This section describes the switch user-configurable features. For a list of all features, see the software version release notes.

The Dell™ PowerConnect™ 6200 series are standalone Layer 2 and 3 switches that extend the Dell PowerConnect LAN switching product range. These switches include the following features:

The Dell PowerConnect 6224 switch supports 24 1000Base-T copper ports and 4 "combo" ports for RJ-45 or SFP interfaces. The Dell PowerConnect 6224P adds support for power-over-Ethernet (PoE) capability.

The Dell PowerConnect 6224F switch supports 24 1000Base-FX SFP ports and 4 "combo" ports for RJ-45 or SFP interfaces.

The Dell PowerConnect 6248 supports 48 1000Base-T copper ports and 4 "combo" ports for RJ-45 or SFP interfaces. The Dell PowerConnect 6248P adds support for PoE capability.

sFlow is the standard for monitoring high-speed switched and routed networks. sFlow Version 5 technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources.

Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices (routers, bridges, access servers, and switches).

Auto Config is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. Auto Config is accomplished in three phases:

Blocks clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.

The system logs events with severity codes and timestamps. The events are sent as SNMP traps to a trap recipient list.

For information about SNMP Alarms and Traps, see "Defining SNTP Global Parameters."

You can manage the system from any web browser. The switch contains an embedded web server that serves HTML pages you can use to monitor and configure the system.

The switch’s configuration file includes both system-wide and port-specific device configuration data. You can display configuration files through command-line interface (CLI) commands.

For information about downloading configuration files, see "Downloading Files."

Software download enables storage of backup firmware images. For information about downloading the software, see "Software Download and Reboot."

The PowerConnect 6200 Series switches support boot image, firmware, and configuration upload or download through TFTP.

RMON is a standard Management Information Base (MIB) that defines current and historical MAC-layer statistics and control objects, allowing real-time information to be captured across the entire network.

The system is fully manageable using a combination of MIB variables, whose combined values represent all facets of the system state, and the SNMP protocol to examine and possibly modify these values. SNMP v1/v2c/v3 over the UDP/IP transport protocol is supported.

Command Line Interface (CLI) syntax and semantics conform as much as possible to common industry practice. CLI is composed of mandatory and optional elements. Context-sensitive help provides format and value ranges allowed for current commands, and the CLI interpreter provides command and keyword completion.

Syslog is a protocol that allows event notifications to be sent to a set of desired remote servers where they can be stored, examined, and acted upon.

For information about Syslog, see "Managing Logs."

The Simple Network Time Protocol (SNTP) assures accurate network switch clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server.

For more information about SNTP, see "Configuring SNTP Settings."

For information about Real Time Clock, see "Clock Detail."

This feature allows the stacking and CX-4 plug-in modules to be configured to either role (Ethernet or Stacking). By default, the module will function according to its module ID. Upon changing the role of a module, a reboot will be required for the change to take effect.

This feature enables a stack to continue forwarding packets when the stack management unit fails due to a power failure, hardware failure, or software fault.

An IPv6 ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.

This feature enables binding an ACL (IP, MAC, or IPv6) in outbound direction on physical, LAG, and VLAN interfaces.

IP source guard (IPSG) is a security feature that filters IP packets based on the source ID. The source ID may either be source IP address or a source IP address source MAC address pair. IPSG is disabled by default.

DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server. It filters harmful DHCP messages and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are specified as authorized. DHCP snooping can be enabled globally and on specific VLANs. Ports within the VLAN can be configured to be trusted or untrusted. DHCP servers must be reached through trusted ports.

Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station's IP address to its own MAC address.

In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast address.

In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports intended to receive the data (instead of being flooded to all of the ports in a VLAN). This list is constructed by snooping IPv6 multicast control packets.

Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.

Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from up to four source ports to a monitoring port.

When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all ports on the relevant virtual local area network (VLAN). The flooding occupies bandwidth, and loads all nodes connected on all ports. Storm control limits the amount of broadcast, unknown unicast, and multicast frames accepted and forwarded by the switch.

Jumbo frames enable transporting data in fewer frames to ensure less overhead, lower processing time, and fewer interrupts.

Media-Dependent Interface (MDI) is the standard wiring for end stations, and the standard wiring for hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).

