Hash Summary page lists the channels on the system and their assigned hash algorithm type.

To display the LAG Hash Summary page, click Switching® Link Aggregation® LAG Hash Summary in the tree view.

Figure 8-68. LAG Hash Summary

The LAG Hash Summary page contains a table with the following fields:

LAGs — Lists the LAG numbers.

Hash Algorithm Type — Shows the type of HASH algorithm for unicast traffic flows that is associated with the LAG.

Viewing the LAG Hash Algorithm Summary Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Port Channel Commands

Managing Multicast Support

The Layer 2 Multicast Forwarding Database is used by the switch to make forwarding decisions for packets that arrive with a multicast destination MAC address. By limiting multicasts to only certain ports in the switch, traffic is prevented from going to parts of the network where that traffic is unnecessary.

When a packet enters the switch, the destination MAC address is combined with the VLAN ID and a search is performed in the Layer 2 Forwarding database. If no match is found, then the packet is either flooded to all ports in the VLAN or discarded, depending on the switch configuration. If a match is found, then the packet is forwarded only to the ports that are members of that multicast group.

To display the Multicast Support menu page, click Switching® Multicast Support in the tree view. This Multicast Support page contains links to the following features:

Multicast Global Parameters

Use the Multicast Global Parameters page to enable bridge multicast filtering or IGMP Snooping on the switch. Parameters for these features can be modified from the Bridge Multicast Forward and IGMP Snooping web pages.

To display the Multicast Global Parameters page, click Switching® Multicast Support® Global Parameters in the tree view.

Figure 8-69. Multicast Global Parameters

The Multicast Global Parameters page contains the following field:

Bridge Multicast Filtering — Enables or disables bridge Multicast filtering. The default value is disabled.

IGMP Snooping Status — Enables or disables IGMP snooping. The default value is disabled.

Enabling Bridge Multicast Filtering on the Switch

Open the Multicast Global Parameters page.
Select Enable in the Bridge Multicast Filtering field.
Click Apply Changes.

Bridge Multicast is enabled on the switch.

Enabling Multicast Forwarding and/or IGMP Snooping Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

Bridge Multicast Group

Use the Bridge Multicast Group page to create new multicast service groups or to modify ports and LAGs assigned to existing multicast service groups. Attached interfaces display in the Port and LAG tables, and reflect the manner in which each is joined to the Multicast group.

To display the Bridge Multicast Group page, click Switching® Multicast Support® Bridge Multicast Group in the tree view.

Figure 8-70. Bridge Multicast Group

The Bridge Multicast Group page contains the following fields:

VLAN ID — Selects the VLAN to add a multicast group to or to modify ports on an existing multicast group.

Bridge Multicast Address — Identifies the multicast group MAC address/IP address associated with the selected VLAN ID. Use the Add button to associate a new address with a VLAN ID.

Remove — Removes a Bridge Multicast address when checked.

Port and LAG Member Tables

The Bridge Multicast Group tables display which Ports and LAGs are members of the multicast group, and whether they're static (S), dynamic (D), or forbidden (F). The tables have two rows: Static and Current. Only the Static row is accessible from this page. The Current row is updated when the Static row is changed and Apply Changes is clicked.

The Bridge Multicast Group page contains two editable tables:

Unit and Ports — Displays and assigns multicast group membership to ports. To assign membership, click in Static for a specific port. Each click toggles between S, F, and blank. See the following table for definitions.

LAGs — Displays and assigns multicast group membership to LAGs. To assign membership, click in Static for a specific LAG. Each click toggles between S, F, and blank. See the following table for definitions.

The following table contains definitions for port/LAG IGMP management settings.

Table 8-2. /LAG IGMP Management Settings

Port Control	Definition
D	Dynamic: Indicates that the port/LAG was dynamically joined to the Multicast group (displays in the Current row).
S	Static: Attaches the port to the Multicast group as a static member in the Static row. Displays in the Current row once Apply Changes is clicked.
Blank	Blank: Indicates that the port is not attached to a Multicast group.

Adding Bridge Multicast Addresses

Open the Bridge Multicast Group page.
Click Add.

The Add Bridge Multicast Group page displays.

Figure 8-71. Add Bridge Multicast Group

Select the VLAN ID from the drop-down menu.
Define the New Bridge Multicast IP or MAC address.
In the Bridge Multicast Group tables, assign a setting by clicking in the Static row for a specific port/LAG. Each click toggles between S, F, and blank. (not a member).
Click Apply Changes.

The bridge multicast address is assigned to the multicast group, ports/LAGs are assigned to the group (with the Current rows being updated with the Static settings), and the device is updated.

Assigning an Interface to an existing Multicast Group

Open the Bridge Multicast Group page.
Select the VLAN ID from the drop-down menu.

The associated Bridge Multicast Address displays.

In the Bridge Multicast Group tables, assign a setting by clicking in the Static row for a specific port/LAG. Each click toggles between S, F, and blank (not a member).
Click Apply Changes.

