Powerconnect-5316m User's Guide En-Us

Dell PowerConnect 5316M Ethernet Switch Module
Users Guide
PC5316M
www.dell.com | support.dell.com
Notes, Notices, and Cautions

NOTE: A NOTE indicates important information that helps you make better use of your computer.
NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to
avoid the problem.
CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.
____________________
Information in this document is subject to change without notice.
2004 Dell Inc. All rights reserved.
Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell, Dell OpenManage, the DELL logo, Inspiron, Dell Precision, Dimension, OptiPlex,
PowerConnect, PowerApp, PowerVault, Axim, DellNet, and Latitude are trademarks of Dell Inc. Microsoft and Windows are
registered trademarks of Microsoft Corporation.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or
their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
October 2004
Rev. A00
Contents
1
Introduction
. . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
PowerConnect 5316M and the Dell Modular Server System

Features .
General Features . . . . . . . . . . . . . . .
MAC Address Supported Features . . . . . . .
Layer 2 Features . . . . . . . . . . . . . . .
VLAN Supported Features . . . . . . . . . . .
Spanning Tree Protocol Features. . . . . . . .
Link Aggregation . . . . . . . . . . . . . . .
Layer 3 Features . . . . . . . . . . . . . . .
Quality of Service Features . . . . . . . . . .
Ethernet Switch Module Management Features
Security Features . . . . . . . . . . . . . . .
Locked Port Support. . . . . . . . . . . . . .
Port Default Settings .
. . . . . . . . . . . .
10
11
12
13
13
14
15
15
15
17
17
. . . . . . . . . . . . . . . . . . . . . . . . . . .
18
. . . . . . . . . . . . . . . . . . . . . . .
18
. . . . . . . . . . . . . . . .
19
Additional CLI Documentation
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
. . . . . . . . . . . .
Hardware Description
Ethernet Switch Module Port Configurations
PowerConnect 5316M Front Panel Port Description .
. . . . . . . . . .
19
. . . . . . . . . . . . . . . . . . . . . . . . . . .
19
LED Definitions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
Port LEDs .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
Physical Dimensions .
Port Connections, Cables, and Pinout Information .
. . . . . . . . . . . . .
1000 Base-T Cable Requirements . . . . . . .

RJ-45 Connections for 10/100/1000 Base-T Ports
. . . . . . . . . . . .
. . . . . . . . . . . .
21
21
21
Contents
Installing the Ethernet Switch Module

. . . . . . . . . . . . . . . . . . . . . . . . . .
23
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
Installation Precautions
Overview
Unpacking.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Package Contents . . . . . . . . . . .
Unpacking the Ethernet Switch Module
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
24
24
. . . . . . . . . . . . .
25
Major Components of the Ethernet Switch Module
Installing and Removing a Ethernet Switch Module .
. . . . . . . . . . . .
25
. . . . . . . . . . . . . . . . . . . . . .
26
. . . . . . . . . . . . . . . . . . . . .
27
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
27
. . . . . . . . . . . . . . . . . . . . .
27
Ethernet Controller Enumeration
System Reliability Considerations

Safety .
Handling Static Sensitive Devices
Installing the Ethernet Switch Module into Dell Modular Server Chassis .
Removing a Ethernet Switch Module
. .
28
. . . . . . . . . . . . . . . . . . . .
30
Accessing the Ethernet Switch Module CLI User Interface via

DRAC/MC Console Port . . . . . . . . . . . . . . . . . . .
. . . . . . .
32
. . . . . . . . . . . .
36
. . . . . . . . . . . . . . . . . . . . . . .
37
. . . . . . . . . . . . . . . . . . . . . . . . . . .
37
38
38
38
Connecting Network to an Ethernet Switch Module .

External Port Default Settings
Auto-Negotiation
MDI/MDIX . . .
Flow Control . .
Back Pressure .
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Starting and Configuring the Ethernet Switch Module

Introduction .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
. . . . . . . . . . . . . . . . . . . . . . . . . .
40
Configuration Overview
Accessing Startup Menu .

Initial Configuration
. . . . . . . . . . . . . . . . . . . . . . . . .
41
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
. . . . . . . . . . . . . . . . . .
42
42
Static IP Address and Subnet Mask

Static Default Gateway . . . . . .
24
Contents
. . . . . . . . . . . . . . . . . .
Assigning Static IP Addresses on a Default VLAN .

Verifying the IP and Default Gateway Addresses .
User Name
. . . . . . . . . . .
42
43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
. . . . . . . . . . . . . . . . . . . . . . . . .
44
SNMP Community Strings
Configuring SNMP . . . . . . .
Viewing SNMP Community Tables
Advanced Configuration
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
45
45
. . . . . . . . . . . . . . . . . . . . . . . . . .
46
Retrieving an IP Address From a DHCP Server.
. . . . . . . . . . . . . . .
46
Receiving an IP Address From a BOOTP Server
. . . . . . . . . . . . . . .
48
Security Management and Password Configuration .

Configuring Security Passwords
. . . . . . . . . . . .
49
. . . . . . . . . . . . . . . . . . . . . .
49
Configuring an Initial Terminal Password .

Configuring an Initial Telnet Password . .
Configuring an Initial SSH Password . . .
Configuring an Initial HTTP Password . .
Configuring an Initial HTTPS Password . .
Startup Menu
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
50
50
50
51
51
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
Startup Menu Procedures . . . . . . . . . . . .

Software Download . . . . . . . . . . . . . . .
Erase FLASH File . . . . . . . . . . . . . . . .
Erasing the Ethernet Switch Module Configuration
Password Recovery . . . . . . . . . . . . . . .
Software Download Through TFTP Server . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
51
53
53
53
54
54
Using Dell OpenManage Switch Administrator

. . . . . . . . . . . . . . . . . . . . . . . .
57
. . . . . . . . . . . . . . . . . . . .
58
. . . . . . . . . . .
59
. . . . . . . . . . . .
. . . . . . . . . . . .
59
60
. . . . . . . . . . . . . . . . . . . . . . . . . .
60
Understanding the Interface
Switch Module Representation
Using the OpenManage Switch Administrator Buttons

Information Buttons . . . . . . . . . . . . . .
Ethernet Switch Module Management Buttons .
Starting the Application
Contents
Accessing the Ethernet Switch Module Through the CLI .
. . . . . . . . . .
61
. . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . .
61
61
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
62
Console Connection .
Telnet Connection . .
Using the CLI
Command Mode Overview . .

User EXEC Mode . . . . . .
Privileged EXEC Mode . . . .
Global Configuration Mode .
Interface Configuration Mode
CLI Examples . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
Configuring System Information

Defining General Switch Module Information .
. . . . . . . . . . . . . . .
67
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
67
76
78
. . . . . . . . . . . . . . . . . . . . . . . .
79
Viewing the Asset Page . . .

Viewing the Versions Page .
Resetting the Switch Module
Configuring SNTP Settings .
. . . . . . . . . . . . . . . . . . . . .
Polling for Unicast Time Information . .

Polling for Anycast Time Information . .
Broadcast Time Information . . . . . .
Defining SNTP Global Parameters . . .
Defining SNTP Authentication Methods
Defining SNTP Servers . . . . . . . .
Defining SNTP Interfaces . . . . . . .
Managing Logs
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
80
80
80
80
82
85
88
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
90
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
Defining Global Log Parameters . . . . . . . . .

Displaying RAM Log Table . . . . . . . . . . . .
Displaying the Log File Table . . . . . . . . . . .
Configuring the Remote Log Server Settings Page
Defining Switch Module IP Addresses
Contents
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
Defining Default Gateways . . . . . . .

Defining IP Interfaces . . . . . . . . .
Defining DHCP IP Interface Parameters
Configuring Domain Name Systems . .
Defining Default Domains . . . . . . .
62
62
62
63
64
65
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
90
94
96
98
102
102
103
107
108
111
Mapping Domain Host .

Configuring ARP . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
113
115
Running Cable Diagnostics .
. . . . . . . . . . . . . . . . . . . . . . .
118
Viewing Copper Cable Diagnostics .

Managing Switch Module Security .
. . . . . . . . . . . . . . . . .
119
. . . . . . . . . . . . . . . . . . .
121
Defining Access Profiles . . . . . . .

Defining Authentication Profiles . . . .
Assigning Authentication Profiles . . .
Defining the Local User Databases . . .
Defining Line Passwords . . . . . . .
Defining Enable Password . . . . . . .
Defining TACACS+ Settings . . . . . .
Configuring RADIUS Global Parameters
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
121
127
131
135
137
139
141
145
Defining SNMP Parameters
. . . . . . . . . . . . . . . . . . . . . . .
151
Defining Communities .
Defining Traps . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
151
154
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
158
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
158
159
161
163
. . . . . . . . . . . . . . . . . . . . . . .
165
Managing Files
File Management Overview

Downloading Files. . . . .
Uploading Files . . . . . .
Copying Files . . . . . . .
Defining Advanced Settings
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
Configuring General Switch Module Tuning Parameters .
. . . . . . .
165
. . . . . . . . . . . . . . . . . . . . . .
169
Configuring Switch Module Information

Configuring Network Security
Network Security Overview . . . . . . . . . . .

Configuring Port Based Authentication . . . . . .
Configuring Advanced Port Based Authentication.
Authenticating Users . . . . . . . . . . . . . .
Configuring Port Security . . . . . . . . . . . .
Configuring Ports
. . . . . . . . . .
. . . . . . . . . .
169
170
174
177
178
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
182
. . . . . . . . . . . . . . . . . . . . . .
182
188
193
Defining Port Parameters

Defining LAG Parameters
Enabling Storm Control .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
Contents
Defining Port Mirroring Sessions .

Configuring Address Tables
. . . . . . . . . . . . . . . . . .
196
. . . . . . . . . . . . . . . . . . . . . . .
199
Defining Static Addresses . .

Viewing Dynamic Addresses.
Configuring GARP
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
199
201
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
204
Defining GARP Timers .
. . . . . . . . . . . . . . . . . . . . . . .
204
. . . . . . . . . . . . . . . . .
206
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
207
211
214
217
. . . . . . . . . . . . . . . . . . . . . . . . . . .
220
Configuring the Spanning Tree Protocol

Defining STP Global Settings. . .
Defining STP Port Settings . . . .
Defining STP LAG Settings . . . .
Configuring Rapid Spanning Tree.
Configuring VLANs .
Defining VLAN Members . . .

Defining VLAN Ports Settings .
Defining VLAN LAG Settings . .
Defining VLAN Protocol Groups
Adding Protocol Ports . . . . .
Configuring GVRP . . . . . . .
Aggregating Ports
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
220
225
228
231
232
234
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
237
Defining LACP Parameters.

Defining LAG Membership .
Multicast Forwarding Support
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
238
240
. . . . . . . . . . . . . . . . . . . . . .
242
Defining Multicast Global Parameters . . .

Adding Bridge Multicast Address Members
Assigning Multicast Forward All Parameters
IGMP Snooping . . . . . . . . . . . . . .
. . . . . . . . . . . . .
242
244
248
251
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
255
. . . . . . . . . . . . .
. . . . . . . . . . . . .
Viewing Statistics
Viewing Tables
Viewing Utilization Summary .

Viewing Counter Summary . .
Viewing Interface Statistics .
Viewing Etherlike Statistics .
Viewing GVRP Statistics . . .
. . . . . . . . . . . . .
Contents
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .
255
256
257
260
261
Viewing RMON Statistics
. . . . . . . . . . . . . . . . . . . . . . . .
Viewing RMON Statistics Group . . . . . . . .

Viewing RMON History Control Statistics . . . .
Viewing RMON History Table . . . . . . . . .
Defining Ethernet Switch Module RMON Events
Viewing the RMON Events Log . . . . . . . . .
Defining RMON Ethernet Switch Module Alarms
Viewing Charts
268
. . . . . . . . . . .
268
272
274
276
279
280
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
285
. . . . . . . . . . . . . . . . . . . . . . .
285
286
Viewing Port Statistics

Viewing LAG Statistics
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
Configuring Quality of Service

. . . . . . . . . . . . . . . . . . . .
289
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
290
. . . . . . . . . . . . . . . . . . . . .
290
Quality of Service (QoS) Overview

CoS Services
Defining CoS Global Parameters
Configuring QoS Global Settings .

Defining QoS Interface Settings .
Defining Queue Settings . . . . .
Mapping CoS Values to Queues .
Mapping DSCP Values to Queues
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
291
292
294
297
299
10 Ethernet Switch Module Specifications

Feature Specifications .
. . . . . . . . . . . . . . . . . . . . . . . . .
VLAN . . . . . . . . . . . . . . . .
Quality of Service . . . . . . . . . .
Layer 2 Multicast . . . . . . . . . .
Ethernet Switch Module Security . .
Additional Switching Features . . . .
Ethernet Switch Module Management
. . . . . . . . . . . . . . . .
301
301
301
301
302
302
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
303
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
315
Glossary
Index
. . . . . . . . . . . . . . . .
301
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
Contents
Tables
Contents
. . . . . . . . . . . . . .
Table 1-1.
Port Default Settings
Table 2-2.
RJ-45 Copper based 10/100/1000 Base-TLED

Indications . . . . . . . . . . . . . . . .
. . . .
18
20
. . . . . . . . . . . . .
21
. . . . . . . . . .
21
Table 2-3.
System LED Indications
Table 2-4.
Ports, Connectors and Cables
Table 2-5.
RJ-45 Pin Number Allocation for

10/100/1000 Base-T Ethernet Port
. . . . . . . . .
22
. . . . . . . . . . . . . .
58
. . . . . . . . . . . . . . . . .
59
. . . . . . . . . . . . . . .
59
Table 5-6.
Interface Components
Table 5-7.
Led Indicators
Table 5-8.
Information Buttons
Table 5-9.

Buttons . . . . . . . . . . . . . .
. . . . . . .
. . . . . . . . . . . . . .
Table 6-10.
Asset CLI Commands
Table 6-11.
Clock Setting CLI Commands .
Table 6-12.
Versions CLI Commands
Table 6-13.
Reset CLI Command
Table 6-14.
SNTP Global Parameters CLI Commands
Table 6-15.
SNTP Authentication CLI Commands
Table 6-16.
SNTP Server CLI Commands
Table 6-17.
SNTP Broadcast CLI Commands
Table 6-18.
Log Severity Levels
Table 6-19.
Global Log Parameters CLI Commands
Table 6-20.
RAM Log Table CLI Commands .
Table 6-21.
Log File Table CLI Commands
Table 6-22.
Remote Log Server CLI Commands
Table 6-23.
Default Gateway CLI Commands
Table 6-24.
IP Interface Parameters CLI Commands
60
69
. . . . . . . . . .
76
. . . . . . . . . . . . .
77
. . . . . . . . . . . . . . .
79
. . . . .
82
. . . . . . .
85
. . . . . . . . . . .
88
. . . . . . . . .
89
. . . . . . . . . . . . . . .
91
. . . . . .
93
. . . . . . . . .
95
. . . . . . . . . .
97
. . . . . . . .
101
. . . . . . . . .
103
. . . . .
106
. . . . . . . .
108
. . . . . . . . . . .
110
Table 6-25.
DHCP IP Interface CLI Commands
Table 6-26.
DNS Server CLI Commands
Table 6-27.
DNS Domain Name CLI Commands .
. . . . . . .
112
Table 6-28.
Domain Host Name CLI Commands .
. . . . . . .
115
Table 6-29.
ARP Settings CLI Commands .
. . . . . . . . . .
118
Table 6-30.
Copper Cable Test CLI Commands
. . . . . . . .
120
Table 6-31.
Access Profiles CLI Commands
. . . . . . . . .
125
Table 6-32.
Authentication Profile CLI Commands
. . . . . .
130
Table 6-33.
Select Authentication CLI Commands
. . . . . .
133
Table 6-34.
Local User Database CLI Commands
. . . . . . .
137
Table 6-35.
Line Password CLI Commands
. . . . . . . . . .
139
Table 6-36.
Modify Enable Password CLI Commands
. . . . .
141
Table 6-37.
TACACS+ CLI Commands
. . . . . . . . . . . .
144
Table 6-38.
RADIUS Settings CLI Commands
. . . . . . . . .
149
Table 6-39.
SNMP Community CLI Commands
. . . . . . . .
153
Table 6-40.
SNMP Trap Settings CLI Commands
. . . . . . .
157
Table 6-41.
File Download CLI Commands
. . . . . . . . . .
161
Table 6-42.
Copy Files CLI Commands
. . . . . . . . . . . .
165
Table 6-43.
General Settings CLI Commands
. . . . . . . . .
167
Table 7-44.
Port Authentication CLI Commands
. . . . . . .
173
Table 7-45.
Multiple Hosts CLI Commands
. . . . . . . . . .
176
Table 7-46.
Add User Name CLI Commands
. . . . . . . . .
178
Table 7-47.
Port Security CLI Commands .
. . . . . . . . . .
181
Table 7-48.
Port Configuration CLI Commands
. . . . . . . .
185
Table 7-49.
LAG Configuration CLI Commands
. . . . . . . .
191
Table 7-50.
Storm Control CLI Commands
. . . . . . . . . .
195
Table 7-51.
Port Mirroring CLI Commands
. . . . . . . . . .
198
Table 7-52.
Static Address CLI Commands
. . . . . . . . . .
201
Contents
. . . . . . . . . .
203
. . . . . . . . . . .
206
. . . . . .
209
STP Port Settings CLI Commands
. . . . . . . .
213
Table 7-57.
STP LAG Settings CLI Commands
. . . . . . . .
216
Table 7-58.
RSTP Settings CLI Command .
. . . . . . . . . .
219
Table 7-59.
VLAN Membership Group CLI Commands .
Table 7-60.
VLAN Port Membership Table
Table 7-61.
Port-to-VLAN Group Assignments

CLI Commands . . . . . . . . .
Table 7-53.
Query and Sort CLI Commands
Table 7-54.
GARP Timer CLI Commands
Table 7-55.
STP Global Parameter CLI Commands
Table 7-56.
. . . . . . . . . .
223
. . . . . . . .
224
. . . . . . . . . . . .
227
. . . . .
229
. . . . . .
232
. . . . . . . . . .
234
. . . . .
235
VLAN Port CLI Commands
Table 7-63.
LAG VLAN Assignments CLI Commands
Table 7-64.
VLAN Protocol Groups CLI Commands
Table 7-65.
Protocol Port CLI Commands .
Table 7-66.
GVRP Global Parameters CLI Commands
Table 7-67.
LACP Parameters CLI Commands
. . . . . . . .
239
Table 7-68.
LAG Membership CLI Commands .
. . . . . . . .
242
Table 7-69.
Multicast Forwarding and Snooping

CLI Commands . . . . . . . . . .
IGMP Port/LAG Members Table
Control Settings . . . . . . .
. . . . . . .
244
. . . . . . . . .
245
Table 7-71.
Multicast Service Member CLI Commands
. . . .
247
Table 7-72.
Bridge Multicast Forward All Router/Port

Control Settings Table . . . . . . . . .
. . . .
249
Table 7-73.
Contents
222
Table 7-62.
Table 7-70.
10
. . . .
CLI Commands for Managing LAGs and Ports

Attached to Multicast Routers . . . . . . . .
. .
250
. . . . . . . . .
252
Table 7-74.
IGMP Snooping CLI Commands
Table 8-75.
Interface Statistics CLI Commands
. . . . . . . .
259
Table 8-76.
Etherlike Statistics CLI Commands
. . . . . . . .
261
Table 8-77.
GVRP Statistics CLI Commands
. . . . . . . . .
264
Table 8-78.
. . . . . . . . .
267
Table 8-79.
RMON Statistics CLI Commands
. . . . . . . . .
270
Table 8-80.
RMON History CLI Commands
. . . . . . . . . .
273
Table 8-81.
RMON History Control CLI Commands
. . . . . .
275
Table 8-82.
RMON Event Definition CLI Commands
. . . . . .
278
Table 8-83.
RMON Event Definition CLI Commands
. . . . . .
280
Table 8-84.
RMON Alarm CLI Commands .
. . . . . . . . . .
283
Table 8-85.
LAG Statistic CLI Commands
. . . . . . . . . . .
288
Table 9-86.
CoS to Queue Mapping Table Default values
. . .
289
Table 9-87.
DSCP to Queue Mapping Table

Default Values . . . . . . . .
. . . . . . . . .
290
. . . . . . . . . . .
292
. . . . . . . . . .
294
Table 9-88.
CoS Setting CLI Commands
Table 9-89.
CoS Interface CLI Commands
Table 9-90.
Queue Settings CLI Commands .
Table 9-91.
. . . . . . . . .
296
CoS to Queue Settings CLI Commands
. . . . . .
299
Table 9-92.
DSCP Value to Queue CLI Commands
. . . . . .
300
Figure 1-1.
PowerConnect 5316M Front Panel
. . . . . . . . .
10
Figure 2-2.
. . . . . . . . .
19
Figure 2-3.
RJ-45 Copper based 10/100/1000 Base-T LEDs
. . .
20
Figure 2-4.
RJ-45 Pin Numbers
. . . . . . . . . . . . . . . .
22
Figure 3-5.
Ethernet Switch Module Components
. . . . . . .
25
Figure 3-6.
Dell Modular Server Chassis I/O Module

Locations . . . . . . . . . . . . . .
Figures
. . . . . .
26
. . . . . . . . . . . . . . . . . . .
27
. . . .
28
Figure 3-7.
Caution Label
Figure 3-8.
Ethernet Switch Module in the open position
Contents
11
Figure 3-9.
Figure 3-10.
Figure 3-11.
12
Contents
Inserting a Ethernet Switch Module into the

Dell Modular Server Chassis . . . . . . .
Pull the release latch on the
Ethernet Switch Module .
. . . .
29
. . . . . . . . . . . .
31
Slide the Ethernet Switch Module out of the

. . . .
32
. . . . . . . .
42
. . . . . . . . .
59
. . . . . . . . . . . . . . . . . .
61
. . . . . . . . . . . . . . . . . . . . . .
69
. . . . . . . . . . . . . . . . . . . . . . .
70
. . . . . . . . . . . . . . .
75
. . . . . . . . . . . . . . . . . . . . .
79
. . . . . . . . . . . . . . . . . . . . . . .
80
Figure 4-12.
Installation and Configuration Flow .
Figure 5-13.
Switch Administrator Components
Figure 5-14.
Port Indicators
Figure 6-15.
System
Figure 6-16.
Asset
Figure 6-17.
Time Synchronization
Figure 6-18.
Versions
Figure 6-19.
Reset
Figure 6-20.
SNTP Global Settings
. . . . . . . . . . . . . . .
83
Figure 6-21.
SNTP Authentication
. . . . . . . . . . . . . . .
85
Figure 6-22.
Add Authentication Key
. . . . . . . . . . . . . .
86
Figure 6-23.
Authentication Key Table
. . . . . . . . . . . . .
86
Figure 6-24.
SNTP Servers .
. . . . . . . . . . . . . . . . . .
88
Figure 6-25.
Add SNTP Server
. . . . . . . . . . . . . . . . .
89
Figure 6-26.
SNTP Servers Table
. . . . . . . . . . . . . . . .
89
Figure 6-27.
Global Log Parameters
. . . . . . . . . . . . . .
94
Figure 6-28.
RAM Log Table
. . . . . . . . . . . . . . . . . .
96
Figure 6-29.
Log File Table
. . . . . . . . . . . . . . . . . . .
99
Figure 6-30.
Remote Log Server Settings
Figure 6-31.
Add a Log Server
Figure 6-32.
Remote Log Servers Table
Figure 6-33.
Figure 6-34.
. . . . . . . . . . .
101
. . . . . . . . . . . . . . . .
102
. . . . . . . . . . . .
103
IP Interface Parameters
. . . . . . . . . . . . .
106
Add a Static IP Interface
. . . . . . . . . . . .
107
. . . . . . . . . .
107
. . . . . . . . . . . . . . .
109
. . . . . . . . . .
111
Add DNS Server
. . . . . . . . . . . . . . . .
112
Figure 6-39.
DNS Server Table
. . . . . . . . . . . . . . . .
112
Figure 6-40.
Default Domain Name
. . . . . . . . . . . . . .
114
Figure 6-41.
Host Name Mapping
. . . . . . . . . . . . . .
115
Figure 6-42.
Add Host Name Mapping
. . . . . . . . . . . .
116
Figure 6-43.
Hosts Name Mapping Table
. . . . . . . . . . .
116
Figure 6-44.
ARP Settings
. . . . . . . . . . . . . . . . . .
118
Figure 6-45.
Integrated Cable Test for Copper Cables
. . . . .
121
Figure 6-46.
Access Profiles
. . . . . . . . . . . . . . . . .
124
Figure 6-47.
Add an Access Profile
. . . . . . . . . . . . . .
125
Figure 6-48.
Add an Access Profile Rule
. . . . . . . . . . .
126
Figure 6-49.
Profile Rules Table
. . . . . . . . . . . . . . .
127
Figure 6-50.
Authentication Profiles
. . . . . . . . . . . . .
130
Figure 6-51.
Add Authentication Profile .
Figure 6-52.
Authentication Profiles Table
Figure 6-53.
Figure 6-35.
IP Interface Parameter Table
Figure 6-36.
DHCP IP Interface .
Figure 6-37.
Domain Naming System (DNS)
Figure 6-38.
. . . . . . . . . . .
131
. . . . . . . . . .
132
Select Authentication
. . . . . . . . . . . . . .
133
Figure 6-54.
Local User Database
. . . . . . . . . . . . . .
137
Figure 6-55.
Add a User Name
. . . . . . . . . . . . . . . .
138
Figure 6-56.
Local User Table
. . . . . . . . . . . . . . . .
138
Figure 6-57.
Line Password
. . . . . . . . . . . . . . . . .
140
Figure 6-58.
Enable Password
. . . . . . . . . . . . . . . .
142
Figure 6-59.
TACACS+ Settings
. . . . . . . . . . . . . . .
144
Figure 6-60.
Add TACACS+ Host
. . . . . . . . . . . . . . .
145
Figure 6-61.
TACACS+ Table
. . . . . . . . . . . . . . . . .
146
Figure 6-62.
RADIUS Settings
. . . . . . . . . . . . . . . .
148
Contents
13
14
Contents
. . . . . . . . . . . . . . .
Figure 6-63.
Add RADIUS Server
Figure 6-64.
RADIUS Servers List .
Figure 6-65.
SNMP Community .
Figure 6-66.
Add SNMP Community
Figure 6-67.
Community Table
Figure 6-68.
SNMP Trap Settings .
Figure 6-69.
Add Trap Recipient
Figure 6-70.
Trap Recipient Table
Figure 6-71.
File Download From Server
Figure 6-72.
File Upload to Server
Figure 6-73.
Copy Files .
Figure 6-74.
General Settings
Figure 7-75.
Port Based Authentication .
Figure 7-76.
Port Based Authentication Table .
Figure 7-77.
Multiple Hosts
Figure 7-78.
150
. . . . . . . . . . . . . .
150
. . . . . . . . . . . . . . .
153
. . . . . . . . . . . . .
154
. . . . . . . . . . . . . . . .
155
. . . . . . . . . . . . . .
157
. . . . . . . . . . . . . . .
158
. . . . . . . . . . . . . .
159
. . . . . . . . . . .
162
. . . . . . . . . . . . . .
164
. . . . . . . . . . . . . . . . . . .
166
. . . . . . . . . . . . . . . .
168
. . . . . . . . . . .
172
. . . . . . . .
174
. . . . . . . . . . . . . . . . .
176
Multiple Hosts Table
. . . . . . . . . . . . . .
178
Figure 7-79.
Authenticated Users
. . . . . . . . . . . . . .
179
Figure 7-80.
Authenticated Users Table
. . . . . . . . . . .
180
Figure 7-81.
Port Security
. . . . . . . . . . . . . . . . . .
181
Figure 7-82.
Port Security Table
. . . . . . . . . . . . . . .
183
Figure 7-83.
Port Configuration .
. . . . . . . . . . . . . . .
185
Figure 7-84.
Ports Configuration Table
. . . . . . . . . . . .
187
Figure 7-85.
LAG Configuration .
. . . . . . . . . . . . . . .
191
Figure 7-86.
LAG Configuration Table .
Figure 7-87.
Storm Control
Figure 7-88.
Storm Control Settings Table .
Figure 7-89.
Port Mirroring .
Figure 7-90.
Static MAC Address .
. . . . . . . . . . . .
192
. . . . . . . . . . . . . . . . . .
195
. . . . . . . . . .
196
. . . . . . . . . . . . . . . . .
198
. . . . . . . . . . . . . .
200
. . . . . . . . . . . .
203
. . . . . . . . . . . . . . . . . .
205
. . . . . . . . . . . . . . .
208
STP Port Settings
. . . . . . . . . . . . . . . .
212
Figure 7-95.
STP LAG Settings
. . . . . . . . . . . . . . . .
216
Figure 7-96.
Rapid Spanning Tree (RSTP)
. . . . . . . . . . .
218
Figure 7-97.
VLAN Membership
. . . . . . . . . . . . . . .
221
Figure 7-98.
VLAN Port Settings
. . . . . . . . . . . . . . .
226
Figure 7-99.
VLAN LAG Setting
. . . . . . . . . . . . . . . .
228
Figure 7-100.
Protocol Group
. . . . . . . . . . . . . . . . .
231
Figure 7-101.
Protocol Port Table
. . . . . . . . . . . . . . .
233
Figure 7-102.
GVRP Global Parameters
. . . . . . . . . . . .
234
Figure 7-103.
LACP Parameters
. . . . . . . . . . . . . . . .
238
Figure 7-104.
LAG Membership
. . . . . . . . . . . . . . . .
240
Figure 7-105.
Multicast Global Parameters .
Figure 7-106.
Bridge Multicast Group
Figure 7-107.
Add Bridge Multicast Group
Figure 7-108.
Bridge Multicast Forward All
Figure 7-109.
IGMP Snooping
Figure 8-110.
Utilization Summary
Figure 8-111.
Counter Summary
Figure 8-112.
Figure 7-91.
Dynamic Addresses Table
Figure 7-92.
GARP Timers
Figure 7-93.
STP Global Settings
Figure 7-94.
. . . . . . . . . .
242
. . . . . . . . . . . . .
244
. . . . . . . . . . .
245
. . . . . . . . . .
248
. . . . . . . . . . . . . . . . .
250
. . . . . . . . . . . . . . .
256
. . . . . . . . . . . . . . . .
257
Interface Statistics
. . . . . . . . . . . . . . .
258
Figure 8-113.
Etherlike Statistics
. . . . . . . . . . . . . . .
260
Figure 8-114.
GVRP Statistics
. . . . . . . . . . . . . . . . .
263
Figure 8-115.
EAP Statistics .
. . . . . . . . . . . . . . . . .
266
Figure 8-116.
RMON Statistics
. . . . . . . . . . . . . . . .
268
Figure 8-117.
RMON History Control
. . . . . . . . . . . . . .
272
Figure 8-118.
RMON History Table .
. . . . . . . . . . . . . .
274
Contents
15
. . . . . . . . . . . . . .
277
. . . . . . . . . . . . . . . .
279
. . . . . . . . . . . . . . . . .
281
. . . . . . . . . . . . . . .
282
Port Statistics .
. . . . . . . . . . . . . . . . .
285
Figure 8-124.
LAG Statistics .
. . . . . . . . . . . . . . . . .
287
Figure 9-125.
QoS Global Settings
. . . . . . . . . . . . . . .
293
Figure 9-126.
Interface Settings
. . . . . . . . . . . . . . . .
295
Figure 9-127.
Global Queue Settings
. . . . . . . . . . . . . .
297
Figure 9-128.
CoS to Queue Mapping Table
. . . . . . . . . .
300
Figure 1-1.
. . . . . . . . .
10
Figure 2-2.
. . . . . . . . .
19
Figure 2-3.
. . .
20
Figure 2-4.
RJ-45 Pin Numbers
. . . . . . . . . . . . . . . .
22
Figure 3-5.
Ethernet Switch Module Components
. . . . . . .
25
Figure 3-6.
Dell Modular Server Chassis I/O Module

Locations . . . . . . . . . . . . . .
Figure 8-119.
RMON Events Control
Figure 8-120.
RMON Events Log
Figure 8-121.
RMON Alarms
Figure 8-122.
Add an Alarm Entry
Figure 8-123.
. . . . . . . . . . . . . . . . . . .
27
Caution Label
Figure 3-8.
. . . .
28
Figure 3-9.
Inserting a Ethernet Switch Module into the

. . . .
29
Pull the release latch on the Ethernet Switch

Module . . . . . . . . . . . . . . . . .
. . . .
31
Slide the Ethernet Switch Module out of the

. . . .
32
. . . . . . . .
40
. . . . . . . . .
57
. . . . . . . . . . . . . . . . . .
59
. . . . . . . . . . . . . . . . . . . . . .
67
Figure 3-11.
Contents
26
Figure 3-7.
Figure 3-10.
16
. . . . . .
Figure 4-12.
Installation and Configuration Flow .
Figure 5-13.
Switch Administrator Components
Figure 5-14.
Port Indicators
Figure 6-15.
System
. . . . . . . . . . . . . . . . . . . . . . .
68
. . . . . . . . . . . . . . .
73
. . . . . . . . . . . . . . . . . . . . .
77
. . . . . . . . . . . . . . . . . . . . . . .
78
. . . . . . . . . . . . . . .
81
Figure 6-21.
SNTP Authentication
. . . . . . . . . . . . . . .
83
Figure 6-22.
Add Authentication Key
. . . . . . . . . . . . . .
84
Figure 6-23.
Authentication Key Table
. . . . . . . . . . . . .
84
Figure 6-24.
SNTP Servers .
. . . . . . . . . . . . . . . . . .
86
Figure 6-25.
Add SNTP Server
. . . . . . . . . . . . . . . . .
87
Figure 6-26.
SNTP Servers Table
. . . . . . . . . . . . . . . .
87
Figure 6-27.
Global Log Parameters
. . . . . . . . . . . . . .
92
Figure 6-28.
RAM Log Table
. . . . . . . . . . . . . . . . . .
94
Figure 6-29.
Log File Table
. . . . . . . . . . . . . . . . . . .
97
Figure 6-30.
. . . . . . . . . . . .
99
Figure 6-31.
Add a Log Server
Figure 6-32.
Figure 6-33.
Figure 6-16.
Asset
Figure 6-17.
Figure 6-18.
Versions
Figure 6-19.
Reset
Figure 6-20.
. . . . . . . . . . . . . . . .
100
. . . . . . . . . . . .
101
IP Interface Parameters
. . . . . . . . . . . . .
104
Figure 6-34.
. . . . . . . . . . . .
105
Figure 6-35.
. . . . . . . . . .
105
Figure 6-36.
DHCP IP Interface .
. . . . . . . . . . . . . . .
107
Figure 6-37.
. . . . . . . . . .
109
Figure 6-38.
Add DNS Server
. . . . . . . . . . . . . . . .
109
Figure 6-39.
DNS Server Table
. . . . . . . . . . . . . . . .
110
Figure 6-40.
Default Domain Name
. . . . . . . . . . . . . .
112
Figure 6-41.
Host Name Mapping
. . . . . . . . . . . . . .
113
Figure 6-42.
Add Host Name Mapping
. . . . . . . . . . . .
114
Figure 6-43.
Hosts Name Mapping Table
. . . . . . . . . . .
114
Contents
17
18
Contents
. . . . . . . . . . . . . . . . . .
116
. . . . .
119
. . . . . . . . . . . . . . . . .
122
. . . . . . . . . . . . . .
123
. . . . . . . . . . .
124
. . . . . . . . . . . . . . .
125
. . . . . . . . . . . . .
128
Figure 6-44.
ARP Settings
Figure 6-45.
Figure 6-46.
Access Profiles
Figure 6-47.
Figure 6-48.
Add an Access Profile Rule
Figure 6-49.
Profile Rules Table
Figure 6-50.
Figure 6-51.
Add Authentication Profile .
Figure 6-52.
Authentication Profiles Table
Figure 6-53.
. . . . . . . . . . .
129
. . . . . . . . . .
130
. . . . . . . . . . . . . .
131
Figure 6-54.
Local User Database
. . . . . . . . . . . . . .
135
Figure 6-55.
Add a User Name
. . . . . . . . . . . . . . . .
136
Figure 6-56.
Local User Table
. . . . . . . . . . . . . . . .
136
Figure 6-57.
Line Password
. . . . . . . . . . . . . . . . .
138
Figure 6-58.
Enable Password
. . . . . . . . . . . . . . . .
140
Figure 6-59.
TACACS+ Settings
. . . . . . . . . . . . . . .
142
Figure 6-60.
Add TACACS+ Host
. . . . . . . . . . . . . . .
143
Figure 6-61.
TACACS+ Table
. . . . . . . . . . . . . . . . .
144
Figure 6-62.
RADIUS Settings
. . . . . . . . . . . . . . . .
146
Figure 6-63.
Add RADIUS Server
. . . . . . . . . . . . . . .
148
Figure 6-64.
RADIUS Servers List .
Figure 6-65.
SNMP Community .
Figure 6-66.
Add SNMP Community
Figure 6-67.
Community Table
Figure 6-68.
SNMP Trap Settings .
Figure 6-69.
Add Trap Recipient
Figure 6-70.
Figure 6-71.
File Download From Server
. . . . . . . . . . . . . .
148
. . . . . . . . . . . . . . .
151
. . . . . . . . . . . . .
152
. . . . . . . . . . . . . . . .
153
. . . . . . . . . . . . . .
155
. . . . . . . . . . . . . . .
156
. . . . . . . . . . . . . .
157
. . . . . . . . . . .
160
. . . . . . . . . . . . . .
162
. . . . . . . . . . . . . . . . . . .
164
. . . . . . . . . . . . . . . .
166
Figure 6-72.
File Upload to Server
Figure 6-73.
Copy Files .
Figure 6-74.
General Settings
Figure 7-75.
Port Based Authentication .
Figure 7-76.
Port Based Authentication Table .
Figure 7-77.
Multiple Hosts
Figure 7-78.
. . . . . . . . . . .
170
. . . . . . . .
172
. . . . . . . . . . . . . . . . .
175
Multiple Hosts Table
. . . . . . . . . . . . . .
176
Figure 7-79.
Authenticated Users
. . . . . . . . . . . . . .
177
Figure 7-80.
Authenticated Users Table
. . . . . . . . . . .
178
Figure 7-81.
Port Security
. . . . . . . . . . . . . . . . . .
179
Figure 7-82.
Port Security Table
. . . . . . . . . . . . . . .
181
Figure 7-83.
Port Configuration .
. . . . . . . . . . . . . . .
183
Figure 7-84.
. . . . . . . . . . . .
185
Figure 7-85.
LAG Configuration .
. . . . . . . . . . . . . . .
189
Figure 7-86.
LAG Configuration Table .
Figure 7-87.
Storm Control
Figure 7-88.
Storm Control Settings Table .
Figure 7-89.
Port Mirroring .
Figure 7-90.
Static MAC Address .
Figure 7-91.
Dynamic Addresses Table
Figure 7-92.
GARP Timers
Figure 7-93.
STP Global Settings
Figure 7-94.
. . . . . . . . . . . .
191
. . . . . . . . . . . . . . . . . .
194
. . . . . . . . . .
195
. . . . . . . . . . . . . . . . .
197
. . . . . . . . . . . . . .
199
. . . . . . . . . . . .
202
. . . . . . . . . . . . . . . . . .
204
. . . . . . . . . . . . . . .
207
STP Port Settings
. . . . . . . . . . . . . . . .
211
Figure 7-95.
STP LAG Settings
. . . . . . . . . . . . . . . .
215
Figure 7-96.
Rapid Spanning Tree (RSTP)
. . . . . . . . . . .
218
Figure 7-97.
VLAN Membership
. . . . . . . . . . . . . . .
221
Figure 7-98.
VLAN Port Settings
. . . . . . . . . . . . . . .
226
Figure 7-99.
VLAN LAG Setting
. . . . . . . . . . . . . . . .
228
Contents
19
20
Contents
. . . . . . . . . . . . . . . . .
231
. . . . . . . . . . . . . . .
233
. . . . . . . . . . . .
234
LACP Parameters
. . . . . . . . . . . . . . . .
238
Figure 7-104.
LAG Membership
. . . . . . . . . . . . . . . .
241
Figure 7-105.
Multicast Global Parameters .
Figure 7-106.
Figure 7-107.
Add Bridge Multicast Group
Figure 7-108.
Figure 7-109.
IGMP Snooping
Figure 8-110.
Utilization Summary
Figure 8-111.
Counter Summary
Figure 8-112.
Figure 7-100.
Protocol Group
Figure 7-101.
Protocol Port Table
Figure 7-102.
GVRP Global Parameters
Figure 7-103.
. . . . . . . . . .
243
. . . . . . . . . . . . .
245
. . . . . . . . . . .
246
. . . . . . . . . .
249
. . . . . . . . . . . . . . . . .
251
. . . . . . . . . . . . . . .
256
. . . . . . . . . . . . . . . .
257
Interface Statistics
. . . . . . . . . . . . . . .
258
Figure 8-113.
Etherlike Statistics
. . . . . . . . . . . . . . .
260
Figure 8-114.
GVRP Statistics
. . . . . . . . . . . . . . . . .
263
Figure 8-115.
EAP Statistics .
. . . . . . . . . . . . . . . . .
266
Figure 8-116.
RMON Statistics
. . . . . . . . . . . . . . . .
268
Figure 8-117.
. . . . . . . . . . . . . .
272
Figure 8-118.
RMON History Table .
. . . . . . . . . . . . . .
274
Figure 8-119.
RMON Events Control
. . . . . . . . . . . . . .
277
Figure 8-120.
RMON Events Log
. . . . . . . . . . . . . . . .
279
Figure 8-121.
RMON Alarms
. . . . . . . . . . . . . . . . .
281
Figure 8-122.
Add an Alarm Entry
. . . . . . . . . . . . . . .
282
Figure 8-123.
Port Statistics .
. . . . . . . . . . . . . . . . .
285
Figure 8-124.
LAG Statistics .
. . . . . . . . . . . . . . . . .
287
Figure 9-125.
QoS Global Settings
. . . . . . . . . . . . . . .
291
Figure 9-126.
Interface Settings
. . . . . . . . . . . . . . . .
293
Figure 9-127.
. . . . . . . . . . . . . .
295
. . . . . . . . . .
298
. . . . . . . . . . . .
299
Figure 9-128.
CoS to Queue Mapping Table
Figure 9-129.
DSCP to Queue Mapping
Contents
21
22
Contents
Introduction
NOTICE: Before proceeding, read the release notes for this product. The release notes can be
downloaded from support.dell.com.
This Users Guide contains the information needed for installing, configuring and maintaining the
Ethernet Switch Module.
PowerConnect 5316M and the Dell Modular Server System