Auto negotiation allows the switch to advertise modes of operation. The auto negotiation function provides the means to exchange information between two switches that share a point-to-point link segment, and to automatically configure both switches to take maximum advantage of their transmission capabilities.

The PowerConnect 6200 Series enhances auto negotiation by providing port advertisement. Port advertisement allows the system administrator to configure the port speeds advertised.

For information about auto negotiation, see "Port Configuration" or "LAG Configuration."

Flow control enables lower speed switches to communicate with higher speed switches by requesting that the higher speed switch refrains from sending packets. Transmissions are temporarily halted to prevent buffer overflows.

For information about configuring flow control for ports or LAGs, see "Port Configuration" or "LAG Configuration."

Head of Line (HOL) blocking prevention prevents traffic delays and frame loss caused by traffic competing for the same egress port resources. HOL blocking queues packets, and the packets at the head of the queue are forwarded before packets at the end of the queue.

On half-duplex links, a receiver may prevent buffer overflows by occupying the link so that it is unavailable for additional traffic.

The Alternate Store and Forward (ASF) feature reduces latency for large packets. When ASF is enabled, the memory management unit (MMU) can forward a packet to the egress port before it has been entirely received on the Cell Buffer Pool (CBP) memory. AFS, which is also known as cut-through mode, is configurable through the command-line interface. For information about how to configure the AFS feature, see the CLI Reference Guide, which is located on the Dell Support website at www.support.dell.com/manuals.

The link dependency feature provides the ability to enable or disable one or more ports based on the state of the link of one or more ports.

For information about Link Dependency, see "Creating Link Dependencies."

VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or a combination of the ingress port and packet contents. Packets sharing common attributes can be groups in the same VLAN.

For information about configuring VLANs, see "Configuring VLANs."

Port-based VLANs classify incoming packets to VLANs based on their ingress port. When a port uses 802.1X port authentication, packets can be assigned to a VLAN based on the result of the 802.1X authentication a client uses when it accesses the switch. This feature is useful for assigning traffic to Guest VLANs or Voice VLANs.

For information about configuring VLANs, see "Configuring VLANs."

VLAN classification rules are defined on data-link layer (Layer 2) protocol identification. Protocol-based VLANs are used for isolating Layer 2 traffic for differing Layer 3 protocols.

For information about defining Protocol-Based VLANs, see "Protocol Group."

IEEE 802.1Q defines an architecture for virtual bridged LANs, the services provided in VLANs, and the protocols and algorithms involved in the provision of these services.

GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the switch registers and propagates VLAN membership on all ports that are part of the active spanning tree protocol topology.

For information about configuring GVRP, see "GVRP Parameters."

Private VLAN Edge (PVE) ports are a Layer 2 security feature that provides port-based security between ports that are members of the same VLAN. It is an extension of the common VLAN. Traffic from protected ports is sent only to the uplink ports and cannot be sent to other ports within the VLAN.

This feature allows incoming untagged packets to be assigned to a VLAN and traffic class based on the source IP address of the packet.

For information about configuring Subnet-based VLANs, see "Bind IP Subnet to VLAN."

This feature allows incoming untagged packets to be assigned to a VLAN and traffic class based on the source MAC address of the packet.

For information about configuring MAC-based VLANs, see "Bind MAC to VLAN."

The Double VLAN feature allows the use of a second tag on network traffic. The additional tag helps differentiate between customers in the Metropolitan Area Networks (MAN) while preserving individual customer’s VLAN identification when they enter their own 802.1Q domain.

In a protocol-based VLAN, traffic is bridged through specified ports based on the VLAN’s protocol. User-defined packet filters determine if a particular packet belongs to a particular VLAN. Protocol-based VLANs are most often used in situations where network segments contain hosts running multiple protocols.

This version of the IEEE Multiple Spanning Tree Protocol corrects problems associated with the previous version, provides for faster transition-to-forwarding, and incorporates new features for a port (restricted role and restricted TCN).

802.1d STP is a standard requirement of Layer 2 switches that allows bridges to automatically prevent and resolve L2 forwarding loops.

For information about configuring Spanning Tree Protocol, see "Configuring the Spanning Tree Protocol."

Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies to enable faster spanning tree convergence after a topology change, without creating forwarding loops.

For information about configuring Rapid Spanning Tree Protocol, see "Rapid Spanning Tree."