The interface is assigned to the multicast group, the Current row is updated with the Static setting, and the device is updated.

Removing a Bridge Multicast Group

Open the Bridge Multicast Group page.
Select the VLAN ID associated with the bridge multicast group to be removed from the drop- down menu.

The Bridge Multicast Address and the assigned ports/LAGs display.

Check the Remove check box.
Click Apply Changes.

The selected bridge multicast group is removed, and the device is updated.

Managing Multicast Service Members Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

Bridge Multicast Forward

Use the Bridge Multicast Forward page to enable attaching ports or LAGs to a switch that is attached to a neighboring Multicast switch. Once IGMP Snooping is enabled, multicast packets are forwarded to the appropriate port or VLAN.

To display the Bridge Multicast Forward page, click Switching® Multicast Support® Bridge Multicast Forward in the tree view.

Figure 8-72. Bridge Multicast Forward

The Bridge Multicast Forward page contains the following field and two editable tables:

VLAN ID — Selects the VLAN to be affected.

Forwarding Mode — Specifies the multicast forwarding mode for the selected VLAN. Possible values are:

Forward Unregistered — Permits the forwarding of IPv4 multicast packets with a destination address that does not match any of the groups announced in earlier IGMP Membership Reports.

Forward All — Permits registered and unregistered multicast packets to forward.

Filter Unregistered — Prohibits the forwarding of IPv4 multicast packets with a destination address that does not match any of the groups announced in earlier IGMP Membership Reports.

Changing the Bridge Multicast Forwarding Mode.

Open the Bridge Multicast Forward page.
Select the VLAN ID from the drop-down menu.
Select the Forwarding Mode to assign the VLAN from the drop-down menu.
Click Apply Changes.

The VLAN is updated with the Forwarding Mode setting, and the device is updated.

Managing LAGs and Ports Attached to Multicast Routers Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

Address Table Commands

IGMP Snooping

Use the IGMP Snooping page to add IGMP members.

To display the IGMP Snooping page, click Switching® Multicast Support® IGMP Snooping in the tree view.

Figure 8-73. IGMP Snooping

The IGMP Snooping page contains the following fields:

Interface — Selects the Unit and Port to be affected.

Auto-Learn — Enables or disables Auto-Learn on the switch.

Host Timeout — Specifies time before an IGMP snooping entry is aged out. The default time is 260 seconds.

Multicast Router Timeout — Specifies time before aging out a Multicast router entry. The default value is 300 seconds.

Leave Timeout — Specifies time, in seconds, after a port leave message is received before the entry is aged out. Enter an amount of time for the timeout period, or click Immediate Leave to specify an immediate timeout. The default timeout is 10 seconds.

Enabling IGMP Snooping on the Switch

Open the IGMP Snooping page.
Select the unit and port to configure from the Interface field.
Complete the fields on the page as needed.
Click Apply Changes.

IGMP snooping is enabled on the switch.

Displaying the IGMP Snooping Table

Open the IGMP Snooping page.
Click Show All.

The IGMP Snooping Table displays.

Figure 8-74. IGMP Snooping Table

Use the Unit drop-down menu to view the IGMP Snooping Table for other units in the stack, if they exist.

Modifying IGMP Snooping Settings for Multiple Ports or LAGs

Open the IGMP Snooping page.
Click Show All.

The IGMP Snooping Table displays.

Click Edit for each Port or LAG to modify.
Edit the IGMP Snooping fields as needed.
Click Apply Changes.

The IGMP Snooping settings are modified, and the device is updated.

Copying IGMP Snooping Settings to Multiple Ports or LAGs

Open the IGMP Snooping page.
Click Show All.

The IGMP Snooping Table displays.

Click Copy Parameters From.
Select a Unit/Port or LAG to use as the source of the desired parameters.
Click Copy To for the Unit/Ports or LAGs that these parameters will be copied to.
Click Apply Changes.

The IGMP Snooping settings are modified, and the device is updated.

Configuring IGMP Snooping with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

IGMP Snooping Commands

Configuring the Link Layer Discovery Protocol (LLDP)

The IEEE 802.1AB defined standard, Link Layer Discovery Protocol (LLDP), allows stations residing on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN.

LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations implementing the transmit function, and is received and processed by stations implementing the receive function. The transmit and receive functions can be enabled/disabled separately per port. By default, both transmit and receive are disabled on all ports. The application is responsible for starting each transmit and receive state machine appropriately, based on the configured status and operational state of the port.

The LLDP menu page contains links to the following features:

LLDP Configuration

Use the LLDP Configuration page to specify LLDP parameters. Parameters that affect the entire system as well as those for a specific interface can be specified here.

To display the LLDP Configuration page, click Switching® LLDP® LLDP Configuration in the tree view.

Figure 8-75. LLDP Configuration

The LLDP Configuration page contains the following fields:

Global Settings

Transmit Interval (1–32768) — Specifies the interval at which frames are transmitted. The default is 30 seconds.

