613-001022 Rev. CManagement SoftwareAT-S63◆Features GuideFor Stand-alone AT-9400 Switchesand AT-9400Ts StacksAT-S63 Version 2.2.0 for AT-9400 Layer 2+
Contents10Section VIII: Port Security ...413Chapter 35: MAC Address-
Chapter 5: MAC Address Table100 Section I: Basic Operations
Section I: Basic Operations 101Chapter 6Static Port TrunksThis chapter describes static port trunks. Sections in the chapter include: “Supported Plat
Chapter 6: Static Port Trunks102 Section I: Basic OperationsSupported PlatformsRefer to Table 33 and Table 34 for the AT-9400 Switches and the managem
AT-S63 Management Software Features GuideSection I: Basic Operations 103OverviewA static port trunk is a group of two to eight ports that function as
Chapter 6: Static Port Trunks104 Section I: Basic OperationsLoad Distribution MethodsThis section discusses the load distribution methods of static po
AT-S63 Management Software Features GuideSection I: Basic Operations 105A similar method is used for the two load distribution methods that employ bot
Chapter 6: Static Port Trunks106 Section I: Basic OperationsGuidelinesHere are the guidelines to static trunks: Allied Telesis recommends limiting st
Section I: Basic Operations 107Chapter 7LACP Port TrunksThis chapter explains Link Aggregation Control Protocol (LACP) port trunks. Sections in the ch
Chapter 7: LACP Port Trunks108 Section I: Basic OperationsSupported PlatformsRefer to Table 35 and Table 36 for the AT-9400 Switches and the managemen
AT-S63 Management Software Features GuideSection I: Basic Operations 109OverviewLACP (Link Aggregation Control Protocol) port trunks perform the same
AT-S63 Management Software Features Guide11Chapter 39: PKI Certificates and SSL ...
Chapter 7: LACP Port Trunks110 Section I: Basic OperationsLACP System PriorityIt is possible for two devices interconnected by an aggregate trunk to e
AT-S63 Management Software Features GuideSection I: Basic Operations 111Adminkey ParameterThe adminkey is a hexadecimal value from 1 to FFFF that iden
Chapter 7: LACP Port Trunks112 Section I: Basic OperationsLoad Distribution MethodsThe load distribution method determines the manner in which the swi
AT-S63 Management Software Features GuideSection I: Basic Operations 113GuidelinesThe following guidelines apply to creating aggregators: LACP must b
Chapter 7: LACP Port Trunks114 Section I: Basic Operations When creating a new aggregator, you can specify either a name for the aggregator or an adm
Section I: Basic Operations 115Chapter 8Port MirrorThis chapter explains the port mirror feature. Sections in the chapter include: “Supported Platfor
Chapter 8: Port Mirror116 Section I: Basic OperationsSupported PlatformsRefer to Table 37 and Table 38 for the AT-9400 Switches and the management int
AT-S63 Management Software Features GuideSection I: Basic Operations 117OverviewThe port mirror feature allows for the unobtrusive monitoring of ingre
Chapter 8: Port Mirror118 Section I: Basic Operations
Section I: Basic Operations 119Chapter 9Link-flap ProtectionThis chapter explains link-flap protection. The sections in this chapter include: “Suppor
Contents12Internet Protocol Version 4 Packet Routing...
Chapter 9: Link-flap Protection120 Section I: Basic OperationsSupported PlatformsRefer to Table 39 and Table 40 for the AT-9400 Switches and the manag
AT-S63 Management Software Features GuideSection I: Basic Operations 121OverviewA port that is unable to maintain a reliable connection to a network n
Chapter 9: Link-flap Protection122 Section I: Basic OperationsGuidelinesHere are the guidelines to link-flap protection: The rate and duration are se
AT-S63 Management Software Features GuideSection I: Basic Operations 123Configuring the FeatureHere are the commands that are used to configure the li
Chapter 9: Link-flap Protection124 Section I: Basic Operations
Section II: Advanced Operations 125Section IIAdvanced OperationsThis section contains the following chapters: Chapter 10, ”File System” on page 127
126 Section II: Advanced Operations
Section II: Advanced Operations 127Chapter 10File SystemThe chapter explains the switch’s file system and contains the following sections: “Overview”
Chapter 10: File System128 Section II: Advanced OperationsOverviewThe AT-9400 Switch has a file system in flash memory for storing system files. You c
AT-S63 Management Software Features GuideSection II: Advanced Operations 129File Naming ConventionsThe flash memory file system is a flat file system—
AT-S63 Management Software Features Guide13Appendix D: MIB Objects ...
Chapter 10: File System130 Section II: Advanced OperationsUsing Wildcards to Specify Groups of FilesYou can use the asterisk character (*) as a wildca
Section II: Advanced Operations 131Chapter 11Event Logs and the Syslog ClientThis chapter describes how to monitor the activity of a switch by viewing
Chapter 11: Event Logs and the Syslog Client132 Section II: Advanced OperationsSupported PlatformsRefer to Table 42 and Table 43 for the AT-9400 Switc
AT-S63 Management Software Features GuideSection II: Advanced Operations 133OverviewA managed switch is a complex piece of computer equipment that inc
Chapter 11: Event Logs and the Syslog Client134 Section II: Advanced OperationsSyslog ClientThe management software features a syslog client to send e
Section II: Advanced Operations 135Chapter 12ClassifiersThis chapter explains classifiers for access control lists and Quality of Service policies. Th
Chapter 12: Classifiers136 Section II: Advanced OperationsSupported PlatformsRefer to Table 44 and Table 45 for the AT-9400 Switches and the managemen
AT-S63 Management Software Features GuideSection II: Advanced Operations 137OverviewA classifier defines a traffic flow. A traffic flow consists of pa
Chapter 12: Classifiers138 Section II: Advanced Operationsis dictated by the QoS policy, as explained in Chapter 15, “Quality of Service” on page 165.
AT-S63 Management Software Features GuideSection II: Advanced Operations 139Classifier CriteriaThe components of a classifier are defined in the follo
Contents14
Chapter 12: Classifiers140 Section II: Advanced OperationsFigure 5. User Priority and VLAN Fields within an Ethernet FrameYou can identify a traffic f
AT-S63 Management Software Features GuideSection II: Advanced Operations 141Observe the following guidelines when using this variable: When selecting
Chapter 12: Classifiers142 Section II: Advanced OperationsObserve these guidelines when using this criterion: The Protocol variable must be left blan
AT-S63 Management Software Features GuideSection II: Advanced Operations 143Observe this guideline when using these criteria: The Protocol variable m
Chapter 12: Classifiers144 Section II: Advanced OperationsGuidelinesFollow these guidelines when creating a classifier: Each classifier represents a
Section II: Advanced Operations 145Chapter 13Access Control ListsThis chapter describes access control lists (ACL) and how they can improve network se
Chapter 13: Access Control Lists146 Section II: Advanced OperationsSupported PlatformsRefer to Table 46 and Table 47 for the AT-9400 Switches and the
AT-S63 Management Software Features GuideSection II: Advanced Operations 147OverviewAn access control list is a filter that controls the ingress traff
Chapter 13: Access Control Lists148 Section II: Advanced Operations4. Finally, if a packet does not meet the criteria of any ACLs on a port, it is acc
AT-S63 Management Software Features GuideSection II: Advanced Operations 149Parts of an ACLAn ACL must have the following information: Name - An ACL
15Figure 1: AT-StackXG Stacking Module...
Chapter 13: Access Control Lists150 Section II: Advanced OperationsGuidelinesHere are the rules to creating ACLs: Ports can have multiple permit and
AT-S63 Management Software Features GuideSection II: Advanced Operations 151ExamplesThis section contains several examples of ACLs. In this example, p
Chapter 13: Access Control Lists152 Section II: Advanced OperationsTo deny traffic from several subnets on the same port, you can create multiple clas
AT-S63 Management Software Features GuideSection II: Advanced Operations 153The same result can be achieved by assigning the classifiers to different
Chapter 13: Access Control Lists154 Section II: Advanced OperationsIn this example, the traffic on ports 14 and 15 is restricted to packets from the s
AT-S63 Management Software Features GuideSection II: Advanced Operations 155The next example limits the ingress traffic on port 17 to IP packets from
Chapter 13: Access Control Lists156 Section II: Advanced Operations
Section II: Advanced Operations 157Chapter 14Class of ServiceThis chapter describes the Class of Service (CoS) feature. Sections in the chapter includ
Chapter 14: Class of Service158 Section II: Advanced OperationsSupported PlatformsRefer to Table 48 and Table 49 for the AT-9400 Switches and the mana
AT-S63 Management Software Features GuideSection II: Advanced Operations 159OverviewWhen a port on an Ethernet switch becomes oversubscribed—its egres
Figures16Figure 51: Example of a Tagged VLAN...
Chapter 14: Class of Service160 Section II: Advanced OperationsFor example, when a tagged packet with a priority level of 3 enters a port on the switc
AT-S63 Management Software Features GuideSection II: Advanced Operations 161Note that because all ports must use the same priority-to-egress queue map
Chapter 14: Class of Service162 Section II: Advanced OperationsSchedulingA switch port needs a mechanism that specifies the order of transmittal of th
AT-S63 Management Software Features GuideSection II: Advanced Operations 163Table 52 shows an example.In this example, the port transmits a maximum nu
Chapter 14: Class of Service164 Section II: Advanced OperationsQ6 15Q7 0Table 53. Example of a Weight of Zero for Priority Queue 7 (Continued)Port Egr
Section II: Advanced Operations 165Chapter 15Quality of ServiceThis chapter describes Quality of Service (QoS). Sections in the chapter include: “Sup
Chapter 15: Quality of Service166 Section II: Advanced OperationsSupported PlatformsRefer to Table 54 and Table 55 for the AT-9400 Switches and the ma
AT-S63 Management Software Features GuideSection II: Advanced Operations 167OverviewQuality of Service allows you to prioritize traffic and/or limit t
Chapter 15: Quality of Service168 Section II: Advanced OperationsThe QoS functionality described in this chapter sorts packets into various flows, acc
AT-S63 Management Software Features GuideSection II: Advanced Operations 169ClassifiersClassifiers identify a particular traffic flow, and range from
17Table 1: Basic Operations ...
Chapter 15: Quality of Service170 Section II: Advanced OperationsFlow GroupsFlow groups group similar traffic flows together, and allow more specific
AT-S63 Management Software Features GuideSection II: Advanced Operations 171Traffic ClassesTraffic classes are the central component of the QoS soluti
Chapter 15: Quality of Service172 Section II: Advanced OperationsPoliciesQoS policies consist of a collection of user defined traffic classes. A polic
AT-S63 Management Software Features GuideSection II: Advanced Operations 173QoS Policy GuidelinesFollowing is a list of QoS policy guidelines: A clas
Chapter 15: Quality of Service174 Section II: Advanced OperationsPacket ProcessingYou can use the switch’s QoS tools to perform any combination of the
AT-S63 Management Software Features GuideSection II: Advanced Operations 175Both the VLAN tag User Priority and the traffic class / flow group priorit
Chapter 15: Quality of Service176 Section II: Advanced OperationsReplacing PrioritiesThe traffic class or flow group priority (if set) determines the
AT-S63 Management Software Features GuideSection II: Advanced Operations 177DiffServ DomainsDifferentiated Services (DiffServ) is a method of dividing
Chapter 15: Quality of Service178 Section II: Advanced OperationsTo use the QoS tool set to configure a DiffServ domain:1. As packets come into the do
AT-S63 Management Software Features GuideSection II: Advanced Operations 179ExamplesThe following examples demonstrate how to implement QoS in three s
Tables18Table 50: Default Mappings of IEEE 802.1p Priority Levels to Priority Queues ...
Chapter 15: Quality of Service180 Section II: Advanced OperationsFigure 14. QoS Voice Application ExampleThe parts of the policies are: Classifier -
AT-S63 Management Software Features GuideSection II: Advanced Operations 181 Traffic Class - No action is taken by the traffic class, other than to s
Chapter 15: Quality of Service182 Section II: Advanced OperationsFigure 15. QoS Video Application ExampleThe parts of the policies are: Classifier -
AT-S63 Management Software Features GuideSection II: Advanced Operations 183packets so they leave containing the new level, you would change option 5,
Chapter 15: Quality of Service184 Section II: Advanced OperationsPolicyComponentHierarchyThe purpose of this example is to illustrate the hierarchy of
AT-S63 Management Software Features GuideSection II: Advanced Operations 185Figure 17. Policy Component Hierarchy ExampleCreate Classifier01 - Classif
Chapter 15: Quality of Service186 Section II: Advanced Operations
Section II: Advanced Operations 187Chapter 16Group Link ControlThis chapter explains group link control. The sections in this chapter include: “Suppo
Chapter 16: Group Link Control188 Section II: Advanced OperationsSupported PlatformsRefer to Table 56 and Table 57 for the AT-9400 Switches and the ma
AT-S63 Management Software Features GuideSection II: Advanced Operations 189OverviewGroup link control is designed to improve the effectiveness of the
AT-S63 Management Software Features Guide19Table 110: Support for 802.1x Port-based Network Access Control ...
Chapter 16: Group Link Control190 Section II: Advanced OperationsIn the first diagram a server with two teamed network adapter cards is connected to d
AT-S63 Management Software Features GuideSection II: Advanced Operations 191But if the failure occurred further upstream between switches 1 and 3, the
Chapter 16: Group Link Control192 Section II: Advanced OperationsFigure 20. Group Link Control Example 3When a link on an upstream port is reestablish
AT-S63 Management Software Features GuideSection II: Advanced Operations 193Figure 21. Group Link Control Example 4 Switch 1NetworkSwitch 3Switch 2
Chapter 16: Group Link Control194 Section II: Advanced OperationsIf connectivity is lost on both ports 17 and 20, the downstream ports 24 and 25 are d
AT-S63 Management Software Features GuideSection II: Advanced Operations 195This is illustrated in this figure. Switch 1 and switch 3 are connected wi
Chapter 16: Group Link Control196 Section II: Advanced OperationsIn this example the primary and backup trunks have four links each.Figure 24. Group L
AT-S63 Management Software Features GuideSection II: Advanced Operations 197GuidelinesHere are the guidelines to group link control: The switch or st
Chapter 16: Group Link Control198 Section II: Advanced OperationsConfiguring the FeatureHere are a few examples on how to configure the feature. The f
AT-S63 Management Software Features GuideSection II: Advanced Operations 199awplus(config-if)# interface 8awplus(config-if)# group link control upstre
Copyright 2009 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied
Tables20
Chapter 16: Group Link Control200 Section II: Advanced Operations
Section II: Advanced Operations 201Chapter 17Denial of Service DefensesThis chapter explains the defense mechanisms in the management software that ca
Chapter 17: Denial of Service Defenses202 Section II: Advanced OperationsSupported PlatformsRefer to Table 60 and Table 61 for the AT-9400 Switches an
AT-S63 Management Software Features GuideSection II: Advanced Operations 203OverviewThe AT-S63 Management Software can help protect your network again
Chapter 17: Denial of Service Defenses204 Section II: Advanced OperationsSYN Flood AttackIn this type of attack, an attacker sends to a victim a large
AT-S63 Management Software Features GuideSection II: Advanced Operations 205Smurf AttackThis DoS attack is instigated by an attacker sending a ICMP Ec
Chapter 17: Denial of Service Defenses206 Section II: Advanced OperationsLand AttackIn this attack, an attacker sends a bogus IP packet where the sour
AT-S63 Management Software Features GuideSection II: Advanced Operations 2072. If the source IP address is not local to the network, it discards the p
Chapter 17: Denial of Service Defenses208 Section II: Advanced OperationsTeardrop AttackAn attacker sends an IP packet in several fragments with a bog
AT-S63 Management Software Features GuideSection II: Advanced Operations 209Ping of Death AttackThe attacker sends an oversized, fragmented ICMP Echo
21PrefaceThis guide describes the features of the AT-9400 Layer 2+ and Basic Layer 3 Gigabit Ethernet Switches and the AT-S63 Management Software.This
Chapter 17: Denial of Service Defenses210 Section II: Advanced OperationsIP Options AttackIn the basic scenario of an IP attack, an attacker sends pac
AT-S63 Management Software Features GuideSection II: Advanced Operations 211Mirroring TrafficThe Land, Teardrop, Ping of Death, and IP Options defense
Chapter 17: Denial of Service Defenses212 Section II: Advanced OperationsDenial of Service Defense GuidelinesBelow are guidelines to observe when usin
Section II: Advanced Operations 213Chapter 18Power Over EthernetThis chapter contains background information on Power over Ethernet (PoE) for the AT-9
Chapter 18: Power Over Ethernet214 Section II: Advanced OperationsSupported PlatformsRefer to Table 62 and Table 63 for the AT-9400 Switch and the man
AT-S63 Management Software Menus User’s GuideSection II: Advanced Operations 215OverviewPower over Ethernet (PoE) is a mechanism for supplying power t
Chapter 18: Power Over Ethernet216 Section II: Advanced OperationsPower BudgetingThe AT-9424T/POE Switch has a maximum power budget of 380 watts. The
AT-S63 Management Software Menus User’s GuideSection II: Advanced Operations 217Port PrioritizationPort prioritization is used to control which ports
Chapter 18: Power Over Ethernet218 Section II: Advanced OperationsPoE Device ClassesThe IEEE 802.3af standard specifies four levels of classes for pow
Section III: Snooping Protocols 219Section IIISnooping ProtocolsThe chapters in this section contain overview information on the snooping protocols. T
Preface22How This Guide is OrganizedThis guide has the following sections and chapters: Section I: Basic OperationsChapter 1, “Overview” on page 33Ch
220 Section III: Snooping Protocols
Section III: Snooping Protocols 221Chapter 19Internet Group Management Protocol SnoopingThis chapter explains the Internet Group Management Protocol (
Chapter 19: Internet Group Management Protocol Snooping222 Section III: Snooping ProtocolsSupported PlatformsRefer to Table 64 and Table 65 for the AT
AT-S63 Management Software Features GuideSection III: Snooping Protocols 223OverviewIPv4 routers use IGMP to create lists of nodes that are members of
Chapter 19: Internet Group Management Protocol Snooping224 Section III: Snooping ProtocolsWithout IGMP snooping a switch would have to flood multicast
Section III: Snooping Protocols 225Chapter 20 Internet Group Management Protocol Snooping QuerierThis chapter explains IGMP snooping querier and conta
Chapter 20: Internet Group Management Protocol Snooping Querier226 Section III: Snooping ProtocolsSupported PlatformsRefer to Table 66 and Table 67 fo
AT-S63 Management Software Features GuideSection III: Snooping Protocols 227OverviewMulticast routers are essential for IP multicasting. They send out
Chapter 20: Internet Group Management Protocol Snooping Querier228 Section III: Snooping ProtocolsFigure 25. IGMP Snooping Querier Example 1The next e
AT-S63 Management Software Features GuideSection III: Snooping Protocols 229Figure 26. IGMP Snooping Querier Example 2 Multicast source:IP address: 1
AT-S63 Management Software Features Guide23Chapter 23, “Ethernet Protection Switching Ring Snooping” on page 243 Section IV: SNMPv3Chapter 24, “SNMPv
Chapter 20: Internet Group Management Protocol Snooping Querier230 Section III: Snooping ProtocolsGuidelinesThe guidelines for IGMP snooping querier a
AT-S63 Management Software Features GuideSection III: Snooping Protocols 231Configuring the FeatureThe procedures in this section illustrate how to us
Chapter 20: Internet Group Management Protocol Snooping Querier232 Section III: Snooping Protocols5. To confirm that IGMP snooping and IGMP snooping q
AT-S63 Management Software Features GuideSection III: Snooping Protocols 2332. To enable IGMP snooping:awplus(config)# ip igmp snooping3. To enable IG
Chapter 20: Internet Group Management Protocol Snooping Querier234 Section III: Snooping Protocols
Section III: Snooping Protocols 235Chapter 21Multicast Listener Discovery SnoopingThis chapter explains Multicast Listener Discovery (MLD) snooping:
Chapter 21: Multicast Listener Discovery Snooping236 Section III: Snooping ProtocolsSupported PlatformsRefer to Table 68 and Table 69 for the AT-9400
AT-S63 Management Software Features GuideSection III: Snooping Protocols 237OverviewMLD snooping performs the same function as IGMP snooping. The swit
Chapter 21: Multicast Listener Discovery Snooping238 Section III: Snooping Protocols
Section III: Snooping Protocols 239Chapter 22 Router Redundancy Protocol SnoopingThis chapter explains Router Redundancy Protocol (RRP) snooping and c
Preface24Appendix B, “SNMPv3 Configuration Examples” on page 543Appendix C, “Features and Standards” on page 549Appendix D, “MIB Objects” on page 557
Chapter 22: Router Redundancy Protocol Snooping240 Section III: Snooping ProtocolsSupported PlatformsRefer to Table 70 and Table 71 for the AT-9400 Sw
AT-S63 Management Software Features GuideSection III: Snooping Protocols 241OverviewThe Router Redundancy Protocol (RRP) allows multiple routers to sh
Chapter 22: Router Redundancy Protocol Snooping242 Section III: Snooping ProtocolsGuidelinesThe following guidelines apply to the RRP snooping feature
Section III: Snooping Protocols 243Chapter 23Ethernet Protection Switching Ring SnoopingThis chapter has the following sections: “Supported Platforms
Chapter 23: Ethernet Protection Switching Ring Snooping244 Section III: Snooping ProtocolsSupported PlatformsRefer to Table 72 and Table 73 for the AT
AT-S63 Management Software Features GuideSection III: Snooping Protocols 245OverviewEthernet Protection Switching Ring is a feature found on selected
Chapter 23: Ethernet Protection Switching Ring Snooping246 Section III: Snooping ProtocolsAfter creating the VLANs, you activate EPSR snooping by spec
AT-S63 Management Software Features GuideSection III: Snooping Protocols 247RestrictionsEPSR snooping has three important restrictions. All the restri
Chapter 23: Ethernet Protection Switching Ring Snooping248 Section III: Snooping ProtocolsFigure 29. Double Fault Condition in EPSR SnoopingNow assume
AT-S63 Management Software Features GuideSection III: Snooping Protocols 249GuidelinesThe guidelines to EPSR snooping are: The AT-9400 Switch can sup
AT-S63 Management Software Features Guide25Product DocumentationFor overview information on the features of the AT-9400 Switches and the AT-S63 Manage
Chapter 23: Ethernet Protection Switching Ring Snooping250 Section III: Snooping Protocols
Section IV: SNMPv3 251Section IVSNMPv3The chapter in this section contains overview information on SNMPv3. The chapter is: Chapter 24, ”SNMPv3” on pa
252 Section IV: SNMPv3
Section IV: SNMPv3 253Chapter 24SNMPv3This chapter provides a description of the AT-S63 implementation of the SNMPv3 protocol. The following sections
Chapter 24: SNMPv3254 Section IV: SNMPv3Supported PlatformsRefer to Table 74 and Table 75 for the AT-9400 Switches and the management interfaces that
AT-S63 Management Software Features GuideSection IV: SNMPv3 255OverviewThe SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implemen
Chapter 24: SNMPv3256 Section IV: SNMPv3SNMPv3 Authentication ProtocolsThe SNMPv3 protocol supports two authentication protocols—HMAC-MD5-96 (MD5) and
AT-S63 Management Software Features GuideSection IV: SNMPv3 257SNMPv3 Privacy ProtocolAfter you have configured an authentication protocol, you have t
Chapter 24: SNMPv3258 Section IV: SNMPv3SNMPv3 MIB ViewsThe SNMPv3 protocol allows you to configure MIB views for users and groups. The MIB tree is de
AT-S63 Management Software Features GuideSection IV: SNMPv3 259After you specify a MIB subtree view you have the option of further restricting a view
Preface26Where to Go FirstAllied Telesis recommends that you read Chapter 1, “Overview” on page 33 in this guide before you begin to manage the switch
Chapter 24: SNMPv3260 Section IV: SNMPv3SNMPv3 Storage TypesEach SNMPv3 table entry has its own storage type. You can choose between nonvolatile stora
AT-S63 Management Software Features GuideSection IV: SNMPv3 261SNMPv3 Message NotificationWhen you generate an SNMPv3 message from the switch, there a
Chapter 24: SNMPv3262 Section IV: SNMPv3SNMPv3 Tables The SNMPv3 configuration is neatly divided into configuring SNMPv3 user information and configur
AT-S63 Management Software Features GuideSection IV: SNMPv3 263 Configure SNMPv3 Notify Table Configure SNMPv3 Target Address Table Configure SNMPv
Chapter 24: SNMPv3264 Section IV: SNMPv3 “SNMPv3 Target Parameters Table” on page 265 “SNMPv3 Community Table” on page 265SNMPv3 UserTableThe Config
AT-S63 Management Software Features GuideSection IV: SNMPv3 265SNMPv3 NotifyTableThe Configure SNMPv3 Notify Table menu allows you to define the type
Chapter 24: SNMPv3266 Section IV: SNMPv3SNMPv3 Configuration ExampleYou may want to have two classes of SNMPv3 users—Managers and Operators. In this s
Section V: Spanning Tree Protocols 267Section VSpanning Tree ProtocolsThe section has the following chapters: Chapter 25, “Spanning Tree and Rapid Sp
268 Section V: Spanning Tree Protocols
Section V: Spanning Tree Protocols 269Chapter 25Spanning Tree and Rapid Spanning Tree ProtocolsThis chapter provides background information on the Spa
AT-S63 Management Software Features Guide27Starting a Management SessionFor instructions on how to start a local or remote management session on the A
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols270 Section V: Spanning Tree ProtocolsSupported PlatformsRefer to Table 76 and Table 77 for
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 271OverviewThe performance of a Ethernet network can be negatively impacte
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols272 Section V: Spanning Tree ProtocolsBridge Priority and the Root BridgeThe first task tha
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 273Path Costs andPort CostsAfter the root bridge has been selected, the br
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols274 Section V: Spanning Tree ProtocolsTable 80 lists the STP port costs with Auto-Detect wh
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 275Table 83. Port Priority Value IncrementsIncrementBridge Priority Increm
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols276 Section V: Spanning Tree ProtocolsForwarding Delay and Topology ChangesIf there is a ch
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 277seconds and the default is two seconds. Consequently, if the AT-9400 Sw
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols278 Section V: Spanning Tree ProtocolsFigure 34. Edge PortA port can be both a point-to-poi
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 279Mixed STP and RSTP NetworksRSTP IEEE 802.1w is fully compliant with STP
Preface28Document ConventionsThis document uses the following conventions:NoteNotes provide additional information.CautionCautions inform you that per
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols280 Section V: Spanning Tree ProtocolsSpanning Tree and VLANsThe STP and RSTP implementatio
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 281RSTP BPDU GuardThis feature monitors RSTP edge ports on stand-alone swi
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols282 Section V: Spanning Tree Protocols BPDU guard is supported only on RSTP. It is not sup
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 283RSTP Loop GuardAlthough RSTP is intended to detect and prevent the form
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols284 Section V: Spanning Tree ProtocolsThis feature is supported on the base ports of the sw
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 285Figure 38. Loop Guard Example 2But if loop guard is enabled on port 14
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols286 Section V: Spanning Tree ProtocolsIn the first example the root bridge stops transmitti
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 287Figure 41. Loop Guard Example 5 Switch 3Switch 1Old root bridgeRSTP s
Chapter 25: Spanning Tree and Rapid Spanning Tree Protocols288 Section V: Spanning Tree Protocols
Section V: Spanning Tree Protocols 289Chapter 26Multiple Spanning Tree ProtocolThis chapter provides background information on the Multiple Spanning T
AT-S63 Management Software Features Guide29Contacting Allied TelesisThis section provides Allied Telesis contact information for technical support and
Chapter 26: Multiple Spanning Tree Protocol290 Section V: Spanning Tree ProtocolsSupported PlatformsRefer to Table 84 and Table 85 for the AT-9400 Swi
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 291OverviewAs mentioned in Chapter 25, ”Spanning Tree and Rapid Spanning T
Chapter 26: Multiple Spanning Tree Protocol292 Section V: Spanning Tree ProtocolsMultiple Spanning Tree Instance (MSTI)The individual spanning trees i
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 293Figure 42. VLAN Fragmentation with STP or RSTPBlocked PortFAULTRPSMASTE
Chapter 26: Multiple Spanning Tree Protocol294 Section V: Spanning Tree ProtocolsFigure 43 illustrates the same two AT-9400 Switches and the same two
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 295A MSTI can contain more than one VLAN. This is illustrated in Figure 44
Chapter 26: Multiple Spanning Tree Protocol296 Section V: Spanning Tree ProtocolsMSTI GuidelinesThe following are several guidelines to keep in mind a
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 297VLAN and MSTI AssociationsPart of the task to configuring MSTP involves
Chapter 26: Multiple Spanning Tree Protocol298 Section V: Spanning Tree ProtocolsPorts in Multiple MSTIsA port can be a member of more than one MSTI a
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 299Multiple Spanning Tree RegionsAnother important concept of MSTP is regi
3Preface ...
Preface30
Chapter 26: Multiple Spanning Tree Protocol300 Section V: Spanning Tree ProtocolsFigure 45 illustrates the concept of regions. It shows one MSTP regio
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 301The same is true for any ports connected to bridges running the single-
Chapter 26: Multiple Spanning Tree Protocol302 Section V: Spanning Tree ProtocolsCommon andInternalSpanning Tree(CIST)MSTP has a default spanning tree
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 303Summary of GuidelinesCareful planning is essential for the successful i
Chapter 26: Multiple Spanning Tree Protocol304 Section V: Spanning Tree ProtocolsNoteThe AT-S63 MSTP implementation complies fully with the new IEEE 8
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 305Associating VLANs to MSTIsAllied Telesis recommends that you assign all
Chapter 26: Multiple Spanning Tree Protocol306 Section V: Spanning Tree ProtocolsFigure 47. CIST and VLAN Guideline - Example 2When port 4 on switch B
AT-S63 Management Software Features GuideSection V: Spanning Tree Protocols 307Connecting VLANs Across Different RegionsSpecial consideration needs to
Chapter 26: Multiple Spanning Tree Protocol308 Section V: Spanning Tree ProtocolsAnother approach is to group those VLANs that need to span regions in
Section VI: Virtual LANs 309Section VIVirtual LANsThe chapters in this section discuss the various types of virtual LANs supported by the AT-9400 Swit
Section I: Basic Operations 31Section IBasic OperationsThe chapters in this section contain background information on basic switch features. The chapt
310 Section VI: Virtual LANs
Section VI: Virtual LANs 311Chapter 27 Port-based and Tagged VLANsThis chapter contains overview information about port-based and tagged virtual LANs
Chapter 27: Port-based and Tagged VLANs312 Section VI: Virtual LANsSupported PlatformsRefer to Table 86 and Table 87 for the AT-9400 Switches and the
AT-S63 Management Software Features GuideSection VI: Virtual LANs 313OverviewA VLAN is a group of ports on an Ethernet switch that form a logical Ethe
Chapter 27: Port-based and Tagged VLANs314 Section VI: Virtual LANsManagement Software. You can change the VLAN memberships through the management sof
AT-S63 Management Software Features GuideSection VI: Virtual LANs 315Port-based VLAN OverviewAs explained in “Overview” on page 313, a VLAN consists o
Chapter 27: Port-based and Tagged VLANs316 Section VI: Virtual LANsthree AT-9400 Switches, you would assign the Marketing VLAN on each switch the same
AT-S63 Management Software Features GuideSection VI: Virtual LANs 317Guidelines toCreating a Port-based VLANBelow are the guidelines to creating a por
Chapter 27: Port-based and Tagged VLANs318 Section VI: Virtual LANsPort-basedExample 1Figure 49 illustrates an example of one AT-9424T/SP Gigabit Ethe
AT-S63 Management Software Features GuideSection VI: Virtual LANs 319In the example, each VLAN has one port connected to the router. The router interc
32 Section I: Basic Operations
Chapter 27: Port-based and Tagged VLANs320 Section VI: Virtual LANsThe table below lists the port assignments for the Sales, Engineering, and Producti
AT-S63 Management Software Features GuideSection VI: Virtual LANs 321Tagged VLAN OverviewThe second type of VLAN supported by the AT-S63 Management So
Chapter 27: Port-based and Tagged VLANs322 Section VI: Virtual LANs Port VLAN IdentifierNoteFor explanations of VLAN name and VLAN identifier, refer
AT-S63 Management Software Features GuideSection VI: Virtual LANs 323Tagged VLANExampleFigure 51 illustrates how tagged ports can be used to interconn
Chapter 27: Port-based and Tagged VLANs324 Section VI: Virtual LANsThe port assignments for the VLANs are as follows:This example is nearly identical
Section VI: Virtual LANs 325Chapter 28GARP VLAN Registration ProtocolThis chapter describes the GARP VLAN Registration Protocol (GVRP) and contains th
Chapter 28: GARP VLAN Registration Protocol326 Section VI: Virtual LANsSupported PlatformsRefer to Table 88 and Table 89 for the AT-9400 Switches and
AT-S63 Management Software Features GuideSection VI: Virtual LANs 327OverviewThe GARP VLAN Registration Protocol (GVRP) allows network devices to shar
Chapter 28: GARP VLAN Registration Protocol328 Section VI: Virtual LANsFigure 52 provides an example of how GVRP works.Figure 52. GVRP Example Switche
AT-S63 Management Software Features GuideSection VI: Virtual LANs 329as an tagged dynamic GVRP port. If the port is already a member of the VLAN, then
33Chapter 1OverviewThis chapter has the following sections: “Layer 2+ and Basic Layer 3 Switches” on page 34 “AT-S63 Management Software” on page 40
Chapter 28: GARP VLAN Registration Protocol330 Section VI: Virtual LANsGuidelinesFollowing are guidelines to observe when using this feature: GVRP is
AT-S63 Management Software Features GuideSection VI: Virtual LANs 331GVRP and Network SecurityGVRP should be used with caution because it can expose y
Chapter 28: GARP VLAN Registration Protocol332 Section VI: Virtual LANsGVRP-inactive Intermediate SwitchesIf two GVRP-active devices are separated by
AT-S63 Management Software Features GuideSection VI: Virtual LANs 333Generic Attribute Registration Protocol (GARP) OverviewThe following is a technic
Chapter 28: GARP VLAN Registration Protocol334 Section VI: Virtual LANsGARP architecture is shown in Figure 53. Figure 53. GARP Architecture The GARP
AT-S63 Management Software Features GuideSection VI: Virtual LANs 335Figure 54. GID Architecture GARP registers and deregisters attribute values throu
Chapter 28: GARP VLAN Registration Protocol336 Section VI: Virtual LANsTo control the applicant state machine, an applicant administrative control par
Section VI: Virtual LANs 337Chapter 29Multiple VLAN ModesThis chapter describes the multiple VLAN modes. This chapter contains the following sections:
Chapter 29: Multiple VLAN Modes338 Section VI: Virtual LANsSupported PlatformsRefer to Table 90 and Table 91 for the AT-9400 Switches and the manageme
AT-S63 Management Software Features GuideSection VI: Virtual LANs 339OverviewThe multiple VLAN modes are designed to simplify the task of configuring
Chapter 1: Overview34Layer 2+ and Basic Layer 3 SwitchesThe switches in the AT-9400 Gigabit Ethernet Series are divided into two groups: Layer 2+ Swi
Chapter 29: Multiple VLAN Modes340 Section VI: Virtual LANs802.1Q- Compliant Multiple VLAN ModeIn this mode, each port is placed into a separate VLAN
AT-S63 Management Software Features GuideSection VI: Virtual LANs 341This highly segmented configuration is useful in situations where traffic generat
Chapter 29: Multiple VLAN Modes342 Section VI: Virtual LANsNon-802.1Q Compliant Multiple VLAN ModeUnlike the 802.1Q-compliant VLAN mode, which isolate
Section VI: Virtual LANs 343Chapter 30 Protected Ports VLANsThis chapter explains protected ports VLANs. It contains the following sections: “Support
Chapter 30: Protected Ports VLANs344 Section VI: Virtual LANsSupported PlatformsRefer to Table 93 and Table 94 for the AT-9400 Switches and the manage
AT-S63 Management Software Features GuideSection VI: Virtual LANs 345OverviewThe purpose of a protected ports VLAN is to allow multiple ports on the s
Chapter 30: Protected Ports VLANs346 Section VI: Virtual LANsTo create a protected ports VLAN, you perform many of the same steps that you do when you
AT-S63 Management Software Features GuideSection VI: Virtual LANs 347GuidelinesFollowing are the guidelines for implementing protected ports VLANS: A
Chapter 30: Protected Ports VLANs348 Section VI: Virtual LANs
Section VI: Virtual LANs 349Chapter 31MAC Address-based VLANsThis chapter contains overview information about MAC address-based VLANs. Sections in the
AT-S63 Management Software Features Guide35Multiple manager sessionsYYYYYY YTCP/IP pings YYYYYYYYY YEnhanced stacking YYYYYYYYYSimple Network Time Pro
Chapter 31: MAC Address-based VLANs350 Section VI: Virtual LANsSupported PlatformsRefer to Table 95 and Table 96 for the AT-9400 Switches and the mana
AT-S63 Management Software Features GuideSection VI: Virtual LANs 351OverviewAs explained in “Overview” on page 313, VLANs are a means for creating in
Chapter 31: MAC Address-based VLANs352 Section VI: Virtual LANsEgress PortsImplementing a MAC address-based VLAN involves more than entering the MAC a
AT-S63 Management Software Features GuideSection VI: Virtual LANs 353The community characteristic of egress ports relieves you from having to map each
Chapter 31: MAC Address-based VLANs354 Section VI: Virtual LANsIf security is a major concern for your network, you might not want to assign a port as
AT-S63 Management Software Features GuideSection VI: Virtual LANs 355VLANs That Span SwitchesTo create a MAC address-based VLAN that spans switches, y
Chapter 31: MAC Address-based VLANs356 Section VI: Virtual LANsTable 99. Example of a MAC Address-based VLAN Spanning SwitchesSwitch A Switch BVLAN Na
AT-S63 Management Software Features GuideSection VI: Virtual LANs 357VLAN HierarchyThe switch’s management software employs a VLAN hierarchy when hand
Chapter 31: MAC Address-based VLANs358 Section VI: Virtual LANsSteps to Creating a MAC Address-based VLANHere are the three main steps to creating a M
AT-S63 Management Software Features GuideSection VI: Virtual LANs 359GuidelinesFollow these guidelines when implementing a MAC address-based VLAN: MA
Chapter 1: Overview36Class of Service YYYYYYYYY YQuality of Service YYYYYYYYY YGroup link control YYYYYY YDenial of service defensesYYYYYYYYYPower ove
Chapter 31: MAC Address-based VLANs360 Section VI: Virtual LANs Egress ports cannot be part of a static or LACP trunk. Since this type of VLAN does
Section VII: Internet Protocol Routing 361Section VIIInternet Protocol RoutingThis section has the following chapters: Chapter 32, “Internet Protocol
362 Section VII: Internet Protocol Routing
363Chapter 32Internet Protocol Version 4 Packet RoutingThis chapter describes Internet Protocol version 4 (IPv4) packet routing on the AT-9400 Basic L
Chapter 32: Internet Protocol Version 4 Packet Routing364 Section VII: RoutingSupported PlatformsRefer to Table 100 and Table 101 for the AT-9400 Swit
AT-S63 Management Software Features GuideSection VII: Routing 365Features” on page 384 and “AT-9408LC/SP AT-9424T/GB, and AT-9424T/SP Switches” on pag
Chapter 32: Internet Protocol Version 4 Packet Routing366 Section VII: RoutingOverviewThis section contains an overview of the IPv4 routing feature on
AT-S63 Management Software Features GuideSection VII: Routing 367At the end of this overview are two examples that illustrate the sequence of commands
Chapter 32: Internet Protocol Version 4 Packet Routing368 Section VII: RoutingRouting InterfacesThe IPv4 packet routing feature on the switch is built
AT-S63 Management Software Features GuideSection VII: Routing 369NoteRouting interfaces can be configured from either the command line interface or th
AT-S63 Management Software Features Guide37Table 4. SNMPv3Layer 2+ Switches Basic Layer 3 Switches08LC 24GB 24SP 24T24T POE24Ts 24XP 48SP 48XP StackSN
Chapter 32: Internet Protocol Version 4 Packet Routing370 Section VII: Routingthe other interfaces in the same VLAN must be assigned manually. For exa
AT-S63 Management Software Features GuideSection VII: Routing 371Interface NamesMany of the IPv4 routing commands have a parameter for an interface na
Chapter 32: Internet Protocol Version 4 Packet Routing372 Section VII: RoutingStatic RoutesIn order for the switch to route an IPv4 packet to a remote
AT-S63 Management Software Features GuideSection VII: Routing 373The commands for managing static routes are ADD IP ROUTE, DELETE IP ROUTE, and SET IP
Chapter 32: Internet Protocol Version 4 Packet Routing374 Section VII: RoutingRouting Information Protocol (RIP)A switch can automatically learn route
AT-S63 Management Software Features GuideSection VII: Routing 375NoteA RIP version 2 password is sent in plaintext. The AT-S63 Management Software doe
Chapter 32: Internet Protocol Version 4 Packet Routing376 Section VII: RoutingDefault RoutesA default route is a “match all” destination entry in the
AT-S63 Management Software Features GuideSection VII: Routing 377Equal-cost Multi-path (ECMP) RoutingWhen there are multiple routes in the routing tab
Chapter 32: Internet Protocol Version 4 Packet Routing378 Section VII: RoutingECMP also applies to default routes. This enables the switch to store up
AT-S63 Management Software Features GuideSection VII: Routing 379Routing TableThe switch maintains its routing information in a table of routes that t
Chapter 1: Overview38GARP VLAN Registration ProtocolYYYYYYYYYProtected ports VLANsYYYYYYYYYMAC address-based VLANsYYYYYYTable 6. Virtual LANsLayer 2+
Chapter 32: Internet Protocol Version 4 Packet Routing380 Section VII: RoutingRoute Selection ProcessHere is the route selection process the switch go
AT-S63 Management Software Features GuideSection VII: Routing 381Address Resolution Protocol (ARP) TableThe switch maintains an ARP table of IP addres
Chapter 32: Internet Protocol Version 4 Packet Routing382 Section VII: RoutingInternet Control Message Protocol (ICMP)ICMP allows routers to send erro
AT-S63 Management Software Features GuideSection VII: Routing 383Time to Live Exceeded (11) If the TTL field in a packet falls to zero the switch will
Chapter 32: Internet Protocol Version 4 Packet Routing384 Section VII: RoutingRouting Interfaces and Management FeaturesRouting interfaces are primary
AT-S63 Management Software Features GuideSection VII: Routing 385As an example, assume you decided not to implement the IPv4 routing feature on a swit
Chapter 32: Internet Protocol Version 4 Packet Routing386 Section VII: RoutingPinging a RemoteDeviceThis function is used to validate the existence of
AT-S63 Management Software Features GuideSection VII: Routing 387Local InterfaceThe local interface is used with the enhanced stacking feature. It is
Chapter 32: Internet Protocol Version 4 Packet Routing388 Section VII: RoutingAT-9408LC/SP AT-9424T/GB, and AT-9424T/SP SwitchesThe AT-9408LC/SP, AT-9
AT-S63 Management Software Features GuideSection VII: Routing 389NoteThe AT-9408LC/SP, AT-9424T/GB, and AT-9424T/SP Switches do not use the ARP table
AT-S63 Management Software Features Guide39Table 8. Port SecurityLayer 2+ Switches Basic Layer 3 Switches08LC 24GB 24SP 24T24T POE24Ts 24XP 48SP 48XP
Chapter 32: Internet Protocol Version 4 Packet Routing390 Section VII: RoutingRouting Command ExampleThis section contains an example of the IPv4 rout
AT-S63 Management Software Features GuideSection VII: Routing 391Creating theVLANsThe first step is to create the VLANs for the local subnets on the s
Chapter 32: Internet Protocol Version 4 Packet Routing392 Section VII: Routingcommand.Adding a StaticRoute andDefault RouteBuilding on our example, as
AT-S63 Management Software Features GuideSection VII: Routing 393Adding RIP Rather than adding the static routes to remote destinations, or perhaps to
Chapter 32: Internet Protocol Version 4 Packet Routing394 Section VII: RoutingNon-routing Command ExampleThis example illustrates how to assign an IP
AT-S63 Management Software Features GuideSection VII: Routing 395The following command creates a default route for the example and specifies the next
Chapter 32: Internet Protocol Version 4 Packet Routing396 Section VII: RoutingUpgrading from AT-S63 Version 1.3.0 or EarlierWhen the AT-9400 Switch ru
397Chapter 33BOOTP Relay AgentThis chapter has the following sections: “Supported Platforms” on page 398 “Overview” on page 399 “Guidelines” on pag
Chapter 33: BOOTP Relay Agent398 Section VII: RoutingSupported PlatformsRefer to Table 104 and Table 105 for the AT-9400 Switches and the management i
AT-S63 Management Software Features GuideSection VII: Routing 399OverviewThe AT-S63 Management Software comes with a BOOTP relay agent for relaying BO
Contents4Chapter 2: AT-9400Ts Stacks ...
Chapter 1: Overview40AT-S63 Management SoftwareThe AT-9400 Switch is managed with the AT-S63 Management Software. The software comes preinstalled on t
Chapter 33: BOOTP Relay Agent400 Section VII: RoutingA routing interface that receives a BOOTP reply from a server inspects the broadcast flag field i
AT-S63 Management Software Features GuideSection VII: Routing 401GuidelinesThese guidelines apply to the BOOTP relay agent: A routing interface funct
Chapter 33: BOOTP Relay Agent402 Section VII: Routing
403Chapter 34Virtual Router Redundancy ProtocolThe chapter has the following sections: “Supported Platforms” on page 404 “Overview” on page 405 “Ma
Chapter 34: Virtual Router Redundancy Protocol404 Section VII: RoutingSupported PlatformsRefer to Table 106 and Table 107 for the AT-9400 Switches and
AT-S63 Management Software Features GuideSection VII: Routing 405OverviewThis chapter describes the Virtual Router Redundancy Protocol (VRRP) of the A
Chapter 34: Virtual Router Redundancy Protocol406 Section VII: RoutingMaster SwitchThe virtual router has a virtual MAC address known by all the switc
AT-S63 Management Software Features GuideSection VII: Routing 407Backup SwitchesAll the other switches participating in the virtual router are designa
Chapter 34: Virtual Router Redundancy Protocol408 Section VII: RoutingInterface MonitoringThe virtual router can monitor certain interfaces to change
AT-S63 Management Software Features GuideSection VII: Routing 409Port MonitoringPort monitoring is the process of detecting the failure of ports that
AT-S63 Management Software Features Guide41Management InterfacesThe AT-S63 Management Software has four management interfaces: Standard command line
Chapter 34: Virtual Router Redundancy Protocol410 Section VII: RoutingVRRP on the SwitchVRRP is disabled by default. When a virtual router is created
AT-S63 Management Software Features GuideSection VII: Routing 411prevents a switch from inadvertently backing up another switch. The authentication ty
Chapter 34: Virtual Router Redundancy Protocol412 Section VII: Routing
Section VIII: Port Security 413Section VIIIPort SecurityThe chapters in this section contain overview information on the port security features of the
414 Section VIII: Port Security
Section VIII: Port Security 415Chapter 35MAC Address-based Port SecurityThe sections in this chapter include: “Supported Platforms” on page 416 “Ove
Chapter 35: MAC Address-based Port Security416 Section VIII: Port SecuritySupported PlatformsRefer to Table 108 and Table 109 for the AT-9400 Switches
AT-S63 Management Software Features GuideSection VIII: Port Security 417OverviewYou can use this feature to enhance the security of your network by co
Chapter 35: MAC Address-based Port Security418 Section VIII: Port SecuritySecured This security level uses only static MAC addresses assigned to a por
AT-S63 Management Software Features GuideSection VIII: Port Security 419Invalid Frames and Intrusion ActionsWhen a port receives an invalid frame, it
Chapter 1: Overview42In other cases, a management interface might support only part of a function. For example, you can set a switch or stack’s name,
Chapter 35: MAC Address-based Port Security420 Section VIII: Port SecurityGuidelinesThe following guidelines apply to MAC address-based port security:
Section VIII: Port Security 421Chapter 36802.1x Port-based Network Access ControlThe sections in this chapter are: “Supported Platforms” on page 422
Chapter 36: 802.1x Port-based Network Access Control422 Section VIII: Port SecuritySupported PlatformsRefer to Table 110 and Table 111 for the AT-9400
AT-S63 Management Software Features GuideSection VIII: Port Security 423OverviewThe AT-S63 Management Software has several different methods for prote
Chapter 36: 802.1x Port-based Network Access Control424 Section VIII: Port Security Authentication server - The authentication server is the network
AT-S63 Management Software Features GuideSection VIII: Port Security 425Authentication ProcessBelow is a brief overview of the authentication process
Chapter 36: 802.1x Port-based Network Access Control426 Section VIII: Port SecurityPort RolesPart of the task of implementing this feature is specifyi
AT-S63 Management Software Features GuideSection VIII: Port Security 427Assigning unique username and password combinations to your network users and
Chapter 36: 802.1x Port-based Network Access Control428 Section VIII: Port SecurityNoteA supplicant connected to an authenticator port set to force-au
AT-S63 Management Software Features GuideSection VIII: Port Security 429Authenticator Ports with Single and Multiple SupplicantsAn authenticator port
AT-S63 Management Software Features Guide43Baud rate of the Terminal Port Y Y Y Y YManagement console timer Y Y Y Y YTelnet server YYY YYConsole start
Chapter 36: 802.1x Port-based Network Access Control430 Section VIII: Port SecurityFigure 57. Authenticator Port in Single Operating Mode with a Singl
AT-S63 Management Software Features GuideSection VIII: Port Security 431Figure 58. Single Operating Mode with Multiple Clients Using the Piggy-back Fe
Chapter 36: 802.1x Port-based Network Access Control432 Section VIII: Port SecurityIf the clients are connected to an 802.1x-compliant device, such as
AT-S63 Management Software Features GuideSection VIII: Port Security 433Figure 60. Single Operating Mode with Multiple Clients Using the Piggy-back Fe
Chapter 36: 802.1x Port-based Network Access Control434 Section VIII: Port SecurityAn example of this authenticator operating mode is illustrated in F
AT-S63 Management Software Features GuideSection VIII: Port Security 435none, port 6 on switch A will discard the packets because switch B would not b
Chapter 36: 802.1x Port-based Network Access Control436 Section VIII: Port SecuritySupplicant and VLAN AssociationsOne of the challenges to managing a
AT-S63 Management Software Features GuideSection VIII: Port Security 437Single OperatingModeHere are the operating characteristics for the switch when
Chapter 36: 802.1x Port-based Network Access Control438 Section VIII: Port SecurityGuest VLANAn authenticator port in the unauthorized state typically
AT-S63 Management Software Features GuideSection VIII: Port Security 439RADIUS AccountingThe AT-S63 Management Software supports RADIUS accounting for
Chapter 1: Overview444. You cannot upload or download files to a compact flash card with the web browser windows. Also, that interface does not suppor
Chapter 36: 802.1x Port-based Network Access Control440 Section VIII: Port SecurityGeneral StepsHere are the general steps to implementing 802.1x Port
AT-S63 Management Software Features GuideSection VIII: Port Security 441GuidelinesThe following are general guidelines to using this feature: Ports o
Chapter 36: 802.1x Port-based Network Access Control442 Section VIII: Port Security An authenticator port cannot be part of a static port trunk, LACP
AT-S63 Management Software Features GuideSection VIII: Port Security 443Here are guidelines for adding VLAN assignments to supplicant accounts on a RA
Chapter 36: 802.1x Port-based Network Access Control444 Section VIII: Port Security
Section IX: Management Security 445Section IXManagement SecurityThe chapters in this section describe the management security features of the AT-9400
446 Section IX: Management Security
Section IX: Management Security 447Chapter 37Web ServerThe sections in this chapter are: “Supported Platforms” on page 448 “Overview” on page 449 “
Chapter 37: Web Server448 Section IX: Management SecuritySupported PlatformsRefer to Table 112 and Table 113 for the AT-9400 Switches and the manageme
AT-S63 Management Software Features GuideSection IX: Management Security 449OverviewThe AT-S63 Management Software has a web server and a special web
AT-S63 Management Software Features Guide45Multiple Spanning Tree Protocol (MSTP)YYYYTable 15. Management Interfaces for Spanning Tree ProtocolsStand-
Chapter 37: Web Server450 Section IX: Management SecurityConfiguring the Web Server for HTTPThe following steps configure the web server for non-secur
AT-S63 Management Software Features GuideSection IX: Management Security 451Configuring the Web Server for HTTPSThe following sections outline the ste
Chapter 37: Web Server452 Section IX: Management Security6. After receiving the certificates from the CA, download them into the switch’s file system
Section IX: Management Security 453Chapter 38Encryption KeysThe sections in this chapter are: “Supported Platforms” on page 454 “Overview” on page 4
Chapter 38: Encryption Keys454 Section IX: Management SecuritySupported PlatformsRefer to Table 114 and Table 115 for the AT-9400 Switches and the man
AT-S63 Management Software Features GuideSection IX: Management Security 455OverviewProtecting your managed switches from unauthorized management acce
Chapter 38: Encryption Keys456 Section IX: Management SecurityEncryption Key LengthWhen you create a key pair, you have to specify its length in bits.
AT-S63 Management Software Features GuideSection IX: Management Security 457Encryption Key GuidelinesObserve the following guidelines when creating an
Chapter 38: Encryption Keys458 Section IX: Management SecurityTechnical OverviewThe encryption feature provides the following data security services:
AT-S63 Management Software Features GuideSection IX: Management Security 459algorithm and key. For a given input block of plaintext ECB always produce
Chapter 1: Overview46Table 18. Management Interfaces for Port SecurityStand-alone Switches StacksSCL ACL M WB SCL ACL WBMAC address-based port securit
Chapter 38: Encryption Keys460 Section IX: Management Securitysecret. Only the decryption, or private key, needs to be kept secret. The other name for
AT-S63 Management Software Features GuideSection IX: Management Security 461 It is very hard to find another message and key which give the same hash
Chapter 38: Encryption Keys462 Section IX: Management SecurityA Diffie-Hellman algorithm requires more processing overhead than RSA-based key exchange
Section IX: Management Security 463Chapter 39PKI Certificates and SSLThe sections in this chapter are: “Supported Platforms” on page 464 “Overview”
Chapter 39: PKI Certificates and SSL464 Section IX: Management SecuritySupported PlatformsRefer to Table 116 and Table 117 for the AT-9400 Switches an
AT-S63 Management Software Features GuideSection IX: Management Security 465OverviewThis chapter describes the second part of the encryption feature o
Chapter 39: PKI Certificates and SSL466 Section IX: Management Securitynetwork equipment. With private CAs, companies can keep track of the certificat
AT-S63 Management Software Features GuideSection IX: Management Security 467Distinguished NamesPart of the task to creating a self-signed certificate
Chapter 39: PKI Certificates and SSL468 Section IX: Management SecurityIf your network has a Domain Name System and you mapped a name to the IP addres
AT-S63 Management Software Features GuideSection IX: Management Security 469SSL and Enhanced StackingSecure Sockets Layer (SSL) is supported in an enh
AT-S63 Management Software Features Guide47Management Access MethodsYou can access the AT-S63 Management Software on a switch several ways: Local ses
Chapter 39: PKI Certificates and SSL470 Section IX: Management SecurityGuidelinesThe guidelines for creating certificates are: A certificate can have
AT-S63 Management Software Features GuideSection IX: Management Security 471Technical OverviewThis section describes the Secure Sockets Layer (SSL) fe
Chapter 39: PKI Certificates and SSL472 Section IX: Management SecuritySSL uses asymmetrical (Public Key) encryption to establish a connection between
AT-S63 Management Software Features GuideSection IX: Management Security 473To verify the authenticity of a server, the server has a public and privat
Chapter 39: PKI Certificates and SSL474 Section IX: Management Securitythis, and other attacks, PKI provides a means for secure transfer of public key
AT-S63 Management Software Features GuideSection IX: Management Security 475Elements of aPublic KeyInfrastructureA public key infrastructure is a set
Chapter 39: PKI Certificates and SSL476 Section IX: Management SecurityCertificateValidationTo validate a certificate, the end entity verifies the sig
AT-S63 Management Software Features GuideSection IX: Management Security 477PKIImplementationThe following sections discuss the implementation of PKI
Chapter 39: PKI Certificates and SSL478 Section IX: Management Security
Section IX: Management Security 479Chapter 40Secure Shell (SSH)The sections in this chapter are: “Supported Platforms” on page 480 “Overview” on pag
Chapter 1: Overview48Remote SecureShell (SSH)SessionsThe AT-S63 Management Software also has a Secure Shell (SSH) server for remote management from SS
Chapter 40: Secure Shell (SSH)480 Section IX: Management SecuritySupported PlatformsRefer to Table 118 and Table 119 for the AT-9400 Switches and the
AT-S63 Management Software Features GuideSection IX: Management Security 481OverviewSecure management is increasingly important in modern networks, as
Chapter 40: Secure Shell (SSH)482 Section IX: Management SecuritySupport for SSHThe AT-S63 implementation of the SSH protocol is compliant with the SS
AT-S63 Management Software Features GuideSection IX: Management Security 483SSH ServerWhen the SSH server is enabled, connections from SSH clients are
Chapter 40: Secure Shell (SSH)484 Section IX: Management SecuritySSH ClientsThe SSH protocol provides a secure connection between the switch and SSH c
AT-S63 Management Software Features GuideSection IX: Management Security 485SSH and Enhanced StackingThe AT-S63 Management Software allows for encrypt
Chapter 40: Secure Shell (SSH)486 Section IX: Management SecurityBecause enhanced stacking does not allow for SSH encrypted management sessions betwee
AT-S63 Management Software Features GuideSection IX: Management Security 487SSH Configuration GuidelinesHere are the guidelines to configuring SSH: S
Chapter 40: Secure Shell (SSH)488 Section IX: Management SecurityGeneral Steps to Configuring SSHConfiguring the SSH server involves the following pro
Section IX: Management Security 489Chapter 41TACACS+ and RADIUS ProtocolsThis chapter describes the two authentication protocols TACACS+ and RADIUS. S
AT-S63 Management Software Features Guide49Manager Access LevelsThe AT-S63 Management Software has two manager access levels of manager and operator.
Chapter 41: TACACS+ and RADIUS Protocols490 Section IX: Management SecuritySupported PlatformsRefer to Table 120 and Table 121 for the AT-9400 Switche
AT-S63 Management Software Features GuideSection IX: Management Security 491OverviewTACACS+ and RADIUS are authentication protocols that can enhance t
Chapter 41: TACACS+ and RADIUS Protocols492 Section IX: Management SecurityWhen a network manager logs in to a switch to manage the device, the switch
AT-S63 Management Software Features GuideSection IX: Management Security 493GuidelinesHere are the main steps to using the TACACS+ or RADIUS client on
Chapter 41: TACACS+ and RADIUS Protocols494 Section IX: Management Securitymaximum length for a password is 16 alphanumeric characters and spaces.– T
AT-S63 Management Software Features GuideSection IX: Management Security 495NoteIf no authentication server responds or if no servers have been define
Chapter 41: TACACS+ and RADIUS Protocols496 Section IX: Management Security
Section IX: Management Security 497Chapter 42Management Access Control ListThis chapter explains how to restrict Telnet and web browser management acc
Chapter 42: Management Access Control List498 Section IX: Management SecuritySupported PlatformsRefer to Table 122 and Table 123 for the AT-9400 Switc
AT-S63 Management Software Features GuideSection IX: Management Security 499OverviewThis chapter explains how to restrict remote management access to
AT-S63 Management Software Features Guide5Load Distribution Methods...
Chapter 1: Overview50Installation and Management ConfigurationsThe AT-9400 Switches can be installed in three configurations.Stand-aloneSwitchesAll th
Chapter 42: Management Access Control List500 Section IX: Management SecurityParts of a Management ACEAn ACE has the following three parts: IP addre
AT-S63 Management Software Features GuideSection IX: Management Security 501GuidelinesBelow are guidelines for the management ACL: The default settin
Chapter 42: Management Access Control List502 Section IX: Management SecurityExamplesFollowing are several examples of ACEs.This ACE allows the manage
AT-S63 Management Software Features GuideSection IX: Management Security 503The two ACEs in this management ACL permit remote management from the mana
Chapter 42: Management Access Control List504 Section IX: Management Security
505Appendix AAT-S63 Management Software Default SettingsThis appendix lists the factory default settings for the AT-S63 Management Software. The featu
Appendix A: AT-S63 Management Software Default Settings506 “System Name, Administrator, and Comments Settings” on page 537 “Telnet Server” on page 5
AT-S63 Management Software Features Guide507Address Resolution Protocol CacheThe following table lists the ARP cache default setting.ARP Cache Setting
Appendix A: AT-S63 Management Software Default Settings508Boot Configuration FileThe following table lists the names of the default configuration file
AT-S63 Management Software Features Guide509BOOTP Relay AgentThe following table lists the default setting for the BOOTP relay agent.BOOTP Relay Agent
AT-S63 Management Software Features Guide51IP ConfigurationDo you intend to remotely manage the switch with a Telnet or Secure Shell client, or a web
Appendix A: AT-S63 Management Software Default Settings510Class of ServiceThe following table lists the default mappings of IEEE 802.1p priority level
AT-S63 Management Software Features Guide511Denial of Service DefensesThe following table lists the default settings for the Denial of Service prevent
Appendix A: AT-S63 Management Software Default Settings512802.1x Port-Based Network Access ControlThe following table describes the 802.1x Port-based
AT-S63 Management Software Features Guide513The following table lists the default settings for a supplicant port.VLAN Assignment EnabledSecure VLAN On
Appendix A: AT-S63 Management Software Default Settings514Enhanced StackingThe following table lists the enhanced stacking default setting.Enhanced St
AT-S63 Management Software Features Guide515Ethernet Protection Switching Ring (EPSR) SnoopingThe following table lists the EPSR default setting.EPSR
Appendix A: AT-S63 Management Software Default Settings516Event LogsThe following table lists the default settings for both the permanent and temporar
AT-S63 Management Software Features Guide517GVRPThis section provides the default settings for GVRP.GVRP Setting DefaultStatus DisabledGIP Status Enab
Appendix A: AT-S63 Management Software Default Settings518IGMP SnoopingThe following table lists the IGMP Snooping default settings.IGMP Snooping Sett
AT-S63 Management Software Features Guide519Internet Protocol Version 4 Packet RoutingThe following table lists the IPv4 packet routing default settin
Chapter 1: Overview52Configuration FilesStand-alone switches and stacks store their parameter settings in configuration files in their file systems. T
Appendix A: AT-S63 Management Software Default Settings520Link-flap ProtectionThe following table lists the default settings for link-flap protection.
AT-S63 Management Software Features Guide521MAC Address-based Port SecurityThe following table lists the MAC address-based port security default setti
Appendix A: AT-S63 Management Software Default Settings522MAC Address TableThe following table lists the default setting for the MAC address table.MAC
AT-S63 Management Software Features Guide523Management Access Control ListThe following table lists the default setting for the management access cont
Appendix A: AT-S63 Management Software Default Settings524Manager and Operator AccountThe following table lists the manager and operator account defau
AT-S63 Management Software Features Guide525Multicast Listener Discovery SnoopingThe following table lists the MLD Snooping default settings.MLD Snoop
Appendix A: AT-S63 Management Software Default Settings526Public Key InfrastructureThe following table lists the PKI default settings, including the g
AT-S63 Management Software Features Guide527Port SettingsThe following table lists the port configuration default settings.Port Configuration Setting
Appendix A: AT-S63 Management Software Default Settings528RJ-45 Serial Terminal PortThe following table lists the RJ-45 serial terminal port default s
AT-S63 Management Software Features Guide529Router Redundancy Protocol SnoopingThe following table lists the RRP Snooping default setting.RRP Snooping
AT-S63 Management Software Features Guide53Redundant Twisted Pair PortsSeveral AT-9400 Switches have twisted pair ports and GBIC or SFP slots that are
Appendix A: AT-S63 Management Software Default Settings530Server-based Authentication (RADIUS and TACACS+)This section describes the server-based auth
AT-S63 Management Software Features Guide531Simple Network Management ProtocolThe following table describes the SNMP default settings.SNMP Communities
Appendix A: AT-S63 Management Software Default Settings532Simple Network Time ProtocolThe following table lists the SNTP default settings.SNTP Setting
AT-S63 Management Software Features Guide533Spanning Tree Protocols (STP, RSTP, and MSTP)This section provides the spanning tree, STP RSTP, and MSTP,
Appendix A: AT-S63 Management Software Default Settings534MultipleSpanning TreeProtocolThe following table lists the MSTP default settings.Loop Guard
AT-S63 Management Software Features Guide535Secure Shell ServerThe following table lists the SSH default settings.The SSH port number is not adjustabl
Appendix A: AT-S63 Management Software Default Settings536Secure Sockets LayerThe following table lists the SSL default settings.SSL Setting DefaultMa
AT-S63 Management Software Features Guide537System Name, Administrator, and Comments SettingsThe following table describes the IP default settings.IP
Appendix A: AT-S63 Management Software Default Settings538Telnet ServerThe following table lists the Telnet server default settings.The Telnet port nu
AT-S63 Management Software Features Guide539Virtual Router Redundancy ProtocolThe following table lists the VRRP default setting.VRRP Setting DefaultS
Chapter 1: Overview54NoteThese guidelines do not apply to the SFP slots on the AT-9408LC/SP Switch and the XFP slots on the AT-9424Ts/XP and AT-9448Ts
Appendix A: AT-S63 Management Software Default Settings540VLANsThis section provides the VLAN default settings.VLAN Setting DefaultDefault VLAN Name D
AT-S63 Management Software Features Guide541Web ServerThe following table lists the web server default settings.Web Server Configuration Setting Defau
Appendix A: AT-S63 Management Software Default Settings542
543Appendix BSNMPv3 Configuration ExamplesThis appendix provides two examples of SNMPv3 configuration using the SNMPv3 Table menus and a worksheet to
Appendix B: SNMPv3 Configuration Examples544SNMPv3 Configuration Examples This appendix provides SNMPv3 configuration examples for the following type
AT-S63 Management Software Features Guide545Configure SNMPv3 SecurityToGroup TableUser Name:systemadmin24Security Model:v3Group Name: ManagersStorage
Appendix B: SNMPv3 Configuration Examples546Configure SNMPv3 View Table Menu View Name: internetView Subtree OID: 1.3.6.1 (or internet)Subtree Mask: V
AT-S63 Management Software Features Guide547Security ModelSecurity LevelRead View NameWrite View NameNotify View NameStorage TypeSNMPv3 SecurityToGrou
Appendix B: SNMPv3 Configuration Examples548Security ModelSecurity LevelStorage TypeSNMPv3 Parameters (Continued)
549Appendix CFeatures and StandardsThis appendix lists the features and standards of the AT-9400 Switch. Section include: ”10/100/1000Base-T Twisted
AT-S63 Management Software Features Guide55History of New FeaturesThe following sections outline the history of new features in the AT-S63 Management
Appendix C: Features and Standards55010/100/1000Base-T Twisted Pair PortsIEEE 802.1d BridgingIEEE 802.3 10Base-TIEEE 802.3u 100Base-TXIEEE 802.3ab 100
AT-S63 Management Software Features Guide551Fiber Optic Ports (AT-9408LC/SP Switch)IEEE 802.1d BridgingIEEE 802.3z 1000Base-SX— Head of Line Blocking—
Appendix C: Features and Standards552RFC 826 Address Resolution Protocol— Equal Cost Multi-path— Split Horizon and Split Horizon with Poison Reverse—
AT-S63 Management Software Features Guide553Management Access MethodsEnhanced StackingOut-of-band management (serial port) In-band management (over t
Appendix C: Features and Standards554Port SecurityIEEE 802.1x Port-based Network Access Control: Supports multiple supplicants per port and the follo
AT-S63 Management Software Features Guide555RFC 1757 RMON Groups 1, 2, 3, and 9Traffic ControlRFC 2386 Quality of Service featuring:— Layer 2, 3, and
Appendix C: Features and Standards556— MAC Address-based VLANs (Not supported on the AT-9408LC/SP, AT-9424T/GB, and AT-9424T/SP switches.)IEEE 802.3ac
557Appendix DMIB ObjectsThis appendix lists the SNMP MIB objects in the private Allied Telesis MIBs that apply to the AT-S63 Management Software and t
Appendix D: MIB Objects558Access Control ListsTable 31. Access Control Lists (AtiStackSwitch MIB)Object Name OIDatiStkSwACLConfigTable 1.3.6.1.4.1.207
AT-S63 Management Software Features Guide559Class of ServiceTable 32. CoS Scheduling (AtiStackSwitch MIB)Object Name OIDatiSwQoSGroup 1.3.6.1.4.1.207.
Chapter 1: Overview56already familiar with the commands in the AlliedWare Plus operating system, you may find this new interface more convenient to us
Appendix D: MIB Objects560Date, Time, and SNTP ClientTable 36. Date, Time, and SNTP Client (AtiStackSwitch MIB)Object Name OIDatiStkSysSystemTimeConfi
AT-S63 Management Software Features Guide561Denial of Service DefensesTable 37. LAN Address and Subnet Mask (AtiStackSwitch MIB)Object Name OIDatiStkD
Appendix D: MIB Objects562Enhanced StackingTable 39. Switch Mode and Discovery (AtiStackInfo MIB)Object Name OIDatiswitchEnhancedStackingInfo 1.3.6.1.
AT-S63 Management Software Features Guide563GVRPTable 41. GVFP Switch Configuration (AtiStackSwitch MIB)Object Name OIDatiStkSwGVRPConfig 1.3.6.1.4.1.
Appendix D: MIB Objects564atiStkSwGVRPCountersPortNotListening 1.3.6.1.4.1.207.8.17.3.8.1.8atiStkSwGVRPCountersInvalidPort 1.3.6.1.4.1.207.8.17.3.8.1.
AT-S63 Management Software Features Guide565MAC Address TableTable 44. MAC Address Table (AtiStackSwitch MIB)Object Name OIDatiStkSwMacAddr2VlanTable
Appendix D: MIB Objects566Management Access Control ListTable 46. Management Access Control List Status (AtiStackSwitch MIB)Object Name OIDatiStkSwSys
AT-S63 Management Software Features Guide567MiscellaneousTable 48. System Reset (AtiStackSwitch MIB)Object Name OIDatiStkSwSysGroup 1.3.6.1.4.1.207.8.
Appendix D: MIB Objects568Port MirroringTable 51. Port Mirroring (AtiStackSwitch MIB)Object Name OIDatiStkSwPortMirroringConfig 1.3.6.1.4.1.207.8.17.2
AT-S63 Management Software Features Guide569Quality of ServiceTable 52. Flow Groups (AtiStackSwitch MIB)Object Name OIDatiStkSwQosFlowGrpTable 1.3.6.1
AT-S63 Management Software Features Guide57NoteThe new MODULE parameter can only be used on stacks that already have Version 4.0.0 or later. To update
Appendix D: MIB Objects570atiStkSwQosTrafficClassClassPriority 1.3.6.1.4.1.207.8.17.7.6.1.9atiStkSwQosTrafficClassRemarkPriority 1.3.6.1.4.1.207.8.17.
AT-S63 Management Software Features Guide571Port Configuration and StatusTable 55. Port Configuration and Status (AtiStackSwitch MIB)Object Name OIDa
Appendix D: MIB Objects572Spanning TreeTable 56. Spanning Tree (AtiStackSwitch MIB)Object Name OIDatiStkSwSysConfig 1.3.6.1.4.1.207.8.17.1.1atiStkSwSy
AT-S63 Management Software Features Guide573Static Port TrunkTable 57. Static Port Trunks (AtiStackSwitch MIB)Object Name OIDatiStkSwStaticTrunkTable
Appendix D: MIB Objects574VLANsThe objects in Table 58 display the specifications of the Default_VLAN.The objects in Table 59 display the names and VI
AT-S63 Management Software Features Guide575Table 61. PVID Table (AtiStackSwitch MIB)Object Name OIDatiStkSwPort2VlanTable 1.3.6.1.4.1.207.8.17.3.2ati
Appendix D: MIB Objects576
577IndexNumerics802.1p priority level in classifiers 139802.1Q-compliant VLAN mode 340802.1x Port-based Network Access Controlauthentication process 4
Index578protocols 140source MAC addresses 139TCP flags 143TCP source and destination ports 143UDP source and destination ports 143VLAN ID 140Common an
AT-S63 Management Software Features Guide579Hhello time 276history of new features 55HMAC authentication algorithm 461HMAC-MD5-96 (MD5) authentication
Chapter 1: Overview58Version 3.0.0 Table 21 lists the new features in version 3.0.0 of the AT-S63 Management Software.Table 21. New Features in AT-S63
Index580module ID numbersdescribed 74MSTI priority 301MSTI. See Multiple Spanning Tree Instances (MSTI)MSTP. See Multiple Spanning Tree Protocol (MSTP
AT-S63 Management Software Features Guide581loop guard 283supported platforms 270redundant twisted pair ports 53regional root 301regions 299revision n
Index582static module ID numbersdescribed 74static port trunksdescribedguidelines 106load distribution methods 104supported platforms 102static routes
AT-S63 Management Software Features Guide59Version 2.1.0 Table 22 lists the new features in version 2.1.0.Version 2.0.0 Table 23 lists the new feature
Contents6Replacing Priorities...
Chapter 1: Overview60Version 1.3.0 Table 24 lists the new features in version 1.3.0 of the AT-S63 Management Software.Table 24. New Features in AT-S63
AT-S63 Management Software Features Guide61Version 1.2.0 Table 25 lists the new features in version 1.2.0.Table 25. New Features in AT-S63 Version 1.2
Chapter 1: Overview62802.1x Port-based Network Access ControlAdded a new parameter to authenticator ports: Supplicant Mode for supporting multiple su
63Chapter 2AT-9400Ts StacksThis chapter has the following sections: “Supported Platforms” on page 64 “Introduction” on page 65 “AT-S63 Management S
Chapter 2: AT-9400Ts Stacks64 Section I: Basic OperationsSupported PlatformsTable 26 and Table 27 list the AT-9400 Switches and the management interfa
AT-S63 Management Software Features GuideSection I: Basic Operations 65IntroductionThe switches in the AT-9400 Series are divided into the Layer 2+ gr
Chapter 2: AT-9400Ts Stacks66 Section I: Basic OperationsAT-S63 Management SoftwareStacking requires Version 3.0.0 or later of the AT-S63 Management S
AT-S63 Management Software Features GuideSection I: Basic Operations 67AT-StackXG Stacking ModuleTo be part of a stack, the AT-9400Ts Switch must have
Chapter 2: AT-9400Ts Stacks68 Section I: Basic OperationsMaximum Number of Switches in a StackStacks of the 24-port AT-9424Ts Switch or the AT-9424Ts/
AT-S63 Management Software Features GuideSection I: Basic Operations 69Enhanced StackingIf you have prior experience with Allied Telesis products, you
AT-S63 Management Software Features Guide7Chapter 23: Ethernet Protection Switching Ring Snooping ...
Chapter 2: AT-9400Ts Stacks70 Section I: Basic OperationsStack TopologyThe switches of an AT-9400Ts Stack are cabled with the AT-StackXG Stacking Modu
AT-S63 Management Software Features GuideSection I: Basic Operations 71Figure 3. Duplex-ring TopologyBoth topologies offer the same in terms of networ
Chapter 2: AT-9400Ts Stacks72 Section I: Basic OperationsDiscovery ProcessWhen the switches of a stack are powered on or reset, they synchronize their
AT-S63 Management Software Features GuideSection I: Basic Operations 73Master and Member SwitchesThe activities of the devices of a stack are coordina
Chapter 2: AT-9400Ts Stacks74 Section I: Basic OperationsModule ID NumbersThe switches of a stack are identified by module ID numbers. Each switch mus
AT-S63 Management Software Features GuideSection I: Basic Operations 75Stack Configuration FilesThe parameter settings of a stack are stored in the ac
Chapter 2: AT-9400Ts Stacks76 Section I: Basic Operations If the switch determines that its ID number is set to STATIC with the value 1, then it know
AT-S63 Management Software Features GuideSection I: Basic Operations 77MAC Address TablesThe MAC address tables of the switches in a stack are all the
Chapter 2: AT-9400Ts Stacks78 Section I: Basic OperationsStack IP AddressIf you do not intend to use the packet routing feature, you must still assign
AT-S63 Management Software Features GuideSection I: Basic Operations 79Upgrading the AT-S63 Management SoftwareThe AT-9400 Switch must have Version 3.
Contents8Associating VLANs to MSTIs...
Chapter 2: AT-9400Ts Stacks80 Section I: Basic Operations
Section I: Basic Operations 81Chapter 3Enhanced StackingThis chapter contains the following sections: “Supported Platforms” on page 82 “Overview” on
Chapter 3: Enhanced Stacking82 Section I: Basic OperationsSupported PlatformsTable 29 and Table 30 list the AT-9400 Switches and the management interf
AT-S63 Management Software Features GuideSection I: Basic Operations 83OverviewHaving to manage a large number of network devices typically involves s
Chapter 3: Enhanced Stacking84 Section I: Basic OperationsMaster and Slave SwitchesAn enhanced stack must have at least one master switch. This switch
AT-S63 Management Software Features GuideSection I: Basic Operations 85Common VLANA master switch searches for the other switches in an enhanced stack
Chapter 3: Enhanced Stacking86 Section I: Basic OperationsMaster Switch and the Local InterfaceBefore a switch can function as the master switch of an
AT-S63 Management Software Features GuideSection I: Basic Operations 87Slave SwitchesThe slave switches of an enhanced stack must be connected to the
Chapter 3: Enhanced Stacking88 Section I: Basic OperationsEnhanced Stacking CompatibilityThis version of enhanced stacking is compatible with earlier
AT-S63 Management Software Features GuideSection I: Basic Operations 89Enhanced Stacking GuidelinesHere are the guidelines to using the enhanced stack
AT-S63 Management Software Features Guide9Section VII: Internet Protocol Routing ...361C
Chapter 3: Enhanced Stacking90 Section I: Basic OperationsGeneral StepsHere are the basic steps to implementing the enhanced stacking feature on the A
Section I: Basic Operations 91Chapter 4SNMPv1 and SNMPv2cThis chapter describes SNMPv1 and SNMPv2c community strings for SNMP management of the switch
Chapter 4: SNMPv1 and SNMPv2c92 Section I: Basic OperationsSupported PlatformsRefer to Table 31 and Table 32 for the AT-9400 Switches and the manageme
AT-S63 Management Software Features GuideSection I: Basic Operations 93OverviewYou can manage a switch by viewing and changing the management informat
Chapter 4: SNMPv1 and SNMPv2c94 Section I: Basic OperationsCommunity String AttributesA community string has attributes for controlling who can use th
AT-S63 Management Software Features GuideSection I: Basic Operations 95the community strings.Each community string can have up to eight trap IP addres
Chapter 4: SNMPv1 and SNMPv2c96 Section I: Basic OperationsDefault SNMP Community StringsThe AT-S63 Management Software provides two default community
Section I: Basic Operations 97Chapter 5MAC Address TableThis chapter contains background information about the MAC address table.This chapter contains
Chapter 5: MAC Address Table98 Section I: Basic OperationsOverviewThe AT-9400 Switch has a MAC address table with a storage capacity of 16,000 entries
AT-S63 Management Software Features GuideSection I: Basic Operations 99no longer active.The period of time a switch waits before purging inactive dyna
Dear manymanuals.pl Admin. Eric here with a quick thought about your website manymanuals.pl... I’m on the internet a lot and I look at a lot of business websites. Like yours, many of them have great content. But all too often, they come up short when it comes to engaging and connecting with anyone who visits. I get it – it’s hard. Studies show 7 out of 10 people who land on a site, abandon it in moments without leaving even a trace. You got the eyeball, but nothing else. Here’s