Multiple Spanning Tree (MSTP) operation maps VLANs to spanning tree instances. Packets assigned to various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or more interconnected MSTP bridges with identical MSTP settings. The MSTP standard lets administrators assign VLAN traffic to unique paths.

For information about configuring Multiple Spanning Tree, see "MSTP Settings."

Spanning Tree Root Guard is used to prevent the root of a Spanning Tree instance from changing unexpectedly. The priority of a Bridge ID can be set to zero but another Bridge ID with a lower mac address could also set its priority to zero and take over root.

Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already existing topology of STP. Thus devices, which were originally not a part of STP, are not allowed to influence the STP topology.

Up to eight ports can combine to form a single Link Aggregated Group (LAG). This enables fault tolerance protection from physical link disruption, higher bandwidth connections and improved bandwidth granularity.

For information about configuring LAGs, see "LAG Configuration."

Link Aggregate Control Protocol (LACP) uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems. LACP automatically determines, configures, binds, and monitors the binding of ports to aggregators within the system.

For information about LACP, see "LACP Parameters."

The PowerConnect 6200 supports PoE configuration for power threshold, SNMP traps, and PoE legacy device support.

The Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED) provides an extension to the LLDP standard for network configuration and policy, device location, Power over Ethernet management, and inventory management.

For information about configuring LLDP-MED, see "Configuring Link Layer Discovery Protocol (LLDP) for Media Endpoint Devices."

The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port.

For information about configuring Voice VLAN, see "Configuring Voice VLAN."

The PowerConnect 6200 Series software supports VLAN routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port.

The OSPF Link State Database page has been updated to display external LSDB table information and AS opaque LSDB table information (in addition to OSPF link state information).

The switch IP configuration settings have been enhanced to allow you to enable or disable the generation of the following types of ICMP messages:

IP interface configuration includes the ability to configure the bandwidth, Destination Unreachable messages, and ICMP Redirect messages.

Extends the capability of the Virtual Router Redundancy Protocol (VRRP) to allow tracking of specific route/interface IP state within the router that can alter the priority level of a virtual router for a VRRP group.

The exception to this is, if that VRRP group is the IP address owner, its priority is fixed at 255 and can not be reduced through tracking process.

The switch supports up to 32K Media Access Control (MAC) addresses and reserves two MAC addresses for system use.

MAC addresses that have not seen any traffic for a given period are aged out, which prevents the bridging table from overflowing.

For information about configuring the MAC Address age-out period, see "Dynamic Address Table."

For information about configuring the static MAC addresses, see "Static Address Table."

Packets arriving from an unknown source address are sent to the CPU and added to the Hardware Table. Future packets addressed to or from this address are more efficiently forwarded.

Multicast service is a limited broadcast service that allows one-to-many and many-to-many connections. In Layer 2 multicast services, a single frame addressed to a specific multicast address is received, and copies of the frame to be transmitted on each relevant port are created.

For information about configuring MAC Multicast Support, see "Managing Multicast Support."

The PowerConnect 6200 Series uses the ARP protocol to associate a layer 2 MAC address with a layer 3 IPv4 address. Additionally, the administrator can statically add entries in to the ARP table.

The Open Shortest Path First (OSPF) Routing protocol defines two area types: regular OSPF area and OSPF stub area. OSPF internal and external route information may be propagated throughout the regular OSPF area; it is capable of supporting transit traffic and virtual links.

The BootP protocol allows a device to solicit and receive configuration data and parameters from a suitable server. DHCP is an extension to BootP allowing additional setup parameters to be received from a network server upon system startup. Notably, while BootP stops operating once an IP address is obtained, DHCP service is an on-going process. For example, the IP address assigned to the system has a ‘lease time’ that may expire, and can be renewed on the fly.

The routing protocol used within an autonomous Internet system is referred to as an interior gateway protocol (IGP). RIP is an IGP that is designed to work with moderate-size networks.

Virtual Routing Redundancy Protocol (VRRP) is used to provide hosts with redundant routers in the network topology without any need for the hosts to reconfigure or know that there are multiple routers.

Automatically formed IPv4 6 to 4 tunnels for carrying IPv6 traffic. The automatic tunnel IPv4 destination address is derived from the 6 to 4 IPv6 address of the tunnel nexthop. There is support the functionality of a 6 to 4 border router that connects a 6 to 4 site to a 6 to 4 domain. It sends/receives tunneled traffic from routers in a 6 to 4 domain that includes other 6 to 4 border routers and 6 to 4 relay routers.