Hold Multiplier (2–10) — Specifies multiplier on the transmit interval to assign to TTL. Default is 4.

Re-Initialization Delay (1–10) — Specifies delay before a re-initialization. Default is 2 seconds.

Notification Interval (5–3600) — Limits the transmission of notifications. The default is 5 seconds.

Port Settings

Interface — Specifies the port to be affected by these parameters.

Transmit Mode — Enables or disables the transmit function. The default is disabled.

Receive Mode — Enables or disables the receive function. The default is disabled.

Transmit Management Information — Enables or disables transmission of management address instance. Default is disabled.

Notification Mode — Enables or disables remote change notifications. The default is disabled.

Included TLVs — Selects TLV information to transmit. Choices include System Name, System Capabilities, System Description, and Port Description.

Modifying the LLDP Configuration

Open the LLDP Configuration page.
Define the fields as needed.
Click Apply Changes.

LLDP parameters are saved to the switch.

Displaying the LLDP Interface Settings Table

Open the LLDP Configuration page.
Click Show All.

The LLDP Interface Settings Table displays.

Figure 8-76. LLDP Interface Settings Table

Use the Unit drop-down menu to view the LLDP Interface Settings Table for other units in the stack, if they exist.

Copying LLDP Interface Settings

Open the LLDP Configuration page.
Click Show All.

The LLDP Interface Settings Table displays.

Specify the Unit and Port you are copying from in Copy Parameters From.
Click Copy To for each Unit/Port to receive these parameters.
Click Apply Changes.

The LLDP Interface settings are copied, and the device is updated.

Modifying LLDP Interface Settings for Multiple Ports

Open the LLDP Configuration page.
Click Show All.

The LLDP Interface Settings Table displays.

Click Edit for each Unit/Port to modify.
Edit the LLDP Interface fields as needed.
Click Apply Changes.

The LLDP Interface settings are modified, and the device is updated.

Configuring LLDP Configuration with CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

LLDP Commands

LLDP Statistics

Use the LLDP Statistics page to view LLPD-related statistics.

To display the LLDP Statistics page, click Switching® LLDP® LLDP Statistics in the tree view.

Figure 8-77. LLDP Statistics

The LLDP Statistics page displays the following statistics:

System-wide Statistics

Last Update — Displays the value of system up time the last time a remote data entry was created, modified, or deleted.

Total Inserts — Displays the number of times a complete set of information advertised by a remote switch has been inserted into the table.

Total Deletes — Displays the number of times a complete set of information advertised by a remote switch has been deleted from the table.

Total Drops — Displays the number of times a complete set of information advertised by a remote switch could not be inserted due to insufficient resources.

Total Ageouts — Displays the number of times any remote data entry has been deleted due to TTL (Time-to-Live) expiration.

Port Statistics

Interface — Displays the Unit and Port to which the statistics on that line apply.

Transmit Total — Displays the total number of LLDP frames transmitted on the indicated port.

Receive Total — Displays the total number of valid LLDP frames received on the indicated port.

Discards — Displays the number of LLDP frames received on the indicated port and discarded for any reason.

Errors — Displays the number of invalid LLDP frames received on the indicated port.

Ageouts — Displays the number of times a remote data entry on the indicated port has been deleted due to TTL expiration.

TLV Discards — Displays the number of LLDP TLVs (Type, Length, Value sets) received on the indicated port and discarded for any reason by the LLDP agent.

TLV Unknowns — Displays the number of LLDP TLVs received on the indicated port for a type not recognized by the LLDP agent.

Use the Unit drop-down menu to view the LLDP Statistics for other units in the stack, if they exist.

Use the Clear Statistics button to reset all LLDP Statistics to zero.

Displaying LLDP Statistics with the CLI Command

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

LLDP Commands

LLDP Connections

Use the LLDP Connections page to view the list of ports with LLDP enabled. Basic connection details are displayed.

To display the LLDP Connections page, click Switching® LLDP® LLDP Connections in the tree view.

Figure 8-78. LLDP Connections Table

The LLDP Connections page displays the following port details:

Local Interface — Designates a unit and port in the stack.

Chassis ID — Identifies the 802 LAN device's chassis.

Port ID — Identifies the port number from which the LLDPDU is transmitted.

System Name — Identifies the system name associated with the remote device.

Use the Unit drop-down menu to view the LLDP Connections for other units in the stack, if they exist.

Use the Clear Table button to delete all information from the LLDP Connections table.

Viewing Details about the LLDP Connections

Open the LLDP Connections page.
Click the interface in the Local Interface field to view details about that device.

The LLDP Connections - Detailed page for the device displays.

Figure 8-79. Detailed LLDP Connections

Use the Back button to return to the LLDP Connections page.

Viewing LLDP Connections with the CLI Command

For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide:

LLDP Commands

Back to Contents Page