The Dell Modular Server System is based upon the chassis that integrates up to ten Server
Modules, up to four I/O modules (including the Ethernet Switch Module), and one or two system
management modules called the Dell Remote Access Controller / Modular Chassis (DRAC/MC).
For a list of supported options for the Dell Modular Server System, go to support.dell.com.
The Ethernet Switch Module provides switching functions for the Dell Modular Server System.
The DRAC/MCs provide a single point of control for the Dell Modular Server System.
The PowerConnect 5316M Ethernet Switch Modules are 16-port Ethernet switch modules
connected to Server Modules through the Dell Modular Server Chassis mid-plane.
The ports of the Ethernet Switch Module are divided into internal and external ports.
External ports 6 external RJ-45 connectors for 10/100/1000 Base-T copper ports (uplinks)
used for connecting Server Modules to the network.
Internal ports 10 internal ports connected to Server Modules through the Dell Modular
Server Chassis mid-plane. On every Internal Port the speed is fixed to 1000 Mbps.
The console connection to the Ethernet Switch Module is provided only through the DRAC/MC.
No access point is provided on the Ethernet Switch Module front panel. For debugging and
management purposes, a UART bus of each Ethernet Switch Module is connected to the
DRAC/MC. The DRAC/MC can re-direct the serial console interface to only one switch at a time.
The Ethernet Switch Module receives a power supply (12 V dc) through the mid-plane. A single
system LED indicates the Ethernet Switch Module status, which is controlled by the DRAC/MC.
The following figure illustrates the PowerConnect 5316M:
Introduction
Figure 1-1.
Features
This section describes the Ethernet Switch Module user-configured features. For a complete list of
all updated Ethernet Switch Module features, see the latest software version Release Notes.
General Features
Head of Line Blocking
Head of Line (HOL) blocking results in traffic delays and frame loss caused by traffic competing
for the same egress port resources. HOL blocking queues packets, and the packets at the head of
the queue are forwarded before packets at the end of the queue. By default HOL blocking is active
at all times except when QoS, Flow Control, or Back Pressure is active on a port, the HOL blocking
prevention mechanism is disabled on the whole system.
Flow Control Support (IEEE 802.3X)
Flow control enables lower speed Ethernet Switch Modules to communicate with higher speed
Ethernet Switch Modules, by requesting that the higher speed Ethernet Switch Module refrains
from sending packets. Transmissions are temporarily halted to prevent buffer overflows.
For information on configuring Flow Control for ports or LAGs, see "Defining Port Parameters" or
"Defining LAG Parameters."
Back Pressure Support
On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is
unavailable for additional traffic.
For information on configuring Back Pressure for ports or LAGs, see "Defining Port Parameters" or
Jumbo Frames Support
Jumbo frames are frames with an MTU size of up to 10K bytes, and better utilize the network by
transporting the same data using less frames.
The main benefits of this facility are reduced transmission overhead, and reduced host processing
overhead. Jumbo are used for server-to-server transfers.
For information on enabling Jumbo Frames, see "Configuring System Information."
10
Introduction
Virtual Cable Testing (VCT)
VCT detects and reports copper link cabling occurrences, such as open cables and cable shorts.
MDI/MDIX Support
The Ethernet Switch Module automatically detects whether the cable connected to an RJ-45 port
is crossed or straight through.
Standard wiring for end stations is Media-Dependent Interface (MDI) and the standard wiring for
hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).
For information on configuring MDI/MDIX for ports or LAGs, see "Defining Port Parameters" or
Auto Negotiation
Auto negotiation allows an Ethernet Switch Module to advertise modes of operation. The auto
negotiation function provides the means to exchange information between two Ethernet Switch
Modules that share a point-to-point link segment, and to automatically configure both Ethernet
Switch Modules to take maximum advantage of their transmission capabilities.
MAC Address Supported Features

MAC Address Capacity Support
The Ethernet Switch Module supports up to 4K MAC addresses. The Ethernet Switch Module
reserves specific MAC addresses for system use.
Static MAC Entries
MAC entries can be manually entered in the Bridging Table, as an alternative to learning them
from incoming frames. These user-defined entries are not subject to aging, and are preserved across
resets and reboots.
For more information, see "Configuring Address Tables."
Self-Learning MAC Addresses
The Ethernet Switch Module enables automatic MAC address learning from incoming packets.
The MAC addresses are stored in the Bridging Table.
Automatic Aging for MAC Addresses
MAC addresses from which no traffic is received for a given period are aged out. This prevents the
Bridging Table from overflowing.
For more information on configuring the MAC Address Age Out Time, see "Configuring Address
Tables."
Introduction
11
VLAN-aware MAC-based Switching
The Ethernet Switch Module always performs VLAN-aware bridging. Classic

bridging(IEEE802.1D) is not performed, where frames are forwarded based only on their
destination MAC address. However, a similar functionality may be configured for untagged frames.
Addresses are associated with ports by learning them from the incoming frames source address.
This is done by the CPU. When a frame is sent from an unknown source address, the frame is
forwarded to the CPU. The CPU adds the source address to the Forwarding tables. Additional
frames sent to or from this address are correctly handled by the hardware. Frames addressed to a
destination MAC address that is not associated with any port are flooded to all ports of the relevant
VLAN.
MAC Multicast Support
Multicast service is a limited broadcast service, which allows one-to-many and many-to-many
connections for information distribution. Layer 2 Multicast service is where a single frame is
addressed to a specific Multicast address, from where copies of the frame are transmitted to the
relevant ports.
For more information, see "Multicast Forwarding Support."
Layer 2 Features
IGMP Snooping
IGMP Snooping examines IGMP frame contents, when they are forwarded by the Ethernet Switch
Module from work stations to an upstream Multicast router. From the frame, the Ethernet Switch
Module identifies work stations configured for Multicast sessions, and which Multicast routers are
sending Multicast frames.
For more information, see "IGMP Snooping."
Port Mirroring
Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing
packets from a monitored port to a monitoring port. Users specify which target port receives copies
of all traffic passing through a specified source port.
For more information, see "Defining Port Mirroring Sessions."
Broadcast Storm Control
Storm Control enables limiting the amount of Multicast and Broadcast frames accepted and
forwarded by the Ethernet Switch Module.
When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the
relevant VLAN. This occupies bandwidth, and loads all nodes connected on all ports.
For more information, see "Enabling Storm Control."
12
Introduction
VLAN Supported Features

VLAN Support
VLANs are collections of switching ports that comprise a single broadcast domain. Packets are
classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the
ingress port and packet contents. Packets sharing common attributes can be grouped in the same
VLAN.
For more information, see "Configuring VLANs."
Port Based Virtual LANs (VLANs)
Port-based VLANs classify incoming packets to VLANs based on their ingress port.
For more information, see "Defining VLAN Ports Settings."
IEEE802.1V Protocol Based Virtual LANs (VLANs)
VLAN classification rules are defined on data-link layer (Layer 2) protocol identification. Protocolbased VLANs isolate Layer 2 traffic for differing Layer 3 protocols.
For more information, see "Defining VLAN Protocol Groups."
Full 802.1Q VLAN Tagging Compliance
IEEE 802.1Q defines an architecture for virtual bridged LANs, the services provided in VLANs and
the protocols and algorithms involved in the provision of these services. An important requirement
included in this standard is the ability to mark frames with a desired Class of Service (CoS) tag
value (0-7).
GVRP Support
GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and
dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the Ethernet Switch
Module registers and propagates VLAN membership on all ports that are part of the active
underlying "Spanning Tree Protocol Features" on page 13 topology.
For more information, see "Configuring GVRP."
Spanning Tree Protocol Features

Spanning Tree Protocol (STP)
802.1d Spanning tree is a standard Layer 2 switch requirement that allows bridges to automatically
prevent and resolve L2 forwarding loops. Switches exchange configuration messages using
specifically formatted frames and selectively enable and disable forwarding on ports.
For more information, see "Configuring the Spanning Tree Protocol."
Introduction
13
Fast Link
STP can take up to 30-60 seconds to converge. During this time, STP detects possible loops,
allowing time for status changes to propagate and for relevant Ethernet Switch Modules to
respond. 30-60 seconds is considered too long of a response time for many applications. The Fast
Link option bypasses this delay, and can be used in network topologies where forwarding loops do
not occur.
For more information enabling Fast Link for ports and LAGs, see "Defining STP Port Settings" or
"Defining STP LAG Settings."
IEEE 802.1w Rapid Spanning Tree
Spanning Tree can take 30-60 seconds for each host to decide whether its ports are actively
forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of network topologies to enable faster
convergence, without creating forwarding loops.
For more information, see "Configuring Rapid Spanning Tree."
Link Aggregation
For more information, see "Aggregating Ports."
Link Aggregation
Up to six Aggregated Links may be defined, each with up to six member ports, to form a single Link
Aggregated Group (LAG). This enables:
Fault tolerance protection from physical link disruption
Higher bandwidth connections
Improved bandwidth granularity
High bandwidth server connectivity
LAG is composed of ports with the same speed, set to full-duplex operation.
NOTE: Only the six external port can be added to LAG.
For more information, see "Defining LAG Membership."
Link Aggregation and LACP
LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation
capability of various links, and continuously provides the maximum level of aggregation capability
achievable between a given pair of systems. LACP automatically determines, configures, binds and
monitors the port binding to aggregators within the system.
For more information, see "Defining LACP Parameters."
14
Introduction
Layer 3 Features
Address Resolution Protocol (ARP)
The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps
the IP address to a MAC address. ARP allows a host to communicate with other hosts only when
the IP address of its neighbors is known.
For more information, see "Configuring ARP."
TCP
Transport Control Protocol (TCP). TCP connections are defined between 2 ports by an initial
synchronization exchange. TCP ports are identified by an IP address and a 16-bit port number.
Octets streams are divided into TCP packets, each carrying a sequence number.
BootP and DHCP Clients
DHCP enables additional setup parameters to be received from a network server upon system
startup. DHCP service is an on-going process. DHCP is an extension to BootP.
For more information on DHCP, see "Defining DHCP IP Interface Parameters."
Quality of Service Features

Class Of Service 802.1p Support
The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing
network traffic at the data link/MAC sub-layer. 802.1p traffic is classified and sent to the
destination. No bandwidth reservations or limits are established or enforced. 802.1p is a spin-off of
the 802.1Q (VLANs) standard. 802.1p establishes eight levels of priority, similar to the IP
Precedence IP Header bit-field.
For more information, see "Configuring Quality of Service."
Ethernet Switch Module Management Features

SNMP Alarms and Trap Logs
The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a
Trap Recipient List.
For more information on SNMP Alarms and Traps, see "Defining SNMP Parameters."
SNMP Version 1 and Version 2
Simple Network Management Protocol (SNMP) over the UDP/IP protocol controls access to the
system, a list of community entries is defined, each of which consists of a community string and its
access privileges. There are 3 levels of SNMP security read-only, read-write and super. Only a super
user can access the community table.
Introduction
15
Web Based Management
With web based management, the system can be managed from any web browser. The system
contains an Embedded Web Server (EWS), which serves HTML pages, through which the system
can be monitored and configured. The system internally converts web-based input into
configuration commands, MIB variable settings and other management-related settings.
Configuration File Download and Upload
The Ethernet Switch Module configuration is stored in a configuration file. The Configuration file
includes both system wide and port specific Ethernet Switch Module configuration. The system
can display configuration files in the form of a collection of CLI commands, which are stored and
manipulated as text files.
For more information, see "Managing Files."
TFTP Trivial File Transfer Protocol
The Ethernet Switch Module supports boot image, software and configuration upload/download
via TFTP.
Remote Monitoring
Remote Monitoring (RMON) is an extension to SNMP, which provides comprehensive network

traffic monitoring capabilities (as opposed to SNMP which allows network Ethernet Switch
Module management and monitoring). RMON is a standard MIB that defines current and
historical MAC-layer statistics and control objects, allowing real-time information to be captured
across the entire network.
For more information, see "Viewing RMON Statistics."
Command Line Interface
Command Line Interface (CLI) syntax and semantics conform as much as possible to common
industry practice. CLI is composed of mandatory and optional elements. The CLI interpreter
provides command and keyword completion to assist user and shorten typing.
Syslog
Syslog is a protocol that enables event notifications to be sent to a set of remote servers, where they
can be stored, examined and acted upon. The system sends notifications of significant events in
real time, and keeps a record of these events for after-the-fact usage.
For more information on Syslog, see "Managing Logs."
16
Introduction
SNTP
The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Switch Module
clock time synchronization up to the millisecond. Time synchronization is performed by a network
SNTP server. Time sources are established by Stratums. Stratums define the distance from the
reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
For more information, see "Configuring SNTP Settings."
Traceroute
Traceroute enables discovering IP routes that packets were forwarded along during the forwarding
process. The CLI Traceroute utility can be executed from either the user-exec or privileged modes.
Security Features
SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data
through privacy, authentication, and data integrity. It relies upon certificates and public and private
keys.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via an external
server. Only authenticated and approved system users can transmit and receive data. Ports are
authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the
Extensible Authentication Protocol (EAP).
For more information, see "Configuring Port Based Authentication."
Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with
specific MAC addresses. These addresses are either manually defined or learned on that port.
When a frame is seen on a locked port, and the frame source MAC address is not tied to that port,
the protection mechanism is invoked.
For more information, see "Configuring Port Security."
RADIUS Client
RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which

contains per-user authentication information, such as user name, password and accounting
information.
For more information, see "Configuring RADIUS Global Parameters."
Introduction
17
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a Ethernet Switch
Module. SSH version 2 is currently supported. The SSH server feature enables an SSH client to
establish a secure, encrypted connection with a Ethernet Switch Module. This connection provides
functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key
cryptography for Ethernet Switch Module connections and authentication.
TACACS+
TACACS+ provides centralized security for validation of users accessing the Ethernet Switch
Module. TACACS+ provides a centralized user management system, while still retaining
consistency with RADIUS and other authentication processes.
For more information, see "Defining TACACS+ Settings."
Port Default Settings

The default settings of the internal and external ports are as follows:
Table 1-1. Port Default Settings
External Ports
Function
Default Setting
Flow Control
Off (disabled on ingress)
Back Pressure
Auto Negotiation
Enabled
Speed and duplex auto

negotiation
On (disabled on ingress)
Internal Ports
Function
Default Setting
Speed and duplex auto

negotiation
Flow control
Disabled
Auto negotiation of Flow Control Off (disabled on ingress)
NOTE: The settings are fixed on the internal ports and cannot be changed.
Additional CLI Documentation

The CLI Reference Guide, which is available on the Documentation CD, provides information
about the CLI commands used to configure the Ethernet Switch Module. The document provides
information including the CLI description, syntax, default values, guidelines, and examples.
18
Introduction
Ethernet Switch Module Port Configurations
PowerConnect 5316M Front Panel Port Description
The PowerConnect 5316M Ethernet Switch Module contains 6 external Gigabit Ethernet
10/100/1000 Base-T ports on the front panel for connecting to a network, and 10 Gigabit Ethernet
internal ports for connecting the embedded network controllers on the PowerEdge Server Modules.
The six external Gigabit Ethernet ports can operate at 10, 100 or 1000 Mbps. These ports support
auto-negotiation, duplex mode (Half or Full duplex), and flow control. The 10 Gigabit Ethernet
ports that connect to PowerEdge Server Modules can only operate at 1000 Mbps, full-duplex.
These 10 ports also support flow control.
The following figure illustrates the PowerConnect 5316M front panel.
Figure 2-2. PowerConnect 5316M Front Panel
On the front panel there are six ports which are numbered 11 to 16 from left to right. The ports are
designated as g11 to g16 for system configuration. On each port there are LEDs to indicate the port
status.
On the left side of the front panel is the System LED which indicates the Ethernet Switch Module
operational status.
Physical Dimensions
The Ethernet Switch Module has the following physical dimensions:
Height 32.2 mm
Width 129.8 mm
19
Depth 251.2 mm
LED Definitions
The front panel contains light emitting diodes (LED) that indicate the status of links, and switch
diagnostics.
Port LEDs
10/100/1000 Base-T Port LEDs
Each 10/100/1000 Base-T port has two LEDs. Speed/link/activity is indicated on the left LED and
the duplex mode is indicated on the right LED.
Figure 2-3.
The RJ-45 LED indications are described in the following table:

Table 2-2. RJ-45 Copper based 10/100/1000 Base-TLED Indications
LED
Color
Description
Left LED
Green Static
The port is linked at 1000 Mbps.
Green Flashing
The port is transmitting or receiving data at 1000 Mbps.
Orange Static
The port is linked at either 10 or 100 Mbps.
Orange Flashing
The port is transmitting or receiving data at either 10 or 100 Mbps.
Off
No Link.
Green
The port is currently transmitting in Full Duplex mode.
Off
The port is operating in Half Duplex mode.
Right LED
System LED
There is one system LED on the Ethernet Switch Module with dual functions, controlled by
DRAC/MC for error status reporting and Ethernet Switch Module identification. Different
flashing frequencies are used to indicate the different functions. There are two functions,
identification and error reporting, with identification having a higher priority than error reporting.
20
NOTE: If there is an error and the identification function is activated, the LED still functions as an
identification LED.
The LED can only be disabled by the DRAC/MC with a 255 seconds timeout. If an error occurs,
the LED for error reporting will always be flashing and cannot be disabled.
The following table describes the system LED indications.
Table 2-3.
System LED Indications
LED Color
Identification
Solid green
The Ethernet Switch Module is powered on and functions correctly.
Flashing Green Ethernet Switch Module is malfunctioning.

Off
The Ethernet Switch Module is powered off
Port Connections, Cables, and Pinout Information

This section explains the Ethernet Switch Modules physical interfaces, and provides information
about port connections. Copper Cable diagnostics are supported.
1000 Base-T Cable Requirements

All Category 5 UTP cables that are used for 100 Base-TX connections should also work for
1000Base-T, provided that all four wire pairs are connected. However, it is recommended that for all
critical connections, or any new cable installations, Category 5e (enhanced Category 5) cable
should be used. The Category 5e specification includes test parameters that are only
recommendations for Category 5 and it complies with the IEEE 802.3ab standards.
RJ-45 Connections for 10/100/1000 Base-T Ports

The 10/100/1000 Base-T ports are copper twisted-pair ports.
Table 2-4.
Ports, Connectors and Cables

Connector
Port/Interface
RJ-45
10/100/1000 Base-T Port
Cable
Cat.5
The following figure illustrates the RJ-45pin connector pin numbers.
21
Figure 2-4.
RJ-45 Pin Numbers
The RJ-45pin number allocation for the 10/100/1000 Base-T ports is listed in the following table.
Table 2-5. RJ-45 Pin Number Allocation for 10/100/1000 Base-T Ethernet Port
Pin No
Function
22
TxRx 1+
TxRx 1-
TxRx 2+
TxRx 2-
TxRx 3+
TxRx 3-
TxRx 4+
TxRx 4-

This section contains information about Ethernet Switch Module unpacking, installation, and
cable connections.
Installation Precautions
CAUTION Before performing any of the following procedures, read and follow the safety
instructions located in the Product Information Guide included in the Dell Documentation.
CAUTION Observe the following points before performing the procedures in this section:
Observe and follow the service markings. Do not service any Ethernet Switch Module except
as explained in the system documentation. Opening or removing covers marked with a
triangular symbol with a lighting bolt may cause electrical shock. These components are to be
serviced by trained service technicians only.
Ensure that the Ethernet Switch Module is not exposed to water.
Ensure that the Ethernet Switch Module is not exposed to radiators or heat sources.
Do not push foreign objects into the Dell Modular Server Chassis I/O Module bays, as it may
cause a fire or electric shock.
Use the Ethernet Switch Module only with approved equipment.
Allow the Ethernet switch module to cool before removing covers or touching internal
equipment.
Ensure that the airflow around the front, sides, and back of the Dell Modular Server Chassis is
not restricted.
Overview
The Ethernet Switch Module is installed in one of the Chassis I/O Module bays of the Dell
Modular Server Chassis. For the details on the number, types and location of the module bays, and
for additional information on the entire Modular Server System, see Dell PowerEdge 1855 Systems
User's Guide and Dell PowerEdge Installation and Troubleshooting Guide.
The process of installing an Ethernet Switch Module into a Dell Modular Server Chassis consists of
both hardware and software instructions. The process consists of three main functions: physically
installing the Ethernet Switch Module into the Dell Modular Server Chassis, connecting the RS-
23
232 serial port of the Dell Remote Access Controller / Modular Chassis (DRAC/MC) to the RS-232
serial port of the terminal or computer running the terminal emulation application, and finally
configuring the Ethernet Switch Module.
Once the DRAC/MC is connected to the console, the Ethernet Switch Module can be configured.
The initial configuration process consists of setting the user name and password, configuring the
static IP address, and configuring the read/write access and community strings.
After the IP address is set, the Ethernet Switch Module can be managed through the network via
Telnet, SNMP, or Web interfaces.
Unpacking
If the Ethernet Switch Modules are ordered with the Dell Modular Server Chassis, the Ethernet
Switch Modules are already installed and no unpacking is required. The unpacking procedure
applies only if an additional Ethernet Switch Module is ordered or a new unit replacing a
malfunctioning Ethernet Switch Module is received.
Package Contents
While unpacking the Ethernet Switch Module, ensure that the following items are included:
The Ethernet Switch Module
Documentation CD
Getting Stated Guide
Safety and Regulatory Information Document
Unpacking the Ethernet Switch Module

To unpack the Ethernet Switch Module:
NOTE: Before unpacking the Ethernet Switch Module, inspect the packaging and report any evidence of
damage immediately to Dell.
NOTE: An ESD strap is not provided, however it is recommended to wear one for the following
procedure.
24
Open the container.
Carefully remove the Ethernet Switch Module from the container and place it on a secure,
stable and clean surface.
Remove all packing material.
Inspect the Ethernet Switch Module for damage. Report any damage immediately to Dell.
Major Components of the Ethernet Switch Module

NOTE: The illustrations in this document might differ slightly from the actual Ethernet Switch Module
and Dell Modular Server Chassis.
Figure 3-5. Ethernet Switch Module Components
Installing and Removing a Ethernet Switch Module

The following illustration shows the four bays reserved for the Dell Modular Server Chassis I/O
modules.
25
Figure 3-6.
Dell Modular Server Chassis I/O Module Locations
Bay 2
Bay 1
Bay 4
Bay 3
DRAC/MC Console Serial Port
NOTE: To maintain proper system cooling, each module bay must contain either a module or end-cap
(blank plug).
The four Chassis I/O module bays are located at the rear panel of the Dell Modular Server Chassis.
Although Ethernet Switch Module can be inserted in every I/O module bay it is important to
understand that not all of the bays are neccessarily intended for the Ethernet Switch Modules. The
usage of the bays is dependent on the system I/O requirements.
In particular, the Chassis I/O Module bays 1 and 2 are specifically intended to house the Ethernet
Switch Modules. The bays 3 and 4 should only be populated with the Ethernet Switch Modules if a
Gigabit Ethernet daughter card is installed on the Server Module(s).
Ethernet Controller Enumeration

The usage of the bays is dependent on the system I/O requirements. In particular, the Chassis I/O
Module bays 1 and 2 are specifically intended to house the Ethernet Switch Modules. The bays 3
and 4 should only be populated with the Ethernet Switch Modules if a Gigabit Ethernet daughter
card is installed on the Server Module(s).
For more information about the components of the information panel, see Dell PowerEdge 1855
Systems User's Guide and Dell PowerEdge Installation and Troubleshooting Guide.
26
System Reliability Considerations

NOTICE: To help ensure proper cooling and system reliability, make sure that:
Each of the module bays on Dell Modular Server Chassis has either a module or end-cap (blank
plug) installed.
A removed hot-swap module is replaced with an identical module or end-cap (blank plug) within 1
minute of removal.
Safety
CAUTION: Never remove the cover on a power supply or any part that has the following label
attached.
Figure 3-7. Caution Label
CAUTION: Hazardous voltage, current, and energy levels are present inside any component that has
this label attached. There are no serviceable parts inside these components. If you suspect a problem
with one of these parts, contact a service technician.
Handling Static Sensitive Devices

NOTICE: Static electricity can damage electronic Ethernet Switch Modules and the system. To avoid
damage, keep static-sensitive Ethernet Switch Modules in their static-protective packages until they are
ready to be installed. To reduce the possibility of electrostatic discharge, observe the following
precautions:
Limit your movement. Movement can cause static electricity to build up around your person.
Handle the Ethernet Switch Modules carefully, holding it by its edges or its frame.
Do not touch solder joints, pins or exposed printed circuitry.
Do not leave the Ethernet Switch Modules where others can handle and possibly damage the
Ethernet switch module.
While the Ethernet Switch Modules is still in its static-protective package, touch it to an unpainted
metal part of Dell Modular Server Chassis for at least two seconds. (This drains static electricity
from the package and from your person.)
Remove the Ethernet Switch Module from its package and install it directly into the Dell Modular
Server Chassis without setting it down. If it is necessary to set the Ethernet Switch Module down,
place it in its static-protective package. Do not place the Ethernet Switch Modules on your Dell
Modular Server Chassis or on a metal table.
27
Take additional care when handling Ethernet Switch Modules during cold weather because heating
reduces indoor humidity and increases static electricity.
Installing the Ethernet Switch Module into Dell Modular

Server Chassis
This section applies only to additional or replacement Ethernet Switch Modules not included in
the initial Dell Modular Server Chassis system order.
NOTE: Neither the PowerEdge Server Module nor the Dell Modular Server Chassis needs to be powered
down to install a Ethernet Switch Module.
To install an Ethernet Switch Module into a Dell Modular Server Chassis perform the following:
1
Review and become familiar with the safety and handling guidelines specified under "Safety"
and "Handling Static Sensitive Devices."
Select a Chassis I/O Module bay in which to install the Ethernet Switch Module. In this
example, an Ethernet Switch Module is being installed in the Chassis I/O Module Bay 1. For
other modules and their positions see "Ethernet Controller Enumeration."
Remove the end-cap (blank plug) from the selected bay. Store the end-cap (blank plug) for
future use.
If not already done, touch the static-protective package that contains the Ethernet Switch
Module to an unpainted metal part of Dell Modular Server Chassis for at least two seconds.
Remove the Ethernet Switch Module from its static-protective package.
Ensure that the release latch on the Ethernet Switch Module is in the open position
(perpendicular to the module).
Figure 3-8.
28
Slide the Ethernet Switch Module into the appropriate bay until it stops.
Push the release latch on the front of the Ethernet Switch Module to the closed position.
Figure 3-9. Inserting a Ethernet Switch Module into the
29
Removing a Ethernet Switch Module

CAUTION: Never remove the cover on a power supply or any part that has the following label
attached.
NOTE: Neither the Server Modules, nor the Dell Modular Server Chassis needs to be powered down to
remove a Ethernet Switch Module.
NOTE: By removing an Ethernet Switch Module, the connection to the network is broken.
NOTE: The replacement Ethernet Switch Module or an end-cap (blank plug) must be installed within 1
minute of removing an Ethernet Switch Module or an end-cap (blank plug).
To remove a Ethernet Switch Module from Dell Modular Server Chassis perform the following:
30
Review and become familiar with the safety and handling guidelines specified under "Safety"
and "Handling Static Sensitive Devices."
Select the Ethernet Switch Module to remove. In this example, an Ethernet Switch Module is
being removed from Bay 1. For other modules and their positions see "Ethernet Controller
Enumeration."
Complete any Dell Modular Server Module tasks as specified in the Dell PowerEdge 1855
Systems User's Guide and Dell PowerEdge Installation and Troubleshooting Guide.
Pull the release latch on the Ethernet Switch Module outwards (perpendicular to the
module). The Ethernet Switch Module is released from the Dell Modular Server Chassis.
Figure 3-10.
Pull the release latch on the Ethernet Switch Module
Slide the Ethernet Switch Module out of the Dell Modular Server Chassis and set it aside.
31
Figure 3-11. Slide the Ethernet Switch Module out of the Dell Modular Server Chassis
Place either another Ethernet Switch Module or a end-cap (blank plug) in the bay within one
minute.
For more information, see Dell PowerEdge 1855 Systems User's Guide and Dell PowerEdge
Installation and Troubleshooting Guide.
Accessing the Ethernet Switch Module CLI User Interface via

DRAC/MC Console Port
To connect to the Ethernet Switch Module via DRAC/MC, perform the following:
1
32
Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the DRAC/MC
in the Dell Modular Server Chassis to the RS-232 serial port of the terminal or computer
running the terminal emulation application.
NOTE: The default data rate of the DRAC/MC is 115200. See the Dell Remote Access Controller/Modular
Chassis Users Guide to determine the current baud rate settings of the DRAC/MC.
a
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set Flow Control to none.
Under Properties, select VT100 for Emulation mode.
Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for
Terminal keys (not Windows keys).
NOTICE: When using HyperTerminal with Microsoft Windows 2000,ensure that Windows 2000
Service Pack 2 or later is installed. With Windows 2000 Service Pack 2, the arrow keys function properly
in HyperTerminals VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service
packs.
On the console monitor the DRAC/MC application displays a login screen.
2
Log in onto the DRAC/MC using the default username root and password calvin.
The DRAC/MC CLI command prompt "DRAC/MC:" is displayed.
For more information, see Dell Modular Server System User's Guide and Dell Remote Access
Controller/Modular Chassis Users Guide.
If Dell Modular Server Chassis is off then power it on using the following DRAC/MC CLI
command:
racadm chassisaction -m chassis powerup
NOTE: The Ethernet Switch Module inserted into the Chassis I/O bay is powered on automatically when
the Dell Modular Server Chassis is powered on. For further details on configuring the Dell Modular
Server Chassis via the DRAC/MC CLI interface see the Dell Remote Access Controller/Modular Chassis
User's Guide.
Power cycle the Ethernet Switch Module using the following DRAC/MC CLI command:
racadm chassisaction -m
switch-N powercycle
where N is the Chassis I/O Module bay number in which the Ethernet Switch Module is
inserted.
5
Redirect the DRAC/MC serial console to the Ethernet Switch Module internal serial console
interface. This action is performed by entering the CLI command at the command prompt of
the DRAC/MC CLI.
connect switch-N
where N is the Chassis I/O Module bay number in which the Ethernet Switch Module is
inserted.
NOTE: To switch back to the context of the DRAC/MC CLI command prompt press the following
sequence of keys: "<Enter>~."; that is, first press <Enter>, then press on tilde "~" (remember to depress the
<Shift> key if the tilde character is located in the upper register of your keyboard) and then press period
(dot) "."
33
For further details on configuring and using the DRAC/MC see Dell Remote Access Controller
/ Modular Chassis User's Guide.
Once the Ethernet Switch Module is connected to the console, wait until the Ethernet
Switch Module is fully booted. Observe the booting information being outputted to the
terminal window and wait for the Ethernet Switch Module CLI command prompt "console>"
to appear. Press <Enter> several times in order to ensure that the terminal connection is
successfully established and the Ethernet Switch Module can be configured through the CLI
command interface.
6
Make sure that the system LED on the Ethernet Switch Module is illuminated green and is
not flashing, which indicates that the Ethernet Switch Module is operating properly.
An output similar to the following will be displayed on the terminal window:
Remote Access Controller / Modular Chassis (DRAC/MC)
Copyright (C) 2000-2004 Dell Inc. All Rights Reserved.
Login: root
Password: ******
DRAC/MC: racadm chassisaction -m chassis powerup

OK
DRAC/MC: racadm chassisaction -m switch-1 powercycle
OK
DRAC/MC: connect switch-1
Connected to switch-1 ...
------ Performing the Power-On Self Test (POST) -----UART Channel Loopback Test........................PASS
Testing the System SDRAM..........................PASS
Boot1 Checksum Test...............................PASS
Flash Image Validation Test.......................PASS
FRU Validation Test...............................PASS
34
BOOT Software Version x.x.x.x Built xx-xxx-xxxx xx:xx:x
[DELL LOGOTYPE]
Autoboot in 2 seconds - press RETURN or Esc. to abort and enter

prom.
Preparing to decompress...
Decompressing SW from image-1
7b4000
OK
Running from RAM...
**************************************************************
*** Running SW Ver. 1.x.x.x Date 1-Oct-2004 Time xx:xx:xx ***
**************************************************************
HW version is 00.00.01
Base Mac address is: xx:xx:xx:xx:xx:xx
Dram size is : 64M bytes
Dram first block size is : 40960K bytes
Dram first PTR is : 0x1800000
Flash size is: 16M
Loading running configuration.
Loading startup configuration.
Device configuration:
Prestera based system
Slot 1 - PowerConnect 5316M
Tapi Version: v1.2.10-P1_02
35
Core Version: v1.2.10-P1_02

01-Oct-2004 01:01:22 %INIT-I-InitCompleted: Initialization
task is completed
01-Oct-2004 01:01:25 %LINK-I-Down: Vlan 1
01-Oct-2004 01:01:25 %LINK-I-Down: g1
01-Oct-2004 01:01:25 %LINK-I-Down: g2
01-Oct-2004 01:01:25 %LINK-I-Down: g3
01-Oct-2004 01:01:25 %LINK-I-Down: g4
01-Oct-2004 01:01:25 %LINK-I-Down: g5
01-Oct-2004 01:01:25 %LINK-I-Down: g6
01-Oct-2004 01:01:25 %LINK-I-Down: g7
01-Oct-2004 01:01:25 %LINK-I-Down: g8
01-Oct-2004 01:01:25 %LINK-I-Down: g9
01-Oct-2004 01:01:25 %LINK-I-Down: g10
01-Oct-2004 01:01:25 %LINK-W-Down: g11
01-Oct-2004 01:01:25 %LINK-W-Down: g12
01-Oct-2004 01:01:25 %LINK-W-Down: g13
01-Oct-2004 01:01:25 %LINK-W-Down: g14
01-Oct-2004 01:01:26 %LINK-W-Down: g15
01-Oct-2004 01:01:26 %LINK-W-Down: g16
01-Oct-2004 01:03:32 %INIT-I-Startup: Cold Startup
console>
7
If an error is displayed, or the green system LED is flashing, stop the installation process and
contact Dell technical support.
Connecting Network to an Ethernet Switch Module

To connect to an uplink port, use Category 5 unshielded twisted-pair (UTP) cables with RJ-45
connectors at both ends. The RJ-45 ports on the Ethernet Switch Module supports automatic
Media-Dependent Interface/Media-Dependent Interface with internal crossover wiring
36
(MDI/MDIX) operation under auto-negotiation mode, so standard straight-through twisted-pair

cables can be used to connect to any other network Ethernet module (systems, servers, switches or
routers) that supports auto-negotiation.
NOTE: Do not plug a phone jack connector into an RJ-45 port. This will damage the Ethernet Switch
Module. Use only twisted-pair cables with RJ-45 connectors that conform to FCC standards.
NOTE: If autonegotiation is turned off on the ports, a straight through cable must be used.
To connect the Network to the Ethernet Switch Module:
1
Attach a one end of a twisted-pair cable to the Ethernet Switch Modules RJ-45 connector,
and the other end to a switch or server.
Make sure each twisted pair cable does not exceed 120 meters (393.7 ft.) in length.
As each connection is made, the green Link LED on the Ethernet Switch Module corresponding to
each port is illuminated indicating that the connection is valid.
For more information see "Port Connections, Cables, and Pinout Information."
External Port Default Settings

NOTE: Do not connect more than one uplink port to the same switch unless a LAG is being configured.
This is to prevent storming of the network. If more than one port is connected between two switches,
there is a risk that a storming of packets will occur. So the ports are connected in a LAG topology, and
STP is enabled on both ports, there is a risk of storming. The STP prevents such a storm by blocking one
of the ports, therefore preventing any communication in or out of the blocked port.
The general information for configuring the Ethernet Switch Module ports includes the short
description of the auto-negotiation mechanism and the default settings for switching ports.
Auto-Negotiation
Auto-negotiation enables automatic detection of speed, duplex mode and flow control on
switching 10/100/1000 Base-T ports. Auto-negotiation is enabled per port by default.
Auto-negotiation is a mechanism established between two link partners to enable a port to
advertise its transmission rate, duplex mode and flow control (the flow control default is disabled)
abilities to its partner. The ports then both operate at the highest common denominator between
them.
If connecting a Ethernet Switch Module to an external switch port that does not support autonegotiation or is not set to auto-negotiation, both the Ethernet Switch Module switching port and
the external switch port must be manually set to the same speed and duplex mode.
If connecting a regular computer NIC (Network Interface Card) to the External Switch Ports, both
should be either configured to Auto Negotiation, or to the same speed and duplex mode, manually.
Meaning, if one of the NIC is configured to 1000/Full Duplex, the same configuration should apply
to the External Switch Port.
37
MDI/MDIX
The Ethernet Switch Module supports auto-detection of straight through and crossed cables on all
switching 10/100/1000 Base-T ports. The feature is enabled when Auto-negotiation is enabled, and
auto MDI/MDIX is automatically disabled if the auto-negotiation is disabled. In this scenario, the
correct cable must be used.
When the MDI/MDIX (Media Dependent Interface with Crossover) is enabled, the automatic
correction of errors in cable selection is possible, making the distinction between a straight through
cable and a crossover cable irrelevant. (The standard wiring for end stations is known as MDI
(Media Dependent Interface), and the standard wiring for hubs and switches is known as MDIX.)
Flow Control
The Ethernet Switch Module supports IEEE 802.3x Flow Control for ports configured with the
Full Duplex mode. By default, this feature is disabled. It can be enabled per port. The flow control
mechanism allows the receiving side to signal to the transmitting side that transmission must
temporarily be halted to prevent buffer overflow.
Back Pressure
The Ethernet Switch Module supports back pressure for ports configured to Half Duplex mode. By
default, this feature is disabled. It can be enabled per port. The back pressure mechanism prevents
the transmitting side from transmitting additional traffic temporarily. The receiving side may
occupy a link so it becomes unavailable for additional traffic.
38
Starting and Configuring the Ethernet Switch

Module
NOTE: Before proceeding, read the release notes for this product. The release notes can be
downloaded from support.dell.com.
Introduction
Its important to understand the Ethernet Switch Module architecture and the Dell Modular
Server System architecture when configuring the Ethernet Switch Module. See "PowerConnect
5316M and the Dell Modular Server System."
The installation and configuration process is illustrated in the following figure.
39
Figure 4-12. Installation and Configuration Flow
Configuration Overview
Before assigning a static IP address to the Ethernet Switch Module, obtain the following
information:
An IP address that has been allocated to the Ethernet Switch Module in order for it to be
configured.
Network mask.
There are two configuration types:
40
Initial Configuration Consists of configuration functions with basic security

considerations.
Advanced Configuration Consists of dynamic IP configuration and more advanced

security considerations.
NOTE: After making any configuration changes, the new configuration must be saved before rebooting.
To save the configuration, enter:
console# copy running-config startup-config
Accessing Startup Menu

When the Ethernet Switch Module is powered on, it goes through Power On Self Test (POST).
POST runs every time the Ethernet Switch Module is initialized and checks hardware components
to determine if the Ethernet Switch Module is fully operational before completely booting.
After the POST and during the boot, the Startup menu can be used to run special procedures. To
enter the Startup menu, press <Esc> or <Enter> within the first two seconds after the auto-boot
message is displayed.
If the system boot process is not interrupted by pressing <Esc> or <Enter>, the process
continues decompressing and loading the code into RAM. The code starts running from RAM and
the list of numbered system ports and their states (up or down) is displayed.
After the Ethernet Switch Module boots successfully, a system prompt is displayed (console>)
which is used to configure the Ethernet Switch Module. However, before configuring the Ethernet
Switch Module, ensure that the latest software version is installed on the Ethernet Switch Module.
If it is not the latest version, download and install the latest version. For more information on
downloading the latest version see the "Software Download" on page 53.
Initial Configuration
NOTE: Before proceeding, read the release notes for this product. The release notes can be
downloaded from Dell support website at support.dell.com.
NOTE: The initial simple configuration uses the following assumptions:
The PowerConnect Ethernet Switch Module was never configured before, and is in the same state
as when it was received.
The PowerConnect Ethernet Switch Module booted successfully.
The connection to Ethernet Switch Module via the serial console port of the DRAC/MC was
established and the CLI command prompt is displayed on the screen of the teminal or in the window
of the terminal emulation application (press the <Enter> key several times to verify that the prompt
displays correctly).
The Ethernet Switch Module is not configured with a default user name and password.
The initial Ethernet Switch Module configuration is through the DRAC/MC Serial port. After the
initial configuration, the Ethernet Switch Module can then be managed either from the already
connected DRAC/MC Serial port or remotely through an interface defined during the initial
configuration.
The initial configuration consists of the following:
Setting the user name admin, password as secret with the highest privilege level of 15.
41
Configuring the static IP address and the default gateway.
Configuring the SNMP read/write access and community strings.
Before applying the initial configuration procedure to the Ethernet Switch Module, the following
information must be obtained from the network administrator:
The IP address to be assigned to a VLAN through which the Ethernet Switch Module is
managed.
The IP subnet mask for the network.
The default gateway IP address.
The SNMP community.
Static IP Address and Subnet Mask

An IP address can be configured on any interface, including a VLAN, a LAG, and a physical port.
After entering the configuration command, it is recommended to check if a port was configured
with the IP address by entering the show ip interface command.
Important: If an IP address is configured on a LAG or physical port (ex. g11), that interface is
removed from VLAN 1.
Static Default Gateway

To manage the device from a remote network a static route must be configured, which is an IP
address to where packets are sent when no entries are found in the device tables. The configured IP
address must belong to the same subnet as one of the device IP interfaces.
Assigning Static IP Addresses on a Default VLAN

NOTE: This example uses the following assumptions:
Username admin with password secret and privilege level 15
The IP address to be assigned to the PowerConnect VLAN interface is 192.168.1.123
The IP subnet mask for the network is 255.255.255.0
The IP address of the default VLAN is 192.168.1.1
The read/write SNMP community string is private
console> enable
console# configure
console(config)# username admin password secret level 15
console(config)# interface vlan 1
console(config-if)# ip address 192.168.1.123 255.255.255.0
console(config-if)# exit
42
console(config)# ip default-gateway 192.168.1.1

console(config)# snmp-server community private rw
console(config)# exit
console#
Verifying the IP and Default Gateway Addresses

Ensure that the IP address and the default gateway were properly assigned by executing the
following command and examining its output:
console# show ip interface vlan 1

Gateway IP Address
Type
Activity status
---------------------
------------
------------------
192.168.1.1
Static
Active
IP address
Interface
Type
-------------------
------------
------------
192.168.1.123/24
VLAN 1
Static
User Name
To manage the Ethernet Switch Module remotely, for example through SSH, Telnet, or the Web
interface, a user name must be configured. To gain complete administrative control over the
Ethernet Switch Module the highest privilege (15) must be specified.
NOTE: Only the administrator (super-user) with the highest privilege level (15) is allowed to manage the
Ethernet Switch Module through the Web browser interface.
It allows access via IP interfaces. It also allows access to the device via HTTP and HTTPS.
For more information about the privilege level, see the CLI Reference Guide.
The configured user name is entered as a login name for remote management sessions. To
configure user name admin with password abc and highest privilege level, enter the command at
the system prompt as shown in the configuration example:
console> enable
console# configure
console(config)# username admin password abc level 15
43
SNMP Community Strings

Simple Network Management Protocol (SNMP) provides a method for managing network
Ethernet Switch Modules. Ethernet Switch Modules supporting SNMP run a local software
(agent). The SNMP agents maintain a list of variables, used to manage the Ethernet Switch
Module. The variables are defined in the Management Information Base (MIB). The MIB presents
the variables controlled by the agent. Access rights to the SNMP agents are controlled by access
strings and SNMP community strings.
The Ethernet Switch Module is SNMP-compliant and contains an SNMP agent that supports a set
of standard and private MIB variables. Developers of management stations require the exact MIB
tree structure and receive the complete private MIBs information before being able to manage the
MIBs.
All parameters are manageable from any SNMP management platform, except the SNMP
management station IP address, community name, and access rights. The SNMP management
access to the Ethernet Switch Module is disabled if no community strings exist.
NOTE: The Ethernet Switch Module is delivered with no community strings configured. SNMPv1 and
SNMPv2 are supported on the Ethernet Switch Module. This section describes SNMPv1/v2 configuration
parameters.
During the initial configuration procedure the community-string, community-access, and IP
address can be set through the local terminal.
The SNMP configuration options are:
Community access strings.
Read Only Indicates that the community members can view configuration
information, but cannot change any information.
Read/Write Indicates that the community members can view and modify
configuration information.
Super Indicates that the community members have administration access.
Configurable IP address. If IP address is not configured, all community members with the
same community name are granted the same access rights.
Common practice is to use two community strings for the Ethernet Switch Module one (public
community) with read-only access and the other (private community) with read-write access. The
public string allows authorized management stations to retrieve MIB objects, while the private
string allows authorized management stations to retrieve and modify MIB objects.
During initial configuration, it is recommended to configure the Ethernet Switch Module
according to the network administration requirements, in accordance with using an SNMP-based
management station.
44
Configuring SNMP
To configure SNMP station IP address and community string(s) for the general Ethernet Switch
Module router tables:
1
At the console prompt, enter the command Enable. The prompt is displayed as #.
Enter the command configure and press <Enter>.
In the configuration mode, enter the SNMP configuration command with the parameters
including community name (private), community access right (read and write) and IP
address, as shown in the example below:
console# configure
config(config)# snmp-server community private rw 11.1.1.2
Viewing SNMP Community Tables

To view SNMP station IP address and community tables:
1
At the console prompt, enter the command exit. The prompt is displayed as # (Privilege
EXEC mode).
In the Privileged EXEC mode, enter the show command as shown in the example below:
Console# show snmp
Community-String
Community-Access
IP address
---------------
----------------
-----------------------------
public
readonly
All
private
readwrite
172.16.1.1
private
readwrite
172.17.1.1
Traps are enabled.

Authentication trap is enabled.
Trap-Rec-Address
192.122.173.42
Trap-Rec-Community
public
Version
2
45
Trap-Rec-Address
176.16.8.9
Trap-Rec-Community
public
Version
2
System Contact: Robert

System Location: Marketing
The configured parameters enable further Ethernet Switch Module configuration from any remote
location.
Advanced Configuration
This section provides information about dynamic allocation of IP addresses and security
management based on the authentication, authorization, and accounting (AAA) mechanism, and
includes the following topics:
Configuring IP Addresses through DHCP
Configuring IP Addresses through BOOTP
Security Management and Password Configuration
When configuring/receiving IP addresses through DHCP and BOOTP, the configuration received
from these servers includes the IP address, and may include subnet mask and default gateway.
Retrieving an IP Address From a DHCP Server

When using the DHCP protocol to retrieve an IP address, the Ethernet Switch Module acts as a
DHCP client. When the Ethernet Switch Module is reset, the DHCP command is saved in the
configuration file, but the IP address is not. To retrieve an IP address from a DHCP server, perform
the following steps:
1
Select and connect any external port to a DHCP server or to a subnet that has a DHCP server
on it, in order to retrieve the IP address.
Enter the following commands to use the selected port for receiving the IP address. In the
following example, the commands are based on the port type used for configuration.
Assigning Dynamic IP Addresses:

console# configure
console(config)# interface ethernet g11
console(config-if)# ip address dhcp hostname Ethernet Switch
Module
46
console(config)#
Assigning Dynamic IP Addresses (on a VLAN):

console# configure
console(config)# interface ethernet vlan 1
console(config-if)# ip address dhcp hostname Ethernet Switch
Module
console(config)#
To verify the IP address, enter the show ip interface command at the system prompt as shown
in the following example.
47
console# show ip interface

Gateway IP Address
Type
Activity status
---------------------
------------
------------------
10.7.1.1
DHCP
Active
IP address
Interface
Type
-------------------
------------
------------
10.7.1.192/24
VLAN 1
DHCP
10.7.2.192/24
g11
DHCP
NOTE: It is not necessary to delete the Ethernet Switch Module configuration to retrieve an IP address
from the DHCP server.
NOTE: When copying configuration files, avoid using a configuration file that contains an instruction to
enable DHCP on an interface that connects to the same DHCP server, or to one with an identical
configuration. In this instance, the Ethernet Switch Module retrieves the new configuration file and boots
from it. The Ethernet Switch Module then enables DHCP as instructed in the new configuration file, and
the DHCP instructs it to reload the same file again.
Receiving an IP Address From a BOOTP Server

The standard BOOTP protocol is supported and enables the Ethernet Switch Module to
automatically download its IP host configuration from any standard BOOTP server in the network.
In this case, the Ethernet Switch Module acts as a BOOTP client.
To retrieve an IP address from a BOOTP server:
1
Select and connect any port to a BOOTP server or subnet containing such a server, to retrieve
the IP address.
At the system prompt, enter the delete startup configuration command to delete the Startup
Configuration from flash.
The Ethernet Switch Module reboots with no configuration and in 60 seconds starts sending
BOOTP requests. The Ethernet Switch Module receives the IP address automatically.
NOTE: When the Ethernet Switch Module reboot begins, any input at the ASCII terminal or keyboard
automatically cancels the BOOTP process before completion and the Ethernet Switch Module does not
receive an IP address from the BOOTP server.
The following example illustrates the process:

console> enable
48
console# delete startup-config

startup configuration file was deleted
console# reload
You havent saved your changes. Are you sure you want to continue
(y/n) [n]?
y
This command will reset the whole system and disconnect your
current session. Do you want to continue (y/n) [n]?
y
******************************************************
/* the switch reboots */
To verify the IP address, enter the show ip interface command.
The Ethernet Switch Module is now configured with an IP address.
Security Management and Password Configuration

System security is handled through the Authentication, Authorization, and Accounting (AAA)
mechanism that manages user access rights, privileges, and management methods. AAA uses both
local and remote user databases. Data encryption is handled through the SSH mechanism.
The system is delivered with no default password configured; all passwords are user-defined. If a
user-defined password is lost, a password recovery procedure can be invoked from the Startup
menu. The procedure is applicable for the local terminal only and allows a one-time access to the
Ethernet Switch Module from the local terminal with no password entered.
Configuring Security Passwords

The security passwords can be configured for the following services:
Terminal
Telnet
SSH
HTTP
HTTPS
NOTE: Passwords are user-defined.
49
NOTE: When creating a user name, the default priority is 1, which allows access but not configuration
rights. A priority of 15 must be set to enable access and configuration rights to the Ethernet Switch
Module. Although user names can be assigned privilege level 15 without a password, it is recommended
to always assign a password. If there is no specified password, privileged users can access the Web
interface with any password.
Configuring an Initial Terminal Password

To configure an initial terminal password, enter the following commands:
console(config)# aaa authentication login default line

console(config)# aaa authentication enable default line
console(config)# line console
console(config-line)# login authentication default
console(config-line)# enable authentication default
console(config-line)# password george
When initially logging on to a Ethernet Switch Module through a terminal session, enter
george at the password prompt.
When changing a Ethernet Switch Modules mode to enable, enter george at the password
prompt.
Configuring an Initial Telnet Password

To configure an initial Telnet password, enter the following commands:
console(config)# line telnet
console(config-line)# password bob
When initially logging onto a Ethernet Switch Module through a Telnet session, enter bob
at the password prompt.
When changing a Ethernet Switch Module mode to enable, enter bob.
Configuring an Initial SSH Password

To configure an initial SSH password, enter the following commands:
50
console(config)# line ssh

console(config-line)# password jones.
When initially logging onto a Ethernet Switch Module through a SSH session, enter jones
at the password prompt.
When changing a Ethernet Switch Modules mode to enable, enter jones.
Configuring an Initial HTTP Password

To configure an initial HTTP password, enter the following commands:
console(config)# ip http authentication local
console(config)# username admin password user1 level 15
Configuring an Initial HTTPS Password

To configure an initial HTTPS password, enter the following commands:
console(config)# ip https authentication local
console(config)# username admin password user1 level 15
When initially enabling an http or https session, enter admin for user name and user1 for password.
NOTE: Http and Https services require level 15 access and connect directly to the configuration level
access.
Startup Menu
Startup Menu Procedures
The procedures called from the Startup menu cover software download, flash handling and
password recovery.
The Startup menu can be entered when booting the Ethernet Switch Module a user input must
be entered immediately after the POST test.
To enter the Startup menu:
1
The Ethernet Switch Module is powered on (power is cycled) or reset via the CLI or Web user
interface and the POST is displayed.
**************************************************
***************** SYSTEM RESET *****************
**************************************************
51
------ Performing the Power-On Self Test (POST) ------
UART Channel Loopback Test........................PASS

Testing the System SDRAM..........................PASS
Flash Image Validation Test.......................PASS
FRU Validation Test...............................PASS
BOOT Software Version x.x.x.x Built xx-xxx-200x 19:03:19

Processor: xxxxx , 64 MByte SDRAM.
I-Cache 8 KB. D-Cache 8 KB. Cache Enabled.
Autoboot in 2 seconds - press RETURN or Esc. to abort and enter

prom.
Preparing to decompress...
When the auto-boot message appears, press <Enter> to get the Startup menu. The Startup
menu procedures can be done using the ASCII terminal or Windows HyperTerminal.
[1] Download Software

[2] Erase Flash File
[3] Password Recovery Procedure
[4] Enter Diagnostic Mode
[5] Set Terminal Baud-Rate
[6] Back
Enter your choice or press 'ESC' to exit
The following sections describe the available Startup menu options.
52
NOTE: The terminal baud rate in the menu item [5] above pertains to the internal serial connection speed
between the Ethernet Switch Module and DRAC/MC. This speed is fixed to 9600 and must not be
changed.
See the Dell Remote Access Controller/Modular Chassis Users Guide to determine the current baud rate
settings of the DRAC/MC external console serial port.
NOTE: When selecting an option form the Startup menu, time out must be taken into account: if no
selection is made within 35 seconds (default), the Ethernet Switch Module times out. This default value
can be changed through CLI.
Technical support personnel only can operate the Diagnostics Mode. For this reason, "Enter
Diagnostics Mode" is not described in this guide.
Software Download
The software download procedure is performed when a new version must be downloaded to replace
the corrupted files, update or upgrade the system software.
To download software from the Startup menu:
1
From the Startup menu, press [1]. The following prompt appears:
Downloading code using XMODEM

2
When using the HyperTerminal, click Transfer on the HyperTerminal Menu Bar.
In the Filename field, enter the file path for the file to be downloaded.
Ensure that the Xmodem protocol is selected in the Protocol field.
Press Send. The software is downloaded.

NOTE: The length of time taken by the download varies according to the tool used.
Erase FLASH File

In some cases, the Ethernet Switch Module configuration must be erased. If the configuration is
erased, all parameters configured via CLI, EWS or SNMP must be reconfigured.
Erasing the Ethernet Switch Module Configuration

1
From the Startup menu, press [2] to erase flash file. The following message is displayed:
Warning! About to erase a Flash file.

Are you sure (Y/N)? y
2
Press Y. The following message is displayed.
Write Flash file name (Up to 8 characters, Enter for none.):config

File config (if present) will be erased after system
initialization
======== Press Enter To Continue ========
53
Enter config as the name of the flash file. The configuration is erased and the Ethernet
Switch Module reboots.
Repeat the Ethernet Switch Module initial configuration.
Password Recovery
If a password is lost, the Password Recovery procedure can be called from the Startup menu. The
procedure enables entry to the Ethernet Switch Module once without password.
To recover a lost password for the local terminal only:
1
From the Startup menu, type [3] and press <Enter>.

The password is deleted.
NOTE: To ensure Ethernet Switch Module security, reconfigure passwords for applicable management
methods.
Software Download Through TFTP Server

This section contains instructions for downloading Ethernet Switch Module software (system and
boot images) through a TFTP server. The TFTP server must be configured before beginning to
download the software.
System Image Download
The Ethernet Switch Module boots and runs when decompressing the system image from the flash
memory area where a copy of the system image is stored. When a new image is downloaded, it is
saved in the other area allocated for the other system image copy.
On the next boot, the Ethernet Switch Module will decompress and run the currently active system
image unless chosen otherwise.
To download a system image through the TFTP server:
1
Ensure that an IP address is configured on one of the Ethernet Switch Module ports and
pings can be sent to a TFTP server.
Make sure that the file to be downloaded is saved on the TFTP server (the ros file).
Enter show version command to verify which software version is currently running on the
Ethernet Switch Module. The following is an example of the information that appears:
console# show version
SW version 1.0.0.42 (date 22-Jul-2004 time 13:42:41)
Boot version 1.0.0.18 (date 01-Jun-2004 time 15:12:20)
HW version
54
Enter show bootvar command to verify which system image is currently active. The
following is an example of the information that appears:
console# show bootvar

Images currently available on the Flash
Image-1 active (selected for next boot)
Image-2 not active
5
Enter copy tftp://{tftp address}/{file name} image command to copy a

new system image to the Ethernet Switch Module. When the new image is downloaded, it is
saved in the area allocated for the other copy of system image (image-2, as given in the
example). The following is an example of the information that appears:
console# copy tftp://176.215.31.3/file1.ros image
Accessing file file1 on 176.215.31.3
Loading file1 from 176.215.31.3:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
Copy took 00:01:11 [hh:mm:ss]
Exclamation symbols indicate that a copying process is in progress. Each symbol (!) corresponds to
512 bytes transferred successfully. A period indicates that the copying process is timed out. Many
periods in a row indicate that the copying process failed.
6
Select the image for the next boot by entering the boot system command. After this
command, enter show bootvar command to verify that the copy indicated as a parameter
in the boot system command is selected for the next boot.
The following is an example of the information that appears:

console# boot system image-2
console# show boot
Images currently available on the Flash
Image-1 active
Image-2 not active (selected for next boot)
If the image for the next boot is not selected by entering the boot system command, the system
boots from the currently active image.
7
Enter the reload command. The following message is displayed:

console# reload
current
55
session. Do you want to continue (y/n) [n]?

8
Enter y. The Ethernet Switch Module reboots.
Boot Image Download
Loading a new boot image from the TFTP server and programming it into the flash updates the
boot image. The boot image is loaded when the Ethernet Switch Module is powered on. A user has
no control over the boot image copies. To download a boot image through the TFTP server:
1
Ensure that an IP address is configured on one of the Ethernet Switch Module ports and
pings can be sent to a TFTP server.
Ensure that the file to be downloaded is saved on the TFTP server (the rfb file).
Enter show version command to verify which software version is currently running on the
Ethernet Switch Module. The following is an example of the information that appears:
console# show version
SW version 1.0.0.42 (date 22-Jul-2004 time 13:42:41)
Boot version 1.0.0.18 (date 01-Jun-2004 time 15:12:20)
HW version 00.00.01 (date 01-May-2004 time 12:12:20)
Enter copy tftp://{tftp address}/{file name} boot command to copy the

boot image to the Ethernet Switch Module. The following is an example of the information
that appears:
console# copy tftp://176.215.31.3/332448-10018.rfb boot
Erasing file..done.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
Copy: 2739187 bytes copied in 00:01:13 [hh:mm:ss]
Enter the reload command. The following message is displayed:

console# reload
current session. Do you want to continue (y/n) [n]?
Enter y.
The Ethernet Switch Module reboots.
56
Using Dell OpenManage Switch

Administrator
This section provides an introduction to the embedded web sytem user interface.
Understanding the Interface

The home page contains the following views:
Tree View Located on the left side of the home page, the tree view provides an expandable
view of the features and their components.
Switch Module View Located on the right side of the home page, the Ethernet Switch
Module view provides a view of the Ethernet Switch Module, an information or table area,
and configuration instructions.
Figure 5-13. Switch Administrator Components
Table 5-6 lists the interface components with their corresponding numbers.
57
Table 5-6. Interface Components

Component
Description
The tree view contains a list of the different

Ethernet Switch Module features. The
branches in the tree view can be expanded to
view all the components under a specific feature,
or retracted to hide the feature's components. By
dragging the vertical bar to the right, the tree
area can be expanded to display the full name of
a component.
NOTE: Switching from one component

in the tree to another very quickly may result
in the display of the login prompt, requiring a
username and password to be reentered.
2
The Ethernet Switch Module view provides

information about switch module ports, current
configuration and status, table information, and
feature components.
Depending on the option selected, the area at
the bottom of the Ethernet Switch Module view
displays other Ethernet Switch Module
information or dialogs for configuring
parameters.
The components list contains a list of the feature

components. Components can also be viewed by
expanding a feature in the tree view.
The information buttons provide access to

information about the Ethernet Switch Module
and access to Dell Support. For more
information, see "Information Buttons."
Switch Module Representation

The PowerConnect home page contains a graphical Switch Module representation of the front
panel.
58
Figure 5-14.
Port Indicators
The port coloring indicates if a specific port is currently active. Ports can be the following colors:
Table 5-7.
Led Indicators
LED Color
Description
Green
The port is currently enabled.
Red
An error has occurred on the port.
Blue
The port is currently disabled.
NOTE: The Port LEDs are not reflected in PowerConnect front panel in the PowerConnect OpenManage
Switch Administrator. LED status can only be determined by viewing the actual Ethernet Switch Module.
For more information about LEDs, see "LED Definitions."
Using the OpenManage Switch Administrator Buttons

This section describes the buttons found on the OpenManage Switch Administrator interface.
Information Buttons
Information buttons provide access to on-line support and online help, as well as information
about the OpenManage Switch Administrator interfaces.
Table 5-8.
Information Buttons
Button
Description
Support
Opens the Dell Support page at

support.dell.com.
Help
Online help containing information to assist in

configuring and managing the Ethernet Switch
Module. The online help pages are linked
directly to the page currently open. For example,
if the IP Addressing page is open, the help topic
for that page opens when Help is clicked.
About
Contains the version and build number and Dell

copyright information.
59
Table 5-8. Information Buttons

Button
Description
Log Out
Logs out of the application and closes the

browser window.
Ethernet Switch Module Management Buttons

The Ethernet Switch Module Management buttons provide an easy method of configuring
Ethernet Switch Module information, and includes the following:
Table 5-9. Ethernet Switch Module Management Buttons
Button
Description
Apply Changes
Applies changes to the Ethernet Switch Module.
Add
Adds information to tables or dialogs.
Telnet
Starts a Telnet session.
Query
Queries tables.
Show All
Displays the Ethernet Switch Module tables.
Left arrow/Right arrow Moves information between lists.

Refresh
Refreshes Ethernet Switch Module information.
Reset All Counters
Clears statistic counters.
Print
Prints the Network Management System page or table

information.
Show Neighbors Info
Displays the Neighbors List from the Neighbors Table

page.
Draw
Creates statistics charts on-the-fly.
Starting the Application

This section provides instruction for starting the OpenManage Switch Administrator. The
OpenManage Switch Administrator application supports Microsoft Internet Explorer version 5.5
and above, and Netscape version 7.1 and above.
1
Open a web browser.
Enter the Ethernet Switch Module IP address (as defined in the CLI) in the address bar and
press <Enter>.
For information about assigning an IP address to the Ethernet Switch Module, see "Static IP
Address and Subnet Mask."
60
When the Enter Network Password window opens, enter a user name and password.
NOTE: The Ethernet Switch Module is not configured with a default password, and can be configured
without entering a password. For information about recovering a lost password, see Password
Recovery."
NOTE: Passwords are both case sensitive and alpha-numeric.
4
Click OK.
The Dell PowerConnect OpenManage Switch Administrator home page opens.
Accessing the Ethernet Switch Module Through the CLI

The Ethernet Switch Module can be managed over a connection to the MMB console port or via a
Telnet connection. Using the CLI is similar to entering commands on a Linux system. If access is
via a Telnet connection, ensure the Ethernet Switch Module has an IP address defined and that the
workstation used to access the Ethernet Switch Module is connected to the Ethernet Switch
Module prior to beginning using CLI commands.
For information about configuring an initial IP Address, see "Static IP Address and Subnet Mask."
NOTE: Ensure the client is loaded, before using the CLI.
Console Connection
1
Power on the Ethernet Switch Module and wait until the startup is complete.
When the console> prompt displays, type enable and press <Enter>.
Configure the Ethernet Switch Module and enter the necessary commands to complete the
required tasks.
When finished, exit the session with the quit or exit command.
NOTE: If a different user logs into the system in the Privilege EXEC command mode, the current user is
logged off and the new user is logged in.
Telnet Connection
Telnet is a terminal emulation TCP/IP protocol. ASCII terminals can be virtually connected to the
local a switch module through a TCP/IP protocol network. Telnet is an alternative to a local login
terminal where a remote login is required.
The Ethernet Switch Module supports up to four simultaneous Telnet sessions. All CLI commands
can be used over a telnet session.
To start a Telnet session in a Microsoft Windows Environment:
1
Select Start > Run.

The Run window opens.
In the Run window, type Telnet <IP address> in the Open field.
Click OK to begin the Telnet session.
61
Using the CLI

This section provides information for using the CLI.
Command Mode Overview

The CLI is divided into command modes. Each command mode has a specific command set.
Entering a question mark at the console prompt displays a list of commands available for that
particular command mode.
In each mode, a specific command is used to navigate from one command mode to another.
During the CLI session initialization, the CLI mode is the User EXEC mode. Only a limited subset
of commands are available in the User EXEC mode. This level is reserved for tasks that do not
change the console configuration and is used to access configuration sub-systems such as the CLI.
To enter the next level, the Privileged EXEC mode, a password is required (if configured).
The Privileged EXEC mode provides access to the Ethernet Switch Module global configuration.
For specific global configurations within the Ethernet Switch Module, enter the next level, Global
Configuration mode. A password is not required.
The Global Configuration mode manages the Ethernet Switch Module configuration on a global
level.
The Interface Configuration mode configures the Ethernet Switch Module at the physical
interface level. Interface commands which require subcommands have another level called the
Subinterface Configuration mode. A password is not required.
User EXEC Mode

After logging into the Ethernet Switch Module, the User EXEC command mode is enabled. The
user-level prompt consists of the host name followed by the angle bracket (>). For example:
console>
NOTE: The default Ethernet Switch Module host name is console unless it has been modified during
initial configuration.
The User EXEC commands permit connecting to remote switch modules, changing terminal
settings on a temporary basis, performing basic tests, and listing system information.
To list the User EXEC commands, enter a question mark at the command prompt.
Privileged EXEC Mode

Privileged access can be protected to prevent unauthorized access and ensure operating parameters.
Passwords are displayed in the ***** format on the screen, and are case sensitive.
To access and list the Privileged EXEC Mode commands:
62
At the prompt type enable and press <Enter>.
When a password prompt displays, enter the password and press <Enter>.
The Privileged EXEC mode prompt displays as the Ethernet Switch Module host name
followed by #. For example:
console#
To list the Privileged EXEC commands, type a question mark at the command prompt and
press <Enter>.
To return from Privileged EXEC Mode to User EXEC Mode use any of the following
commands: disable, exit/end, or <Ctrl><Z>.
The following example illustrates accessing Privileged EXEC mode and then returning to the User
EXEC mode:
console>enable
Enter Password: ******
console#
console#disable
console>
Use the exit command to move back to a previous mode. For example, from Interface
Configuration mode to Global Configuration mode, and from Global Configuration mode to
Privileged EXEC mode.
Global Configuration Mode

Global Configuration commands apply to system features, rather than a specific protocol or
interface.
To access Global Configuration mode, at the Privileged EXEC Mode prompt, type configure
and press <Enter>. The Global Configuration Mode displays as the Ethernet Switch Module host
name followed by (config) and the pound sign #.
console(config)#
To list the Global Configuration commands, enter a question mark at the command prompt.
To return from Global Configuration mode to Privileged EXEC mode, type the exit command or
use the <Ctrl><Z>.
The following example illustrates how to access Global Configuration Mode and return back to the
Privileged EXEC Mode:
console#
console#configure
console(config)#exit
console#
63
Interface Configuration Mode

Interface configuration commands modify specific interface settings, including LAG membership,
description, etc.
VLAN Database Mode
The VLAN mode contains commands to create, delete, and configure a VLAN. The following is an
example of the VLAN mode prompt:
console# vlan database
console(config-vlan)#
Port Channel Mode
The Port Channel mode contains commands for configuring LAG. The following is an example of
the Port Channel mode prompt:
console(config)# interface port-channel 1
console(config-if)#
NOTE: Only external ports can be aggregated link group members.
Interface Mode
The Interface mode contains commands that configure the interface. The Global Configuration
mode command interface ethernet is used to enter the interface configuration mode. The
following is an example of the Interface mode prompt:
console# configure
console(config-if)#
Management Access List
The Management Access List mode contains commands to define management access-lists. The
Global Configuration mode command management access-list is used to enter the
Management Access List Configuration mode.
The following example shows how to create an access-list called "mlist", configure two management
interfaces ethernet g11 and ethernet g16, and activates the access-list:
console(config)# management access-list mlist
console(config-macl)# permit ethernet g11
console(config-macl)# exit
64
console(config)# management access-class mlist

SSH Public Key
From the SSH Public Key mode, enter commands to specify client SSH public keys.
The Global Configuration mode command crypto key pubkey-chain ssh is used to enter
the SSH Public Key-chain Configuration mode.
The following example enters the SSH Public Key-chain configuration mode:
console(config)# crypto key pubkey-chain ssh
console(config-pubkey-chain)#
CLI Examples
CLI commands are provided as configuration examples. For a full description of the CLI
commands, including examples, see the CLI Reference Guide included on the Documentation CD.
65
66

This section provides information for defining system parameters including security features,
downloading switch module software, and resetting the switch module. To open the System page,
click System in the tree view.
Figure 6-15. System
Defining General Switch Module Information

The General page contains links to pages for configuring switch module parameters.
Viewing the Asset Page

The Asset page contains parameters for configuring and viewing general switch module
information, including the system name, location, and contact, the system MAC Address, System
Object ID, date, time, and System Up Time. To open the Asset page, click System General
Asset in the tree view.
67
Figure 6-16. Asset
System Name (0-160 Characters) Defines the user-defined switch module name.
System Contact (0-160 Characters) Specifies the name of the contact person.
System Location (0-160 Characters) The location where the system is currently running.
MAC Address Specifies the switch module MAC address.
Sys Object ID The vendor's authoritative identification of the network management subsystem
contained in the entity.
Service Tag The service reference number used when servicing the switch module.
Asset Tag (0-16 Characters) Specifies the user-defined switch module reference.
Serial No. The switch module serial number.
Date (DD/MMM//YY) The current date. The format is day, month, year, for example,
10/NOV/02 is November 10, 2002.
Time (HH:MM:SS) Specifies the time. The format is hour, minute, second, for example,
20:12:03 is eight twelve and three seconds in the evening.
System Up Time Specifies the amount of time since the last switch module reset. The system
time is displayed in the following format: Days, Hours, Minutes and Seconds. For example, 41 days,
2 hours, 22 minutes and 15 seconds.
68
Defining System Information:

1
Open the Asset page.
Define the relevant fields.
Click Apply Changes.

The system parameters are defined, and the switch module is updated.
Initiating a Telnet Session:

1
Open the Asset page.
Click Telnet.
A Telnet session is initiated.
Configuring Switch Module Information Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing and setting fields
displayed in the Asset page.
Table 6-10.
Asset CLI Commands
CLI Command
Description
hostname name
Specifies or modifies the switch module host

name.
snmp-server contact text
Sets up a system contact.
snmp-server location text
Enters information on where the switch module

is located.
clock set hh:mm:ss day month Manually sets the system clock and date.
year
show clock [detail]
Displays the time and date from the system

clock.
show system id
Displays the service tag information.
show system
Displays system information.
asset-tag text
Sets the switch module asset tag.
The following is an example of the CLI commands:

console(config)# hostname dell
console(config)# snmp-server contact Dell_Tech_Supp
console(config)# snmp-server location New_York
69
console# exit
console(config)# asset-tag 1qwepot
console> clock set 13:32:00 7 Dec 2004
console> show clock
13:32:00 (UTC+0) Dec 7 2004
No time source
console# show system
System
Description:
Ethernet Switch
System Up Time
(days,hour:min:sec):
0,00:04:17
System Contact:
spk
System Name:
DELL Switch
System Location:
R&D
System MAC
Address:
00:10:b5:f4:00:01
Sys Object ID:
1.3.6.1.4.1.674.10895.30
00
Type: PowerConnect 5316M
Defining System Time Settings
The Time Synchronization page contains fields for defining system time parameters for both the
local hardware clock, and the external SNTP clock. If the system time is kept using an external
SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock.
Daylight Savings Time can be enabled on the switch module. The following is a list of Daylight
Time start and end times in specific countries:
70
Albania Last weekend of March until the last weekend of October.
Australia From the end of October until the end of March.
Australia - Tasmania From beginning of October until the end of March.
Armenia Last weekend of March until the last weekend of October.
Austria Last weekend of March until the last weekend of October.
Bahamas From April to October, in conjunction with U.S. summer hours.
Belarus Last weekend of March until the last weekend of October.
Belgium Last weekend of March until the last weekend of October.
Brazil From the 3rd Sunday in October until the 3rd Saturday in March. During the period
of Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian
southeast.
Chile Easter Island 9th March 12th October. The first Sunday in March or after 9th
March.
China China does not operate Daylight Saving Time.
Canada From the first Sunday in April until the last Sunday of October. Daylight Saving
Time is usually regulated by provincial and territorial governments. Exceptions may exist in
certain municipalities.
Cuba From the last Sunday of March to the last Sunday of October.
Cyprus Last weekend of March until the last weekend of October.
Denmark Last weekend of March until the last weekend of October.
Egypt Last Friday in April until the last Thursday in September.
Estonia Last weekend of March until the last weekend of October.
Finland Last weekend of March until the last weekend of October.
France Last weekend of March until the last weekend of October.
Germany Last weekend of March until the last weekend of October.
Greece Last weekend of March until the last weekend of October.
Hungary Last weekend of March until the last weekend of October.
India India does not operate Daylight Saving Time.
Iran From 1st Farvardin until the 1st Mehr.
Iraq From 1st April until 1st October.
Ireland Last weekend of March until the last weekend of October.
Israel Varies year-to-year.
Italy Last weekend of March until the last weekend of October.
Japan Japan does not operate Daylight Saving Time.
Jordan Last weekend of March until the last weekend of October.
Latvia Last weekend of March until the last weekend of October.
Lebanon Last weekend of March until the last weekend of October.
Lithuania Last weekend of March until the last weekend of October.
Luxembourg Last weekend of March until the last weekend of October.
Macedonia Last weekend of March until the last weekend of October.

71
Mexico From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.
Moldova Last weekend of March until the last weekend of October.
Montenegro Last weekend of March until the last weekend of October.
Netherlands Last weekend of March until the last weekend of October.
New Zealand From the first Sunday in October until the first Sunday on or after 15th
March.
Norway Last weekend of March until the last weekend of October.
Paraguay From 6th April until 7th September.
Poland Last weekend of March until the last weekend of October.
Portugal Last weekend of March until the last weekend of October.
Romania Last weekend of March until the last weekend of October.
Russia Last weekend of March until the last weekend of October.
Serbia Last weekend of March until the last weekend of October.
Slovak Republic Last weekend of March until the last weekend of October.
South Africa South Africa does not operate Daylight Saving Time.
Spain Last weekend of March until the last weekend of October.
Sweden Last weekend of March until the last weekend of October.
Switzerland Last weekend of March until the last weekend of October.
Syria From 31st March until 30th October.
Taiwan Taiwan does not operate Daylight Saving Time.
Turkey Last weekend of March until the last weekend of October.
United Kingdom Last weekend of March until the last weekend of October.
United States of America From the first Sunday in April at 02:00 to the last Sunday in
October at 02:00.
For more information on SNTP, see "Configuring SNTP Settings" on page 79.
To open the Time Synchronization page, click System General Time Synchronization in the
tree view.
72
Figure 6-17.
Clock Source
Clock Source The source used to set the system clock. The possible field values:
SNTP Specifies that the system time is set via an SNTP server. For more information, see
"Configuring SNTP Settings" on page 79.
None Specifies that the system time is not set by an external source.
Local Settings
Date Defines the system date. The field format is DD:MMM:YY, for example, 04 May 50.
Local Time Defines the system time. The field format is HH:MM:SS, for example, 21:15:03.
Time Zone Offset The difference between Greenwich Mean Time (GMT) and local time. For
example, the Time Zone Offset for Paris is GMT +1, while the local time in New York is GMT 5.
There are two types of daylight settings, either by a specific date in a particular year or a recurring
setting irrespective of the year. For a specific setting in a particular year complete the Daylight
Savings area, and for a recurring setting, complete the Recurring area.
Daylight Savings Enables the Daylight Savings Time (DST) on the switch module based on the
switch modules location. The possible field values are:
USA The switch module switches to DST at 2 a.m. on the first Sunday of April, and reverts
to standard time at 2 a.m. on the last Sunday of October.
73
European The switch module switches to DST at 1:00 am on the last Sunday in March
and reverts to standard time at 1:00 am on the last Sunday in October. The European option
applies to EU members, and other European countries using the EU standard.
Other The DST definitions are user-defined based on the switch module locality. If Other
is selected, the From and To fields must be defined.
Time Set Offset (1-1440) For non USA and European countries, the amount of time for DST
can be set in minutes. The default time is 60 minutes.
From Defines the time that DST begins in countries other than USA or Europe, in the format
DD/MMM/YY in one field and time in another. For example, if DST begins on the 25th October
2007 5:00 am, the two fields are defined as 25/Oct/07 and 5:00. The possible field values are:
Date The date at which DST begins. The possible field range is 1-31.
Month The month of the year in which DST begins. The possible field range is Jan-Dec.
Year The year in which the configured DST begins.
Time The time at which DST begins. The field format is Hour:Minute, for example, 05:30.
To Defines the time that DST ends in countries other than USA or Europe in the format
DD/MMM/YY in one field and time in another. For example, DST ends on the 23rd March 2008
12:00 am, the two fields are defined as 23/Mar/08 and 12:00. The possible field values are:
Date The date at which DST ends. The possible field range is 1-31.
Month The month of the year in which DST ends. The possible field range is Jan-Dec.
Year The year in which the configured DST ends.
Time The time at which DST starts. The field format is Hour:Minute, for example, 05:30.
Recurring Defines the time that DST starts in countries other than USA or European where the
DST is constant year to year. The possible field values are:
From Defines the time that DST begins each year. For example, DST begins locally every
second Sunday in April at 5:00 am. The possible field values are:
Day The day of the week from which DST begins every year. The possible field range is
Sunday-Saturday.
Week The week within the month from which DST begins every year. The possible field
range is 1-5.
Month The month of the year in which DST begins every year. The possible field range is
Jan-Dec.
Time The time at which DST begins every year. The field format is Hour:Minute, for
example, 02:10.
To Defines the recurring time that DST ends each year. For example, DST ends locally every
fourth Friday in October at 5:00 am. The possible field values are:
74
Day The day of the week at which DST ends every year. The possible field range is SundaySaturday.
Week The week within the month at which DST ends every year. The possible field range
is 1-5.
Month The month of the year in which DST ends every year. The possible field range is
Jan-Dec.
Time The time at which DST ends every year. The field format is Hour:Minute, for
example, 05:30.
Selecting a Clock Source
1
Open the Time Synchronization page.
Define the Clock Source field.

The Clock source is selected, and the switch module is updated.
Defining Local Clock Settings

1
Open the Time Synchronization page.
Define the fields.

The local clock settings are applied.
Defining Clock Settings Using CLI Commands
The following table summarizes the equivalent CLI commands for setting fields displayed in the
Time Synchronization page.
NOTE: The following steps must be completed before setting the summer clock:
Configure the summer time.
Define the timezone.
Set the clock.

For example:
console(config)# clock summer-time recurring usa
console(config)# clock timezone 2 zone TMZ2
console(config)# clock set 10:00:00 apr 15 2004
75
Table 6-11. Clock Setting CLI Commands

CLI
Description
clock source {sntp}
Configures an external time source for the system

clock.
clock timezone hours-offset

[minutes minutesoffset][zone acronym]
Sets the time zone for display purposes.
clock summer-time
Configures the system to automatically switch to

summer time (Daylight Savings Time).
clock summer-time recurring Configures the system to automatically switch to

{usa | eu | {week day
summer time (according to the USA and
month hh:mm week day month European standards.)
hh:mm}} [offset offset]
[zone acronym]
clock summer-time date date Configures the system to automatically switch to
month year hh:mm date
summer time (Daylight Savings Time) for a
month year hh:mm [offset
specific period - date/month/year format.
offset] [zone acronym]

console(config)# clock timezone -6 zone CST
console(config)# clock summer-time recurring first sun apr 2:00
last sun oct 2:00
console(config)# clock source sntp
console(config-if)# sntp client enable
console(config)# sntp broadcast client enable
Viewing the Versions Page

The Versions page contains information about the hardware and software versions currently
running. To open the Versions page, click System General Versions in the tree view.
76
Figure 6-18.
Versions
Software Version The current software version running on the switch module.
Boot Version The current Boot version running on the Ethernet Switch Module.
Hardware Version The current Ethernet Switch Module hardware version.
Displaying Switch Module Versions Using the CLI
The following table summarizes the equivalent CLI commands for viewing fields displayed in the
Versions page.
Table 6-12.
Versions CLI Commands
CLI Command
Description
show version
Displays system version information.
77
console> show version

SW version x.xxx
(date 23-Jul-xxxx time 17:34:19)
Boot version x.xxx
(date 17-Jan-xxxx time 11:48:21)
HW version x.x.x

The Reset page enables the switch module to be reset from a remote location. To open the Reset
page, click System General Reset in the tree view.
Figure 6-19. Reset
NOTE: Save all changes to the Startup Configuration file before resetting the switch module. This
prevents the current switch module configuration from being lost. For more information about saving
Configuration files, see "Managing Files" on page 158.
78
Open the Reset page
Click Reset.
A confirmation message displays.

3
Click OK.
The switch module is reset. After the switch module is reset, a prompt for a user name and
password displays.
Enter a user name and password to reconnect to the Web Interface.
Resetting the Switch Module Using the CLI
The following table summarizes the equivalent CLI commands for performing a reset of the switch
module via the CLI:.
Table 6-13.
Reset CLI Command
CLI Command
Description
reload
Reloads the operating system.
The following is an example of the CLI command:

console >reload
current
Do you want to continue (y/n) [n] ?
Configuring SNTP Settings

The switch module supports the Simple Network Time Protocol (SNTP). SNTP assures accurate
network switch module clock time synchronization up to the millisecond. Time synchronization is
performed by a network SNTP server. The switch module operates only as an SNTP client, and
cannot provide time services to other systems.
The switch module can poll the following server types for the server time:
Unicast
Anycast
Broadcast
Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The
higher the stratum (where zero is the highest), the more accurate the clock. The switch module
receives time from stratum 1 and above.
The following is an example of stratums:
Stratum 0 A real time clock is used as the time source, for example, a GPS system.
Stratum 1 A server that is directly linked to a Stratum 0 time source is used. Stratum 1
time servers provide primary network time standards.
79
Stratum 2 The time source is distanced from the Stratum 1 server over a network path. For
example, a Stratum 2 server receives the time over a network link, via NTP, from a Stratum 1
server.
Information received from SNTP servers is evaluated based on the Time level and server type.
SNTP time definitions are assessed and determined by the following time levels:
T1 The time at which the original request was sent by the client.
T2 The time at which the original request was received by the server.
T3 The time at which the server sent a reply.
T4 The time at which the client received the server's reply.
Polling for Unicast Time Information

Polling for Unicast information is used for polling a server for which the IP address is known. T1 T4 are used to determine the server time. This is the preferred method for synchronizing switch
time.
Polling for Anycast Time Information

Polling for Anycast information is used when the server IP address is unknown. The first anycast
server to return a response is used to set the time value. Time levels T3 and T4 are used to
determine the server time. Using Anycast time information for synchronizing switch time is
preferred to using Broadcast time information.
Broadcast Time Information

Broadcast information is used when the server IP address is unknown. When a Broadcast message
is sent from an SNTP server, the SNTP client listens for the response. The SNTP client neither
sends time information requests nor receives responses from the Broadcast server.
MD5 (Message Digest 5) Authentication safeguards switch synchronization paths to SNTP servers.
MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4
security. MD5 verifies the integrity of the communication, authenticates the origin of the
communication.
Click System SNTP in the tree view to open the SNTP page.
Defining SNTP Global Parameters

The SNTP Global Settings page provides information for defining SNTP parameters globally. To
open the SNTP Global Settings page, click System SNTP Global Settings in the tree view.
80
Figure 6-20.
Poll Interval (60-86400) Defines the interval (in seconds) at which the SNTP server is polled for
Unicast information.
Receive Broadcast Servers Updates Listens to the SNTP servers for Broadcast server time
information on the selected interfaces, when enabled.
Receive Anycast Servers Updates Polls the SNTP server for Anycast server time information,
when enabled. If both the Receive Anycast Servers Update, and the Receive Broadcast Servers
Update fields are enabled, the system time is set according the Anycast server time information.
Receive Unicast Servers Updates Polls the SNTP server for Unicast server time information,
when enabled. If the Receive Broadcast Servers Updates, Receive Anycast Servers Updates, and
the Receive Unicast Servers Updates fields are all enabled, the system time is set according the
Unicast server time information.
Send Unicast Requests Sends SNTP Unicast forwarding information to the SNTP server, when
enabled.
81
Defining SNTP Global Parameters Using CLI Commands
SNTP Global Settings page.
Table 6-14. SNTP Global Parameters CLI Commands
CLI Command
Description
sntp broadcast client enable Enables SNTP Broadcast clients

sntp anycast client enable
Enables SNTP anycast clients
sntp unicast client enable
Enables SNTP predefined unicast clients

console> enable
console# configure
console(config)# sntp anycast client enable
Defining SNTP Authentication Methods

The SNTP Authentication page enables SNTP authentication between the switch module and an
SNTP server. The means by which the SNTP server is authenticated is also selected in the SNTP
Authentication page. Click System SNTP Authentication in the tree view to open the SNTP
Authentication page.
82
Figure 6-21.
SNTP Authentication
SNTP Authentication Enables authenticating an SNTP session between the switch module and
an SNTP server, when enabled.
Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and
switch module. The field value is up to 4294967295 characters.
Authentication Key (1-8 Characters) The key used for authentication.
Trusted Key Specifies the encryption key used (Unicast/Anycast) or elected (Broadcast) to
authenticate the SNTP server.
Remove Removes selected ID keys when checked.
Adding an SNTP Authentication Key
1
Open the SNTP Authentication page.
Click Add.
The Add Authentication Key page opens:
83
Figure 6-22. Add Authentication Key
Define the fields.

The SNTP Authentication Key is added, and the switch module is updated.
Displaying the Authentication Key Table

1
Click Show All.

The Authentication Key Table opens:
Figure 6-23. Authentication Key Table
Deleting the Authentication Key

1
Click Show All.

The Authentication Key Table opens.
Select an Authentication Key Table entry.
Select the Remove check box.

The entry is removed, and the switch module is updated.
84
Defining SNTP Authentication Settings Using CLI Commands
SNTP Authentication page.
Table 6-15.
SNTP Authentication CLI Commands
CLI Command
Description
sntp authenticate
Defines authentication for received Network

Time Protocol traffic from servers.
sntp authentication-key
number md5 value
Defines an authentication key for SNTP.

console> enable
console# configure
console(config)# sntp authentication-key 8 md5 ClkKey
console(config)# sntp trusted-key 8
Console(config)# sntp authenticate
Defining SNTP Servers

The SNTP Servers page contains information for enabling SNTP servers, as well as adding new
SNTP servers.To open the SNTP Servers page, click System SNTP Servers in the tree view.
85
Figure 6-24. SNTP Servers
SNTP Server Enter a user-defined SNTP server IP address. Up to eight SNTP servers can be
defined.
Poll Interval Enables polling the selected SNTP Server for system time information, when
enabled.
Encryption Key ID Specifies the Key Identification used to communicate between the SNTP
server and switch module. The range is 1 - 4294967295.
Preference The SNTP server providing SNTP system time information. The possible field values
are:
Primary The primary server provides SNTP information.
Secondary The backup server provides SNTP information.
Status The operating SNTP server status. The possible field values are:
Up The SNTP server is currently operating normally.
Down Indicates that a SNTP server is currently not available. For example, the SNTP
server is currently not connected or is currently down.
In progress The SNTP server is currently sending or receiving SNTP information.
Unknown The progress of the SNTP information currently being sent is unknown. For
example, the Ethernet switch module is currently looking for an interface.
86
Last Response The last time a response was received from the SNTP server.
Offset Timestamp difference between the switch module local clock and the acquired time
from the SNTP server.
Delay The amount of time it takes to reach the SNTP server.
Remove Removes a specific SNTP server from the SNTP Servers list, when selected.
Adding an SNTP Server
1
Open the SNTP Servers page.
Click Add.
The Add SNTP Server page opens:
Figure 6-25.
Add SNTP Server
Define the fields.

The SNTP Server is added, and the switch module is updated.
Displaying the SNTP Server Table

1
Click Show All.

The SNTP Servers Table opens:
Figure 6-26.
SNTP Servers Table
87
Modifying an SNTP Server

1
Click Show All.

The SNTP Servers Table opens.
Select an SNTP Server entry.
Modify the relevant fields.

The SNTP Server information is updated.
Deleting the SNTP Server

1
Click Show All.

The SNTP Servers Table opens.
Select an SNTP Server entry.

The entry is removed, and the switch module is updated.
Defining SNTP Servers Using CLI Commands
Add SNTP Server page.
Table 6-16. SNTP Server CLI Commands
CLI Command
Description
sntp server ipConfigures the switch module to use SNTP to
address|hostname [poll] [key request and accept NTP traffic from a server.
keyid]

console> enable
console# configure
Console(config)# sntp server 100.1.1.1 poll key 10
Defining SNTP Interfaces

The SNTP Broadcast Interface Table contains fields for setting SNTP on different interfaces. To
open the SNTP Broadcast Interface Table, click System SNTP Interfaces Settings.
88
The SNTP Broadcast Interface Table contains the following fields:

Interface Contains an interface list on which SNTP can be enabled.
Receive Server Updates Enables or disables SNTP on the specific interface.
Remove Removes SNTP from a specific interface, when selected.
Adding an SNTP Interface
1
Open the SNTP Broadcast Interface Table page.
Click Add.
The Add SNTP Interface page.

The SNTP interface is added, and the switch module is updated.
Defining SNTP Interface Settings Using CLI Commands
SNTP Broadcast Interface Table.
NOTE: When defining Anycast or Broadcast interfaces, at least one IP Address must be defined.
Table 6-17.
SNTP Broadcast CLI Commands
CLI Command
Description
sntp client enable
Enables the Simple Network Time Protocol
(SNTP) client on an interface.

show sntp configuration
Shows the configuration of the Simple Network

Time Protocol (SNTP).
The following is an example of the CLI commands for configuring SNTP interfaces:
console# show sntp configuration

Polling interval: 7200 seconds.
MD5 Authentication keys: 8, 9
Authentication is required for synchronization.
Trusted Keys: 8,9
89
Unicast Clients Polling: Enabled.

Server
Polling
Encryption Key
-----------
--------
-----------------
176.1.1.8
Enabled
176.1.8.179
Disabled
Disabled
Broadcast Clients: Enabled

Broadcast Clients Poll: Enabled
Broadcast Interfaces: g11, g13
Managing Logs
The Logs page contains links to various log pages. To open the Logs page, click System Logs in
the tree view.
Defining Global Log Parameters

The System Logs enable viewing switch module events in real time, and recording the events for
later usage. System Logs record and manage events and report errors or informational messages.
Event messages have a unique format, as per the System Logs protocol recommended message
format for all error reporting. For example, Syslog and local switch module reporting messages are
assigned a severity code, and include a message mnemonic, which identifies the source application
generating the message. It allows messages to be filtered based on their urgency or relevancy. The
distribution of logging messages to the various destinations, such as the logging buffer, logging file
or Syslog server, is controlled by the Syslog configuration parameters.
The following table contains the Log Severity Levels:
90
Table 6-18.
Log Severity Levels
Severity Type
Severity Level
Description
Emergency
The system is not functioning.
Alert
The system needs immediate attention.
Critical
The system is in a critical state.
Error
A system error has occurred.
Warning
A system warning has occurred.
Notice
The system is functioning properly, but system

notice has occurred.
Informational
Provides switch module information.
Debug
Provides detailed information about the log. If a

Debug error occurs, contact Dell Online
Technical Support
The Global Log Parameters page contains fields for defining which events are recorded to which
logs. It contains fields for enabling logs globally, and parameters for defining log parameters. The
Severity log messages are listed from the highest severity to the lowest. To open the Global Log
Parameters page, click System Logs Global Parameters in the tree view.
91
Figure 6-27. Global Log Parameters
Logging Enables switch module global logs for Cache, File, and Server Logs. Console logs are
enabled by default.
Severity The following are the available severity logs:
Emergency The highest warning level. If the switch module is down or not functioning
properly, an emergency log message is saved to the specified logging location.
Alert The second highest warning level. An alert log is saved if there is a serious switch
module malfunction, for example, an attempt was made to download a non-existing
configuration file.
Critical The third highest warning level. A critical log is saved if a critical switch module
malfunction occurs, for example, two Ethernet switch module ports are not functioning,
while the rest of the switch module ports remain functional.
Error A switch module error has occurred, for example, a copy operation has failed.
Warning The lowest level of a switch module warning. For example, the Ethernet switch
module is functioning, but a port link is currently down.
Notice Provides switch module information.
Informational Provides switch module information. For example, a port is currently up.
Debug Provides debugging messages.
92
NOTE: When a severity level is selected, all severity level choices above the selection are selected
automatically.
The Global Log Parameters page also contains check boxes which correspond to a distinct logging
system:
Console The minimum severity level from which logs are sent to the console.
RAM Logs The minimum severity level from which logs are sent to the Log File kept in RAM
(Cache).
Log File The minimum severity level from which logs are sent to the Log File kept in FLASH
memory.
Enabling Logs:
1
Open the Global Log Parameters page.
Select Enable in the Logging drop-down list.
Select the log type and log severity in the Global Log Parameters check boxes.

The log settings are saved, and the switch module is updated.
Enabling Logs Using CLI Commands
Global Log Parameters page.
Table 6-19.
Global Log Parameters CLI Commands
CLI Command
Description
logging on
Enables error message logging.
logging {ip-address |
hostname} [port port]
[severity level] [facility
facility] [description text]
Logs messages to a syslog server. For a list of the

Severity levels, see "Log Severity Levels" on
page 91.
logging console level
Limits messages logged to the console based on

severity.
logging buffered level
Limits syslog messages displayed from an internal

buffer (RAM) based on severity.
logging file level
Limits syslog messages sent to the logging file

based on severity.
clear logging
Clears logs.
clear logging file
Clears messages from the logging file.
93

console(config)# logging on
console(config)# logging console errors
console(config)# logging buffered debugging
console(config)# logging file alerts
console(config)# clear logging
console# clear logging file
Clear Logging File [y/n]y
Displaying RAM Log Table

The RAM Log Table contains information about log entries kept in RAM, including the time the
log was entered, the log severity, and a description of the log. To open the RAM Log Table, click
System Logs RAM Log in the tree view.
Figure 6-28. RAM Log Table
94
Log Index The log number in the RAM Log Table.

Log Time Specifies the time at which the log was entered into the RAM Log Table.
Severity Specifies the log severity.
Description The user-defined log description.
Removing Log Information:
1
Open the RAM Log Table.
Click Clear Log.

The log information is removed from the RAM Log Table, and the switch module is updated.
Viewing and Clearing the RAM Log Table Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing and clearing fields
displayed in the RAM Log Table.
Table 6-20.
RAM Log Table CLI Commands
CLI Command
Description
show logging
Displays the state of logging and the syslog

messages stored in the internal buffer.
clear logging
Clears logs.
95

console# show logging
Logging is enabled.
Console Logging: Level info. Console Messages: 0 Dropped.
Buffer Logging: Level info. Buffer Messages: 26 Logged, 26
Displayed, 200 Max.
File Logging: Level error. File Messages: 157 Logged, 26
Dropped.
1 messages were not logged
01-Jan-2000 01:03:42 :%INIT-I-Startup: Cold Startup
01-Jan-2000 01:01:36 :%LINK-W-Down: g14
01-Jan-2000 01:01:36 :%LINK-W-Down: g13
01-Jan-2000 01:01:36 :%LINK-W-Down: g12
01-Jan-2000 01:01:36 :%LINK-W-Down: g15
01-Jan-2000 01:01:32 :%INIT-I-InitCompleted:

Initialization task is completed
console# clear logging

Clear Logging Buffer [y/n]?
Displaying the Log File Table

The Log File Table contains information about log entries saved to the Log File in FLASH,
including the time the log was entered, the log severity, and a description of the log message. To
open the Log File Table, click System Logs Log File in the tree view.
96
Figure 6-29.
Log File Table
Log Index The log number in the Log File Table.

Log Time Specifies the time at which the log was entered in the Log File Table.
Severity Specifies the log severity.
Description The log message text.
Displaying the Log File Table Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing and setting fields
displayed in the Log File Table.
Table 6-21.
Log File Table CLI Commands
CLI Command
Description
show logging file
Displays the logging state and the syslog

messages stored in the logging file.
clear logging file
Clears messages from the logging file.
97

console# show logging file
Logging is enabled.
Console Logging: Level info. Console Messages: 0 Dropped.
Buffer Logging: Level info. Buffer Messages: 62 Logged, 62
Displayed, 200 Max.
File Logging: Level debug. File Messages: 11 Logged, 51
Dropped.
SysLog server 12.1.1.2 Logging: warning. Messages: 14
Dropped.
SysLog server 1.1.1.1 Logging: info. Messages: 0 Dropped.
01-Jan-2000 01:12:01 :%COPY-W-TRAP: The copy operation was
completed successfully
01-Jan-2000 01:11:49 :%LINK-I-Up: g11
01-Jan-2000 01:11:46 :%LINK-I-Up: g12
01-Jan-2000 01:11:42 :%LINK-W-Down: g13
01-Jan-2000 01:11:35 :%LINK-I-Up: g14
console#
Configuring the Remote Log Server Settings Page

The Remote Log Server Settings page contains fields for viewing and configuring the available Log
Servers. In addition, new log servers can be defined, and the log severity sent to each server. To
open the Remote Log Server Settings page, click System Logs Remote Log Server in the tree
view.
98
Figure 6-30.
Available Servers Contains a list of servers to which logs can be sent.

UDP Port (1-65535) The UDP port to which the logs are sent for the selected server. The
possible range is 1 - 65535. The default value is 514.
Facility Defines a user-defined application from which system logs are sent to the remote server.
Only one facility can be assigned to a single server. If a second facility level is assigned, the first
facility level is overridden. All applications defined for a switch module utilize the same facility on
a server. The possible field values are:
Local 0 - Local 7.
If unspecified, the default is local7.
Description (0-64 Characters) The user-defined server description.
Delete Server Deletes the currently selected server from the Available Servers list, when
selected.
The Remote Log Server Settings page also contains a severity list. The severity definitions are the
same as the severity definitions in the Global Log Parameters page.
Sending Logs to a Server:
1
Open the Remote Log Server Settings page.
Select a server from the Available Servers drop-down list.
99
Define the fields.
Select the log severity in the Severity to Include check boxes.

The log settings are saved, and the switch module is updated.
Defining a New Server:

1
Click Add.
The Add a Log Server page opens:
Figure 6-31. Add a Log Server
The Add a Log Server page contains the additional field:

New Log Server IP Address Defines the IP address of the new Log Server.
1
Define the fields.

The server is defined and added to the Available Servers list.
Displaying the Remote Log Servers Table:
100
Click Show All.
The Remote Log Servers Table page opens:

Figure 6-32.
Removing a Log Server from the Log Server Table Page:

1
Click Show All.

The Remote Log Servers Table page opens.
Select a Remote Log Servers Table entry.
Select the Remove check box to remove the server(s).

The Remote Log Servers Table entry is removed, and the switch module is updated.
Working with Remote Server Logs Using the CLI Commands
The following table summarizes the equivalent CLI command for working with remote server logs.
Table 6-22.
Remote Log Server CLI Commands
CLI Command
Description
logging (ip-address | hostname}

[port port] [severity level] [facility
facility] [description text]
Logs messages to a remote server.
no logging
Deletes a syslog server.
show logging
Displays the state of logging and the syslog

messages.
101

console> enable
console# configure
console(config) # logging 10.1.1.1 severity critical
console(config)# end
console# show logging
Logging is enabled.
Console Logging: Level debug. Console Messages: 5 Dropped.
Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16
Displayed, 200 Max.
File Logging: Level error. File Messages: 0 Logged, 209 Dropped.
SysLog server 31.1.1.2 Logging: error. Messages: 22 Dropped.
SysLog server 5.2.2.2 Logging: info. Messages: 0 Dropped.
SysLog server 10.2.2.2 Logging: critical. Messages: 21 Dropped.
SysLog server 10.1.1.1 Logging: critical. Messages: 0 Dropped.
1 messages were not logged
03-Mar-2004 12:02:03 :%LINK-I-Up: g11
03-Mar-2004 12:02:01 :%LINK-W-Down: g12
03-Mar-2004 12:02:01 :%LINK-I-Up: g13
Defining Switch Module IP Addresses

The IP Addressing page contains links for assigning interface and default gateway IP addresses, and
defining ARP and DHCP parameters for the interfaces. To open the IP Addressing page, click
System IP Addressing in the tree view.
Defining Default Gateways

The Default Gateway page contains fields for assigning Gateway to Ethernet switch modules.
Packets are forwarded to the default IP when packets are sent to a remote network. The configured
IP address must belong to the same IP address subnet of one of the IP interfaces. To open the
Default Gateway page, click System IP Addressing Default Gateway in the tree view.
The Default Gateway page contains the following fields:
102
Default Gateway The Gateway Ethernet switch module IP address.

Active Indicates if the gateway is active.
Remove Removes Gateway Ethernet switch modules from the Default Gateway drop-down list,
when selected
Selecting a Gateway Ethernet Switch Module:
1
Open the Default Gateway page.
Select an IP address in the Default Gateway drop-down list.
Select the Active check box.

The gateway Ethernet switch module is selected and the switch module is updated.
Removing a Default Gateway Ethernet Switch Module:

1
Open the Default Gateway page.
Select the Remove check box to remove default gateways.

The default gateway entry is removed, and the switch module is updated.
Defining Gateway Ethernet Switch Modules Using the CLI Commands
Default Gateway page.
Table 6-23.
Default Gateway CLI Commands
CLI Command
Description
ip default-gateway ip-address Defines a default gateway.

no ip default-gateway
Removes a default gateway.

console(config)# ip default-gateway 196.210.10.1
console(config)# no ip default-gateway
Defining IP Interfaces
The IP Interface Parameters page contains fields for assigning IP parameters to interfaces. To open
the IP Interface Parameters page, click System IP Addressing IP Interface Parameters in the
tree view.
103
Figure 6-33. IP Interface Parameters
IP Address The interface IP address.

Prefix Length The number of bits that comprise the source IP address prefix, or the network
mask of the source IP address.
Interface The interface type for which the IP address is defined. Select Port, LAG, or VLAN.
Type Indicates whether or not the IP address was configured statically.
Remove When selected, removes the interface from the IP Address drop-down menu.
Adding an IP Interface
1
Open the IP Interface Parameters page.
Click Add.
The Add a Static IP Interface page opens:
104
Figure 6-34.
Complete the fields on the page.

Network Mask specifies the subnetwork mask of the source IP address.

The new interface is added, and the switch module is updated.
Modifying IP Address Parameters

1
Select an IP address in the IP Address drop-down menu.
Modify the interface type.

The parameters are modified, and the switch module is updated.
Deleting IP Addresses
1
Click Show All.

The Interface Parameters Table opens:
Figure 6-35.
Select an IP address and select the Remove check box.
105

The selected IP address is deleted, and the switch module is updated.
Defining IP Interfaces Using CLI Commands
IP Interface Parameters page.
Table 6-24. IP Interface Parameters CLI Commands
CLI Command
Description
ip address ip-address {mask | Sets an IP address.

prefix-length}
no ip address [ip-address]
Removes an IP address
show ip interface [ethernet Displays the usability status of interfaces

interface-number | vlan vlan- configured for IP.
id | port-channel number]

console(config-if)# ip address 92.168.1.123 255.255.255.0
console(config-if)# no ip address 92.168.1.123
console(config-if)# end
console# show ip interface vlan 1
Output
Gateway IP AddressActivity status
--------------------------------------192.168.1.1Active
IP addressInterfaceType
------------------------------------------192.168.1.123/24VLAN 1Static
106
Defining DHCP IP Interface Parameters

The DHCP IP Interface page contains fields for specifying the DHCP clients connected to the
switch module. Click System IP Addressing DHCP IP Interface in the tree view. To open the
DHCP IP Interface page.
Figure 6-36.
DHCP IP Interface
Interface The specific interface connected to the switch module. Click the option button next
to Port, LAG, or VLAN and select the interface connected to the switch module.
Host Name The system name. This field can contain up to 20 characters.
Remove When selected, removes DHCP clients.
Adding DHCP Clients
1
Open the DHCP IP Interface page.
Click Add.
The Add DHCP IP Interface page opens.
Complete the information on the page.

The DHCP Interface is added, and the switch module is updated.
107
Modifying a DHCP IP Interface

1
Modify the fields.

The entry is modified, and the switch module is updated.
Deleting a DHCP IP Interface

1
Click Show All.

The DHCP Client Table opens.
Select a DHCP client entry.

The selected entry is deleted, and the switch module is updated.
Defining DHCP IP Interfaces Using CLI Commands
The following table summarizes the equivalent CLI commands for defining DHCP clients.
Table 6-25. DHCP IP Interface CLI Commands
CLI Command
Description
ip address dhcp
[hostname host-name]
To acquire an IP address on an Ethernet interface from the

Dynamic Host Configuration Protocol (DHCP).
The following is an example of the CLI command:

console# config
console(config-if)# ip address dhcp
Configuring Domain Name Systems

Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a
domain name is assigned the DNS service translates the name into a numeric IP address. For
example, www.ipexample.com is translated to 192.87.56.2. DNS servers maintain domain name
databases and their corresponding IP addresses.
The Domain Naming System (DNS) page contains fields for enabling and activating specific DNS
servers. To open the Domain Naming System (DNS) page, click System IP Addressing
Domain Name System in the tree view.
108
Figure 6-37.
DNS Status Enables or disables translating DNS names into IP addresses.

DNS Server Contains a list of DNS servers. DNS servers are added in the Add DNS Server page.
DNS Server Currently Active The DNS server that is currently active.
Remove DNS Server When selected, removes DNS Servers.
Adding a DNS Server
1
Open the Domain Naming System (DNS) page.
Click Add.
The Add DNS Server page opens:
Figure 6-38.
Add DNS Server
109
DNS Server DNS Server IP Address.

3

The new DNS server is defined, and the switch module is updated.
Displaying the DNS Servers Table

1
Click Show All.

The DNS Server Table opens:
Figure 6-39. DNS Server Table
Removing DNS Servers

1
Click Show All.
The DNS Server Table opens.
Select a DNS Server Table entry.

The selected DNS server is deleted, and the switch module is updated.
Configuring DNS Servers Using the CLI Commands
The following table summarizes the CLI commands for configuring switch module system
information.
Table 6-26. DNS Server CLI Commands
CLI Command
Description
ip name-server server-address Sets the available name servers. Up to eight name

servers can be set.
110
Table 6-26.
DNS Server CLI Commands
CLI Command
Description
no ip name-server serveraddress
Removes a name server.
ip domain-name name
Defines a default domain name that the software

uses to complete unqualified host names.
clear host {name | *}
Deletes entries from the host name-to-address

cache.
show hosts [name]
Displays the default domain name, list of name

server hosts, the static and the cached list of host
names and addresses.
ip domain-lookup
Enables DNS system for translating host names

to IP addresses.

console> enable
console# configure
console(config)# ip name-server 176.16.1.18
Defining Default Domains

The Default Domain Name page provides information for defining default DNS domain names.
To open the Default Domain Name page, click System IP Addressing Default Domain
Name.
111
Figure 6-40. Default Domain Name
Default Domain Name (1-158 characters) Contains a user-defined DNS domain name server.
When selected, the DNS domain name is the default domain.
Remove When selected, removes a selected domain.
Defining DNS Domain Names Using the CLI Commands
The following table summarizes the CLI commands for configuring DNS domain names.
Table 6-27. DNS Domain Name CLI Commands
112
CLI Command
Description
ip domain-name name
Defines a default domain name that the software

uses to complete unqualified host names.
no ip domain-name
Disable the use of the Domain Name System

(DNS).
show hosts [name]


console> enable
console# configure
console(config)# ip domain-name www.dell.com
Mapping Domain Host

The Host Name Mapping page provides parameters for assigning static host names IP addresses.
The Host Name Mapping page provides one IP address per host. To open the Host Name
Mapping page, click System IP Addressing Host Name Mapping.
Figure 6-41.
Host Name Mapping
Host Name Contains a Host Name list. Host Names are defined in the Add Host Name
Mapping page. Each host provides one IP address. The field values for the Host Name field are:
IP Address (X.X.X.X) Provides an IP address that is assigned to the specified host name.
Type The IP address type. The possible field values are:
Dynamic The IP address was created dynamically.
Static The IP address is a static IP address.
Remove Host Name Mapping When checked, removes the DNS Host Mapping.
113
Adding Host Domain Names

1
Open the Host Name Mapping page.
Click Add.
The Add Host Name Mapping page opens:
Figure 6-42. Add Host Name Mapping

The IP address is mapped to the Host Name, and the switch module is updated.
Displaying the Hosts Name Mapping Table

1
Click Show All.

The Hosts Name Mapping Table opens:
Figure 6-43. Hosts Name Mapping Table
Removing Host Name from IP Address Mapping
114
Click Show All
The Host Mapping Table opens.
Select a Host Name Mapping Table entry.
Check the Remove checkbox.

The Host Mapping Table entry is deleted, and the switch module is updated.
Mapping IP address to Domain Host Names Using the CLI Commands
The following table summarizes the equivalent CLI commands for mapping Domain Host names
to IP addresses.
Table 6-28.
Domain Host Name CLI Commands
CLI Command
Description
ip host name address1

[address2 address8]
Defines the static host name-to-address mapping

in the host cache
no ip host name
Removes the name-to-address mapping.
clear host {name | *}
Deletes entries from the host name-to-address

cache.
show hosts [name]


console# enable
console# configure
console(config)# ip host accounting.abc.com 176.10.23.1
Configuring ARP
The Address Resolution Protocol (ARP) converts IP addresses into physical addresses (maps the IP
address to a MAC address). ARP allows a host to communicate with other hosts only when the IP
address of its neighbors is known. To open the ARP Settings page, click System IP Addressing
ARP in the tree view.
115
Figure 6-44. ARP Settings
Global Settings Select this option to activate the fields for ARP global settings.
ARP Entry Age Out (1-40000000) For all Ethernet switch module s, the amount of time
(seconds) that passes between ARP requests about an ARP table entry. After this period, the entry
is deleted from the table. The range is 1 - 40000000. The default value is 60000 seconds.
Clear ARP Table Entries The type of ARP entries that are cleared on all Ethernet switch
modules. The possible values are:
None ARP entries are not cleared.
All All ARP entries are cleared.
Dynamic Only dynamic ARP entries are cleared.
Static Only static ARP entries are cleared.
ARP Entry Select this option to activate the fields for ARP settings on a single Ethernet switch
module.
Interface The interface number of the port, LAG, or VLAN that is connected to the Ethernet
switch module.
IP Address The station IP address, which is associated with the MAC address filled in below.
MAC Address The station MAC address, which is associated in the ARP table with the IP
address.
Status The ARP Table entry status. Possible field values are:
116
Dynamic The ARP entry is learned dynamically.

Static The ARP entry is a static entry.
Remove ARP Entry When selected, removes an ARP entry.
Adding a Static ARP Table Entry:
1
Open the ARP Settings page.
Click Add.
The Add ARP Entry page opens:
Select an interface.
Define the fields.

The ARP Table entry is added, and the switch module is updated.
Displaying the ARP Table

1
Open the ARP Settings page.
Click Show All.

The ARP Table opens.
Deleting ARP Table Entry

1
Open the ARP Settings page
Click Show All.

The ARP Table page opens.
Select a table entry.

The selected ARP Table entry is deleted, and the switch module is updated.
117
Configuring ARP Using the CLI Commands
ARP Settings page.
Table 6-29. ARP Settings CLI Commands
CLI Command
Description
arp ip_addr hw_addr

Adds a permanent entry in the ARP cache.
{ethernet interface-number |
vlan vlan-id | port-channel
number}
arp timeout seconds
Configures how long an entry remains in the ARP

cache.
clear arp-cache
Deletes all dynamic entries from the ARP cache
show arp
Displays entries in the ARP Table.
no arp
Removes an ARP entry from the ARP Table.
console(config)# arp 198.133.219.232 00-00-0c-40-0f-bc

console(config)# arp timeout 12000
console# show arp
ARP timeout: 12000 Seconds
Interface
IP address
HW address
Status
---------
----------
----------
------
g11
10.7.1.102
00:10:B5:04:DB:4B
Dynamic
g12
10.7.1.135
00:50:22:00:2A:A4
Static
Running Cable Diagnostics

The Diagnostics page contains links to pages for performing virtual cable tests on copper cables. To
open the Diagnostics page, click System Diagnostics in the tree view.
118
Viewing Copper Cable Diagnostics

The Integrated Cable Test for Copper Cables page contains fields for performing tests on copper
cables. Cable testing provides information about where errors occurred in the cable, the last time a
cable test was performed, and the type of cable error which occurred. The tests use Time Domain
Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached
to a port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the
down state, with the exception of the Approximated Cable Length test.
NOTE: Cable tests are not available on internal ports.
To open the Integrated Cable Test for Copper Cables page, click System Diagnostics
Integrated Cable Test in the tree view.
Figure 6-45.
Port The port to which the cable is connected.

Test Result The cable test results. Possible values are:
No Cable There is no cable connected to the port.
Open Cable The cable is connected on only one side.
Short Cable A short has occurred in the cable.
OK The cable passed the test.
Cable Fault Distance The distance from the port where the cable error occurred.
Last Update The last time the port was tested.
119
Approximate Cable Length The approximate cable length. This test can only be performed
when the port is up and operating at 1 Gbps.
Performing a Cable Test
1
Ensure that both ends of the copper cable are connected to a Ethernet switch module.
Open the Integrated Cable Test for Copper Cables page.
Select an interface to test.
Click Test Now.

The copper cable test is performed, and the results are displayed on the Integrated Cable Test
for Copper Cables page.
Displaying Virtual Cable Test Results Table

1
Open the Integrated Cable Test for Copper Cables page.
Click Show All.

The Virtual Cable Test Results Table opens.
Performing Copper Cable Tests Using CLI Commands
The following table summarizes the equivalent CLI commands for performing copper cable tests.
Table 6-30. Copper Cable Test CLI Commands
CLI Command
Description
test copper-port tdr

interface
Performs VCT tests.
show copper-port tdr

[interface]
Shows results of last VCT tests on ports.
show copper-port cable- Displays the estimated copper cable length attached to a
length [interface]
port.
120
console> enable
console# test copper-port tdr g11
Cable is open at 100 meters.
console# show copper-ports tdr
Port
Result
Length [meters]
Date
----
------
---------------
----
g11
OK
100
13:32:00 15 January 2004
50
13:32:00 15 January 2004
g12
Short
g13
Test has not been performed
g14
Open
64
13:32:00 15 January 2004
NOTE: The cable length returned is an approximation in the ranges of up to 50 meters, 50m-80m, 80m110m, 110m-120m, or more than 120m. The deviation may be up to 20 meters.
Managing Switch Module Security

The Management Security page provides access to security pages that contain fields for setting
security parameters for ports, switch module management methods, user, and server security. To
open the Management Security page, click SystemManagement Security in the tree view.
Defining Access Profiles

The Access Profiles page contains fields for defining profiles and rules for accessing the switch
module. Access to management functions can be limited to user groups, which are defined by
ingress interfaces and source IP address or source IP subnets.
Management access can be separately defined for each type of management access method,
including, Web (HTTP), Secure web (HTTPS), Telnet, and Secure Telnet.
Access to different management methods may differ between user groups. For example, User
Group 1 can access the switch module only via an HTTPS session, while User Group 2 can access
the switch module via both HTTPS and Telnet sessions.
Management Access Lists contain up to 128 rules that determine which users can manage the
switch module, and by which methods. Users can also be blocked from accessing the switch
module.
121
The Access Profiles page contains fields for configuring Management Lists and applying them to
specific interfaces. To open the Access Profiles page, click System Management Security
Access Profiles in the tree view.
Figure 6-46. Access Profiles
Access Profile User-defined Access Profile lists. The Access Profile list contains a default value
of Console Only. Accessing the Ethernet switch module is performed from ConsoleOnly.
Current Active Access Profile The access profile that is currently active.
Set Access Profile Active Activates an access profile.
Remove Removes an access profile from the Access Profile Name list, when selected.
Activating a Profile
1
Open the Access Profiles page.
Select an Access Profile in the Access Profile field.
Select the Set Access Profile Active check box.

The Access Profile is activated.
122
Adding an Access Profile
Rules act as filters for determining rule priority, the switch module management method, interface
type, source IP address and network mask, and the switch module management access action.
Users can be blocked or permitted management access. Rule priority sets the order in which the
rules are implemented.
Defining Rules for an Access Profile:
1
Click Add an Access Profile.

The Add an Access Profile page opens:
Figure 6-47.
Access Profile Name User-defined name for the access profile. The Access Profile name can
contain up to 32 characters.
Rule Priority (1-65535) The rule priority. When the packet is matched to a rule, user groups are
either granted access or denied access to Ethernet switch module management. The rule order is
set by defining a rule number within the Profile Rules Table. The rule number is essential to
matching packets to rules, as packets are matched on a first-fit basis. The rule priorities are assigned
in the Profile Rules Table.
Management Method The management method for which the access profile is defined. Users
with this access profile can access the switch module using the management method selected.
Interface The interface type to which the rule applies. This is an optional field. This rule can be
applied to a selected port, LAG, or VLAN by selecting the check box and selecting the appropriate
option button and interface.
NOTE: Assigning an access profile to an interface denies access via other interfaces. If an access
profile is not assigned to any interface, the switch module can be accessed by all interfaces.
123
Source IP Address The interface source IP address for which the rule applies. This is an optional
field and indicates that the rule is valid for a subnetwork.
Network Mask The IP subnetwork mask.
Prefix Length The number of bits that comprise the source IP address prefix, or the network
mask of the source IP address.
Action Defines whether to permit or deny management access to the defined interface.
3
Define the Access Profile Name field.

The new Access Profile is added, and the switch module is updated.
Adding Rules to Access Profile
NOTE: The first rule must be defined to beginning matching traffic to access profiles.
1
Open the Access Profile page.
Click Add Rule to Rule.

The Add an Access Profile Rule page opens:
Figure 6-48. Add an Access Profile Rule
Complete the fields.

The rule is added to the access profile, and the switch module is updated.
124
Viewing the Profile Rules Table:
NOTE: The order in which rules appear in the Profile Rules Table is important. Packets are matched to
the first rule which meets the rule criteria.
1
Click Show All.

The Profile Rules Table page opens:
Figure 6-49.
Profile Rules Table
Removing a Rule
1
Click Show All.

The Profile Rules Table opens.
Select a rule.

The selected rule is deleted, and the switch module is updated.
Defining Access Profiles Using CLI Commands
Access Profiles page.
Table 6-31.
Access Profiles CLI Commands
CLI Command
Description
management access-list
name
Defines an access-list for management, and

enters the access-list context for configuration.
125
Table 6-31. Access Profiles CLI Commands

CLI Command
Description
permit [ethernet interfaceSets port permitting conditions for the

number | vlan vlan-id | port- management access list.
channel number] [service
service]
permit ip-source ip-address Sets port permitting conditions for the
[mask mask | prefix-length] management access list, and the selected
[ethernet interface-number | management method.
number] [service service]
deny [ethernet interfaceSets port denying conditions for the management
number | vlan vlan-id | port- access list, and the selected management
channel number] [service
method.
service]
deny ip-source ip-address
Sets port denying conditions for the management
[mask mask | prefix-length] access list, and the selected management
[ethernet interface-number | method.
number] [service service]
management access-class
{console-only | name}
Defines which access-list is used as the active

management connections.
show management access-list Displays the active management access-lists.

[name]
show management accessclass
126
Displays information about management accessclass.

console(config)# management access-list mlist
console(config-macl)# deny ethernet g13
console(config-macl)# deny ethernet g14
console(config-macl)# exit
console(config)# management access-class mlist
console# show management access-list
mlist
----permit ethernet g11
permit ethernet g12
deny ethernet g13
deny ethernet g14
! (Note: all other access implicitly denied)
Console# show management access-class
Management access-class is enabled, using access list mlist
Defining Authentication Profiles

The Authentication Profiles page contains fields for selecting the user authentication method on
the switch module. User authentication occurs:
Locally
Via an external server
User authentication can also be set to None.

User authentication occurs in the order the methods are selected. For example, if both the Local
and RADIUS options are selected, the user is authenticated first locally. If the local user database is
empty, the user is then authenticated via the RADIUS server.
If an error occurs during the authentication, the next selected method is used. To open the
Authentication Profiles page, click System Management Security Authentication Profiles in
the tree view.
127
Figure 6-50. Authentication Profiles
Authentication Profile Name User-defined authentication profile lists to which user-defined

authentication profiles are added. The defaults are Network Default and Console Default.
Optional Methods User authentication methods. Possible options are:
None No user authentication occurs.
Local User authentication occurs at the switch module level. The switch module checks
the user name and password for authentication.
RADIUS User authentication occurs at the RADIUS server. For more information, see
Configuring RADIUS Global Parameters.
Line The line password is used for user authentication.
Enable The enable password is used for authentication.
TACACS+ The user authentication occurs at the TACACS+ server.
Restore Default Restores the default user authentication method on the Ethernet switch
module.
Selecting an Authentication Profile:
128
Open the Authentication Profiles page.
Select a profile in the Authentication Profile Name field.
Select the authentication method using the navigation arrows.

The user authentication profile is updated to the switch module.
Adding an Authentication Profile:

1
Click Add.
The Add Authentication Profile page opens:
Figure 6-51.
Add Authentication Profile
Configure the profile.

The authentication profile is updated to the switch module.
Displaying the Show All Authentication Profiles Page:

1
Click Show All.

The Authentication Profile Table opens:
129
Figure 6-52. Authentication Profiles Table
Deleting an Authentication Profiles:

1
Click Show All.

The Authentication Profile Table opens.
Select an authentication profile.

The selected authenticating profile is deleted.
Configuring an Authentication Profile Using CLI Commands
Authentication Profiles page.
Table 6-32. Authentication Profile CLI Commands
CLI Command
Description
aaa authentication login

{default | list-name}
method1 [method2.]
Configures login authentication.
no aaa authentication login

{default | list-name}
Removes a login authentication profile.

console(config)# aaa authentication login default radius local
enable none
console(config)# no aaa authentication login default
130
Assigning Authentication Profiles

After Authentication Profiles are defined, the Authentication Profiles can be applied to
Management Access methods. For example, console users can be authenticated by Authentication
Method List 1, while Telnet users are authenticated by Authentication Method List 2. To open the
Select Authentication page, click System Management Security Select Authentication in the
tree view.
Figure 6-53.
Console Authentication profiles used to authenticate console users.

Telnet Authentication profiles used to authenticate Telnet users.
Secure Telnet (SSH) Authentication profiles used to authenticate Secure Shell (SSH) users.
SSH provides clients with secure and encrypted remote connections to a switch module.
HTTP and Secure HTTP Authentication method used for HTTP access and Secure HTTP
access, respectively. Possible field values are:
None No authentication method is used for access.
Local Authentication occurs locally.
RADIUS Authentication occurs at the RADIUS server.
TACACS+ Authentication occurs at the TACACS+ server.
131
Applying an Authentication List to Console Sessions

1
Open the Select Authentication page.
Select an Authentication Profile in the Console field.

Console sessions are assigned an Authentication List.
Applying an Authentication Profile to Telnet Sessions

1
Select an Authentication Profile in the Telnet field.

Telnet sessions are assigned an Authentication List.
Applying an Authentication Profile to Secure Telnet (SSH) Sessions

1
Select an Authentication Profile in the Secure Telnet (SSH) field.

Secure Telnet (SSH) sessions are assigned an Authentication Profile.
Assigning HTTP Sessions an Authentication Sequence

1
Select an authentication sequence in the HTTP field.

HTTP sessions are assigned an authentication sequence.
Assigning Secure HTTP Sessions an Authentication Sequence

1
Select an authentication sequence in the Secure HTTP field.

Secure HTTP sessions are assigned an authentication sequence.
132
Assigning Access Authentication Profiles or Sequences Using CLI Commands
Select Authentication page.
Table 6-33.
Select Authentication CLI Commands
CLI Command
Description
enable authentication
[default | list-name]
Specifies the authentication method list when

accessing a higher privilege level from a remote
Telnet, Console or SSH.
login authentication
[default | list-name]
Specifies the login authentication method list for

a remote Telnet, Console or SSH.
ip http authentication
method1 [method2.]
Specifies authentication methods for HTTP

servers.
ip https authentication
method1 [method2.]
Specifies authentication methods for HTTPS

servers.
show authentication
methods
Displays information about the authentication

methods.
133

console(config-line)# exit
console(config)# ip http authentication radius local
console(config)# ip https authentication radius local
console# show authentication methods
Login Authentication Method Lists
--------------------------------Default: Radius Local Line
Console_Login: Line, None
Enable Authentication Method Lists
---------------------------------Default: Radius Enable
Console_Enable: Enable None
Line
Login Method List
Enable Method List
------------------------------------------Console
Console_Login
Telnet
Default
Default
SSH
Default
Default
HTTP: Radius local

HTTPS: Radius local
Dot1x: Radius
134
Console_Enable
Defining the Local User Databases

The Local User Database page contains fields for defining users, passwords and access levels. To
open the Local User Database page click System Management Security Local User Database
in the tree view.
Figure 6-54.
Local User Database
User Name List of users.

Access Level User access level. The lowest user access level is 1, and the highest user access level
is 15.
Password (0-159 characters) User-defined alphanumeric password. Local user database
passwords can have a maximum of 159 characters.
Confirm Password Confirms the user-defined password.
Remove When selected, removes users from the User Name list.
Assigning Access Rights to a User:
1
Open the Local User Database page.
Select a user in the User Name field.
Define the fields.

The user access rights and passwords are defined, and the switch module is updated.
135
Defining a New User:

1
Click Add.
The Add User page opens:
Figure 6-55. Add a User Name
Define the fields.

The new user is defined, and the switch module is updated.
Displaying the Local User Table:

1
Click Show All.

The Local User Table opens:
Figure 6-56. Local User Table
Deleting Users:
1
Click Show All.

The Local User Table opens.
136
Select a User Name.

The selected user is deleted, and the switch module is updated.
Assigning Users Using CLI Commands
Local User Database page.
Table 6-34.
Local User Database CLI Commands
CLI Command
Description
username name [password

password] [level level]
[encrypted]
Establishes a username-based authentication

system.

console(config)# username bob password lee level 15
Defining Line Passwords

The Line Password page contains fields for defining line passwords for management methods. To
open the Line Password page, click System Management Security Line Passwords in the tree
view.
137
Figure 6-57. Line Password
Line Password for Console/Telnet/Secure Telnet (0-159 Characters) The line password for
accessing the switch module via a console, Telnet, or Secure Telnet session. Passwords can contain a
maximum of 159 characters.
Confirm Password Confirms the new line password. The password appears in the ***** format.
Defining Line Passwords for Console Sessions
1
Open the Line Password page
Define the Console Line Password field.

The line password for console sessions is defined, and the switch module is updated.
Defining Line Passwords for Telnet Sessions

1
Open the Line Password page.
Define the Telnet Line Password field.

The line password for the Telnet sessions is defined, and the switch module is updated.
Defining Line Passwords for Secure Telnet Sessions

1
138
Open the Line Password page.
Define the Secure Telnet Line Password field.

The line password for Secure Telnet sessions is defined, and the switch module is updated.
Assigning Line Passwords Using CLI Commands
Line Password page.
Table 6-35.
Line Password CLI Commands
CLI Command
Description
password password
[encrypted]
Specifies a password on a line.

console(config-line)# password dell
Defining Enable Password

The Enable Password page sets a local password to control access to Normal, Privilege, and Global
Configuration. To open the Enable Password page, click System Management Security
Enable Passwords in the tree view.
139
Figure 6-58. Enable Password
Select Enable Access Level Access level associated with the enable password. Possible field
values are 1-15.
Password (0-159 Characters) The currently configured enable password. Enable passwords can
contain a maximum of 159 characters.
Confirm Password Confirms the new enable password. The password appears in the *****
format.
Defining a New Enable Password:
1
Open the Enable Password page.
Define the fields.

The new Enable password is defined, and the switch module is updated.
140
Assigning Enable Passwords Using CLI Commands
Enable Password page.
Table 6-36.
Modify Enable Password CLI Commands
CLI Command
Description
enable password [level level] Sets a local password to control access to user and
password [encrypted]
privilege levels.

console(config)# enable password level 15 secret
Defining TACACS+ Settings

The switch modules provide Terminal Access Controller Access Control System (TACACS+)
client support. TACACS+ provides centralized security for validation of users accessing the switch
module.
TACACS+ provides a centralized user management system, while still retaining consistency with
RADIUS and other authentication processes. TACACS+ provides the following services:
Authentication Provides authentication during login and via user names and user-defined
passwords.
Authorization Performed at login. Once the authentication session is completed, an

authorization session starts using the authenticated user name. The TACACS+ server checks
the user privileges.
The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between
the switch module and TACACS+ server. To open the TACACS+ Settings page, click System
Management Security TACACS+ in the tree view.
141
Figure 6-59. TACACS+ Settings
Host IP Address Specifies the TACACS+ Server IP address.

Priority (0-65535) Specifies the order in which the TACACS+ servers are used. The default is 0.
Source IP Address The switch module source IP address used for the TACACS+ session
between the switch module and the TACACS+ server.
Key String (0-128 Characters) Defines the authentication and encryption key for TACACS+
communications between the switch module and the TACACS+ server. This key must match the
encryption used on the TACACS+ server.
Authentication Port (0-65535) The port number through which the TACACS+ session occurs.
The default is port 49.
Reply Timeout (1-30) The amount of time that passes before the connection between the
switch module and the TACACS+ server times out. The field range is 1-30 seconds.
Status The connection status between the switch module and the TACACS+ server. The
possible field values are:
Connected There is currently a connection between the switch module and the
TACACS+ server.
Not Connected There is not currently a connection between the switch module and the
TACACS+ server.
Single Connection Maintains a single open connection between the switch module and the
TACACS+ server when selected
142
The TACACS+ default parameters are user-defined defaults. The default settings are applied to
newly defined TACACS+ servers. If default values are not defined, the system defaults are applied
to the new TACACS+ new servers. The following are the TACACS+ defaults:
Source IP Address The default switch module source IP address used for the TACACS+ session
between the switch module and the TACACS+ server.
Key String (0-128 Characters) The default authentication and encryption key for TACACS+
communication between the switch module and the TACACS+ server.
Timeout for Reply (1-30) The default time that passes before the connection between the
switch module and the TACACS+ times out.
Adding a TACACS+ Server
1
Open the TACACS+ Settings page.
Click Add.
The Add TACACS+ Host page opens:
Figure 6-60.
Add TACACS+ Host
Define the fields.

The TACACS+ server is added, and the switch module is updated.
Displaying the TACACS+ Table

1
Click Show All.

The TACACS+ Table opens:
143
Figure 6-61. TACACS+ Table
Removing a TACACS+ Server

1
Click Show All.

The TACACS+ Table opens.
Select a TACACS+ Table entry.

The TACACS+ server is removed, and the switch module is updated.
Defining TACACS+ Settings Using CLI Commands
TACACS+ Settings page.
Table 6-37. TACACS+ CLI Commands
CLI Command
Description
tacacs+-server host {ipSpecifies a TACACS+ host.

address | hostname} [singleconnection] [port portnumber] [timeout timeout]
[key key-string] [source
source] [priority priority]
no tacacs+-server host (ipaddress | hostname)
tacacs+-server key key-string
144
Deletes a TACACS+ host.

Specifies the authentication and encryption key
for all TACACS+ communications between the
switch module and the TACACS+ server. This
key must match the encryption used on the
TACACS+ daemon. (Range: 0 - 128 characters.)
Table 6-37.
TACACS+ CLI Commands
CLI Command
Description
tacacs-server timeout timeout Specifies the timeout value in seconds. (Range: 1

- 30.)
tacacs-server source-ip source Specifies the source IP address. (Range: Valid IP
Address.)
show tacacs+ [ip-address]
Displays configuration and statistics for a

TACACS+ server.

console# show tacacs
Device Configuration
IP address
Status
Port
Single
TimeOut
Source IP
Priority
Connection
-----------
---------
-----
----------
----------
---------
---------
12.1.1.2
Not
49
Yes
12.1.1.1
Connected
Global values
-----------------
TimeOut : 5
Device Configuration
----------------Source IP : 0.0.0.0
console#
Configuring RADIUS Global Parameters

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for
networks. Up to 4 RADIUS servers can be defined. RADIUS servers provide a centralized
authentication method for:
Telnet Access
145
Secure Telnet Access
Web Access
Console to switch module Access
To open the RADIUS Settings page, click System Management Security RADIUS in the tree
view.
Figure 6-62. RADIUS Settings
IP Address The list of Authentication Server IP addresses.

Priority (0-65535) The server priority. The possible values are 0-65535, where 0 is the highest
value. This is used to configure the order in which servers are queried.
Authentication Port Identifies the authentication port. The authentication port is used to verify
the RADIUS server authentication.
Number of Retries (1-10) Specifies the number of transmitted requests sent to RADIUS server
before a failure occurs. The possible field values are 1 - 10.
Timeout for Reply (1-30) Specifies the amount of the time in seconds the switch module waits
for an answer from the RADIUS server before retrying the query, or switching to the next server.
The possible field values are 1 - 30.
Dead Time (0-2000) Specifies the amount of time (in minutes) that a RADIUS server is
bypassed for service requests. The range is 0-2000.
146
Key String (1-128 Characters) The Key string used for authenticating and encrypting all
RADIUS communications between the switch module and the RADIUS server. This key is
encrypted.
Source IP Address Specifies the source IP address that is used for communication with RADIUS
servers.
Usage Type Specifies the server usage type. Can be one of the following values: login, 802.1x
or all. If unspecified, defaults to all.
The following fields set the RADIUS default values:
Default Timeout for Reply (1-30) Specifies the default amount of the time (in seconds) the
switch module waits for an answer from the RADIUS server before timing out.
NOTE: If host-specific Timeouts, Retries, or Dead time values are not specified, the Global values
(Defaults) are applied to each host.
Default Retries (1-10) Specifies the default number of transmitted requests sent to RADIUS
server before a failure occurs.
Default Dead time (0-2000) Specifies the default amount of time (in minutes) that a RADIUS
server is bypassed for service requests. The range is 0-2000.
Default Key String (1-128 Characters) The Default Key string used for authenticating and
encrypting all RADIUS communications between the switch module and the RADIUS server. This
key is encrypted.
Source IP Address Specifies the default source IP address that is used for communication with
RADIUS servers.
Defining RADIUS Parameters:
1
Open the RADIUS Settings page.
Define the fields.

The RADIUS setting are updated to the switch module.
Adding a RADIUS Server:

1
Click Add.
The Add RADIUS Server page opens:
147
Figure 6-63. Add RADIUS Server
Define the fields.

The new RADIUS server is added, and the switch module is updated.
Displaying the RADIUS Server List:

1
Click Show All.

The RADIUS Servers List page opens:
Figure 6-64. RADIUS Servers List
Modifying the RADIUS Server Settings:

1
Click Show All.

The RADIUS Servers List page opens.
148
Modify the relevant fields.

The RADIUS Server settings are modified, and the switch module is updated.
Deleting a RADIUS Server for the RADIUS Servers List:

1
Click Show All.

The RADIUS Servers List page opens.
Select a RADIUS Server in the RADIUS Servers List.

The RADIUS server is removed from the RADIUS Servers List.
Defining RADIUS Servers Using CLI Commands
RADIUS Settings page.
Table 6-38.
RADIUS Settings CLI Commands
CLI Command
Description
radius-server timeout timeout Sets the default interval for which a switch
module waits for a server host to reply.
radius-server retransmit
retries
Specifies the default number of times the

software searches the list of RADIUS server hosts.
radius-server deadtime
deadtime
Configures unavailable default servers to be

skipped.
radius-server key [key-string] Sets the default authentication and encryption

key for all RADIUS communications between the
switch module and the RADIUS environment.
radius-server host {ip-address Specifies a RADIUS server host and any non| hostname} [auth-port auth- default settings.
port-number] [timeout
timeout] [retransmit retries]
[deadtime deadtime] [key
key-string] [source source]
[priority priority] [usage
type]
show radius-servers
Displays the RADIUS server settings.
149

console(config)# radius-server timeout 5
console(config)# radius-server retransmit 5
console(config)# radius-server deadtime 10
console(config)# radius-server key dell-server
console(config)# radius-server host 196.210.100.1 auth-port
1645 timeout 20
console# show radius-servers

Port
IP
address
Auth
Acct TimeOu
t
Retransmi
t
Deadtim Source
e
IP
Priorit
y
Usage
--------- ----
---- ------
---------
------- -----
-------
-----
33.1.1.1
1813 6
10
0.0.0.
0
All
1646 11
Global
Global
All
1812
172.16.1. 1645
2
Global values
-------------TimeOut: 5
Retransmit: 5
Deadtime: 10
Source IP: 0.0.0.0
150
Defining SNMP Parameters

Simple Network Management Protocol (SNMP) provides a method for managing network
Ethernet switch modules. Ethernet switch modules supporting SNMP run a local software (agent).
The SNMP agents maintain a list of variables, which are used to manage the network device. The
variables are defined in the Management Information Base (MIB). The MIB contains the variables
controlled by the agent. The SNMP protocol defines the MIB specification format, as well as the
format used to access the information over the network.
Access rights to the SNMP agents are controlled by community strings. To communicate with the
switch module, the SNMP application submits a valid community string for authentication.
To open the SNMP page, click System SNMP in the tree view. This section contains
information for managing the SNMP configuration.
Defining Communities
Access rights are managed by defining communities in the Community Table. When the
community names are changed, access rights are also changed. To open the SNMP Community
page, click System SNMP Communities in the tree view.
Figure 6-65.
SNMP Community
SNMP Management Station A list of management station IP addresses.
151
Community String Functions as a password and used to authenticate the selected management
station to the switch module.
Access Mode Defines the access rights of the community. The possible field values are:
Read Only The management access is restricted to read-only, for all MIBs except the
community table, for which there is no access.
Read Write The management access is read-write, for all MIBs except the community
table, for which there is no access.
SNMP Admin The management access is read-write for all MIBs, including the
community table.
Remove Removes a community, when selected.
Defining a New Community
1
Open the SNMP Community page.
Click Add.
The Add SNMP Community page opens:
Figure 6-66. Add SNMP Community
Select one of the following:

Management Station Defines an SNMP community for a specific management station. (A
value of 0.0.0.0 specifies all management stations.)
All Defines an SNMP community for all management stations.
Define the remaining fields.
Close the Add SNMP Community page. The SNMP Community page is displayed.
Click Refresh. The new community is inserted.
Displaying all Communities

1
152
Click Show All.

The Community Table opens:
Figure 6-67.
Community Table
Deleting Communities
1
Click Show All.

The Community Table opens.
Select a community from the Community Table.

The selected community entry is deleted, and the switch module is updated.
Configuring Communities Using CLI Commands
SNMP Community page.
Table 6-39.
SNMP Community CLI Commands
CLI Command
Description
snmp-server community
string [ro | rw | su] [ipaddress]
Sets up the community access string to permit

access to SNMP protocol.
snmp-server host {ip-address Determines the trap type sent to the selected
| hostname} communityrecipient.
string [1 | 2]
show snmp
Checks the SNMP communications status.
153

console(config)# snmp-server community public_1 su 1.1.1.1
console(config)# snmp-server community public_2 rw 2.2.2.2
console(config)# snmp-server community public_3 ro 3.3.3.3
console(config)# snmp-server host 1.1.1.1 public_1 1
console(config)# snmp-server host 2.2.2.2 public_2 2
console# show snmp
Community-String
Community-Access
IP address
public_1
super
1.1.1.1
public_2
readwrite
2.2.2.2
public_3
readonly
3.3.3.3
-------------------------------------
Traps are enabled.

Authentication-failure trap is enabled.
Trap-Rec-Address
Trap-Rec-Community
Version
-----------------
-------------------
---------
1.1.1.1
public_1
2.2.2.2
public_2
System Contact: 345 6789

System Location: 1234 5678
console#
Defining Traps
From the SNMP Trap Settings page, the user can enable or disable the switch module to send
SNMP traps or notifications. To open the SNMP Trap Settings page, click System SNMP
Traps in the tree view.
154
Figure 6-68.
SNMP Trap Settings
SNMP Trap Enables sending SNMP traps or SNMP notifications from the switch module to
defined trap recipients.
Authentication Trap Enables sending SNMP traps when authentication failed to define
recipients.
Select Recipient IP Specifies the IP address to whom the traps are sent.
Community String Identifies the community string of the trap manager.
Traps Determines the trap type sent to the selected recipient. The possible field values are:
SNMP V1 SNMP Version 1 traps are sent
SNMP V2c SNMP Version 2 traps are sent
Remove Removes Trap Manager Table entries, when selected.
Enabling SNMP traps on the Switch Module
1
Open SNMP Trap Settings page.
Select Enable in the SNMP Trap drop-down list.
Define the fields.
Click Refresh.
155
SNMP traps are enabled on the switch module.

Enabling Authentication Traps on the Switch Module
1
Open the SNMP Trap Settings page.
Select Enable in the Authentication Trap drop-down list.
Define the fields.

Authentication traps are enabled on the switch module.
Adding a New Trap Recipient:

1
Open the SNMP Trap Settings page.
Click Add.
The Add Trap Recipient page opens:
Figure 6-69. Add Trap Recipient
Define the fields. Configuring 0.0.0.0 means All, and the traps are Broadcast.

The trap recipient is added, and the switch module is updated.
Displaying the Trap Recipient Table
The Trap Recipient Table contains fields for configuring trap types.
1
Click Show All.

The Trap Recipient Table page opens:
156
Figure 6-70.
Deleting a Trap Manager Table Entry

1
Click Show All.

The Trap Recipient Table page opens.
Select a Trap Recipient Table entry.

The selected trap manager is deleted, and the switch module is updated.
Configuring Traps Using CLI Commands
SNMP Trap Settings page.
Table 6-40.
SNMP Trap Settings CLI Commands
CLI Command
Description
snmp-server enable traps
Enables the switch module to send SNMP traps

or SNMP notifications.
snmp-server trap
authentication
Enables the switch module to send SNMP traps

when authentication failed.
snmp-server host host-addr

community-string [1 | 2]
Determines the trap type sent to the selected

recipient.
show snmp
Displays the SNMP communications status.
157
console(config)# snmp-server enable traps

console(config)# snmp-server trap authentication
console(config)# snmp-server host 41.1.1.3 public 1
console# show snmp
Community-String
Community-Access
IP address
-------------------------------------
-----------------------------------
-----------------------
public_1
super
1.1.1.1
public_2
readwrite
2.2.2.2
public_3
readonly
3.3.3.3
Traps are enabled.

Authentication-failure trap is enabled.
Trap-Rec-Address
Trap-Rec-Community
Version
-----------------
-------------------
---------
1.1.1.1
public_1
2.2.2.2
public_2
System Contact: 345 6789

System Location: 1234 5678
Managing Files
The File Management page contains fields for managing switch module software, the Image Files,
and the Configuration Files. Files can be downloaded from a TFTP server.
File Management Overview

The management file structure consists of the following configuration files:
158
Startup Configuration File Contains the commands required to reconfigure the switch
module to the same settings as when the switch module is powered down or rebooted. The
startup configuration file is created by copying the configuration commands from the
Running Configuration file or the Backup Configuration file to the Startup Configuration
file.
Running Configuration File Contains all Startup Configuration file commands, as well as
all commands entered during the current session. After the switch module is powered down or
rebooted, all commands stored in the Running Configuration file are lost. During the startup
process, all commands in the Startup Configuration file are copied to the Running
Configuration file and applied to the switch module. During the session, all new commands
entered are added to the commands existing in the Running Configuration file. Commands
are not overwritten. To update the Startup Configuration file, before powering down the
switch module, the Running Configuration file must be copied to the Startup Configuration
file. The next time the switch module is restarted, the commands are copied back into the
Running Configuration file from the Startup Configuration file.
Backup Configuration File Contains a backup copy of the switch module configuration.
The Backup Configuration file is generated when the Running Configuration file or the
startup configuration file is copied to the Backup Configuration file. The commands copied
into the file replace the existing commands saved in the Backup Configuration file. The
Backup Configuration file contents can be copied to either the Running Configuration or the
Startup Configuration files.
Image Files System file images are saved in two Flash Files called Image 1 and Image 2.
The active image stores the active copy, while the other image stores a second copy. The
switch module boots and runs from the active image. If the active image is corrupted, the
system automatically boots from the non-active image. This is a safety feature for faults
occurring during the Software Upgrade process.
To open the File Management page, click System File Management in the tree view. The File
Management page contains links to:
File Download
File Upload
Copy Files
Downloading Files
The File Download From Server page contains fields for downloading system image and
Configuration files from the TFTP server to the switch module. To open the File Download From
Server page, click System File Management File Download in the tree view.
159
Figure 6-71. File Download From Server
Firmware Download The Firmware file is downloaded. If Firmware Download is selected, the
Configuration Download fields are grayed out.
Configuration Download The Configuration file is downloaded. If Configuration Download is
selected, the Firmware Download fields are grayed out.
Firmware Download TFTP Server IP Address The TFTP Server IP Address from which files are
downloaded.
Firmware Download Source File Name Specifies the file to be downloaded.
Firmware Download Destination File The destination file type to which the file is downloaded.
The possible field values are:
Software Image Downloads the Image file.
Boot Code Downloads the Boot file.
Active Image The Image file that is currently active.
Active Image After Reset The Image file that is active after the switch module is reset.
Configuration Download File TFTP Server IP Address The TFTP Server IP Address from
which the configuration files are downloaded.
Configuration Download Source File Name Specifies the configuration files to be downloaded.
Configuration Download Destination Name The destination file to which the configuration
file is downloaded. The possible field values are:
160
Running Configuration Downloads commands into the Running Configuration file.

Startup Configuration Downloads the Startup Configuration file, and overwrites it.
Backup Configuration Downloads the Backup Configuration file, and overwrites it.
Downloading Files:
1
Open the File Download From Server page.
Define the file type to download.
Define the fields.

The software is downloaded to the switch module.
NOTE: To activate the selected Image file, reset the switch module. For information on resetting the
switch module, see "Resetting the Switch Module" on page 78.
Downloading Files Using CLI Commands
File Download From Server page.
Table 6-41.
File Download CLI Commands
CLI Command
Description
copy source-url destinationurl
Copies any file from a source to a destination.

downloading
console# copy tftp://10.6.6.64/pp.txt startup-config
....!
01-Jan-2000 06:41:55 %COPY-W-TRAP: The copy operation was
N O T E : Each ! indicates that ten packets were successfully transferred.
Uploading Files
The File Upload to Server page contains fields for uploading the software to the TFTP server from
the switch module. The Image file can also be uploaded from the File Upload to Server page. To
open the File Upload to Server page, click System File Management File Upload in the tree
view.
161
Figure 6-72. File Upload to Server
Firmware Upload The Firmware file is uploaded. If Firmware Upload is selected, the
Configuration Upload fields are grayed out.
Configuration Upload The Configuration file is uploaded. If Configuration Upload is selected,
the Software Image Upload fields are grayed out.
Software Image Upload TFTP Server IP Address The TFTP Server IP Address to which the
Software Image is uploaded.
Software Image Upload Destination Specifies the Software Image file path to which the file is
uploaded.
Configuration Upload TFTP Server IP Address The TFTP Server IP Address to which the
Configuration file is uploaded.
Configuration Upload Destination Specifies the Configuration file path to which the file is
uploaded.
Configuration Upload Transfer file name The software file to which the configuration is
uploaded. The possible field values are:
Running Configuration Uploads the Running Configuration file
Startup Configuration Uploads the Startup Configuration file
Backup Configuration Uploads the Backup Configuration file
162
Uploading Files
1
Open the File Upload to Server page.
Define the file type to upload.
Define the fields.

The software is uploaded to the TFTP server.
Uploading Files Using CLI Commands
File Upload to Server page.
File Upload CLI Commands
CLI Command
Description

console# copy image tftp://10.6.6.64/uploaded.ros
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copying Files
Files can be copied and deleted from the Copy Files page. To open the Copy Files page, click
System File Management Copy Files in the tree view.
163
Figure 6-73. Copy Files
Copy Configuration When selected, copies either the Running Configuration, Startup
Configuration or Backup Configuration files. The possible field values are:
Source Copies either the Running Configuration, Startup Configuration or Backup
Configuration files.
Destination The file to which the Running Configuration, Startup Configuration or
Backup Configuration file is copied.
Restore Configuration Factory Defaults When selected, specifies that the factory configuration
default files should be reset. When unselected, maintains the current configuration settings.
Copying Files
1
Open the Copy Files page.
Define the Source and Destination fields.

The file is copied, and the switch module is updated.
Restoring Company Factory Default Settings
164
Open the Copy Files page.
Click Restore Company Factory Defaults.

The company factory default settings are restored, and the switch module is updated.
Copying and Deleting Files Using CLI Commands
Copy Files page.
Table 6-42.
Copy Files CLI Commands
CLI Command
Description
delete startup-config
Deletes the startup-config file.

console# delete startup-config
Startup file was deleted
console#
console# copy running-config startup-config
Copy succeeded
console#
Defining Advanced Settings

The Advanced Settings page contains a link for configuring general settings. Use Advanced
Settings page to set miscellaneous global attributes for the switch module. The changes to these
attributes are applied only after the switch module is reset. To open the Advanced Settings page,
click System Advanced Settings in the tree view.
Configuring General Switch Module Tuning Parameters

The General Settings page provides information for defining general switch module parameters.
To open the General Settings page, click System Advanced Settings General Settings in the
tree view.
165
Figure 6-74. General Settings
Attribute The general setting attribute.

Current The currently configured value.
After Reset The future (after reset) value. By entering a value in the After Reset column,
memory is allocated to the field table.
Max RAM Log Entries (20-400) The maximum number of RAM Log entries. When the Log
entries are full, the log is cleared and the Log file is restarted.
Jumbo Frames Enables or disables the Jumbo Frames feature. Jumbo Frames enable the
transportation of identical data in fewer frames. This ensures less overhead, lower processing time,
and fewer interrupts. Internal frames may be effected by enabling Jumbo frames.
166
Viewing RAM Log Entries Counter Using the CLI Commands
General Settings page.
Table 6-43.
General Settings CLI Commands
CLI Command
Description
logging buffered size number Sets the number of syslog messages stored in the
internal buffer (RAM).
port jumbo-frame
Enables jumbo frames for the switch module.

console(config)# logging buffered size 300
167
168

This section provides all system operations and general information for configuring network
security, ports, address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast
Support.
Configuring Network Security

The switch module enables network security through both Access Control Lists and Locked Ports.
To open the Network Security page select Switch Network Security.
Network Security Overview

This section describes the network security features.
Port Based Authentication (802.1x)
Port based authentication enables authenticating system users on a per-port basis via a external
server. Only authenticated and approved system users can transmit and receive data. Ports are
authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port
Authentication includes:
Authenticators Specifies the port that is authenticated before permitting system access.
Supplicants Specifies host connected to the authenticated port requesting to access the
system services.
Authentication Server Specifies the external server, for example, the RADIUS server that
performs the authentication on behalf of the authenticator, and indicates whether the user is
authorized to access system services.
Port based authentication creates two access states:
Controlled Access Permits communication between the user and the system, if the user is
authorized.
Uncontrolled Access Permits uncontrolled communication regardless of the port state.
The switch module currently supports Port Based Authentication via RADIUS servers.
Advanced Port Based Authentication
Advanced Port Based Authentication enables multiple hosts to be attached to a single port.
Advanced Port Based Authentication requires only one host to be authorized for all hosts to have
system access. If the port is unauthorized all attached hosts are denied access to the network.
169
Advanced Port Based Authentication also enables VLAN based authentication. Specific VLANs in
the switch module are always available, even if specific ports attached to the VLAN are
unauthorized. For example, Voice over IP does not require authentication, while data traffic
requires authentication. VLANs for which authorization is not required can be defined.
Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined
as authorized.
Advanced Port Based Authentication is implemented in the following modes:
Single Host Mode Enables only the authorized host to access the port.
Multiple Host Mode Enables multiple hosts to be attached to a single port. Only one host
must be authorized for all hosts to access the network. If the host authentication fails or an
EAPOL-logoff message is received, all attached clients are denied network access.
Configuring Port Based Authentication

The Port Based Authentication page contains fields for configuring port based authentication. To
open the Port Based Authentication page, click Switch Network Security Port Based
Authentication.
NOTE: This feature may be effected on internal ports.
Figure 7-75. Port Based Authentication
Port Based Authentication State Permits port based authentication on the switch module. The
170
Enable Enables port based authentication on the switch module.

Disable Disables port based authentication on the switch module.
Authentication Method The Authentication method used. The possible field values are:
RADIUS, None Indicates that port authentication is performed first via RADIUS server. If
the RADIUS server cannot be reached, then no authenication method is used. However, if a
failure occured, the port remains unauthorized and access is not granted.
RADIUS Indicates that authentication occurs at the RADIUS server.
None Indicates that no authentication method is used.
Interface Contains an interface list.
User Name The user name as configured in the RADIUS server.
Admin Interface Control Defines the port authorization state. The possible field values are:
Auto Enables port based authentication per port. The interface moves between an
authorized or unauthorized state based on the authentication exchange between the switch
module and the client.
Forced-authorized Places the interface into an authorized state without being
authenticated. The interface sends and receives normal traffic without client port based
authentication.
Forced-unauthorized Denies the selected interface system access by moving the
interface into unauthorized state. The Ethernet switch module cannot provide
authentication services to the client through the interface.
Current Interface Control The current port authorization state. An asterisk displays if the port
is currently down.
Periodic Reauthentication Reauthenticates the selected port periodically, when enabled. The
reauthentication period is defined in the Reauthentication Period (300-4294967295) field.
Reauthentication Period (300-4294967295) Indicate the time span in which the selected port is
reauthenticated. The field value is in seconds. The field default is 3600 seconds.
Reauthenticate Now Permits immediate port reauthentication, when selected.
Authentication Server Timeout (1-65535) Defines the amount of time that lapses before the
switch module resends a request to the authentication server. The field value is in seconds. The
field default is 30 seconds.
Resending EAP Identity Request (1-65535) Defines the amount of time that lapses before EAP
request are resent. The field default is 30 seconds.
Quiet Period (0-65535) The number of seconds that the switch module remains in the quiet
state following a failed authentication exchange. The possible field range is 0-65535. The field
default is 60 seconds.
171
Supplicant Timeout (1-65535) The amount of time that lapses before EAP requests are resent
to the user. The field value is in seconds. The field default is 30 seconds.
Max EAP Requests (1-10) The total amount of EAP requests sent. If a response is not received
after the defined period, the authentication process is restarted. The field default is 2 retries.
Displaying the Port Based Authentication Table
1
Display the Port Based Authentication page.
Click Show All.

The Port Based Authentication Table opens:
Figure 7-76. Port Based Authentication Table
Copy Parameters From The port from which parameters are copied.
Termination Cause The reason for which the port authentication was terminated.
Copy To Copies port parameters from one port to the selected ports.
Select All Selects all ports in the Port Based Authentication Table.
Copying Parameters in the Port Based Authentication Table
1
Open the Port Based Authentication page.
Click Show All.

The Port Based Authentication Table opens.
172
Select the interface in the Copy Parameters from field.
Select an interface in the Port Based Authentication Table.
Select the Copy to check box to define the interfaces to which the Port based authentication
parameters are copied.

The parameters are copied to the selected port in the Port Based Authentication Table, and
the switch module is updated.
Enabling Port Based Authentication Using the CLI Commands
The following table summarizes the equivalent CLI commands for enabling the port based
authentication as displayed in the Port Based Authentication page.
.
Table 7-44.
Port Authentication CLI Commands
CLI Command
Description
aaa authentication dot1x

default method1 [method2.]
Specifies one or more authentication,

authorization, and accounting (AAA) methods
for use on interfaces running IEEE 802.1X.
dot1x max-req count
Sets the maximum number of times that the

switch module sends an EAP to the client,
before restarting the authentication process.
dot1x re-authenticate
[ethernet interface]
Manually initiates a re-authentication of all

802.1X-enabled ports or the specified 802.1Xenabled port.
dot1x re-authentication
Enables periodic re-authentication of the client.
dot1x timeout quiet-period

seconds
Sets the number of seconds that the switch

module remains in the quiet state following a
failed authentication exchange.
dot1x timeout re-authperiod Sets the number of seconds between reseconds

authentication attempts.
dot1x timeout servertimeout seconds
Sets the time for the retransmission of packets to

the authentication server.
dot1x timeout supp-timeout Sets the time for the retransmission of an EAP
seconds
request frame to the client.
dot1x timeout tx-period
seconds
Sets the number of seconds that the switch

module waits for a response to an EAP request/identity frame, from the client, before
resending the request.
173
Table 7-44. Port Authentication CLI Commands

CLI Command
Description
show dot1x [ethernet

interface]
Displays 802.1X status for the switch module or

for the specified interface.
show dot1x users [username

username]
Displays 802.1X users for the switch module.

console> enable
Console# show dot1x
Port
Admin Mode Oper Mode
Reauth
Control
Reauth
Period
Username
---------
---------- ----------
--------
------
--------
g11
Auto
Authorized
Ena
3600
Bob
g12
Auto
Authorized
Ena
3600
John
g13
Auto
Unauthorized
Ena
3600
Clark
g14
Force-auth Authorized
Dis
3600
n/a
Configuring Advanced Port Based Authentication

The Multiple Hosts page provides information for defining advanced port based authentication
settings for specific ports. To open the Multiple Hosts, click Switch Network Security
Multiple Hosts.
NOTE: This feature may be effected on internal ports.
174
Figure 7-77.
Multiple Hosts
Port The port number for which Advanced Port Based Authentication is enabled.
Multiple Hosts Enables or disables a single host to authorize multiple hosts for system access.
This setting must be enabled in order to either disable the ingress-filter, or to use port-lock security
on the selected port.
Action on Single Host Violation Defines the action to be applied to packets arriving in singlehost mode, from a host whose MAC address is not the client (supplicant) MAC address. The
Forward Forwards the packets from an unknown source, however, the MAC address is not
learned.
Discard Discards the packets from any unlearned source. This is the default value.
Discard Shutdown Discards the packet from any unlearned source and shuts down the
port. Ports remain shut down until they are activated, or the switch module is reset.
Traps Enables or disables sending traps to the host if a violation occurs.
Trap Frequency (1-1000000) (Sec) Defines the time period by which traps are sent to the host.
The Trap Frequency (1-1000000) field can be defined only if the Multiple Hosts field is defined as
Disable. The default is 10 seconds.
Status The host status. The possible field values are:
Unauthorized Indicates that the port control is Force Unauthorized, the port link is down
or the port control is Auto, but a client has not been authenticated via the port.
175
Not in auto mode Indicates that the port control is Forced Authorized, and clients have full
port access.
Single-host Lock Indicates that the port control is Auto and a single client has been
authenticated via the port.
No Single Host Indicates that Multiple Host is enabled.
Number of Violations The number of packets that arrived on the interface in single-host mode,
from a host whose MAC address is not the client (supplicant) MAC address.
Displaying the Multiple Hosts Table
1
Open the Multiple Hosts page.
Click Show All.

The Multiple Hosts Table opens.
Figure 7-78. Multiple Hosts Table
Enabling Multiple Hosts Using the CLI Commands
The following table summarizes the equivalent CLI commands for enabling the advanced port
based authentication as displayed in the Multiple Hosts page.
Table 7-45. Multiple Hosts CLI Commands
CLI Command
Description
dot1x multiple-hosts
Allows multiple hosts (clients) on an 802.1Xauthorized port that has the dot1x port-control
interface configuration command set to auto.
dot1x single-hostConfigures the action to be taken when a station,

whose MAC address is not the client (supplicant)
violation {forward
MAC address, attempts to access the interface.
|discard |discardshutdown}[trap seconds]
The following is an example of the CLI Command.
176
Console# configure
Console(config)# interface ethernet g11
Console(config-if)# dot1x multiple-hosts
Authenticating Users
The Authenticated Users page displays user port access lists. To open the Authenticated Users
page, click Switch Network Security Authenticated Users.
Figure 7-79.
Authenticated Users
User Name List of users authorized via the RADIUS Server.

Port The port number(s) used for authentication - per user name.
Session Time The amount of time the user was logged on to the switch module. The field
format is Day:Hour:Minute:Seconds, for example, 3 days: 2 hours: 4 minutes: 39 seconds.
Authentication Method The method by which the last session was authenticated. The possible
field values are:
Remote The user was authenticated from a remote server.
177
None The user was not authenticated.

MAC Address The supplicant MAC address.
Displaying the Authenticated Users Table
1
Open the Authenticated Users page.
Click Show All.

The Authenticated Users Table opens:
Figure 7-80. Authenticated Users Table
Authenticating Users Using the CLI Commands
The following table summarizes the equivalent CLI commands for authenticating users as
displayed in the Authenticated Users page.
Table 7-46. Add User Name CLI Commands
CLI Command
Description
show dot1x users [username

username]
Displays 802.1X users for the switch module.

console# show dot1x users
Port
Username Session Time Auth Method MAC Address
----------------------------------------------------------------g12
gili
00:09:27
Remote
00:80:c8:b9:dc:1d
Configuring Port Security

Network security can be increased by limiting access on a specific port only to users with specific
MAC addresses. The MAC addresses can be dynamically learned, up to that point, or they can be
statically configured. Locked port security monitors both received and learned packets that are
received on specific ports. Access to the locked port is limited to users with specific MAC addresses.
These addresses are either manually defined on the port, or learned on that port up to the point
when it is locked. When a packet is received on a locked port, and the packets source MAC address
178
is not tied to that port (either it was learned on a different port, or is unknown to the system), the
protection mechanism is invoked, and can provide various options. Unauthorized packets arriving
to a locked port are either:
Forwarded
Discarded with no trap
Discarded with a trap
The port is shut down
Locked port security also enables storing a list of MAC addresses in the configuration file. The
MAC address list can be restored after the switch module has been reset.
NOTE: In order to enable port security, the Multiple Hosts feature must first be enabled on the required
ports.
Disabled ports are activated from the Port Parameters page, see "Defining Port Parameters" on
page 182. To open the Port Security page, click Switch Network Security Port Security.
Figure 7-81.
Port Security
Interface The selected interface type on which Locked Port is enabled.

Port The selected interface type is a port.
LAG The selected interface type is a LAG.
Current Port Status The currently configured Port status.
Set Port The port is either locked or unlocked. The possible field values are:
Unlocked Unlocks Port. This is the default value.
179
Locked Locks Port.

Action on Violation The action to be applied to packets arriving on a locked port. The possible
field values are:
Forward Forwards the packets from an unknown source, however, the MAC address is not
learned.
Discard Discards the packets from any unlearned source. This is the default value.
Shutdown Discards the packet from any unlearned source and shuts down the port. Ports
remained shut down until they are reactivated, or the switch module is reset.
Trap Enables traps being sent when a packet is received on a locked port.
Trap Frequency (1-1000000) The amount of time (in seconds) between traps. The default value
is 10 seconds. This field applies only to Locked ports.
Defining a Locked Port
1
Open the Port Security page.
Select an interface type and number.
Define the fields.

The locked port is added to the Port Security Table, and the switch module is updated.
Displaying the Port Security Table

1
Open the Port Security page.
Click Show All.

The Port Security Table opens:
Locked Ports can be defined from the Port Security Table, as well as the Port Security page.
180
Figure 7-82.
Port Security Table
Configuring Locked Port Security with CLI Commands
The following table summarizes the equivalent CLI commands for configuring Locked Port
security as displayed in the Port Security page.
Table 7-47.
Port Security CLI Commands
CLI Command
Description
shutdown
Disables interfaces.
set interface active {ethernet Reactivates an interface that is shutdown due to

interface | port-channel port- port security reasons.
channel-number}
port security [forward |
Locks learning of new addresses on an interface.
discard | discard-shutdown]
[trap seconds]
show ports security {ethernet Displays port lock status.
interface | port-channel portchannel-number}
181
console # show ports security
Port
Status
Action
Trap
Frequency
Counter
-----
-------
-------
-------
---------
--------
g11
locked
Discard
Enable
100
88
g12
locked
Discard,
Shutdown
Disable
g13
Unlocked
Configuring Ports
The Ports page contians links to port functionality pages including advanced features, such as
Storm Control and Port Mirroring. To open the Ports page, click Switch Ports.

The Port Configuration page contains fields for defining port parameters. To open the Port
Configuration page, click Switch Ports Port Configuration in the tree view.
182
Figure 7-83.
Port Configuration
Port The port number for which port parameters are defined.
Description A brief interface description, such as Ethernet.
Port Type The type of port.
Admin Status Enables or disables traffic forwarding through the port. The new port status is
displayed in the Current Port Status field.
Current Port Status Specifies whether the port is currently operational or non-operational.
Re-Activate Port Reactivates a port if the port has been disabled through the locked port
security option.
Operational Status The port operational status. Possible field values are:
Suspended The port is currently active, and is currently not receiving or transmitting
traffic.
Active The port is currently active and is currently receiving and transmitting traffic.
Disable The port is currently disabled, and is not currently receiving or transmitting traffic.
Admin Speed The configured rate for the port. The port type determines what speed setting
options are available. Admin speed can only be designated when auto negotiation is disabled on the
configured port.
Current Port Speed The actual currently configured port speed (Mbps).
183
Admin Duplex The port duplex mode can be either Full or Half. Full indicates that the
interface supports transmission between the switch module and its link partner in both directions
simultaneously. Half indicates that the interface supports transmission between the switch module
and the client in only one direction at a time.
Current Duplex Mode The currently configured port duplex mode.
Auto Negotiation Enables Auto Negotiation on the port. Auto Negotiation is a protocol
between two link partners that enables a port to advertise its transmission rate, duplex mode and
flow control abilities to its partner.
Current Auto Negotiation The currently configured Auto Negotiation setting.
Back Pressure Enables Back Pressure mode on the port. Back Pressure mode is used by the
receiving port for slowing down the partner port.
Current Back Pressure The currently configured Back Pressure setting.
Flow Control Enables or disables flow control or enables the auto negotiation of flow control on
the port. Operates when port is in Full duplex mode.
Current Flow Control The currently configured Flow Control setting.
MDI/MDIX Allows the switch module to decipher between crossed and uncrossed cables.
Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a
hub or switch is connected to an end station, a straight through Ethernet cable can be used, and
the pairs are match up properly. When two hubs/switches are connected to each other, or two end
stations are connected to each other, a crossover cable is used ensure that the correct pairs are
connected. The possible field values are:
Auto Use to automatically detect the cable type.
MDI (Media Dependent Interface) Use for end stations.
MDIX (Media Dependent Interface with Crossover) Use for hubs and switches.
Current MDI/MDIX The currently configured switch module MDI/MDIX settings.
LAG Specifies if the port is part of a LAG. Only external ports can be added to LAGs.
1
Open the Port Configuration page.
Select a port in the Port Field.
Define the remaining fields.

The port parameters are saved to the switch module.
Modifying Port Parameters

1
184
Select a port in the Port Field.
Modify the remaining fields.

The port parameters are saved to the switch module.
Displaying the Port Configuration Table:

1
Click Show All.

The Ports Configuration Table opens:
Figure 7-84.
Configuring Ports with CLI Commands
The following table summarizes the equivalent CLI commands for configuring ports as displayed
in the Ports Configuration Table page.
Table 7-48. Port Configuration CLI Commands
CLI Command
Description
interface ethernet interface
Enters the interface configuration

mode to configure an ethernet type
interface.
185
Table 7-48. Port Configuration CLI Commands

CLI Command
Description
description string
Adds a description to an interface

configuration.
shutdown
Disables interfaces that are part of the

currently set context.
set interface active {ethernet

Reactivates an interface that is
interface | port-channel port-channel- shutdown due to security reasons.
number}
186
speed Mbps
Configures the speed of a given

ethernet interface when not using auto
negotiation.
duplex {half | full}
Configures the full/half duplex

operation of a given ethernet interface
when not using auto negotiation.
negotiation
Enables auto negotiation operation for

the speed and duplex parameters of a
given interface.
back-pressure
Enables Back Pressure on a given

interface.
flowcontrol {auto | on | off}
Configures the Flow Control on a

given interface.
mdix {on | auto}
Enables automatic crossover on a

given interface or Port-channel.
show interfaces configuration

[ethernet interface |port-channel
port-channel-number]
Displays the configuration for all

configured interfaces.
show interfaces status [ethernet

interface | port-channel portchannel-number]
Displays the status for all configured

interfaces.
show interfaces description

[ethernet interface | port-channel
Displays the description for all

configured interfaces.

console(config-if)# description "RD SW#3"
console(config-if)# shutdown
console(config-if)# no shutdown
console(config-if)# speed 100
console(config-if)# duplex full
console(config-if)# negotiation
console(config-if)# back-pressure
console(config-if)# flowcontrol on
console(config-if)# mdix auto
console# show interfaces configuration ethernet g15
Port
Type
Duplex
Speed
Neg
Flow
Control
Admin
State
Back
Mdix
Pressure
Mode
----
-----
------
------
----
------
-----
------
----
g15
1G
Full
100
Enabled
On
Up
Enable
Auto
console#
console# show interfaces status ethernet g15
Port
Type
Duplex
Speed
Neg
Flow
Control
Link
State
Back
Mdix
Pressure
Mode
----
-----
------
------
----
------
-----
------
g15
1G
Full
100
Enabled
On
Up
Disabled on
----
187
Console# show interfaces status

Port
Type
Duplex
Speed
Neg
Flow
Control
Link
State
Back
Mdix
Pressure
Mode
----
-----
------
------
----
------
-----
------
----
g11
1G
Full
100
Auto
On
Up
Enable
On
g12
100
Full
1000
Off
Off
Up
Disable
On
Ch
Type
Duplex
Speed
Neg
Flow
Control
Back
Link
Pressure State
---
----
-----
---
-----
-------
-------
------
1000
Full
1000
Off
Off
Disable
Up

The LAG Configuration page contains fields for configuring parameters for configured LAGs. The
switch module supports up to six ports per LAG, and six LAGs per system.
For information about Link Aggregated Groups (LAG) and assigning ports to LAGs, see
Aggregating Ports.
To open the LAG Configuration page, click Switch Ports LAG Configuration in the tree view.
NOTE: If port configuration is modified while the port is a LAG member, the configuration change is only
effective after the port is removed from the LAG.
NOTE: Only external ports can be configured in LAGs.
188
Figure 7-85.
LAG Configuration
LAG The LAG number.

Description Provides a user-defined description of the configured LAG.
LAG Type The port types that comprise the LAG.
Admin Status Enables or disables the selected LAG.
Current LAG Status Indicates if the LAG is currently operating.
Re-Activate Suspended LAG Reactivates a suspended LAG.
Operational Status Operational status of the LAG.
Admin Auto Negotiation Enables or disables Auto Negotiation on the LAG. Auto-negotiation is
a protocol between two link partners that enables a LAG to advertise its transmission rate, duplex
mode and flow control (the flow control default is disabled) abilities to its partner.
Current Auto Negotiation The currently configured Auto Negotiation setting.
Admin Speed The speed at which the LAG is operating.
Current LAG Speed The currently configured speed at which the LAG is operating.
Admin Back Pressure Enables or disables Back Pressure mode on the LAG. Back Pressure mode
is effective on the ports operating in Half Duplex in the LAG.
Current Back Pressure The currently configured Back Pressure setting.
189
Admin Flow Control Enables/disables flow control, or enables the auto negotiation of flow
control on the LAG. Flow Control mode is effective on the ports operating in Full Duplex in the
LAG.
Current Flow Control The user-designated flow control setting.
1
Open the LAG Configuration page.
Select a LAG in the LAG field.
Define the fields.

The LAG parameters are saved to the switch module.
Modifying LAG Parameters

1
Select a LAG in the LAG field.
Modify the fields.

The LAG parameters are saved to the switch module.
Displaying the LAG Configuration Table:

1
Click Show All.

The LAG Configuration Table opens:
190
Figure 7-86.
LAG Configuration Table
Configuring LAGs with CLI Commands
The following table summarizes the equivalent CLI commands for configuring LAGs as displayed
in the LAG Configuration page.
Table 7-49.
LAG Configuration CLI Commands
CLI Command
Description
interface port-channel portchannel-number
Enters the interface configuration mode of a

specific port-channel.
description string
Adds a description to an interface

configuration.
shutdown
Disables interfaces that are part of the

currently set context.
speed bps
Configures the speed of a given ethernet

interface when not using auto negotiation.
negotiation
Enables auto negotiation operation for the

speed and duplex parameters of a given
interface.
back-pressure
Enables Back Pressure on a given interface
flowcontrol {auto | on | off }
Configures the Flow Control on a given

interface.
191
Table 7-49. LAG Configuration CLI Commands

CLI Command
Description
show interfaces configuration

Displays the configuration for all configured
[ethernet interface| port-channel interfaces.
192
show interfaces status [ethernet

interface |port-channel portchannel-number]
Displays the status for all configured

interfaces.
show interfaces description

[ethernet interface |port-channel
Displays the description for all configured

interfaces.
show interfaces port-channel

[port-channel-number]
Displays Port-channel information (which

ports are members of that port-channel, and
whether they are currently active or not).
console#
console# configure
console(config-if)# no negotiation
console(config-if)# speed 100
console(config-if)# flowcontrol on
console(config-if)# shutdown
console(config-if)# back-pressure
console(config-if)# description p4
console# show interfaces port-channel

Channel
Ports
---------
---------
ch1
Inactive: g(11-13)
ch2
Active: g14
Enabling Storm Control

A Broadcast Storm is a result of an excessive amount of Broadcast messages simultaneously
transmitted across a network by a single port. Forwarded message responses are heaped onto the
network, straining network resources or causing the network to time out.
Storm Control is enabled per Gigabit ports by defining the packet type and the rate the packets are
transmitted. Ports can also be grouped to provide Storm protection for the entire group.
The system measures the incoming Broadcast and Multicast frame rate separately on each port,
and discard frames when the rate exceeds a user-defined rate.
193
The Storm Control page provides fields for enabling and configuring Storm Control. To open the
Storm Control page, click Switch Ports Storm Control in the tree view.
Figure 7-87. Storm Control
Count Multicast with Broadcast Counts Broadcast and Multicast traffic. The possible field
values are:
Enable Counts Broadcast and Multicast traffic.
Disable Counts only Broadcast traffic.
Broadcast Rate Threshold (0-65535) The maximum rate (packets per second) at which
Broadcast and Multicast packets are forwarded. The range is 0-65535. The default value is 1000.
Note that if the rate is 0, Broadcast packets are not forwarded.
Port The port from which storm control is enabled.
Broadcast Control Enables or disables forwarding Broadcast packet types on the specfic
interface.
Enabling Storm Control
Open the Storm Control page.

3
Select an interface on which to implement storm control.
Define the fields.

Storm Control is enabled.
194
Modifying Storm Control Port Parameters

1
Modify the fields.
Click Apply Changes

The Storm Control port parameters are saved to the switch module.
Displaying the Port Parameters Table

1
Click Show All.

The Storm Control Settings Table opens:
Figure 7-88.
Storm Control Settings Table
Configuring Storm Control with CLI Commands
The following table summarizes the equivalent CLI commands for configuring Storm Control as
displayed on the Storm Control page.
Table 7-50.
Storm Control CLI Commands
CLI Command
Description
port storm-control includemulticast
Enables the switch module to count

Multicast packets together with Broadcast
packets.
port storm-control Broadcast

enable
Enables Broadcast storm control.
195
Table 7-50. Storm Control CLI Commands

CLI Command
Description
port storm-control Broadcast rate

rate
Configures the maximum Broadcast rate.
show ports storm-control [ethernet Displays the storm control configuration.

interface]

console> enable
console# configure
console(config)# port storm-control include-multicast
console(config)# port storm-control broadcast rate 8000
console(config-if)# port storm-control broadcast enable
console# show ports storm-control
Port
Broadcast Storm control [Packets/sec]
-----
-------------------------------------
g11
8000
g12
Disabled
g14
Disabled
Defining Port Mirroring Sessions

Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing
packets from monitored port to a monitoring port.
Port mirroring is configured by selecting a specific port to copy all packets, and different ports from
which the packets copied. Before configuring Port Mirroring, note the following:
Before configuring Port Mirroring, note the following:
Monitored port cannot operate faster than the monitoring port.
All the RX/TX packets should be monitored to the same port.
The following restrictions apply to ports configured to be destination ports:
196
Ports cannot be configured as a source port.
Ports cannot be a LAG member.
IP interfaces are not configured on the port.
GVRP is not enabled on the port.
The port is not a VLAN member.
Only one destination port can be defined.
The following restrictions apply to ports configured to be source ports:
Source Ports cannot be a LAG member.
Ports cannot be configured as a destination port.
All packets are transmitted tagged from the destination port.
Monitored all RX/TX packets to the same port.
A maximum of 4 ports can be monitored (both Rx and Tx).

NOTE: Internal ports may be effected by enabling Port Mirroring.
To open the Port Mirroring page, click Switch Ports Port Mirroring in the tree view.
NOTE: When a port is set to be a target port for a port-mirroring session, all normal operations on it are
suspended. This includes Spanning Tree and LACP.
Figure 7-89.
Port Mirroring
Destination Port The port number to which port traffic is copied.

Source Port Defines the port number from which port traffic is mirrored.
Type Indicates if the source port is RX, TX, or both RX and TX.
Status Indicates if the port is currently monitored (Active) or not monitored (Ready).
197
Remove When selected, removes the port mirroring session.

Adding a Port Mirroring Session
1
Open the Port Mirroring page.
Click Add.
The Add Source Port page opens.
Select the destination port from the Destination Port drop-down menu.
Select the source port from the Source Port drop-down menu.
Define the Type field.

The new source port is defined, and the switch module is updated.
Deleting a Copy Port from a Port Mirroring Session

1
Open the Port Mirroring page.

The selected port mirroring session is deleted, and the switch module is updated.
Configuring a Port Mirroring Session Using CLI Commands
The following table summarizes the equivalent CLI commands for configuring a Port Mirroring
session as displayed in the Port Mirroring page.
Table 7-51. Port Mirroring CLI Commands
CLI Command
Description
port monitor src-interface [rx | tx]
Starts a port monitoring session.

console(config-if)# port monitor g12
console# show ports monitor
Source Port
Destination Port
Type
Status
VLAN Tagging
-----------
----------------
------------
-------
------------
g12
g11
RX, TX
Active
No
198
Configuring Address Tables

MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet
addressed to a destination stored in one of the databases is forwarded immediately to the port. The
Dynamic Address Table can be sorted by interface, VLAN, and MAC Address. MAC addresses are
dynamically learned as packets from sources arrive at the switch module. Addresses are associated
with ports by learning the ports from the frames source address. Frames addressed to a destination
MAC address that is not associated with any port are flooded to all ports of the relevant VLAN.
Static addresses are manually configured. In order to prevent the bridging table from overflowing,
dynamic MAC addresses, from which no traffic is seen for a certain period, are erased. To open the
Address Tables page, click Switch Address Table in the tree view.
Defining Static Addresses

The Static MAC Address page contains a list of static MAC addresses. Static Address can be added
and removed from the Static MAC Address page. In addition, several MAC Addresses can be
defined for a single port. To open the Static MAC Address page, click Switch Address Table
Static Address in the tree view.
Figure 7-90.
Static MAC Address
Interface The specific port or LAG to which the static MAC address is applied.
MAC Address The MAC address listed in the current static address list.
VLAN ID The VLAN ID attached to the MAC Address.
VLAN Name User-defined VLAN name.
199
Status MAC address status. Possible values are:

Secure Used for defining static MAC Addresses for Locked ports.
Permanent The MAC address is permanent.
Delete on Reset The MAC address is deleted when the switch module is reset.
Delete on Timeout The MAC address is deleted when a timeout occurs.
NOTE: To prevent Static MAC addresses from being deleted when the Ethernet switch module reset,
ensure the port attached to the MAC address is locked.
Remove When selected, removes the MAC address from the MAC Address Table.
Adding a Static MAC Address
1
Open the Static MAC Address page.
Click Add.
The Add Static MAC Address page opens.

The new static address is added to the Static MAC Address Table, and the switch module is
updated.
Modifying a Static Address in the Static MAC Address Table

1
Modify the fields.

The static MAC address is modified, and the switch module is updated.
Removing a Static Address from the Static Address Table

1
Click Show All.

The Static MAC Address Table opens.
Select a table entry.

The selected static address is deleted, and the switch module is updated.
200
Configuring Static Address Parameters Using CLI Commands
The following table summarizes the equivalent CLI commands for configuring static address
parameters as displayed in the Static MAC Address page.
Table 7-52.
Static Address CLI Commands
CLI Command
Description
bridge address mac-address [permanent Adds a static MAC-layer station source

| delete-on-reset | delete-on-timeout | address to the bridge table.
secure] {ethernet interface | portchannel port-channel-number}
show bridge address-table [vlan vlan] Displays entries in the bridge-forwarding
[ethernet interface | port-channel port- database.
channel-number]
The following is an example of the CLI commands:.

console(config-if)#bridge address 00:60:70:4C:73:FF permanenet
ethernet g8
Console# show bridge address-table
Aging time is 300 sec
vlan
mac address
port
type
----
------------
----
--------
00:60:70:4C:73:FF
g8
dynamic
00:60:70:8C:73:FF
g8
dynamic
200
00:10:0D:48:37:FF
g9
static
Viewing Dynamic Addresses

The Dynamic Addresses Table contains fields for querying information in the dynamic address
table, including the interface type, MAC addresses, and VLANs. Packets forwarded to an address
stored in the address table are forwarded directly to those ports. The Dynamic Addresses Table also
contains information about the aging time before a dynamic MAC address is erased, and includes
parameters for querying and viewing the Dynamic Address list.
The Current Address Table contains specific dynamic MAC Address information, including the
VLAN ID, ports associated with the MAC address, and the MAC address.
To open the Dynamic Addresses Table, click Switch Address Table Dynamic Addresses Table
in the tree view.
201
Figure 7-91. Dynamic Addresses Table
Address Aging (10-360) Specifies the amount of time the MAC Address remains in the
Dynamic Addresses Table before it is timed out if no traffic from the source is detected. The
default value is 300 seconds.
Interface Specifies the interface for which the table is queried. There are two interface types
from which to select.
Port Specifies the port numbers for which the table is queried.
LAG Specifies the LAG for which the table is queried.
MAC Address Specifies the MAC address for which the table is queried.
VLAN ID The VLAN ID for which the table is queried.
Address Table Sort Key Specifies the means by which the Dynamic Address Table is sorted.
Redefining the Aging Time
1
Open the Dynamic Addresses Table.
Define the Aging Time field.

The aging time is modified, and the switch module is updated.
202
Querying the Dynamic Address Table

1
Define the parameter by which to query the Dynamic Address Table.

Entries can be queried by Port, MAC Address, or VLAN ID.
Click Query.
The Dynamic Addresses Table is queried.
Sorting the Dynamic Address Table

1
From the Address Table Sort Key drop-down menu, select whether to sort addresses by
address, VLAN ID, or interface.
Click Query.
The Dynamic Addresses Table is sorted.
Querying and Sorting Dynamic Addresses Using CLI Commands
The following table summarizes the equivalent CLI commands for aging, querying, and sorting
dynamic addresses as displayed in the Dynamic Addresses Table.
Table 7-53.
Query and Sort CLI Commands
CLI Command
Description
bridge aging-time seconds
Sets the address table aging time.
Displays classes of dynamically created

show bridge address-table [vlan
vlan] [ethernet interface | port- entries in the bridge-forwarding database.
channel port-channelnumber]

console (config)# bridge aging-time 250
console (config)# exit
console# show bridge address-table
Aging time is 250 sec
vlan
mac address
port
type
----
-----------
----
----
203
00:60:70:4C:73:FF
g8
dynamic
00:60:70:8C:73:FF
g8
dynamic
200
00:10:0D:48:37:FF
g8
static
Configuring GARP
Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any
network connectivity or membership-style information. GARP defines a set of switch modules
interested in a given network attribute, such as VLAN or Multicast address.
When configuring GARP, ensure the following:
The leave time must be greater than or equal to three times the join time.
The leave all time must be greater than the leave time.
Set the same GARP timer values on all Layer 2-connected Ethernet switch module s. If the GARP
timers are set differently on the Layer 2-connected Ethernet switch module s, GARP application
does not operate successfully.
To open the GARP page, click Switch GARP in the tree view.
Defining GARP Timers

The GARP Timers page contains fields for enabling GARP on the switch module. To open the
GARP Timers page, click Switch GARP GARP Timers in the tree view.
Figure 7-92. GARP Timers
204
Interface Determines if enabled on a port or on a LAG.

GARP Join Timer (10 - 2147483640) Time, in milliseconds, that PDUs are transmitted. The
default value is 200 msec.
GARP Leave Timer (10 - 2147483640) Time lapse, in milliseconds, that the switch module
waits before leaving its GARP state. Leave time is activated by a Leave All Time message
sent/received, and cancelled by the Join message received. Leave time must be greater than or
equal to three times the join time. The default value is 600 msec.
GARP Leave All Timer (10 - 2147483640) Time lapse, in milliseconds, that all switch modules
wait before leaving the GARP state. The leave all time must be greater than the leave time. The
default value is 10000 msec.
Defining GARP Timers
1
Open the GARP Timers page.

The GARP parameters are saved to the switch module.
Copying Parameters in the GARP Timers Table

1
Open the GARP Timers page.
Click Show All.

The GARP Timers Table opens.
Select the interface type in the Copy Parameters from field.
Select an interface in either the Port or LAG drop-down menu.

The definitions for this interface is copied to the selected interfaces. See step 6.
Select the Copy to check box to define the interfaces to which the GARP timer definitions
are copied, or click Select All to copy the definitions to all ports or LAGs.

The parameters are copied to the selected ports or LAGs in the GARP Timers Table, and the
switch module is updated.
Defining GARP Timers Using CLI Commands
This table summarizes the equivalent CLI commands for defining GARP timers as displayed in the
GARP Timers page.
205
Table 7-54. GARP Timer CLI Commands

CLI Command
Description
garp timer {join | leave | leaveall} Adjusts the GARP application join,
timer_value
leave, and leaveall GARP timer values.

console(config-if)# garp timer leave 900
console# show gvrp configuration ethernet g11
GVRP Feature is currently Disabled on the switch module.

Maximum VLANs: 223
Port(s) GVRP-
Registration
Status
Dynamic VLAN
Timers
(milliseconds)
Creation
Join
Leave
Leave All
------- --------
------------
------------
-------
------ ---------
g11
Normal
Enabled
200
900
Disabled
10000
console#
Configuring the Spanning Tree Protocol

Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also
provides one path between end stations on a network, eliminating loops.
Loops occur when alternate paths exist between hosts. Loops in an extended network can cause
bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
The switch modules support the following Spanning Tree protocols:
206
Classic STP Provides a single path between end stations, avoiding and eliminating loops.
For more information on configuring Classic STP, see "Defining STP Global Settings" on
page 207.
Rapid STP Detects and uses of network topologies that provide faster spanning tree
convergence, without creating forwarding loops. For more information on configuring Rapid
STP, see "Configuring Rapid Spanning Tree" on page 217.
To open the Spanning Tree page, click Switch Spanning Tree in the tree view.
NOTE: Internal ports may be effected by enabling the Spanning Tree.
Defining STP Global Settings

The STP Global Settings page contains parameters for enabling and configuring STP operation on
the switch module. To open the STP Global Settings page, click Switch Spanning Tree
Global Settings in the tree view.
Figure 7-93.
STP Global Settings
Spanning Tree State Enables or disables Spanning Tree on the Ethernet Switch Module.
Enable Enables Spanning Tree
Disable Disables Spanning Tree
STP Operation Mode The STP mode by which STP is enabled on the switch module. The
207
Classic STP Enables Classic STP on the switch module. This is the default value.
Rapid STP Enables Rapid STP on the switch module.
Port Cost Method Determines the Spanning Tree default path cost method. The possible field
values are:
Short Specifies 1 through 65535 range for port path costs. This is the default value.
Long Specifies 1 through 200000000 range for port path costs.
BPDU Handling Determines how BPDU packets are managed when STP is disabled on the
port or the switch module. BPDUs are used to transmit spanning tree information. The possible
field values are:
Filtering Filters BPDU packets when spanning tree is disabled on an interface. This is the
default value.
Flooding Floods BPDU packets when spanning tree is disabled on an interface.
Priority (0-61440, in steps of 4096) Specifies the bridge priority value. When switches or
bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the
lowest priority value becomes the Root Bridge. The default value is 32768. The bridge priority value
is provided in increments of 4096. For example, 0, 4096, 8192, etc.
Hello Time (1-10) Specifies the switch module Hello Time. The Hello Time indicates the
amount of time in seconds a root bridge waits between configuration messages. The default is 2
seconds.
Max Age (6-40) Specifies the switch module Maximum Age Time. The Maximum Age Time
indicates the amount of time in seconds a bridge waits before sending configuration messages. The
default max age is 20 seconds.
Forward Delay (4-30) Specifies the switch module forward delay time. The Forward Delay Time
indicates the amount of time in seconds a bridge remains in a listening and learning state before
forwarding packets. The default is 15 seconds.
Bridge ID Identifies the Bridge priority and MAC address.
Root Bridge ID Identifies the Root Bridge priority and MAC address.
Root Port The port number that offers the lowest cost path from this bridge to the Root Bridge.
It is significant when the Bridge is not the Root. Zero is indicated in case Ethernet Switch Module
is the root.
Root Path Cost The cost of the path from this bridge to the root. Zero is indicated in case
Ethernet Switch Module is the root.
Topology Changes Counts Specifies the total amount of STP state changes that have occurred
since the last reboot.
Last Topology Change The amount of time that has elapsed since the bridge was initialized or
reset, and the last topographic change occurred. The time is displayed in a day hour minute second
format, for example, 0 days 1 hour 34 minutes and 38 seconds.
208
Defining STP Global Parameters

1
Open the STP Global Settings page.
Select the port that needs to be enabled from the Select a Port drop-down menu.
Select Enable in the Spanning Tree State field.
Select the STP mode in the STP Operation Mode field, and define the bridge settings.

STP is enabled on the switch module.
Modifying STP Global Parameters

1
Open the STP Global Settings page.
Define the fields in the dialog.

The STP parameters are modified, and the switch module is updated.
Defining STP Global Parameters Using CLI Commands
The following table summarizes the equivalent CLI commands for defining STP global parameters
as displayed in the STP Global Settings page.
Table 7-55.
STP Global Parameter CLI Commands
CLI Command
Description
spanning-tree
Enables spanning tree functionality.
spanning-tree mode {stp | rstp}
Configures the spanning tree protocol.
spanning-tree priority priority
Configures the spanning tree priority.
spanning-tree hello-time seconds
Configures the spanning tree bridge Hello

Time, which is how often the switch
module broadcasts Hello messages to
other switches.
spanning-tree max-age seconds
Configures the spanning tree bridge

maximum age.
spanning-tree forward-time
seconds
Configures the spanning tree bridge

forward time, which is the amount of time
a port remains in the listening and learning
states before entering the forwarding state.
show spanning-tree [ethernet

Displays spanning tree configuration

identifier.
209
Table 7-55. STP Global Parameter CLI Commands

CLI Command
Description
show spanning-tree [detail] [active Displays spanning tree configuration

| blockedports]
information - detailed information or
active ports or blocked ports.
console(config)# spanning-tree
console(config)# spanning-tree mode rstp
console(config)# spanning-tree priority 12288
console(config)# spanning-tree hello-time 5
console(config)# spanning-tree max-age 15
console(config)# spanning-tree forward-time 25
console# show spanning-tree
Spanning tree enabled mode RSTP

Default port cost method: short
Root ID
Priority
12288
Address
00:e8:00:b4:c0:00
This switch is the root

Hello Time 5 sec Max Age 15 sec Forward Delay 25 sec
Number of topology changes 5 last change occurred 00:05:28 ago
Times: hold 1, topology change 40, notification 5
hello 5, max age 15, forward delay 25
210
Interfaces
Name
State
Prio.
Nbr
Cost
Sts
Role
PortFast
Type
-----
------
-----
----
------
------
---------
------
g11
enabled
128.1
100
DSBL
Dsbl
No
P2p (STP)
g12
enabled
128.2
100
DSBL
Dsbl
No
P2p (STP)
g13
enabled
128.3
100
DSBL
Dsbl
No
P2p (STP)
Defining STP Port Settings

The STP Port Settings page contains fields for assigning STP properties to individual ports. To
open the STP Port Settings page, click Switch Spanning Tree Port Settings in the tree view.
Figure 7-94.
STP Port Settings
Select a Port Port on which STP is enabled.

STP Enables or disables STP on the port.
Fast Link When selected, enables Fast Link mode for the port. If Fast Link mode is enabled for
a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast
Link mode optimizes the time it takes for the STP protocol to converge. STP convergence can take
30-60 seconds in large networks. The internal port default is Fast Link, while the external port
default is STP.
211
Port State The current port STP state. If enabled, the port state determines what forwarding
action is taken on traffic. Possible port states are:
Disabled The port link is currently down.
Blocking The port is currently blocked and cannot be used to forward traffic or learn MAC
addresses. Blocking is displayed when Classic STP is enabled.
Listening The port is currently in the listening mode. The port cannot forward traffic nor
learn MAC addresses.
Learning The port is currently in the learning mode. The port cannot forward traffic
however it can learn new MAC addresses.
Forwarding The port is currently in the forwarding mode. The port can forward traffic and
learn new MAC addresses.
Speed Speed at which the port is operating.
Path Cost (1-200000000) The port contribution to the root path cost. The path cost is adjusted
to a higher or lower value, and is used to forward traffic when a path being rerouted.
Default Path Cost The default path cost of the port is automatically set by the port speed and
the default path cost method.
The default values for long path costs are:
Ethernet - 2000000
Fast Ethernet - 200000
Gigabit Ethernet - 20000
The default values for short path costs (short path costs are the default) are:
Ethernet - 100
Fast Ethernet - 19
Gigabit Ethernet - 4
Priority (0-240, in steps of 16) Priority value of the port. The priority value influences the port
choice when a bridge has two ports connected in a loop. The priority value is between 0-240. The
priority value is provided in increments of 16.
Designated Bridge ID The bridge priority and the MAC Address of the designated bridge.
Designated Port ID The designated ports priority and interface.
Designated Cost Cost of the port participating in the STP topology. Ports with a lower cost are
less likely to be blocked if STP detects loops.
Forward Transitions Number of times the port has changed from the Blocking state to the
Forwarding state.
LAG The LAG to which the port is attached.
212
Enabling STP on a Port

1
Open the STP Port Settings page.
Select Enabled in the STP Port Status field.
Define the Fast Link, Path Cost, and the Priority fields.

STP is enabled on the port.
Modifying STP Port Properties

1
Modify the Priority, Fast Link, Path Cost, and the Fast Link fields.

The STP port parameters are modified, and the switch module is updated.
Displaying the STP Port Table

1
Click Show All.

The STP Port Table opens.
Defining STP Port Settings Using CLI Commands
The following table summarizes the equivalent CLI commands for defining STP port parameters
as displayed in the STP Port Settings page.
Table 7-56.
STP Port Settings CLI Commands
CLI Command
Description
spanning-tree disable
Disables spanning tree on a specific

port.
spanning-tree cost cost
Configures the spanning tree cost

contribution of a port.
spanning-tree port-priority priority
Configures port priority.
spanning-tree portfast
Enables PortFast mode.
show spanning-tree [ethernet interface

| port-channel port-channel-number]
Displays spanning tree configuration.
show spanning-tree [detail] [active |
Displays the spanning tree status.
blockedports]
213

console(config-if)# spanning-tree disable
console(config-if)# spanning-tree cost 35000
console(config-if)# spanning-tree port-priority 96
console# show spanning-tree ethernet g15
Port g15 disabled

State: disabled
Role: disabled
Port id:
Port cost: 35000
Type: P2p
96.5
(configured: Auto)
STP
Port Fast: No (configured: No)
Designated bridge Priority : 32768
Address: 00:e8:00:b4:c0:00
Designated port id: 96.5
Designated path cost: 19
Number of transitions to forwarding state: 0

BPDU: sent 0, received 0
Defining STP LAG Settings

The STP LAG Settings page contains fields for assigning STP aggregating port parameters. To
open the STP LAG Settings page, click Switch Spanning Tree LAG Settings in the tree view.
214
Figure 7-95.
STP LAG Settings
Select a LAG The user-defined LAG. For more information, see "Defining LAG Membership"
on page 240.
STP Enables or disables STP on the LAG.
Fast Link Enables Fast Link mode for the LAG. If Fast Link mode is enabled for a LAG, the
LAG State is automatically placed in the Forwarding state when the LAG is up. Fast Link mode
optimizes the time it takes for the STP protocol to converge. STP convergence can take 30-60
seconds in large networks.
LAG State Current STP state of a LAG. If enabled, the LAG state determines what forwarding
action is taken on traffic. If the bridge discovers a malfunctioning LAG, the LAG is placed in the
Broken state. Possible LAG states are:
Disabled The LAG link is currently down.
Blocking The LAG is blocked and cannot be used to forward traffic or learn MAC
addresses.
Listening The LAG is in the listening mode and cannot forward traffic or learn MAC
addresses.
Learning The LAG is in the learning mode and cannot forward traffic, but it can learn new
MAC addresses.
Forwarding The LAG is currently in the forwarding mode, and it can forward traffic and
learn new MAC addresses.
215
Broken The LAG is currently malfunctioning and cannot be used for forwarding traffic.
Path Cost (1-200000000) Amount the LAG contributes to the root path cost. The path cost is
adjusted to a higher or lower value, and is used to forward traffic when a path being rerouted. The
path cost has a value of 1 to 200000000. If the path cost method is short, the LAG cost default
value is 4. If the path cost method is long, the LAG cost default value is 20000.
Default Path Cost When selected, the LAG path cost returns to its default value.
Priority (0-240, in steps of 16) Priority value of the LAG. The priority value influences the LAG
choice when a bridge has two looped ports. The priority value is between 0-240, in increments of
16.
Designated Bridge ID The bridge priority and the MAC Address of the designated bridge.
Designated Port ID The port priority and interface number of the designated port.
Designated Cost The cost of the designated bridge.
Forward Transitions Number of times the LAG State has changed from the Blocking state to a
Forwarding state.
Modifying the LAG STP Parameters
1
Open the STP LAG Settings page.
Select a LAG from the Select a LAG drop-down menu.
Modify the fields as desired.

The STP LAG parameters are modified, and the switch module is updated.
Defining STP LAG Settings Using CLI Commands
The following table summarizes the equivalent CLI commands for defining STP LAG settings.
Table 7-57. STP LAG Settings CLI Commands
CLI Command
Description
spanning-tree
Enables spanning tree.
spanning-tree disable
Disables spanning tree on a specific

LAG.
spanning-tree cost cost
Configures the spanning tree cost

contribution of a LAG.
spanning-tree port-priority priority
Configures port priority.
show spanning-tree [ethernet interface Displays spanning tree configuration.

| port-channel port-channel-number]
216
Table 7-57.
STP LAG Settings CLI Commands
CLI Command
Description
show spanning-tree [detail] [active |

blockedports]
Displays detailed spanning tree

information on active or blocked ports

console(config-if)# spanning-tree port-priority 16
Configuring Rapid Spanning Tree

While Classic Spanning Tree guarantees preventing L2 forwarding loops in a general network
topology, convergence can take up to 30-60 seconds. The convergence time is considered too long
for many applications. When network topology allows, faster convergence may be possible. The
Rapid Spanning Tree Protocol (RSTP) detects and uses of network topologies that provide faster
convergence of the spanning tree, without creating forwarding loops.
RSTP has the following different port states:
Disabled
Learning
Discarding
Forwarding
Rapid Spanning Tree is enabled on the STP Global Settings page. To open the Rapid Spanning
Tree (RSTP) page, click Switch Spanning Tree Rapid Spanning Tree in the tree view.
217
Figure 7-96. Rapid Spanning Tree (RSTP)
Interface Port or LAG on which Rapid STP is enabled.

Role The port role assigned by the STP algorithm in order to provide to STP paths. The possible
field values are:
Root Provides the lowest cost path to forward packets to root Ethernet switch module.
Designated The port or LAG via which the designated Ethernet switch module is
attached to the LAN.
Alternate Provides an alternate path to the root Ethernet switch module from the root
interface.
Backup Provides a backup path to the designated port path toward the Spanning Tree
leaves. Backup ports occur only when two ports are connected in a loop. Backup ports also
occur when a LAN has two or more connections connected to a shared segment.
Disabled The port is not participating in the Spanning Tree (the ports link is down).
Fast Link Operational Status Indicates if Fast Link is enabled or disabled for the port or LAG. If
Fast Link is enabled for a port, the port is automatically placed in the forwarding state.
Point-to-Point Admin Status Enables or disables the switch module to establish a point-topoint link, or specifies for the switch module to automatically establish a point-to-point link.
To establish communications over a point-to-point link, the originating PPP first sends Link
Control Protocol (LCP) packets to configure and test the data link. After a link is established and
optional facilities are negotiated as needed by the LCP, the originating PPP sends Network Control
Protocols (NCP) packets to select and configure one or more network layer protocols. When each
218
of the chosen network layer protocols has been configured, packets from each network layer
protocol can be sent over the link. The link remains configured for communications until explicit
LCP or NCP packets close the link, or until some external event occurs. This is the actual switch
module port link type.
Point-to-Point Operational Status The Point-to-Point operating state. It may differ from the
administrative state.
Activate Protocol Migrational Test When selected, enables PPP sending Link Control Protocol
(LCP) packets to configure and test the data link.
Enabling RSTP
1
Open the Rapid Spanning Tree (RSTP) page.
Define the Point-to-Point Admin, Point-to-Point Oper, and the Activate Protocol Migration
fields.

Rapid STP is enabled, and the switch module is updated.
Defining Rapid STP Parameters Using CLI Commands
The following table summarizes the equivalent CLI commands for defining Rapid STP parameters
as displayed in the Rapid Spanning Tree (RSTP) page.
Table 7-58.
RSTP Settings CLI Command
CLI Command
Description
spanning-tree link-type {point-to- Overrides the default link-type setting.

point | shared}
spanning tree mode {stp | rstp}
Configure the spanning tree protocol currently

running.
clear spanning-tree detectedprotocols [ethernet interface |

port-channel port-channelnumber]
Restarts the protocol migration process.
show spanning-tree [ethernet

Displays spanning tree configuration.

Console(config)# interface ethernet g15
Console(config-if)# spanning-tree link-type shared
219
Configuring VLANs
VLANs are logical subgroups of a Local Area Network (LAN) created via software rather than
defining a hardware solution. VLANs combine user stations and network devices into a single
domain regardless of the physical LAN segment to which they are attached. VLANs allow network
traffic to flow more efficiently within subgroups. VLANs managed through software reduces the
amount of time in which network changes are implemented.
VLANs have no minimum number of ports, and can be created per switch module or any other
logical connection combination, as VLANs are software based and not defined by physical
attributes.
VLANs function at Layer 2. Since VLANs isolate traffic within the VLAN, a Layer 3 functioning
router is needed to allows traffic flow between VLANs. Layer 3 routers identify segments and
coordinate with VLANs. VLANs are Broadcast and Multicast domains. Broadcast and Multicast
traffic is transmitted only in the VLAN in which the traffic is generated.
VLAN tagging provides a method of transferring VLAN information between VLAN groups. VLAN
tagging attaches a tag to packet headers. The VLAN tag indicates to which VLAN the packet
belongs. VLAN tags are attached to the packet by either the end station or by the network devices.
VLAN tags also contains VLAN network priority information. Combining VLANs and GVRP
enables the automatic dispersal of VLAN information. To open the VLAN page, click Switch
VLAN in the tree view.
Defining VLAN Members

The VLAN Membership page contains fields for defining VLAN groups. The maximum number of
VLANs which can be created on the Ethernet Switch Module is 255. The IDs of created VLANs
can range from 2 through 4094. All ports must have a defined PVID. If no other value is
configured the default VLAN PVID is used. VLAN number 1 is the default VLAN, and cannot be
deleted from the system. To open the VLAN Membership, click Switch VLAN VLAN
Membership in the tree view.
220
Figure 7-97.
VLAN Membership
This page contains the following fields:

Show VLAN Lists and displays specific VLAN information according to VLAN ID or VLAN
name.
VLAN Name The user-defined VLAN name.
Status The VLAN type. Possible values are:
Dynamic The VLAN was dynamically created through GVRP.
Static The VLAN is user-defined.
Default The VLAN is the default VLAN.
Unauthorized Users Enables or disables unauthorized users from accessing a VLAN.
Remove VLAN When selected, removes the VLAN from the VLAN Membership Table.
Adding New VLANs
1
Open the VLAN Membership page.
Click Add.
The Create New VLAN page opens.
Enter the VLAN ID and name.
221
The new VLAN is added, and the switch module is updated.

Modifying VLAN Membership Groups
1
Select a VLAN from the Show VLAN drop-down menu.
Modify the fields as desired.

The VLAN membership information is modified, and the switch module is updated.
Deleting VLANs
1
Select a VLAN in the Show VLAN field.
Select the Remove VLAN check box.

The selected VLAN is deleted, and the switch module is updated.
Defining VLAN Membership Groups Using CLI Commands
The following table summarizes the equivalent CLI commands for defining VLAN membership
groups as displayed in the VLAN Membership page.
Table 7-59. VLAN Membership Group CLI Commands
CLI Command
Description
vlan database
Enters the VLAN configuration mode.
vlan {vlan-range}
Creates a VLAN.
name string
Adds a name to a VLAN.
222
console(config)# vlan database

console(config-vlan)# vlan 1972
console(config-vlan)# end
console(config-if)# name Marketing
console(config)#
The VLAN Port Membership Table contains a Port Table for assigning ports to VLANs. Ports are
assigned VLAN membership by toggling through the Port Control settings. Ports can have the
following values:
Table 7-60.
Port Control
Definition
The interface is a member of a VLAN. All

packets forwarded by the interface are tagged.
The packets contain VLAN information.
The interface is a VLAN member. Packets

forwarded by the interface are untagged.
The interface is denied membership to a VLAN.
Blank
The interface is not a VLAN member. Packets

associated with the interface are not forwarded.
NOTE: Ports which are LAG members are not displayed in the VLAN Port Membership Table.
The VLAN Port Membership Table displays the ports and the ports states, as well as LAGs.
Assigning Ports to a VLAN Group
1
Click the VLAN ID or VLAN Name option button and select a VLAN from the drop-down
menu.
Select a port in the Port Membership Table, and assign the port a value.

The port is assigned to the VLAN group, and the switch module is updated.
223
Deleting a VLAN
1
Click the VLAN ID or VLAN Name option button and select a VLAN from the drop-down
menu.
Select the Remove VLAN check box.

The selected VLAN is deleted, and the switch module is updated.
Assigning Ports to VLAN Groups Using CLI Commands
The following table summarizes the equivalent CLI commands for assigning ports to VLAN
groups.
Table 7-61. Port-to-VLAN Group Assignments CLI Commands
CLI Command
Description
switchport general acceptable-frame- Discards untagged frames at ingress.

types tagged-only
224
switchport forbidden vlan {add

vlan-list | remove vlanlist}
Forbids adding specific VLANs to the

port.
switchport mode {access | trunk |

general}
Configures the VLAN membership

mode of a port.
switchport access vlan vlan-id
Configures the VLAN ID when the

interface is in access mode.
switchport trunk allowed vlan {add

vlan-list | remove vlan-list}
Adds or removes VLANs from a trunk

port.
switchport trunk native vlan vlan-id
Defines the port as a member of the

specified VLAN, and the VLAN ID as
the port default VLAN ID (PVID).
switchport general allowed vlan add

vlan-list [tagged | untagged]
Adds or removes VLANs for a port in

general mode.
switchport general pvid vlan-id
Configures the PVID when the interface

is in general mode.

console(config)# vlan database
console(config-vlan)# vlan 23-25
console(config-vlan)# end
console(config-if)# name Marketing
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 23
console(config-if)# switchport mode trunk
console(config-if)# swithport mode trunk allowed vlan add
23-25
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add
23,25 tagged
console(config-if)# switchport general pvid 25
Defining VLAN Ports Settings

The VLAN Port Settings page contains fields for managing ports that are part of a VLAN. The port
default VLAN ID (PVID) is configured on the VLAN Port Settings page. All untagged packets
arriving to the switch module are tagged by the ports PVID.
To open the VLAN Port Settings page, click Switch VLAN Port Settings in the tree view.
225
Figure 7-98. VLAN Port Settings
Port The port number included in the VLAN.

Port VLAN Mode The port mode. Possible values are:
General The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged
(full 802.1Q mode).
Access The port belongs to a single untagged VLAN. When a port is in Access mode, the
packet types which are accepted on the port cannot be designated. Ingress filtering cannot be
enabled/disabled on an access port.
Trunk The port belongs to VLANs in which all ports are tagged (except for one port that
can be untagged).
PVID Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is
defined as per standard and industry practice as the Discard VLAN. Packets classified to the
Discard VLAN are dropped.
Frame Type Packet type accepted on the port. Possible values are:
Admit Tag Only Only tagged packets are accepted on the port.
Admit All Both tagged and untagged packets are accepted on the port.
Ingress Filtering Enables or disables Ingress filtering on the port. Ingress filtering discards
packets that are destined to VLANs of which the specific LAG is not a member. The field default is
Enable. To disable ingress filtering, enable Multiple Hosts.
Current Reserved VLAN The VLAN currently designated by the system as the reserved VLAN.
226
Reserve VLAN for Internal Use The VLAN selected by the user to be the reserved VLAN if not
in use by the system.
Assigning Port Settings
1
Open the VLAN Port Settings page.
Select the port to which settings need to be assigned from the Port drop-down menu.
Complete the remaining fields on the page

The VLAN port settings are defined, and the switch module is updated.
Displaying the VLAN Port Table

1
Open the VLAN Port Settings page.
Click Show All.

The VLAN Port Table opens.
Assigning Ports to VLAN Groups Using CLI Commands
The following table summarizes the equivalent CLI commands for assigning ports to VLAN
groups.
Table 7-62.
VLAN Port CLI Commands
CLI Command
Description
switchport mode {access | trunk Configures a port VLAN membership mode.

| general}
switchport trunk native vlan
vlan-id
Defines the port as a member of the specified

VLAN, and the VLAN ID as the "port default
VLAN ID (PVID)".
Configure the Port VLAN ID (PVID) when the

interface is in general mode.
switchport general allowed vlan Adds or removes VLANs for a port in general
add vlan-list [tagged |
mode.
untagged]
switchport general acceptableframe-types tagged-only
Discards untagged packets at ingress.
switchport general ingressfiltering disable
Disables port ingress filtering.
227
Console (config)# interface range ethernet g11-16

Console (config-if)# switchport mode access
Console (config-if)# switchport general pvid 234
Console (config-if)# switchport general allowed vlan add
1,2,5,6 tagged
Console (config-if)# switchport general ingress-filtering
disable
Defining VLAN LAG Settings

The VLAN LAG Setting page provides parameters for managing LAGs that are part of a VLAN.
VLANs can either be composed of individual ports or of LAGs. Untagged packets entering the
switch module are tagged with the LAGs ID specified by the PVID. To open the VLAN LAG
Setting page, click Switch VLAN LAG Settings in the tree view.
Figure 7-99. VLAN LAG Setting
LAG The LAG number included in the VLAN.

LAG VLAN Mode The LAG VLAN mode. Possible values are:
General The LAG belongs to VLANs, and each VLAN is user-defined as tagged or
untagged (full 802.1Q mode).
228
Access The LAG belongs to a single, untagged VLAN.

Trunk The LAG belongs to VLANs in which all ports are tagged (except for an optional
single native VLAN).
PVID Assigns a VLAN ID to untagged packets. The possible field values are 1-4095. VLAN 4095
is defined as per standard and industry practice, as the Discard VLAN. Packets classified to this
VLAN are dropped.
Frame Type Packet type accepted by the LAG. Possible values are:
Admit Tag Only Only tagged packets are accepted by the LAG.
Admit All Tagged and untagged packets are both accepted by the LAG.
Ingress Filtering Enables or disables Ingress filtering by the LAG. Ingress filtering discards
packets that are destined to VLANs of which the specific LAG is not a member.
Current Reserve VLAN The VLAN currently designated as the reserved VLAN.
Reserve VLAN for Internal Use The VLAN that is designated as the reserved VLAN after the
switch module is reset.
Assigning VLAN LAG Settings:
1
Open the VLAN LAG Setting page.
Select a LAG from the LAG drop-down menu and complete the fields on the page.

The VLAN LAG parameters are defined, and the switch module is updated.
Displaying the VLAN LAG Table

1
Open the VLAN LAG Setting page.
Click Show All.

The VLAN LAG Table opens.
Assigning LAGs to VLAN Groups Using CLI Commands
The following table summarizes the equivalent CLI commands for assigning LAGs to VLAN
groups as displayed in the VLAN LAG Setting page.
Table 7-63.
LAG VLAN Assignments CLI Commands
CLI Command
Description
switchport mode {access | trunk Configures a LAG VLAN membership mode.

| general}
switchport trunk native vlan
vlan-id
Defines the port as a member of the specified

VLAN, and the VLAN ID as the LAG default
VLAN ID (PVID).
229
Table 7-63. LAG VLAN Assignments CLI Commands

CLI Command
Description
Configure the LAG VLAN ID (PVID) when the

interface is in general mode.
switchport general allowed vlan Adds or removes VLANs from a general LAG.
add vlan-list [tagged |
untagged]
switchport general acceptableframe-type tagged-only
Discards untagged packets at ingress.
switchport general ingressfiltering disable
Disables LAG ingress filtering.

console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2-3
tagged
console(config-if)# switchport general pvid 2
console(config-if)# switchport general acceptable-frame-type
tagged-only
console(config-if)# switchport general ingress-filtering
disable
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk native vlan 3
console(config-if)# switchport trunk allowed vlan add 2
230
Defining VLAN Protocol Groups

The Protocol Group page provides parameters for configuring frame types to specific protocol
groups. To open the Protocol Group page, click Switch VLAN Protocol Group in the tree
view.
NOTE: Mapping to a non-configured VLAN is possible.
Figure 7-100.
Protocol Group
Frame Type The packet type. Possible field values are Ethernet, RFC1042, and LLC Other.
Protocol Value User-defined protocol name.
Ethernet-Based Protocol Value The Ethernet protocol group type. The possible field values are
IP, IPX and IPV6.
Protocol Group ID ID number assigned to frames containing specified protocol value.
Remove When selected, removes frame-to-protocol group mapping, if the protocol port to be
removed is not configured on this protocol group.
Adding a Protocol Group
1
Open the Protocol Group page.
Click Add.
The Add Protocol to Group page opens.

231

The protocol group is assigned, and the switch module is updated.
Assigning VLAN Protocol Group Settings

1

The VLAN protocol group parameters are defined, and the switch module is updated.
Removing Protocols From the Protocol Group Table

1
Click Show All.

The Protocol Group Table opens.
Select Remove for the protocol groups that need to be removed.

The protocol is removed, and the switch module is updated.
Defining VLAN Protocol Groups Using CLI Commands
The following table summarizes the equivalent CLI commands for configuring Protocol Groups.
Table 7-64. VLAN Protocol Groups CLI Commands
CLI Command
Description
map protocol protocol [encapsulation]

protocols-group group
Maps a protocol to a protocol group.

Protocol groups are used for protocolbased VLAN assignment.
The following example maps ip-arp protocol to group "213":

console (config)# vlan database
console (config-vlan)# map protocol ip-arp protocols-group 213
Adding Protocol Ports

The Protocol Port Table page adds interfaces to Protocol groups. To open the Protocol Port Table
page, click Switch VLAN Protocol Port in the tree view.
232
Figure 7-101.
Protocol Port Table
Interface Port or LAG number assigned to a protocol group.

Group ID Protocol group ID to which the interface is assigned. Protocol group IDs are defined
in the Protocol Group Table.
VLAN ID Attaches the interface to a user-defined VLAN ID. The VLAN ID is defined on the
VLAN Membership page. Protocol ports can either be attached to a VLAN ID or a VLAN name
(Range: 1-4094).
NOTE: VLAN 4095 is the discard VLAN.
Adding a New Protocol Port
NOTE: Protocol ports can be defined only on ports that are defined as General in the VLAN Port Settings
page.
1
Open the Protocol Port Table page.
Click Add.
The Add Protocol Port page opens.
Complete the fields in the dialog.

The new VLAN protocol group is added to the Protocol Port Table, and the switch module is
updated.
233
Defining Protocol Ports Using CLI Commands
The following table summarizes the equivalent CLI command for defining Protocol Ports.
Table 7-65. Protocol Port CLI Commands
CLI Command
Description
switchport general map Sets a protocol-based classification rule.

protocols-group group
vlan vlan-id
The following example sets a protocol-based classification rule of protocol group 1 to VLAN 8:
console (config-if)# switchport general map protocols-group 1 vlan 8
Configuring GVRP
GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of
VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to
automatically learn VLANs to bridge ports mapping, without having to individually configure each
bridge and register VLAN membership.
The GVRP Global Parameters page enables GVRP globally. GVRP can also be enabled on a perinterface basis. To open the GVRP Global Parameters page, click Switch VLAN GVRP
Parameters in the tree view.
Figure 7-102. GVRP Global Parameters
234
GVRP Global Status Enables or disables GVRP on the switch module. GVRP is disabled by
default.
Interface The port or LAG for which GVRP is enabled.
GVRP State Enables or disables GVRP on an interface.
Dynamic VLAN Creation Enables or disables VLAN creation through GVRP.
GVRP Registration Enables or disables VLAN registration through GVRP.
Enabling GVRP on the Switch Module
1
Open the GVRP Global Parameters page.
Select Enable in the GVRP Global Status field.

GVRP is enabled on the switch module.
Enabling VLAN Registration Through GVRP

1
Open the GVRP Global Parameters page.
Select Enable in the GVRP Global Status field for the desired interface.
Select Enable in the GVRP Registration field.

GVRP VLAN Registration is enabled on the port, and the switch module is updated.
Configuring GVRP Using CLI Commands
The following table summarizes the equivalent CLI commands for configuring GVRP as displayed
in the GVRP Global Parameters page.
Table 7-66.
GVRP Global Parameters CLI Commands
CLI Command
Description
gvrp enable (global)
Enables GVRP globally.
gvrp enable (interface)
Enables GVRP on an interface.
gvrp vlan-creation-forbid
Enables or disables dynamic VLAN

creation.
gvrp registration-forbid
De-registers all dynamic VLANs, and

prevents dynamic VLAN registration on
the port.
show gvrp configuration [ethernet

Displays GVRP configuration information,
interface| port-channel port-channel- including timer values, whether GVRP and
number]
dynamic VLAN creation is enabled, and
which ports are running GVRP.
235
Table 7-66. GVRP Global Parameters CLI Commands

CLI Command
Description
show gvrp error-statistics [ethernet

Displays GVRP error statistics.
interface| port-channel port-channelnumber]
show gvrp statistics [ethernet
Displays GVRP statistics.
clear gvrp statistics [ethernet
Clears all the GVRP statistics information.
console(config)# gvrp enable

console(config-if)# gvrp enable
console(config-if)# gvrp vlan-creation-forbid
console(config-if)# gvrp registration-forbid
console# show gvrp configuration
GVRP Feature is currently Enabled on the switch module.
Maximum VLANs: 223
Port(s)
GVRPStatus
Registration
Dynamic
VLAN
Creation
Leave
Timers
(milliseconds)
Join
Leave
All
-------
------
------------
--------
-------------- -----
-----
g11
Enabled
Forbidden
Disabled
200
900
10000
g12
Disabled
Normal
Enabled
200
600
10000
236
Aggregating Ports
Port Aggregation optimizes port usage by linking a group of ports together to form a single Link
Aggregated Groups (LAGs). Port Aggregation multiplies the bandwidth between the switch
modules, increases port flexibility, and provides link redundancy. The switch module supports up to
six LAGs per system, and six ports per LAG per switch module.
Each LAG is composed of ports of the same speed, set to full-duplex operations. Ports in a LAG,
can be of different media types (UTP/Fiber, or different fiber types), provided they operate at the
same speed. Fiber ports refer only to internal ports.
Aggregated Links can be assigned manually or automatically by enabling Link Aggregation Control
Protocol (LACP) on the relevant links. The switch module provides LAG Load Balancing based on
both source MAC addresses and destination MAC addresses.
Aggregated Links are treated by the system as a single logical port. Specifically, the Aggregated Link
has similar port attributes to a non-aggregated port, including auto-negotiation, speed, Duplex
setting, etc.
The Ethernet Switch Module supports both static LAGs and Link Aggregation Control Protocol
(LACP) LAGs. LACP LAG negotiate Aggregated Port links with other LACP ports located on a
different switch module. If the other ports are also LACP ports, the Ethernet Switch Module
establish a LAG between them.
NOTE: Internal Ports cannot be aggregated.
NOTE: To enable LACP, LACP must be defined for external ports.
Follow these guidelines when adding ports to a LAG:
There is no Layer 3 interface defined on the port.
The port does not belong to any VLAN.
The port does not belong to any other LAG.
The port is not a mirrored port.
GVRP is not enabled.

NOTE: Ports can be configured as LACP ports only if the ports are not part of a previously configured
LAG.
The switch module uses a hash function to determine which frames are carried on which
aggregated-link member. The system uses a hash function to forward frames to aggregated link
members. This hash function statistically load-balances aggregate link member use, and guarantees
no frame reordering. The switch module considers an Aggregated Link as a single logical port.
Each Aggregated Link has an Aggregated Link Port Type, including Gigabit Ethernet ports. Ports
can be added to an Aggregated Link only if they are the same port type. When ports are removed
from an Aggregated Links, the ports revert to the original port settings. To open the Link
Aggregation page, click Switch Link Aggregation in the tree view.
237
Defining LACP Parameters

The LACP Parameters page contains fields for configuring LACP LAGs. Aggregate ports can be
linked into link-aggregation port-groups. Each group is comprised of ports with the same speed.
Aggregated Links can be manually setup or automatically established by enabling Link Aggregation
Control Protocol (LACP) on the relevant links. To open the LACP Parameters page, click Switch
Link Aggregation LACP Parameters in the tree view.
Figure 7-103. LACP Parameters
LACP System Priority (1-65535) The LACP priority value for global settings. The possible
range is 1- 65535. The default value is 1.
Select a Port The port number to which timeout and priority values are assigned.
LACP Port Priority (1-65535) LACP priority value for the port.
LACP Timeout Administrative LACP timeout. The possible field values are:
Short Specifies a short timeout value.
Long Specifies a long timeout value.
Defining Link Aggregation Global Parameters
1
Open the LACP Parameters page.
Complete the LACP System Priority field.

The parameters are defined, and the switch module is updated.
238
Defining Link Aggregation Port Parameters

1
Complete the fields in the Port Parameters area.

The parameters are defined, and the switch module is updated.
Displaying the LACP Parameters Table

1
Click Show All.

The LACP Parameters Table opens.
Configuring LACP Parameters Using CLI Commands
The following table summarizes the equivalent CLI commands for configuring LACP parameters
as displayed in the LACP Parameters page.
Table 7-67.
LACP Parameters CLI Commands
CLI Command
Description
lacp system-priority value
Configures the system priority.
lacp port-priority value
Configures the priority value for physical

ports.
lacp timeout {long | short}
Assigns an administrative LACP timeout.
show lacp ethernet interface

[parameters | statistics |
protocol-state]
Displays LACP information for ethernet

ports.
239

Console (config)# lacp system-priority 120
Console (config)# interface ethernet g11
Console (config-if)# lacp port-priority 247
Console (config-if)# lacp timeout long
Console (config-if)# end
Console# show lacp ethernet g11 statistics
Port g11 LACP Statistics:
LACP PDUs sent:2
LACP PDUs received:2
Defining LAG Membership

The LAG Membership page contains fields for assigning ports to LAGs. LAGs can include up to 6
external ports.When a port is added to a LAG, the port acquires the LAGs properties. If the port
cannot be configured with the LAG properties, a trap is generated and the port operates with its
default settings.
The LAG Membership page contains fields for assigning ports to LAGs. To open the LAG
Membership page, click Switch Link Aggregation LAG Membership in the tree view.
240
Figure 7-104.
LAG Membership
LACP Aggregates the port to a LAG, using LACP.

LAG Adds a port to a LAG, and indicates the specific LAG to which the port belongs.
Configuring a Port to a LAG or LACP
1
Open the LAG Membership page.
In the LAG row (the second row), toggle the button to a specific number to aggregate or
remove the port to that LAG number.
In the LACP row (the first row), toggle the button under the port number to assign either the
LACP or the static LAG.

The port is added to the LAG or LACP, and the switch module is updated.
Assigning Ports to LAGs Using CLI Commands
The following table summarizes the equivalent CLI commands for assigning ports to LAGs as
displayed in the LAG Membership page.
241
Table 7-68. LAG Membership CLI Commands

CLI Command
Description
channel-group portchannel-number mode

{on | auto}
Associates a port with a port-channel. Use the

no form of this command to remove the
channel-group configuration from the
interface.
show interfaces port-channel

[port-channel-number]
Displays port-channel information.

console# config
console(config-if)# channel-group 1 mode on
console(config-if)# 01-Jan-2000 01:47:18 %LINK-W-Down: ch1
console(config-if)#
Multicast Forwarding Support

Multicast forwarding allows a single packet to be forwarded to multiple destinations. L2 Multicast
service is based on L2 switch receiving a single packet addressed to a specific Multicast address.
Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports.
The switch module supports:
Forwarding L2 Multicast Packets Enabled by default, and not configurable.

NOTE: The system supports Multicast filtering for 320 Multicast groups.
Filtering L2 Multicast Packets Enables forwarding of Layer 2 packets to interfaces. If

Multicast filtering is disabled, Multicast packets are flooded to all relevant ports.
To open the Multicast Support page, click Switch Multicast Support in the tree view.
Defining Multicast Global Parameters

Layer 2 switching forwards Multicast packets to all relevant VLAN ports by default, treating the
packet as a Multicast transmission. While this is functional, in the sense that all relevant
ports/nodes receive a copy of the frame, it is potentially wasteful as ports/nodes may receive
irrelevant frames only needed by a subset of the ports of that VLAN. Multicast forwarding filters
enable forwarding of Layer 2 packets to port subsets, defined in the Multicast filter database.
242
When IGMP snooping is enabled globally, the switching ASIC is programmed to forward all IGMP
packets to the CPU. The CPU analyzes the incoming packets and determines which ports are to
join which Multicast groups, which ports have Multicast routers generating IGMP queries, and
what routing protocols are forwarding packets and Multicast traffic. Ports requesting to join a
specific Multicast group issue an IGMP report specifying that Multicast group. This results in the
creation of the Multicast filtering database.
The Multicast Global Parameters page contains fields for enabling IGMP Snooping on the switch
module. To open the Multicast Global Parameters page, click Switch Multicast Support
Global Parameters in the tree view.
Figure 7-105.
Multicast Global Parameters
Bridge Multicast Filtering Enables or disables bridge Multicast filtering. Disabled is the default
value. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled.
IGMP Snooping Status Enables or disables IGMP Snooping on the switch module. Disabled is
the default value.
Enabling Bridge Multicast Filtering on the switch module
1
Open the Multicast Global Parameters page.
Select Enable in the Bridge Multicast Filtering field.

Bridge Multicast is enabled on the switch module.
Enabling IGMP Snooping on the Switch Module

1
Open the Multicast Global Parameters page.
243
Select Enable in the IGMP Snooping Status field.

IGMP Snooping is enabled on the switch module.
Enabling Multicast Forwarding and IGMP Snooping Using CLI Commands
The following table summarizes the equivalent CLI commands for enabling Multicast forwarding
and IGMP Snooping as displayed on the Multicast Global Parameters page.
Table 7-69. Multicast Forwarding and Snooping CLI Commands
CLI Command
Description
bridge multicast filtering
Enables filtering of Multicast addresses.
ip igmp snooping
Enables Internet Group Membership

Protocol (IGMP) snooping.

Console (config)# bridge multicast filtering
Console (config)# ip igmp snooping
Adding Bridge Multicast Address Members

The Bridge Multicast Group page displays the ports and LAGs attached to the Multicast service
group in the Ports and LAGs tables. The Port and LAG tables also reflect the manner in which the
port or LAGs joined the Multicast group. Ports can be added either to existing groups or to new
Multicast service groups. The Bridge Multicast Group page permits new Multicast service groups
to be created. The Bridge Multicast Group page also assigns ports to a specific Multicast service
address group.
To open the Bridge Multicast Group page, click Switch Multicast Support Bridge Multicast
Address in the tree view.
244
Figure 7-106.
VLAN ID Identifies a VLAN and contains information about the Multicast group address.
Bridge Multicast Address Identifies the Multicast group MAC address/IP address.
Remove When selected, removes a Bridge Multicast address.
Ports Port that can be added to a Multicast service.
LAGs LAGs that can be added to a Multicast service.
The following table contains the IGMP port and LAG members management settings:
Table 7-70. IGMP Port/LAG Members Table Control Settings
Port Control
Definition
The port/LAG has joined the Multicast group

dynamically in the Current Row.
Attaches the port to the Multicast group as

static member in the Static Row.
The port/LAG has joined the Multicast group
statically in the Current Row.
Forbidden.
Blank
The port is not attached to a Multicast group.
Adding Bridge Multicast Addresses

1
Open the Bridge Multicast Group page.

245
Click Add.
The Add Bridge Multicast Group page opens:
Figure 7-107. Add Bridge Multicast Group
Define the VLAN ID and New Bridge Multicast Address fields.
Toggle a port to S to join the port to the selected Multicast group.
Toggle a port to F to forbid adding specific Multicast addresses to a specific port.

The bridge Multicast address is assigned to the Multicast group, and the switch module is
updated.
Defining Ports to Receive Multicast Service

1
Define the VLAN ID and the Bridge Multicast Address fields.
Toggle a port to S to join the port to the selected Multicast group.
Toggle a port to F to forbid adding specific Multicast addresses to a specific port.

The port is assigned to the Multicast group, and the switch module is updated.
Assigning LAGs to Receive Multicast Service

1
246
Define the VLAN ID and the Bridge Multicast Address fields.
Toggle the LAG to S to join the LAG to the selected Multicast group.
Toggle the LAG to F to forbid adding specific Multicast addresses to a specific LAG.

The LAG is assigned to the Multicast group, and the switch module is updated.
Managing Multicast Service Members Using CLI Commands
The following table summarizes the equivalent CLI commands for managing Multicast service
members as displayed in the Bridge Multicast Group page.
Table 7-71.
Multicast Service Member CLI Commands
CLI Command
Description
bridge multicast address {macmulticast-address | ip-multicastaddress}
Registers MAC-layer Multicast

addresses to the bridge table, and
adds static ports to the group.
bridge multicast forbidden address

{mac-multicast-address | ip-multicastaddress}[add | remove] {ethernet
interface-list | port-channel portchannel-number-list}
Forbids adding a specific Multicast

address to specific ports. Use the no
form of this command to return to
default
show bridge multicast address-table

[vlan vlan-id] [address macmulticast-address | ip-multicastaddress] [format ip | mac]
Displays Multicast MAC address

table information.

Console(config-if)# bridge multicast address 0100.5e02.0203
add ethernet g11,g12
console # show bridge multicast address-table
Vlan
MAC Address
Type
Ports
----
-----------
-----
----------
0100.5e02.0203
static
g11, g12
19
0100.5e02.0208
static
g11-16
19
0100.5e02.0208
dynamic
g11-12
247
Forbidden ports for multicast addresses:
Vlan
MAC Address
Ports
----
-----------
----------
0100.5e02.0203
g8
19
0100.5e02.0208
g8
console # show bridge multicast address-table format ip
Vlan
IP Address
Type
Ports
----
-----------
-----
----------
224-239.130|2.2.3
static
g11, g12
19
224-239.130|2.2.8
static
g11-16
19
224-239.130|2.2.8
dynamic
g11-12
Forbidden ports for multicast addresses:
Vlan
IP Address
Ports
----
-----------
----------
224-239.130|2.2.3
g8
19
224-239.130|2.2.8
g8
Assigning Multicast Forward All Parameters

The Bridge Multicast Forward All page contains fields for attaching ports or LAGs to a switch
module that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is
enabled, Multicast packets are forwarded to the appropriate port or VLAN.
To open the Bridge Multicast Forward All page, click Switch Multicast Support Bridge
Multicast Bridge Multicast Forward All page in the tree view.
248
Figure 7-108.
VLAN ID Identifies a VLAN.

Ports Ports that can be added to a Multicast service.
LAGs LAGs that can be added to a Multicast service.
The Bridge Multicast Forward All Router/Port Control Settings Table contains the settings for
managing router and port settings.
Table 7-72. Bridge Multicast Forward All Router/Port Control Settings Table
Port Control
Definition
Attaches the port to the Multicast router or

switch as a dynamic port.
Attaches the port to the Multicast router or

switch as a static port.
Forbidden.
Blank
The port is not attached to a Multicast router or

switch.
Attaching a Port to a Multicast Router or Switch

1
Open Bridge Multicast Forward All page.
Define the VLAN ID field.
Select a port in the Ports table, and assign the port a value.
249

The port is attached to the Multicast router or switch.
Attaching a LAG to a Multicast Router or Switch

1
Open Bridge Multicast Forward All page.
Define the VLAN ID field.
Select a port in the LAGs table, and assign the LAG a value.

The LAG is attached to the Multicast router or switch.
Managing LAGs and Ports Attached to Multicast Routers Using CLI Commands
The following table summarizes the equivalent CLI commands for managing LAGs and ports
attached to Multicast routers as displayed on the Bridge Multicast Forward All page.
Table 7-73. CLI Commands for Managing LAGs and Ports Attached to Multicast Routers
CLI Command
Description
show bridge multicast filtering

vlan-id
Displays the Multicast filtering

configuration.
no bridge multicast forbidden

forward-all
Disables forwarding Multicast packets on

a port.
bridge multicast forward-all

{add | remove} {ethernet
interface-list | port-channel
port-channel-number-list}
Enables forwarding of all Multicast

packets on a port. Use the no form of this
command to return to default.

Console (config)# interface vlan 1
Console (config-if)# bridge multicast forward-all add ethernet
g13
Console(config-if)# end
Console # show bridge multicast filtering 1
Filtering: Enabled
250
VLAN:
Forward-All
Port
Static
Status
-------
-----------------
-----------
g11
Forbidden
Filter
g12
Forward
Forward(s)
g13
Forward(d)
IGMP Snooping
The IGMP Snooping page contains fields for enabling IGMP snooping per VLAN, and defining
the aging time for packets. To open the IGMP Snooping page, click Switch Multicast
Support IGMP Snooping in the tree view.
Figure 7-109.
IGMP Snooping
VLAN ID Specifies the VLAN ID.

IGMP Snooping Status Enables or disables IGMP snooping on the VLAN.
Auto Learn Enables or disables Auto Learn on the Ethernet Switch Module.
Host Timeout (1-2147483647) Time before an IGMP snooping entry is aged out. The default
time is 260 seconds.
Multicast Router Timeout (1-2147483647) Time before aging out a Multicast router entry. The
default value is 300 seconds.
Leave Timeout (0-2147483647) Time, in seconds, after a port leave message is received before
the entry is aged out. User-defined enables a user-definable timeout period. The default timeout is
10 seconds.
251
Immediate Leave Upon receiving a group-specific IGMPv2 leave message, IGMP snooping
immediately removes the interface from the Layer 2 forwarding table entry for that Multicast
group.
Enabling IGMP Snooping on the Switch Module
1
Open the IGMP Snooping page.
Select the VLAN ID for the switch module on which IGMP snooping needs to be enabled.
Select Enable in the IGMP Snooping Status field.

IGMP snooping is enabled on the switch module.
Displaying the IGMP Snooping Table

1
Open the IGMP Snooping.
Click Show All.

The IGMP Snooping Table opens.
Configuring IGMP Snooping with CLI Commands
The following table summarizes the equivalent CLI commands for configuring IGMP Snooping on
the switch module:
Table 7-74. IGMP Snooping CLI Commands
CLI Command
Description
ip igmp snooping
Enables Internet Group Membership

Protocol (IGMP) snooping.
ip igmp snooping mrouter learn-pimdvmrp
Enables automatic learning of

Multicast router ports in the context
of a specific VLAN.
ip igmp snooping host-time-out timeout
Configures the host-time-out.
ip igmp snooping mrouter-time-out

time-out
Configures the mrouter-time-out.
ip igmp snooping leave-time-out

{time-out | immediate-leave}
Configures the leave-time-out.
show ip igmp snooping groups [vlan vlan- Displays the Multicast groups learned
id] [address ip-multicast-address]
by IGMP snooping.
show ip igmp snooping interface vlan-id Displays IGMP snooping
configuration.
252
Table 7-74.
IGMP Snooping CLI Commands
CLI Command
Description
show ip igmp snooping mrouter

[interface vlan-id]
Displays information about

dynamically learned Multicast router
interfaces.
253

console>enable
console#config
console(config)# ip igmp snooping
console(config-if)# ip igmp snooping mrouter learn-pim-dvmrp
console(config-if)# ip igmp snooping host-time-out 300
Console(config-if)# ip igmp snooping mrouter-time-out 200
console(config-if)# ip igmp snooping leave-time-out 60
console# show ip igmp snooping groups
Vlan
IP Address
-----
------------------
1
19
Querier
224-239.130|2.2.3
Ports
-------Yes
224-239.130|2.2.8
Yes
-----
g11, g12
g11-13
Console # show ip igmp snooping interface g1

IGMP Snooping is globally enabled
IGMP Snooping is enabled on VLAN 1
IGMP host timeout is 300 sec
IGMP Immediate leave is disabled. IGMP leave timeout is 60 sec
IGMP mrouter timeout is 200 sec
Automatic learning of multicast router ports is enabled
Console # show ip igmp snooping mrouter
254
VLAN
Ports
----
------
g11
Viewing Statistics
The Statistics pages contains Ethernet Switch Module information for interface, GVRP, Etherlike,
RMON, and Ethernet Switch Module utilization. To open the Statistics page, click
Statistics/RMON in the tree view.
NOTE: CLI commands are not available for all the Statistics pages.
Viewing Tables
The Table Views page contains links for displaying statistics in a table form. To open the Table
Views page, click Statistics/RMON Tables in the tree view.
Viewing Utilization Summary

The Utilization Summary page contains statistics for viewing interface utilization. To open the
Utilization Summary page, click Statistics/RMON Table Views Utilization Summary in the
tree view.
Viewing Statistics
255
Figure 8-110. Utilization Summary
Refresh Rate The amount of time that passes before the interface statistics are refreshed.
Interface The interface number.
Interface Status Status of the interface.
% Interface Utilization Network interface utilization percentage based on the duplex mode of
the interface. The range of this reading is from 0 to 200%. The maximum reading of 200% for a full
duplex connection indicates that 100% of bandwidth of incoming and outgoing connections is
used by the traffic travelling through the interface. The maximum reading for a half duplex
connection is 100%.
% Unicast Received Percentage of Unicast packets received on the interface.
% Non Unicast Packets Received Percentage of non-Unicast packets received on the interface.
% Error Packets Received Number packets with errors received on the interface.
Global System LAGs Current LAGs/trunk performance.
Viewing Counter Summary

The Counter Summary page contains statistics for port utilization in numeric sums as opposed to
percentages. To open the Counter Summary page, click Statistics/RMON Table Views
Counter Summary in the tree view.
256
Viewing Statistics
Figure 8-111.
Counter Summary
Refresh Rate The amount of time that passes before the interface statistics are refreshed.
Interface The interface number.
Interface Status The interface status.
Received Unicast Packets Number of received Unicast packets on the interface.
Transmit Unicast Packets Number of transmitted Unicast packets from the interface.
Received Non Unicast Packets Number of received non-Unicast packets on the interface.
Transmit Non Unicast Packets Number of transmitted non-Unicast packets from the interface.
Received Errors The number of error packets received on the interface.
Global System LAGs Current LAGs performance.
Viewing Interface Statistics

The Interface Statistics page contains statistics for both received and transmitted packets. The
fields for both received and transmitted packets are identical. To open the Interface Statistics page,
click Statistics/RMON Table Views Interface Statistics in the tree view.
Viewing Statistics
257
Figure 8-112. Interface Statistics
Interface Specifies whether statistics are displayed for a port or LAG.

Refresh Rate Amount of time that passes before the interface statistics are refreshed.
Receive Statistics
Total Bytes (Octets) Number of octets received on the selected interface.

Unicast Packets Number of Unicast packets received on the selected interface.
Multicast Packets Number of Multicast packets received on the selected interface.
Broadcast Packets Number of Broadcast packets received on the selected interface.
Packets with Errors Number of error packets received on the selected interface.
Transmit Statistics
Total Bytes (Octets) Number of octets transmitted on the selected interface.

Unicast Packets Number of Unicast packets transmitted on the selected interface.
Multicast Packets Number of Multicast packets transmitted on the selected interface.
Broadcast Packets Number of Broadcast packets transmitted on the selected interface.
Displaying Interface Statistics
1
258
Open the Interface Statistics page.
Viewing Statistics
Select an interface in the Interface field.

The interface statistics are displayed.
Resetting Interface Statistics Counters

1
Open the Interface Statistics page.
Click Reset All Counters.

The interface statistics counters are reset.
Viewing Interface Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing interface statistics.
Table 8-75.
Interface Statistics CLI Commands
CLI Command
Description
show interfaces counters [ethernet

Displays traffic seen by the physical
interface | port-channel port-channel- interface.
number]
The following is an example of the CLI commands.
console# show interfaces counters
InUcastPkts
InMcastPkts
InBcastPkts
------- -------------
----------------
----------------
------------
g11
183892
1289
987
g12
g13
123899
1788
373
19
Port
OutOctets
OutUcastPkts
OutMcastPkts
OutBcastPkts
------- -------------
----------------
----------------
------------
g11
9188
g12
g13
8789
27
Port
InOctets
Viewing Statistics
259
InUcastPkts
InMcastPkts
InBcastPkts
------- -------------
----------------
----------------
------------
27889
928
78
Ch
OutOctets
OutUcastPkts
OutMcastPkts
OutBcastPkts
------- -------------
----------------
----------------
------------
882
122
Ch
InOctets
23739
Viewing Etherlike Statistics

The Etherlike Statistics page contains interface statistics. To open the Etherlike Statistics page,
click Statistics/RMON Table Views Etherlike Statistics in the tree view.
Figure 8-113. Etherlike Statistics

Frame Check Sequence (FCS) Errors Number of FCS errors received on the selected interface.
Single Collision Frames Number of single collision frames received on the selected interface.
260
Viewing Statistics
Late Collisions Number of late collision frames received on the selected interface.
Excessive Collisions Number of excessive collisions received on the selected interface.
Internal MAC Transmit Errors Number of internal MAC transmit errors on the selected
interface.
Oversize Packets Number of oversized packet errors on the selected interface.
Internal MAC Receive Errors Number of internal MAC received errors on the selected
interface.
Received Pause Frames Number of received paused frames on the selected interface.
Transmitted Pause Frames Number of paused frames transmitted from the selected interface.
Displaying Etherlike Statistics for an Interface
1
Open the Etherlike Statistics page.

The interfaces etherlike statistics are displayed.
Resetting Etherlike Statistics

1
Open the Etherlike Statistics page.

The Etherlike statistics are reset.
Viewing Etherlike Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing etherlike statistics.
Table 8-76.
Etherlike Statistics CLI Commands
CLI Command
Description

interface | port-channel port-channel- interface.
number]
The following is an example of the CLI commands.
Viewing GVRP Statistics

The GVRP Statistics page contains Ethernet Switch Module statistics for GVRP. To open the
GVRP Statistics page, click Statistics/RMON Table Views GVRP Statistics in the tree view.
Viewing Statistics
261
console# show interfaces counters ethernet g11

InUcastPkts
InMcastPkts
InBcastPkts
------- -------------
----------------
----------------
------------
g11
183892
1289
987
Port
OutOctets
OutUcastPkts
OutMcastPkts
OutBcastPkts
------- -------------
----------------
----------------
------------
g11
Port
InOctets
9188
FCS Errors: 8
Single Collision Frames: 0
Late Collisions: 0
Excessive Collisions: 0
Internal MAC Tx Errors: 0
Oversize Packets: 0
Internal MAC Rx Errors: 0
Received Pause Frames: 0
Transmitted Pause Frames: 0
262
Viewing Statistics
Figure 8-114.
GVRP Statistics

Join Empty Ethernet Switch Module GVRP Join Empty statistics.
Empty Ethernet Switch Module GVRP Empty statistics.
Leave Empty Ethernet Switch Module GVRP Leave Empty statistics.
Join In Ethernet Switch Module GVRP Join In statistics.
Leave In Ethernet Switch Module GVRP Leave In statistics.
Leave All Ethernet Switch Module GVRP Leave All statistics.
Invalid Protocol ID Ethernet Switch Module GVRP Invalid Protocol ID statistics.
Invalid Attribute Type Ethernet Switch Module GVRP Invalid Attribute Type stat
Invalid Attribute Value Ethernet Switch Module GVRP Invalid Attribute Value statistics.
Invalid Attribute Length Ethernet Switch Module GVRP Invalid Attribute Length statistics.
Invalid Event Ethernet Switch Module GVRP Invalid Event statistics.
Displaying GVRP Statistics for a Port
1
Open the GVRP Statistics page.
Viewing Statistics
263
The interfaces GVRP statistics are displayed.

Resetting GVRP Statistics
1
Open the GVRP Statistics page.

The GVRP counters are reset.
Viewing GVRP Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing GVRP statistics.
Table 8-77. GVRP Statistics CLI Commands
CLI Command
Description
show gvrp statistics [ethernet

Displays GVRP statistics.
show gvrp error-statistics [ethernet Displays GVRP error statistics.

console# show gvrp statistics

GVRP statistics:
---------------rJE : Join Empty Received
rJIn : Join In Received
rEmp : Empty Received
rLIn : Leave In Received
rLE : Leave Empty Received
rLA : Leave All Received
sJE : Join Empty Sent
sJIn : Join In Sent
sEmp : Empty Sent
sLIn : Leave In Sent
sLE : Leave Empty Sent
sLA : Leave All Sent
Port rJE
rJIn
rEmp
rLIn
rLE
rLA
sJE
sJIn
sEmp
sLIn sLE
sLA
---- ---
----
----
----
---
---
---
----
----
---- ---
---
g11
264
Viewing Statistics
g12
g13
console# show gvrp error-statistics

GVRP error statistics:
---------------------Legend:
INVPROT : Invalid Protocol Id
INVPLEN : Invalid PDU Length
INVATYP : Invalid Attribute Type
INVALEN : Invalid Attribute Length
INVAVAL : Invalid Attribute Value
INVEVENT : Invalid Event
Port
INVPROT
INVATYP
INVAVAL
INVALEN
INVEVENT
----
-------
-------
-------
-------
--------
g11
g12
g13
g14
g15
g16
Viewing EAP Statistics
The EAP Statistics page contains information about EAP packets received on a specific port. For
more information about EAP, see "Port Based Authentication (802.1x)." To open the EAP Statistics
page, click Statistics/RMON Table Views EAP Statistics in the tree view.
Viewing Statistics
265
Figure 8-115. EAP Statistics
Port The port which is polled for statistics.

Frames Receive The number of valid EAPOL frames received on the port.
Frames Transmit The number of EAPOL frames transmitted via the port.
Start Frames Receive The number of EAPOL Start frames received on the port.
Log off Frames Receive The number of EAPOL Log off frames that have been received on the
port.
Respond ID Frames Receive The number of EAP Respond ID frames that have been received
on the port.
Respond Frames Receive The number of valid EAP Respond frames received on the port.
Request ID Frames Transmit The number of EAP Requested ID frames transmitted via the
port.
Request Frames Transmit The number of EAP Request frames transmitted via the port.
Invalid Frames Receive The number of unrecognized EAPOL frames received on this port.
Length Error Frames Receive The number of EAPOL frames with an invalid Packet Body
Length received on this port.
266
Viewing Statistics
Last Frame Version The protocol version number attached to the most recently received
EAPOL frame.
Last Frame Source The source MAC address attached to the most recently received EAPOL
frame.
Displaying EAP statistics for a Port
1
Open the EAP Statistics page.

The interface EAP statistics are displayed.
Viewing EAP Statistics Using the CLI Commands
The following table summarizes the CLI commands for viewing EAP statistics.
Table 8-78.
CLI Command
Description
show dot1x statistics ethernet

interface
Displays 802.1X statistics for the

specified interface.
console# show dot1x statistics ethernet g11

EapolFramesRx: 11
EapolFramesTx: 12
EapolStartFramesRx: 1
EapolLogoffFramesRx: 1
EapolRespIdFramesRx: 3
EapolRespFramesRx: 6
EapolReqIdFramesTx: 3
EapolReqFramesTx: 6
InvalidEapolFramesRx: 0
EapLengthErrorFramesRx: 0
LastEapolFrameVersion: 1
LastEapolFrameSource: 0008.3b79.8787
Viewing Statistics
267
Viewing RMON Statistics

Remote Monitoring (RMON) contains links for viewing network information from a remote
location. To open the RMON page, click Statistics/RMON RMON in the tree view.
Viewing RMON Statistics Group

The RMON Statistics page contains fields for viewing information about Ethernet Switch Module
utilization and errors that occurred on the Ethernet Switch Module. To open the RMON Statistics
page, click Statistics/RMON RMON Statistics in the tree view.
Figure 8-116. RMON Statistics
Interface Specifies the port or LAG for which statistics are displayed.
Refresh Rate Amount of time that passes before the statistics are refreshed.
Drop Events Number of dropped events that have occurred on the interface since the Ethernet
Switch Module was last refreshed.
Received Bytes (Octets) Number of octets received on the interface since the Ethernet Switch
Module was last refreshed. This number includes bad packets and FCS octets, but excludes
framing bits.
268
Viewing Statistics
Received Packets Number of packets received on the interface, including bad packets, Multicast
and Broadcast packets, since the Ethernet Switch Module was last refreshed.
Broadcast Packets Received Number of good Broadcast packets received on the interface since
the Ethernet Switch Module was last refreshed. This number does not include Multicast packets.
Multicast Packets Received Number of good Multicast packets received on the interface since
the Ethernet Switch Module was last refreshed.
CRC & Align Errors Number of CRC and Align errors that have occurred on the interface since
Undersize Packets Number of undersized packets (less than 64 octets) received on the interface
since the Ethernet Switch Module was last refreshed.
Oversize Packets Number of oversized packets (over 1518 octets) received on the interface since
Fragments Number of fragments (packets with less than 64 octets, excluding framing bits, but
including FCS octets) received on the interface since the Ethernet Switch Module was last
refreshed.
Jabbers The total number of packets received that were longer than 1518 octets (excluding
framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with
an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets
(Alignment Error). The allowed range to detect jabber is between 20 ms and 150 ms.
Collisions Number of collisions received on the interface since the Ethernet Switch Module was
last refreshed.
Frames of xx Bytes Number of xx-byte frames received on the interface since the Ethernet
Switch Module was last refreshed.
Viewing Interface Statistics
1
Open the RMON Statistics page.
Select an interface type and number in the Interface field.

The interface statistics are displayed.
Resetting the RMON

1
Open the RMON Statistics page.
Click Reset All Counters to reset the counter.

The RMON counters are reset.
Viewing RMON Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing RMON statistics.
Viewing Statistics
269
Table 8-79. RMON Statistics CLI Commands
270
CLI Command
Description
show rmon statistics {ethernet

interface | port-channel portchannel-number}
Displays RMON Ethernet statistics.
Viewing Statistics
console# show rmon statistics ethernet g1

Port g1
Dropped: 0
Octets: 0
Packets: 0
Broadcast: 0
Multicast: 0
CRC Align Errors: 0
Collisions: 0
Undersize Pkts: 0
Oversize Pkts: 0
Fragments: 0
Jabbers: 0
64 Octets: 0
65 to 127 Octets: 0
128 to 255 Octets: 0
512 to 1023 Octets: 0
1024 to 1518 Octets: 0
console# show rmon statistics port-channel 1

Port ch1
Dropped: 0
Octets: 0
Packets: 0
Broadcast: 0
Multicast: 0
CRC Align Errors: 0
Collisions: 0
Undersize Pkts: 0
Oversize Pkts: 0
Fragments: 0
Jabbers: 0
64 Octets: 0
65 to 127 Octets: 0
512 to 1023 Octets: 0
1024 to 1518 Octets: 0
Viewing Statistics
271
Viewing RMON History Control Statistics

The RMON History Control page contains information about samples of data taken from ports.
For example, the samples may include interface definitions or polling periods. To open the RMON
History Control page, click Statistics/RMON RMON History Control in the tree view.
Figure 8-117. RMON History Control
History Entry No. Entry number for the History Control Table page.
Source Interface Port or LAG from which the history samples were taken.
Owner (0-20 characters) RMON station or user that requested the RMON information.
Max No. of Samples to Keep (1-65535) Number of samples to be saved. The default value is 50.
NOTE: A change to the number of sample is only effective after a reboot.
Current No. of Samples in List The current number of samples taken.
Sampling Interval (1-3600) Indicates in seconds the time that samples are taken from the ports.
The default value is 1800 seconds (30 minutes).
Remove When selected, removes the History Control Table entry.
Adding a History Control Entry
272
Open the RMON History Control page.
Click Add.
Viewing Statistics
The Add History Entry page opens.

3

The entry is added to the History Control Table.
Modifying a History Control Table Entry

1
Select an entry in the History Entry No. field.
Modify the fields as required.

The table entry is modified, and the Ethernet Switch Module is updated.
Deleting a History Control Table Entry

1
Select an entry in the History Entry No. field.
Select Remove.

The selected table entry is deleted, and the Ethernet Switch Module is updated.
Viewing RMON History Control Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing RMON History
statistics.
Table 8-80.
RMON History CLI Commands
CLI Command
Description
rmon collection history index

Enables and configures RMON on an
[owner ownername | buckets
interface.
bucket-number] [interval seconds]
show rmon collection history
[ethernet interface | portchannel port-channel-number]
Displays RMON collection history

statistics.
Viewing Statistics
273

console(config-if)# rmon collection history 1 interval 2400
console(config)#
Viewing RMON History Table

The RMON History Table contains interface specific statistical network samplings. Each table
entry represents all counter values compiled during a single sample. To open the RMON History
Table, click Statistics/RMON RMON History Table in the tree view.
Figure 8-118. RMON History Table
Sample No. The specific sample the field information reflects.

Drop Events The number of dropped packets due to lack of network resources during the
sampling interval. This may not represent the exact number of dropped packets, but rather the
number of times dropped packets were detected.
Received Bytes (Octets) The number of data octets, including bad packets, received on the
network.
Received Packets The number of packets received during the sampling interval.
274
Viewing Statistics
Broadcast Packets The number of good Broadcast packets received during the sampling interval.
Multicast Packets The number of good Multicast packets received during the sampling interval.
CRC Align Errors The number of packets received during the sampling session with a length of
64-1518 octets, a bad Frame Check Sequence (FCS), and with an integral number of octets, or a
bad FCS with a non-integral number of octets.
Undersize Packets The number of packets received less than 64 octets long during the sampling
session.
Oversize Packets The number of packets received more than 1518 octets long during the
sampling session.
Fragments The number of packets received less than 64 octets long and had a FCS during the
sampling session.
Jabbers The total number of packets received that were longer than 1518 octets (excluding
framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with
an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets
(Alignment Error). The allowed range to detect jabber is between 20 ms and 150 ms.
Collisions Estimates the total number of packet collisions that occurred during the sampling
session. Collisions are detected when repeater ports detect two or more stations transmit
simultaneously.
Utilization Estimates the main physical layer network usage on an interface during the session
sampling. The value is reflected in percents.
Viewing Statistics for a Specific Table Entry
1
Open the RMON History Table.
Select an entry in the History Table No. field.

The entry statistics display in the RMON History Table.
Viewing RMON History Table Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing RMON history.
Table 8-81.
RMON History Control CLI Commands
CLI Command
Description
show rmon history index

{throughput | errors | other}
[period seconds]
Displays RMON Ethernet statistics history.
Viewing Statistics
275
The following is an example of the CLI commands for displaying RMON ethernet statistics for
throughput on index 1:.
console# show rmon history 1 throughput
Sample Set: 1
Owner: CLI
Interface: g11
Interval: 1800
Requested samples: 50
Granted samples: 50
Maximum table size: 500

Time
Octets
------------------
Packets
Broadcast
Multicast
--------- -------
----------
---------
-----
Jan 18 2004 21:57:00
303595962 357568
3289
7287
19.98%
Jan 18 2004 21:57:30
287696304 275686
2789
2789
20.17%
Defining Ethernet Switch Module RMON Events

The RMON Events Control page contains fields for defining RMON events. To open the RMON
Events Control page, click Statistics/RMON RMON Events Control in the tree view.
276
Viewing Statistics
Figure 8-119.
RMON Events Control
Event Entry The event.

Community User defined community to which the event belongs.
Description User-defined event description.
Type Describes the event type. Possible values are:
Log Event type is a log entry.
Trap Event type is a trap.
Log and Trap Event type is both a log entry and a trap.
None There is no event.
Time Time when the event occurred for example 29 March 2004 at 11:00am is displayed as
29/03/2004 11:00:00.
Owner The Ethernet Switch Module or user that defined the event.
Remove When selected, removes the event from the RMON Events Table.
Adding an RMON Event
1
Open the RMON Events Control page.
Click Add.
The Add an Event Entry page opens.
Viewing Statistics
277
Complete the information in the dialog and click Apply Changes.

The event entry is added, and the Ethernet Switch Module is updated.
Modifying an RMON Event

1
Open the RMON Events Control page
Select an entry in the Event Entry Field.
Modify the fields in the dialog and click Apply Changes.

The event entry is modified, and the Ethernet Switch Module is updated.
Deleting RMON Event Entries

1
Open the RMON Events Control page.
Click Show All.

The Events Table page opens.
Select Remove for the event(s) that need to be deleted and then click Apply Changes.
The selected table entry is deleted, and the Ethernet Switch Module is updated.
NOTE: A single event entry can be removed from the RMON Events Control page by selecting the
Remove check box on that page.
Defining RMON Events Using the CLI Commands
The following table summarizes the equivalent CLI commands for defining RMON events.
Table 8-82. RMON Event Definition CLI Commands
CLI Command
Description
rmon event index type [community Configures RMON events.

text] [description text] [owner
name]
show rmon events
278
Viewing Statistics
Displays RMON event table.

console(config)# rmon event 1 log description error owner cli
console# show rmon events
Index
Description
Type
Community
Owner
Last time sent
-----
-----------
--------
---------
-------
--------------------
Errors
Log
CLI
Jan 18 2002 23:58:17
High Broadcast Log-Trap
Manager
Jan 18 2002 23:59:48
router
Viewing the RMON Events Log

The RMON Events Log page contains a list of RMON events. To open the RMON Events Log
page, click Statistics/RMON RMON Events Log in the tree view.
Figure 8-120.
RMON Events Log
Event The RMON Events Log entry number.

Log No. The log number.
Viewing Statistics
279
Log Time Time when the log entry was entered.

Description Describes the log entry.
Defining RMON Events Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing Ethernet Switch
Module RMON events.
Table 8-83. RMON Event Definition CLI Commands
CLI Command
Description
show rmon log [event]
Displays the RMON logging table.
console# show rmon log

Maximum table size: 500 (800 after reset)
Event
Description
Time
-------
--------------
---------
Errors
Jan 18 2002 23:48:19
Errors
Jan 18 2002 23:58:17
High Broadcast
Jan 18 2002 23:59:48
Defining RMON Ethernet Switch Module Alarms

The RMON Alarms page contains fields for setting network alarms. Network alarms occur when a
network problem, or event, is detected. Rising and falling thresholds generate events. To open the
RMON Alarms page, click Statistics/RMON RMON Alarms in the tree view.
280
Viewing Statistics
Figure 8-121.
RMON Alarms
Alarm Entry Indicates a specific alarm.

Interface The interface for which RMON statistics are displayed.
Counter Name The selected MIB variable.
Counter Value The value of the selected MIB variable.
Sample Type Specifies the sampling method for the selected variable and comparing the value
against the thresholds. The possible field values are:
Delta Subtracts the last sampled value from the current value. The difference in the values
is compared to the threshold.
Absolute Compares the values directly with the thresholds at the end of the sampling
interval.
Rising Threshold The rising counter value that triggers the rising threshold alarm. The rising
threshold is presented on top of the graph bars. Each monitored variable is designated a color.
Rising /Falling Event The mechanism in which the alarms are reported LOG, TRAP, or a
combination of both. When LOG is selected, there is no saving mechanism either in the Ethernet
Switch Module or in the management system. However, if the Ethernet Switch Module is not
being reset, it remains in the Ethernet Switch Module LOG table. If TRAP is selected, an SNMP
trap is generated and reported via the traps general mechanism. The TRAP can be saved using the
same mechanism.
Viewing Statistics
281
Falling Threshold The falling counter value that triggers the falling threshold alarm. The falling
threshold is graphically presented on the bottom of the graph bars. Each monitored variable is
designated a color.
Startup Alarm The trigger that activates the alarm generation. Rising is defined by crossing the
threshold from a low-value threshold to a higher-value threshold.
Interval (Sec) Alarm interval time.
Owner Ethernet Switch Module or user that defined the alarm.
Remove When selected, removes an RMON Alarm.
Adding an Alarm Table Entry
1
Open the RMON Alarms page.
Click Add.
The Add an Alarm Entry page opens:
Figure 8-122. Add an Alarm Entry
Select an interface.

The RMON alarm is added, and the Ethernet Switch Module is updated.
Modifying an Alarm Table Entry
282
Select an entry in the Alarm Entry drop-down menu.
Viewing Statistics
Modify the fields in the dialog as required.

The entry is modified, and the Ethernet Switch Module is updated.
Displaying the Alarm Table

1
Click Show All.

The Alarms Table page opens.
Deleting an Alarm Table Entry

1
Select an entry in the Alarm Entry drop-down menu.

The selected entry is deleted, and the Ethernet Switch Module is updated.
Defining RMON Alarms Using the CLI Commands
The following table summarizes the equivalent CLI commands for defining RMON alarms.
Table 8-84.
RMON Alarm CLI Commands
CLI Command
Description
rmon alarm index variable interval

Configures RMON alarm conditions.
rthreshold fthreshold revent fevent
[type type] [startup direction] [owner
name]
show rmon alarm-table
Displays summary of the alarm table.
show rmon alarm
Displays RMON alarm configuration.
Viewing Statistics
283

console(config)# rmon alarm 1000 dell 360000 1000000 1000000 10
20
console# show rmon alarm-table
Index
OID
Owner
------
------------------- --------------
1.3.6.1.2.1.2.2.1.1 CLI
0.1
1.3.6.1.2.1.2.2.1.1 Manager
0.1
1.3.6.1.2.1.2.2.1.1 CLI
0.9
console# show rmon alarm 2

Alarm Index 2 not found.
console# show rmon alarm 1
Alarm 1
------------OID: 1.3.6.1.2.1.2.2.1.11.1
Last Sample Value: 0
Interval: 100
Sample Type: absolute
Startup Alarm: rising-falling
Rising Threshold : 100
Falling Threshold : 20
Rising Event: 1
Falling Event: 1
Owner: super
284
Viewing Statistics
Viewing Charts
The Chart page contains links for displaying statistics in a chart form. To open the page, click
Statistics/RMON Charts in the tree view.
Viewing Port Statistics

The Port Statistics page contains fields for opening statistics in a chart form for port elements. To
open the Port Statistics page, click Statistics/RMON Charts Ports in the tree view.
Figure 8-123.
Port Statistics
Interface Statistics Selects the type of interface statistics to open.

Etherlike Statistics Selects the type of Etherlike statistics to open.
RMON Statistics Selects the type of RMON statistics to open.
GVRP Statistics Selects the type of GVRP statistics to open.
Displaying Port Statistics
1
Open the Port Statistics page.
Select the statistic type to open.
Select the desired refresh rate from the Refresh Rate drop-down menu.
Viewing Statistics
285
Click Draw.
The graph for the selected statistic is displayed.
Viewing Port Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing port statistics.
Port Statistic CLI Commands
CLI Command
Description

interface | port-channel port-channelnumber]

interface.
show rmon statistics {ethernet interface | Displays RMON Ethernet

port-channel port-channel-number}
statistics.
show gvrp statistics {ethernet interface | Displays GVRP statistics.
show gvrp error-statistics {ethernet
interface | port-channel port-channelnumber}
The following is an example of the CLI commands
console# show gvrp error-statistics

GVRP Error Statistics:
---------------------Legend:
INVPROT
: Invalid Protocol Id
INVATYP
: Invalid Attribute Type
INVAVAL
: Invalid Attribute Value INVEVENT: Invalid Event
Port
INVALEN : Invalid Attribute Length
INVPROT INVATYP INVAVAL INVALEN INVEVENT
-------- ------- ------- ------- ------- --------
Viewing LAG Statistics

The LAG Statistics page contains fields for opening statistics in a chart form for LAGs. To open
the LAG Statistics page, click Statistics/RMON Charts LAGs in the tree view.
286
Viewing Statistics
Figure 8-124.
LAG Statistics
Interface Statistics Selects the type of interface statistics to open.

Etherlike Statistics Selects the type of Etherlike statistics to open.
RMON Statistics Selects the type of RMON statistics to open.
GVRP Statistics Selects the type of GVRP statistics to open.
Displaying LAG Statistics
1
Open the LAG Statistics page.
Select the statistic type to open.
Select the desired refresh rate from the Refresh Rate drop-down menu.
Click Draw.
The graph for the selected statistic is displayed.
Viewing LAG Statistics Using the CLI Commands
The following table summarizes the equivalent CLI commands for viewing LAG statistics.
Viewing Statistics
287
Table 8-85. LAG Statistic CLI Commands

CLI Command
Description

interface | port-channel port-channelnumber]

interface.
show rmon statistics {ethernet interface | Displays RMON Ethernet

statistics.
show gvrp statistics {ethernet interface | Displays GVRP statistics.
show gvrp error-statistics {ethernet
interface | port-channel port-channelnumber}
The following is an example of the CLI commands
console# show gvrp statistics

GVRP statistics:
---------------rJE : Join Empty Received
rJIn : Join In Received
rEmp : Empty Received
rLIn : Leave In Received
rLE : Leave Empty Received
rLA : Leave All Received
sJE : Join Empty Sent
sJIn : Join In Sent
sEmp : Empty Sent
sLIn : Leave In Sent
sLE : Leave Empty Sent
sLA : Leave All Sent
Port rJE
rJIn
rEmp
rLIn
rLE
rLA
sJE
sJIn
sEmp
sLIn sLE
sLA
---- ---
----
----
----
---
---
---
----
----
---- ---
---
g11
g12
g13
g14
g15
g16
288
Viewing Statistics

This section provides information for defining and configuring Quality of Service (QoS)
parameters. To open the view, click Quality of Service in the tree view.
Quality of Service (QoS) Overview

Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a
network.
An implementation example that requires QoS includes certain types of traffic such as Voice, Video
and real-time traffic, which can be assigned a high priority queue, while other traffic can be
assigned a lower priority queue. The result is an improved traffic flow for traffic with high demand.
QoS is defined by:
Classification Specifies which packet fields are matched to specific values. All packets
matching the user-defined specifications are classified together.
Action Defines traffic management where packets being forwarded are based on packet
information, and packet field values such as VLAN priority (VPT) and DSCP (DiffServ Code
Point).
VPT Tag Classification Information
VLAN Priority Tags are used to classify the packets by mapping packets to one of the egress queues.
VLAN Priority Tag to queue assignments are user-definable. The table below details the VPT to
queue default settings:
Table 9-86.
CoS to Queue Mapping Table Default values
CoS Value
Forwarding Queue Values
q2 (Best Effort)
q1 (Lowest Priority)
q2 ( Best Effort)
q3
q3
q4 (Highest Priority)
289
Table 9-86. CoS to Queue Mapping Table Default values

CoS Value
Forwarding Queue Values
Packets arriving untagged are assigned a default VPT value, which is set on a per port basis. The
assigned VPT is used to map the packet to the egress queue.
DSCP values can be mapped to priority queues. The following table contains the default DSCP
mapping to egress queue values:
Table 9-87. DSCP to Queue Mapping Table Default Values
D S C P Va l u e
Fo r w a r d i n g Q u e u e Va l u e s
0-15
16-31
q2
32-47
q3
48-63
DSCP mapping is enabled on a per-system basis.
CoS Services
After packets are assigned to a specific egress queue, CoS services can be assigned to the queue(s).
Egress queues are configured with a scheduling scheme by one of the following methods:
Strict Priority Ensures that time-sensitive applications are always forwarded. Strict Priority
(SP) allows the prioritization of mission-critical, time-sensitive traffic over less time-sensitive
applications.
For example, under Strict Priority, voice over IP traffic is forwarded before FTP or e-mail
(SMTP) traffic.
Weighted Round Robin Ensures that a single application does not dominate the Ethernet
Switch Module forwarding capacity. Weighted Round Robin (WRR) forwards entire queues
in a Round Robin order. All queues can participate in WRR, with expect SP queues.
SP queues are serviced before WRR queues. If the traffic flow is minimal, and SP queues do
not occupy the whole bandwidth allocated to a port, the WRR queues can share the
bandwidth with the SP queues. Ensuring the remaining bandwidth is distributed according to
the weight ratio.
Defining CoS Global Parameters

Class of Service global parameters are set from the CoS Global Parameter pages.
290
Configuring QoS Global Settings

The QoS Global Settings page contains fields for enabling or disabling QoS. In addition, the Trust
mode can be selected. The Trust mode relies on predefined fields within the packet to determine
the egress queue. To open the QoS Global Settings page, click Quality of Service QoS Global
Parameters QoS Settings in the tree view.
Figure 9-125.
QoS Global Settings
Quality of Service Enables or disables managing network traffic using Quality of Service.
Trust Mode Determines which packet fields are used to classify packets entering the Ethernet
Switch Module. When no rules are defined, the traffic containing the predefined CoS or DSCP
packet field is mapped according to the selected trust mode. Traffic not containing a predefined
packet field is mapped to the best effort queue (q2). The possible Trust Mode field values are:
CoS The egress queue assignment is determined by the IEEE802.1p VLAN priority tag
(VPT) or by the default VPT assigned to a port. The Ethernet Switch Module default is the
IEEE802.1p.
DSCP The egress queue assignment is determined by the DSCP field.
NOTE: The interface Trust settings overrides the global Trust setting.
Enabling Quality of Service:
1
Open the QoS Global Settings page.
291
Select Enable in the Quality of Service field.

Class of Service is enabled on the Ethernet Switch Module.
Enabling the Trus Modet:

1
Open the QoS Global Settings page.
Define the Trust Mode field.

Trust mode is enabled on the Ethernet Switch Module.
Enabling Trust Using the CLI Commands
The following table summarizes the equivalent CLI commands for configuring fields in the QoS
Global Settings page.
Table 9-88. CoS Setting CLI Commands
CLI Command
Description
qos trust [cos | dscp]
Configures the system to trust mode.
no qos trust
Returns to the non-trusted state.

console(config)# qos trust dscp
Defining QoS Interface Settings

The Interface Settings page contains fields for deactivating the Trust mode, and setting the default
CoS value on incoming untagged packets. To open the Interface Settings page, click Quality of
Service QoS Global Parameters Interface Settings in the tree view.
292
Figure 9-126.
Interface Settings
Interface The specific port or LAG to configure.

Disable "Trust" Mode on Interface Disables Trust mode on the specified interface. This setting
overrides the Trust mode configured on the Ethernet Switch Module globally.
Set Default CoS For Incoming Traffic To Sets the default CoS tag value for untagged packets.
The CoS tag values are 0-7. The default value is 0.
Assigning QoS settings for an interface:
1
Open the Interface Settings page.
Define the fields.

The CoS settings are assigned to the interface.
Displaying QoS/CoS settings:

1
Open the Interface Settings page.
Click Show All.

The Interface Table is displayed.
293
Assigning CoS Interfaces Using the CLI Commands
The following table summarizes the equivalent CLI commands for configuring fields in the
Interface Settings page.
Table 9-89. CoS Interface CLI Commands
CLI Command
Description
qos trust
Enables the trust mode.
no qos trust
Disables Trust state on each port.

console(config-if)# qos trust
Defining Queue Settings

The Global Queue Settings page contains fields for configuring the scheduling method by which
the queues are managed. SP queues have priority over WRR, and where the traffic is low, WRR
shares the bandwidth with SP, occupying the remaining bandwidth according to the weight ratio.
To open the Global Queue Settings page, click Quality of Service QoS Global Parameters
Queue Settings in the tree view.
294
Figure 9-127.
Queue The Queue number.

Strict Priority Specifies if traffic scheduling is based strictly on the queue priority. This is the
default value for queues.
WRR Specifies if traffic scheduling is based on the Weighted Round Robin (WRR) weights to
assigned egress queues.
WRR Weight (0-255) Assigns WRR weights to queues. This field is enabled only for queues in
WRR queue mode. If a queue is set to 0 weight, the queue is not operational and is effectively
closed. Each queue has a weight range, queues 1-3 have the range 0-255, and queue 4 has the range
1-255.
% of WRR Bandwidth The percentage translation of the weight defined in the WRR Weight
field.
Defining the Queue Settings
1
Open the Global Queue Settings page.
Define the fields.

The queue settings are defined, and the Ethernet switch module is updated.
295
Assigning Queue Setting Using the CLI Commands
The following table summarizes the equivalent CLI commands for configuring fields in the Global
Queue Settings page.
Table 9-90. Queue Settings CLI Commands
CLI Command
Description
priority-queue out num-of-queues
Defines the number of queues used as

SP queues.
wrr-queue bandwidth weight1 weight2 . Assigns Weighted Round Robin (WRR)

weight_n
weights to egress queues.
show qos interface [ethernet interface- Displays interface QoS data.
number] [queuing]
console(config)# wrr-queue bandwidth 10 20 30 40

Console# show qos interface ethernet g11 queueing
Ethernet g11
wrr bandwidth weights and EF priority:
296
qid
weights
Ef
Priority
-----
--------
-----
----------
125
Disable
N/A
125
Disable
N/A
125
Disable
N/A
125
Disable
N/A
Cos queue map:

Cos qid
0
Mapping CoS Values to Queues

The CoS to Queue Mapping Table page contains fields for classifying CoS settings to traffic
queues. To open the CoS to Queue Mapping Table page, click Quality of Service QoS Global
Parameters CoS to Queue in the tree view.
297
Figure 9-128. CoS to Queue Mapping Table
Class of Service Specifies the CoS priority tag values, where zero is the lowest and 7 is the
highest.
Queue The queue to which the CoS priority is mapped. Four traffic priority queues are
supported.
Restore Defaults Restores the Ethernet Switch Module factory defaults for mapping CoS values
to an egress queue.
Mapping a CoS value to a Queue
1
Open the CoS to Queue Mapping Table page.
Select a CoS entry.
Define the queue number in the Queue field.

The CoS value is mapped to an egress queue, and the Ethernet Switch Module is updated.
Assigning CoS Values to Queues Using the CLI Commands
The following table summarizes the equivalent CLI commands for configuring fields in the CoS to
Queue Mapping Table page.
298
Table 9-91.
CoS to Queue Settings CLI Commands
CLI Command
Description
wrr-queue cos-map queue-id

cos0..cos7
Maps assigned CoS values to the egress

queues.

console(config)# wrr-queue cos-map 4 7
Mapping DSCP Values to Queues

The DSCP to Queue Mapping page provides fields for defining egress queue to specific DSCP
fields. To open the DSCP to Queue Mapping page, click Quality of Service QoS Global
Parameters DSCP to Queue in the tree view.
NOTE: For the list of the DSCP default queue settings, see "DSCP to Queue Mapping Table Default
Values" on page 290.
Figure 9-129.
DSCP to Queue Mapping
DSCP In The values of the DSCP field within the incoming packet.
299
Queue The queue to which packets with the specific DSCP value is assigned. The values are 14, where 1 is the lowest value and 4 is the highest.
Mapping a DSCP value and assigning priority queue:
1
Open the DSCP to Queue Mapping page.
Select a value in the DSCP In column.
Define the Queue fields.

The DSCP is overwritten, and the value is assigned an egress queue.
Assigning DSCP Values Using the CLI Commands
The following table summarizes the equivalent CLI commands for configuring fields in the DSCP
to Queue Mapping page.
Table 9-92. DSCP Value to Queue CLI Commands
CLI Command
Description
qos map dscp-queue dscp-list

to queue-id
Modifies the DSCP to queue mapping.

console(config)# qos map dscp-queue 33 40 41 to 1
300
Ethernet Switch Module Specifications

This appendix includes the information regarding the Ethernet Switch Module.
Feature Specifications
VLAN
VLAN support for Tagging and Port Based as per IEEE 802.1Q
Up to 4094 VLANs Supported
Reserved VLANs for internal system use
Dynamic VLANs with GVRP support
Protocol based VLANs
Quality of Service
Layer 2 Trust Mode (IEEE 802.1p tagging)
Layer 3 Trust Mode (DSCP)
Adjustable Weighted Round Robin (WRR)
Adjustable Strict Priority
Layer 2 Multicast
Dynamic Multicast Support - upto 63 Multicast groups supported in IGMP Snooping or

static Multicast
Ethernet Switch Module Security
Switch access password protection
Port-based MAC Address alert and lock-down
RADIUS remote authentication for switch management access
TACACS+
Management access filtering via Management Access Profiles
SSH/SSL Management Encryptions
301
Additional Switching Features
Link Aggregation with support for up to six Aggregated Links per Ethernet Switch Module
and up to six Ports per aggregated link (IEEE 802.3ad)
LACP Support
Supports Jumbo Frames up to 10K
Broadcast Storm Control
Port Mirroring
302
Web Based Management Interface
CLI Accessibility via Telnet
SNMPv1 and SNMP v2 are supported
4 RMON Groups Supported
TFTP Transfers of Firmware and Configuration Files
Dual Firmware Images On-Board
Multiple Configuration File Upload/Download Supported
Statistics for Error Monitoring and Performance Optimization
BootP/DHCP IP Address Management Supported
Syslog Remote Logging Capabilities
SNTP Support
Layer 3 Traceroute
Telnet Client
DNS Client
Glossary
This glossary contains key technical words of interest.
A
Access Mode
Specifies the method by which user access is granted to the system.
Access Profiles
Allows network managers to define profiles and rules for accessing the switch module. Access to management
functions can be limited to user groups, which are defined by the following criteria:
Ingress interfaces
Source IP address or Source IP subnets
Aggregated VLAN
Groups several VLANs into a single aggregated VLAN. Aggregating VLANs enables routers to respond to ARP
requests for nodes located on different sub-VLANs belonging to the same Super VLAN. Routers respond with
their MAC address.
ARP
Address Resolution Protocol. A TCP/IP protocol that converts IP addresses into physical addresses.
ASIC
Application Specific Integrated Circuit. A custom chip designed for a specific application.
Asset Tag
Specifies the user-defined switch module reference.
Sets of rules which that enables login to and authentication of users and applications.
Glossary
303
Auto-negotiation
Allows 10/100 Mpbs or 10/100/1000 Mbps Ethernet ports to establish for the following features:
Duplex/ Half DuplexMode
Flow Control
Speed
Back Pressure
A mechanism used with Half Duplexmode that enables a port not to receive a message.
Backplane
The main BUS that carries information in the switch module.

Backup Configuration Files
Contains a backup copy of the switch module configuration. The Backup file changes when the Running
Configuration file or the startup configuration file is copied to the Backup file.
Bandwidth
Bandwidth specifies the amount of data that can be transmitted in a fixed amount of time. For digital switch
modules, bandwidth is defined in Bits per Second (bps) or Bytes per Second.
Bandwidth Assignments
The amount of bandwidth assigned to a specific application, user, or interface.
Baud
The number of signaling elements transmitted each second.
Best Effort
Traffic is assigned to the lowest priority queue, and packet delivery is not guaranteed.
Boot Version
The boot version.
BootP
Bootstrap Protocol. Enables a workstation to discover its IP address, an IP address of a BootP server on a network,
or a configuration file loaded into the boot of a switch module.
BPDU
Bridge Protocol Data Unit. Provide bridging information in a message format. BPDUs are sent across switch
module information with in Spanning Tree configuration. BPDU packets contain information on ports,
addresses, priorities, and forwarding costs.
304
Glossary
Bridge
A Ethernet switch module that connect two networks. Bridges are hardware specific, however they are protocol
independent. Bridges operate at Layer 1 and Layer 2 levels.
Broadcast Domain
Ethernet switch module sets that receive broadcast frames originating from any Ethernet switch module within
a designated set. Routers bind Broadcast domains, because routers do not forward broadcast frames.
Broadcasting
A method of transmitting packets to all ports on a network.
Broadcast Storm
An excessive amount of broadcast messages simultaneously transmitted across a network by a single port.
Forwarded message responses are heaped onto the network, overloading network resources or causing the
network to time out.
For more information about broadcast storms, see "Defining LAG Parameters."
C
CDB
Configuration Data Base. A file containing a Ethernet switch module s configuration information.
Class of Service
Class of Service (CoS). Class of Service is the 802.1p priority scheme. CoS provides a method for tagging packets
with priority information. A CoS value between 0-7 is added to the Layer II header of packets, where zero is the
lowest priority and seven is the highest.
A overlapping transmission of two or more packets that collide. The data transmitted cannot be used, and the
session is restarted.
CLI
Command Line Interface. A set of line commands used to configure the system. For more information on using
the CLI, see Using the CLI.
Communities
Specifies a group of users which retains the same system access rights.
CPU
Central Processing Unit. The part of a computer that processes information. CPUs are composed of a control
unit and an ALU.
D
DHCP Client
An Internet host using DHCP to obtain configuration parameters, such as a network address.
Glossary
305
DSCP
DiffServe Code Point (DSCP). DSCP provides a method of tagging IP packets with QoS priority information.
Domain
A group of computers and Ethernet switch modules on a network that are grouped with common rules and
procedures.
DRAC/MC
Dell Remote Access Controller / Modular Chassis (DRAC/MC). Provides a single point of control for Dell
Modular Server System components.
Duplex Mode
Permits simultaneous transmissions and reception of data. There are two different types of duplex mode:
Full DuplexMode Permits for bisynchronous communication, for example, a telephone. Two parties can
transmit information at the same time.
Half DuplexMode Permits asynchronous communication, for example, a walkie-talkie. Only one party
can transmit information at a time.
Egress Ports
Ports from which network traffic is transmitted.
End System
An end user Ethernet switch module on a network.
Ethernet
Ethernet is standardized as per IEEE 802.3. Ethernet is the most common implemented LAN standard.
Supports data transfer rates of Mpbs, where 10, 100 or 1000 Mbps is supported.
EWS
Embedded Web Server. Provides Ethernet switch module management via a standard web browser. Embedded
Web Servers are used in addition to or in place of a CLI or NMS.
F
FFT
Fast Forward Table. Provides information about forwarding routes. If a packet arrives to a Ethernet switch module
with a known route, the packet is forwarded via a route listed in the FFT. If there is not a known route, the CPU
forwards the packet and updates the FFT.
FIFO
First In First Out. A queuing process where the first packet in the queue is the first packet out of the packet.
306
Glossary
Flapping
Flapping occurs when an interfaces state is constantly changing. For example, an STP port constantly changes
from listening to learning to forwarding. This may cause traffic loss.
Flow Control
Enables lower speed Ethernet switch modules to communicate with higher speed Ethernet switch module s, that
is, that the higher speed Ethernet switch module refrains from sending packets.
Fragment
Ethernet packets smaller than 576 bits.
Frame
Packets containing the header and trailer information required by the physical medium.
G
GARP
General Attributes Registration Protocol. Registers client stations into a Multicast domain.
Gigabit Ethernet
Gigabit Ethernet transmits at 1000 Mbps, and is compatible with existing 10/100 Mbps Ethernet standards.
GVRP
GARP VLAN Registration Protocol. Registers client stations into a VLANs.
H
HOL
Head of Line. Packets are queued. Packets at the head of the queue are forwarded before packets at the end of the
line.
Host
A computer that acts as a source of information or services to other computers.
HTTP
HyperText Transport Protocol. Transmits HTML documents between servers and clients on the internet.
I
IC
Integrated Circuit. Integrated Circuits are small electronic Ethernet switch modules composed from
semiconductor material.
Glossary
307
ICMP
Internet Control Message Protocol. Allows gateway or destination host to communicate with a source host, for
example, to report a processing error.
IEEE
Institute of Electrical and Electronics Engineers. An Engineering organization that develops communications and
networking standards.
IEEE 802.1d
Used in the Spanning Tree Protocol, IEEE 802.1d supports MAC bridging to avoid network loops.
IEEE 802.1p
Prioritizes network traffic at the data-link/MAC sublayer.
IEEE 802.1Q
Defines the operation of VLAN Bridges that permit the definition, operation, and administration of VLANs
within Bridged LAN infrastructures.
Image File
System images are saved in two Flash sectors called images (Image 1 and Image 2). The active image stores
the active copy; while the other image stores a second copy.
Ingress Port
Ports on which network traffic is received.
IP
Internet Protocol. Specifies the format of packets and there addressing method. IP addresses packets and forwards
the packets to the correct port.
IP Address
Internet Protocol Address. A unique address assigned to a network Ethernet switch module with two or more
interconnected LANs or WANs.
IPX
Internetwork Packet Exchange. Transmits connectionless communications.
J
Jumbo Frames
Enables transporting the identical data in fewer frames. Jumbo Frames reduce overhead, lower processing time,
and ensures fewer interrupts.
308
Glossary
LAG
Link Aggregated Group. Aggregates ports or VLANs into a single virtual port or VLAN.
For more information on LAGs, see Defining LAG Membership.
LAN
Local Area Networks. A network contained within a single room, building, campus or other limited geographical
area.
Layer 2
Data Link Layer or MAC Layer. Contains the physical address of a client or server station. Layer 2 processing is
faster than Layer 3 processing because there is less information to process.
Layer 4
Establishes a connections and ensures that all data arrives to their destination. Packets inspected at the Layer 4
level are analyzed and forwarding decisions based on their applications.
Load Balancing
Enables the even distribution of data or processing packets across available network resources. For example, load
balancing may distribute the incoming packets evenly to all servers, or redirect the packets to the next available
server.
M
MAC Address
Media Access Control Address. The MAC Address is a hardware specific address that identifies each network
node.
MAC Address Learning
MAC Address Learning characterizes a learning bridge, in which the packets source MAC address is recorded.
Packets destined for that address are forwarded only to the bridge interface on which that address is located.
Packets addressed to unknown addresses are forwarded to every bridge interface. MAC Address Learning
minimizes traffic on the attached LANs.
MAC Layer
A sub-layer of the Data Link Control (DTL) layer.
Mask
A filter that includes or excludes certain values, for example parts of an IP address.
For example, Unit 2 is inserted in the first minute of a ten-minute cycle, and Unit 1 is inserted in fifth minute of
the same cycle, the units are considered the same age.
Glossary
309
MD5
Message Digest 5. An algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4
security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
MDI
Media Dependent Interface. A cable used for end stations.
MDIX
Media Dependent Interface with Crossover (MDIX). A cable used for hubs and switches.
MIB
Management Information Base. MIBs contain information describing specific aspects of network components.
Multicast
Transmits copies of a single packet to multiple ports.
N
NMS
Network Management System. An interface that provides a method of managing a system.
Node
A network connection endpoint or a common junction for multiple network lines. Nodes include:
Processors
Controllers
Workstations
OID
Object Identifier. Used by SNMP to identify managed objects. In the SNMP Manager/ Agent network
management paradigm, each managed object must have an OID to identify it.
P
Packets
Blocks of information for transmission in packet switched systems.
PDU
Protocol Data Unit. A data unit specified in a layer protocol consisting of protocol control information and layer
user data.
310
Glossary
PING
Packet Internet Groper. Verifies if a specific IP address is available. A packet is sent to another IP address and waits
for a reply.
Port
Physical ports provide connecting components that allow microprocessors to communicate with peripheral
equipment.
Port Mirroring
Monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to
a monitoring port.
For more information on port mirroring, see "Defining Port Mirroring Sessions."
Port Speed
Indicates port speed of the port. Port speeds include:
Ethernet 10 Mbps
Fast Ethernet 100Mbps
Gigabit Ethernet 1000 Mbps
Protocol
A set of rules that governs how Ethernet switch modules exchange information across networks.
Q
QoS
Quality of Service. QoS allows network managers to decide how and what network traffic is forwarded according
to priorities, application types, and source and destination addresses.
Query
Extracts information from a database and presents the information for use.
R
RADIUS
Remote Authentication Dial-In User Service. A method for authenticating system users, and tracking connection
time.
RMON
Remote Monitoring. Provides network information to be collected from a single workstation.
Router
A Ethernet switch module that connects to separate networks. Routers forward packets between two or more
networks. Routers operate at a Layer 3 level.
Glossary
311
RSTP
Rapid Spanning Tree Protocol. Detects and uses network topologies that allow a faster convergence of the
spanning tree, without creating forwarding loops.
Running Configuration File
Contains all startup configuration file commands, as well as all commands entered during the current session.
After the switch module is powered down or rebooted, all commands stored in the Running Configuration file
are lost.
S
Segmentation
Divides LANs into separate LAN segments for bridging. Segmentation eliminates LAN bandwidth limitations.
Server
A central computer that provides services to other computers on a network. Services may include file storage and
access to applications.
SNMP
Simple Network Management Protocol. Manages LANs. SNMP based software communicates with network
Ethernet switch modules with embedded SNMP agents. SNMP agents gather network activity and Ethernet
switch module status information, and send the information back to a workstation.
SNTP
Simple Network Time Protocol. SNTP assures accurate network switch clock time synchronization up to the
millisecond.
SoC
System on a Chip. An ASIC that contains an entire system. For example, a telecom SoC application can contain
a microprocessor, digital signal processor, RAM, and ROM.
Spanning Tree Protocol
Prevents loops in network traffic. The Spanning Tree Protocol (STP) provides tree topography for any
arrangement of bridges. STP provides one path between end stations on a network, eliminating loops.
SSH
Secure Shell. Permits logging to another computer over a network, execute commands on a remote machine, and
move files from one machine to another. Secure Shell provides strong authentication and secure
communications methods over unsecure channels.
Startup Configuration
Retains the exact switch module configuration when the switch module is powered down or rebooted.
312
Glossary
Subnet
Sub-network. Subnets are portions of a network that share a common address component. On TCP/IP networks,
Ethernet switch modules that share a prefix are part of the same subnet. For example, all Ethernet switch
modules with a prefix of 157.100.100.100 are part of the same subnet.
Subnet Mask
Used to mask all or part of an IP address used in a subnet address.
Switch
Filters and forwards packets between LAN segments. Switches support any packet protocol type.
T
TCP/IP
Transmissions Control Protocol. Enables two hosts to communicate and exchange data streams. TCP guarantees
packet delivery, and guarantees packets are transmitted and received in the order their sent.
Telnet
Terminal Emulation Protocol. Enables system users to log in and use resources on remote networks.
TFTP
Trivial File Transfer Protocol. Uses User Data Protocol (UDP) without security features to transfer files.
Trap
A message sent by the SNMP that indicates that system event has occurred.
Trunking
Link Aggregation. Optimizes port usage by linking a group of ports together to form a single trunk (aggregated
groups).
U
UDP
User Data Protocol. Transmits packets but does not guarantee their delivery.
Unicast
A form of routing that transmits one packet to one user.
V
VLAN
Virtual Local Area Networks. Logical subgroups with a Local Area Network (LAN) created via software rather
than defining a hardware solution.
Glossary
313
WAN
Wide Area Networks. Networks that cover a large geographical area.
Wildcard Mask
Specifies which IP address bits are used, and which bits are ignored. A wild switch module mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two
bits of the IP address are used, while the last two bits are ignored.
314
Glossary
Index
Numerics
BPDU, 304
Default settings, 164
802.1d, 13
Bridge Protocol Data

Unit, 304
Defining device
information, 67
Broadcast, 79-81, 89
Device representation, 58
Buttons, 60
Device view, 57-58
802.1Q, 13, 226, 228
A
Access mode, 152
Access profiles, 121
ACE, 303
Address Resolution
Protocol, 15, 115, 303
DHCP, 15
C
Cables, 118-119
CIDR, 305
Class of Service, 13
Dimensions, 19
DNS, 108
Domain Name System, 108
Downloading files, 161
Downloading software, 158
Aggregated link, 237
CLI, 16
AH, 303
CLI Examples, 65
Alert, 92
Command Line Interface, 16
Anycast, 79-81, 89
Command Mode Overview, 62
ARP, 15, 115-116, 118, 303
Communities, 153
Asset, 67, 69
Community table, 151
Authentication Profiles, 130131
Configuration, 40
Configuration file, 160
EAP, 17, 169
Authentication profiles, 128
Configuring ARP, 113
Emergency, 92
Authentication Trap, 155
Console, 93, 131
Enable, 128, 141
Auto-Negotiation, 37
CoS, 13, 293
EPG, 307
Critical, 92
Error, 92
DSCP, 289, 305

DVMRPl, 305
Dynamic Address List, 202
Dynamic Address Table, 203
Ethernet, 231
B
Backup file, 159
BGP, 304
Debug, 92
BootP, 304
Default Gateway, 102-103
Extensible Authentication
Protocol, 17, 169
Index
315
316
Index
HTTP, 121
Fast Link, 14
HTTPS, 121
L2TP, 309
Fast link, 211

File Transfer Protocol, 308
Filtering, 226, 229, 242
Firmware, 160
Flow Control, 38
FTP, 308
LACP, 238
I
ICMP, 308
IDRP, 308
IEEE, 308
IEEE 802.1d, 308
IEEE 802.1p, 309
LAG, 309
LAGs, 248
LCP, 218
Light Emitting Diodes, 20
Line, 128
Line Passwords, 137
Link Control Protocol, 218
IEEE 802.1Q, 309
GARP, 204-205, 308
IEEE 802.1Q-, 13
GARP VLAN Registration

Protocol, 13, 308
IGMP, 309
Gateway, 102
Image, 309
GBIC, 308
Image 1, 309
General Attributes
Registration Protocol, 308
Image 2, 309
Generic Attribute
Registration Protocol, 204
Ingress, 309
GRE, 308
Interface mode, 64
MAC Address, 310
GVRP, 13, 235, 261, 264, 308
Internetwork Packet
Exchange, 309
MAC address, 199
GVRP Parameters Page, 234
iles, 159
IP, 309
IPM, 309
Hardware version, 77
IPX, 309
Hash, 80
ISIS, 309
Height, 19
HOL, 308
316
Index
Locked ports, 181

Log, 90
Log file, 93
Logs, 90, 96
Loops, 206
Informational, 92
IP addresses, 103
HMP, 308
Local User Database, 135
J
Jumbo frames, 309
MAC addresse, 199

MAC addresses, 178
MAN, 310
Management Access
Lists, 121
Management Access
Methods, 131
Management Information
Base, 151
Management Information
Base., 310
Management methods, 123
Management security, 121
Master Election/Topology
Discovery Algorithm, 310
MD5, 80, 310
MDI, 11, 184, 310
MDI/MDIX, 38
MDIX, 11, 184, 310
MDU, 310
Message, 80
Message Digest 5, 310
Message digest 5, 80
Reset, 78, 102
Package Contents, 24
RFC1042, 231
Package contents, 24
RMON, 268-269, 272, 274,

312
Passwords, 61, 141

PDU, 311
PING, 311
Port aggregation, 237
Port LEDs, 20
Ports, 59, 182, 286
N
NCP, 218
Network Control
Protocols, 218
Network Management
System., 311
Network security, 169
Notice, 92
RSTP, 14, 312

Rule, 125
Rules, 121, 123
PPP, 312
Running Configuration
file, 159
Profiles, 121
RVSP, 312
Protocol, 231
PVID, 225, 229
MIB, 151, 310

Multicast, 248

Page, 272
S
Secure Shell, 131
Security, 121, 169
QoS, 289, 292, 294, 312
Simple Network Management

Protocol, 15, 151, 313
Quality of Service, 289, 312

Queue, 294
Simple Network Time

Protocol, 17, 79
SNMP, 15, 151-152, 154, 312
SNMP traps, 155
RADIUS, 128, 145, 147-149,

312
SNTP, 17, 79-80
RAM logs, 93
Spanning Tree Protocol, 206,

217
Rapid Spanning Tree

Protocol, 312
Software version, 77
SSH, 131, 313
RDP, 312
Startup file, 158
OSPF, 311
Remote Authentication Dial

In User Service, 17
Storm control, 193
Remote Authentication DialIn User Service, 312
Stratums, 79
STP, 13, 206, 208, 213
Index
317
318
Index
SYSLOG RFC, 90
System, 67
UDP, 314
Understanding the
interface, 57
Unicast, 79-81
T1, 80
Uploading files, 161
T2, 80
User Data Protocol, 314
T3, 80
T4, 80
TACACS, 128, 141
TCP, 15
Virtual Local Area

Networks, 314
Telnet, 121, 131

Terminal Access Controller
Access Control
System, 141
VLAN, 220, 222, 225, 229,

248, 314
VLAN ID, 202
TFTP, 313
VLAN membership, 220
Time Domain
Reflectometry, 119
VLAN Port Membership

Table, 223
Time levels, 80
VLAN priority, 289
Transport Control
Protocol, 15
VLANs, 220
Trap Managers table, 156

Traps, 154, 157
Tree view, 57
Trivial File Transfer
Protocol, 313
Trunk Configuration
Page, 189
Trust, 292
318
Index
W
Warning, 92
Web management system
icons, 59
Weighted Round Robin, 294
Width, 19

Powerconnect-5316m User's Guide En-Us

Uploaded by

Copyright:

Available Formats

Powerconnect-5316m User's Guide En-Us

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Powerconnect-5316m User's Guide En-Us

Uploaded by

Copyright:

Available Formats

Dell PowerConnect 5316M Ethernet Switch Module

Notes, Notices, and Cautions

PowerConnect 5316M and the Dell Modular Server System

Additional CLI Documentation

PowerConnect 5316M Front Panel Port Description .

Port Connections, Cables, and Pinout Information .

1000 Base-T Cable Requirements . . . . . . .

Installing the Ethernet Switch Module

Major Components of the Ethernet Switch Module

Installing and Removing a Ethernet Switch Module .

Ethernet Controller Enumeration

System Reliability Considerations

Handling Static Sensitive Devices

Accessing the Ethernet Switch Module CLI User Interface via

Connecting Network to an Ethernet Switch Module .

Starting and Configuring the Ethernet Switch Module

Accessing Startup Menu .

Static IP Address and Subnet Mask

Assigning Static IP Addresses on a Default VLAN .

SNMP Community Strings

Retrieving an IP Address From a DHCP Server.

Receiving an IP Address From a BOOTP Server

Security Management and Password Configuration .

Configuring an Initial Terminal Password .

Startup Menu Procedures . . . . . . . . . . . .

Using Dell OpenManage Switch Administrator

Understanding the Interface

Switch Module Representation

Using the OpenManage Switch Administrator Buttons

Accessing the Ethernet Switch Module Through the CLI .

Command Mode Overview . .

Configuring System Information

Viewing the Asset Page . . .

Polling for Unicast Time Information . .

Defining Global Log Parameters . . . . . . . . .

Defining Default Gateways . . . . . . .

Mapping Domain Host .

Running Cable Diagnostics .

Viewing Copper Cable Diagnostics .

Defining Access Profiles . . . . . . .

Defining SNMP Parameters

File Management Overview

Configuring General Switch Module Tuning Parameters .

Configuring Switch Module Information

Network Security Overview . . . . . . . . . . .

Defining Port Parameters

Defining Port Mirroring Sessions .

Defining Static Addresses . .

Defining GARP Timers .

Configuring the Spanning Tree Protocol

Defining VLAN Members . . .

Defining LACP Parameters.

Defining Multicast Global Parameters . . .

Viewing Utilization Summary .

Viewing RMON Statistics

Viewing RMON Statistics Group . . . . . . . .

Viewing Port Statistics

Configuring Quality of Service

Quality of Service (QoS) Overview