DHCPv6 incorporates the notion of the “stateless” server, where DHCPv6 is not used for IP address assignment to a client, rather it only provides other networking information such as DNS, Network Time Protocol (NTP), and/or Session Initiation Protocol (SIP) information.

OSPFv3 provides a routing protocol for IPv6 networking. OSPFv3 is a new routing component based on the OSPF version 2 component. In dual stack IPv6, you can configure and use both OSPF and OSPFv3 components.

Since IPv4 and IPv6 can coexist on a network, the router on such a network needs to forward both traffic types. Given this coexistence, the PowerConnect 6200 Series maintains two routing tables, rto and rto6, which are both capable of forwarding over the same set of interfaces. IPv6 interfaces are managed in a manner similar to IPv4 interfaces.

The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port. A primary benefit of using Voice VLAN is to ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high. The system uses the source MAC address of the traffic traveling through the port to identify the IP phone data flow.

Provides ease of use for the user in setting up VoIP for IP phones on a switch. This is accomplished by enabling a VoIP profile that a user can select on a per port basis.

The Class of Service interface configuration feature has been enhanced to allow outbound rate limiting on specified ports.

Extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. Ethernet IPv6 packets are distinguished from IPv4 packets by a unique Ethertype value (all IPv6 classifiers include the Ethertype field).

To overcome unpredictable network traffic and optimize performance, you can apply Quality of Service (QoS) throughout the network. QoS ensures that the network traffic is prioritized according to a specific criteria. Your switch supports two types of QoS: Differentiated Services and Class of Service.

Distance Vector Multicast Routing Protocol (DVMRP) exchanges probe packets with all DVMRP-enabled routers, establishing two way neighboring relationships and building a neighbor table. It exchanges report packets and creates a unicast topology table, which is used to build the multicast routing table. This multicast route table is then used to route the multicast packets.

The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to any neighboring multicast routers. The PowerConnect 6200 Series performs the "multicast router part" of the IGMP protocol, which means it collects the membership information needed by the active multicast routing.

Protocol Independent Multicast (PIM) is a standard multicast routing protocol that provides scalable inter‑domain multicast routing across the Internet, independent of the mechanisms provided by any particular unicast routing protocol. The Protocol Independent Multicast-Dense Mode (PIM-DM) protocol uses an existing Unicast routing table and a Join/Prune/Graft mechanism to build a tree. PIM-DM creates source-based shortest-path distribution trees, making use of reverse path forwarding (RPF).

Protocol Independent Multicast-Sparse Mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that may span wide area networks, and where bandwidth is a constraint. PIM-SM uses shared trees by default and implements source-based trees for efficiency. This data threshold rate is used to toggle between trees.

MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with MLD v1.

MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that want to receive the multicast data packets, on its directly attached interfaces. The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the multicast routing protocol that make the decision on the flow of the multicast data packets.

Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network.

For information about defining ACLs, see "IP ACL Configuration" and "MAC ACL Configuration."

Dot1x authentication enables the authentication of system users through an external server. Only authenticated and approved system users can transmit and receive data. Supplicants are authenticated through the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Also supported are PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS. MAC-based authentication allows multiple supplicants connected to the same port to each authenticate individually. For example, a system attached to the port might be required to authenticate in order to gain access to the network, while a VoIP phone might not need to authenticate in order to send voice traffic through the port.

For information about enabling and configuring 802.1X port authentication, see "Dot1x Authentication."

The locked port feature limits access on a port to users with specific MAC addresses. These addresses are manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.

For information about enabling locked port security, see "Port Security."

Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features.

For more information about password management, see "Password Management."

TACACS+ provides centralized security for validation of users accessing the switch. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.

RADIUS is a client/server-based protocol in which the server maintains a user database that contains user authentication information, such as user name, password, and accounting information.

Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. This connection provides functionality that is similar to an inbound telnet connection.

Secure Sockets Layer (SSL) protocol provides a means of abstracting an encrypted connection between two stations. Once established, such a connection is virtually no different to use than an unsecured connection.

The following documents for the PowerConnect PowerConnect 6200 Series switches are available on the Dell Support website at www.support.dell.com/manuals: