Page is loading ...
MUSTANG 4000 SWITCH SERIES
DG-FS4528E
MANAGEMENT GUIDE
V1.0
2013-09-24
As our products undergo continuous development the specifications are subject to change without prior notice
M
ANAGEMENT
G
UIDE
DG-FS4528E FAST ETHERNET SWITCH
Layer 2 Switch
with 24 10/100BASE-TX (RJ-45) Ports,
and 4 Gigabit Combination Ports (RJ-45/SFP)
DG-FS4528E
092013
R02
– 3 –
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
:
Alerts you to a potential hazard that could cause loss of data, or
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
REVISION HISTORY This section summarizes the changes in each revision of this guide.
SEPT 2013 RELEASE
This is the first version of this guide. This guide is valid for software release
v1.2.4.2.
– 5 –
CONTENTS
ABOUT THIS GUIDE 3
C
ONTENTS 5
F
IGURES 41
T
ABLES 53
SECTION I GETTING STARTED 59
1INTRODUCTION 61
Key Features 61
Description of Software Features 62
System Defaults 67
2INITIAL SWITCH CONFIGURATION 71
Connecting to the Switch 71
Configuration Options 71
Required Connections 72
Remote Connections 73
Basic Configuration 73
Console Connection 73
Setting Passwords 74
Setting an IP Address 74
Downloading a Configuration File Referenced by a DHCP Server 80
Enabling SNMP Management Access 82
Managing System Files 85
Saving or Restoring Configuration Settings 85
SECTION II WEB CONFIGURATION 87
3USING THE WEB INTERFACE 88
Connecting to the Web Interface 88
Navigating the Web Browser Interface 89
C
ONTENTS
– 6 –
Home Page 89
Configuration Options 90
Panel Display 90
Main Menu 91
4BASIC MANAGEMENT TASKS 108
Displaying System Information 108
Displaying Hardware/Software Versions 109
Configuring Support for Jumbo Frames 111
Displaying Bridge Extension Capabilities 112
Managing System Files 113
Copying Files via FTP/TFTP or HTTP 113
Saving the Running Configuration to a Local File 115
Setting The Start-Up File 116
Showing System Files 117
Automatic Operation Code Upgrade 118
Setting the System Clock 122
Setting the Time Manually 122
Setting the SNTP Polling Interval 123
Configuring NTP 124
Configuring Time Servers 125
Setting the Time Zone 129
Configuring the Console Port 130
Configuring Telnet Settings 132
Displaying CPU Utilization 133
Displaying Memory Utilization 134
Resetting the System 135
5INTERFACE CONFIGURATION 139
Port Configuration 139
Configuring by Port List 139
Configuring by Port Range 142
Displaying Connection Status 143
Configuring Local Port Mirroring 144
Configuring Remote Port Mirroring 146
Showing Port or Trunk Statistics 150
Performing Cable Diagnostics 154
Trunk Configuration 156
C
ONTENTS
– 7 –
Configuring a Static Trunk 157
Configuring a Dynamic Trunk 160
Displaying LACP Port Counters 165
Displaying LACP Settings and Status for the Local Side 167
Displaying LACP Settings and Status for the Remote Side 168
Saving Power 169
Traffic Segmentation 171
Enabling Traffic Segmentation 171
Configuring Uplink and Downlink Ports 172
VLAN Trunking 174
6 VLAN CONFIGURATION 178
IEEE 802.1Q VLANs 178
Configuring VLAN Groups 181
Adding Static Members to VLANs 183
Configuring Dynamic VLAN Registration 188
IEEE 802.1Q Tunneling 191
Enabling QinQ Tunneling on the Switch 195
Creating CVLAN to SPVLAN Mapping Entries 196
Adding an Interface to a QinQ Tunnel 198
Protocol VLANs 199
Configuring Protocol VLAN Groups 200
Mapping Protocol Groups to Interfaces 201
Configuring IP Subnet VLANs 203
Configuring MAC-based VLANs 205
Configuring VLAN Mirroring 207
7ADDRESS TABLE SETTINGS 210
Setting Static Addresses 210
Changing the Aging Time 212
Displaying the Dynamic Address Table 213
Clearing the Dynamic Address Table 214
Configuring MAC Address Mirroring 215
8SPANNING TREE ALGORITHM 217
Overview 217
Configuring Loopback Detection 220
Configuring Global Settings for STA 221
Displaying Global Settings for STA 226
C
ONTENTS
– 8 –
Configuring Interface Settings for STA 227
Displaying Interface Settings for STA 231
Configuring Multiple Spanning Trees 234
Configuring Interface Settings for MSTP 238
9CONGESTION CONTROL 242
Rate Limiting 242
Storm Control 243
Automatic Traffic Control 245
Setting the ATC Timers 247
Configuring ATC Thresholds and Responses 248
10 CLASS OF SERVICE 252
Layer 2 Queue Settings 252
Setting the Default Priority for Interfaces 252
Selecting the Queue Mode 253
Mapping CoS Values to Egress Queues 256
Layer 3/4 Priority Settings 258
Setting Priority Processing to DSCP or CoS 259
Mapping Ingress DSCP Values to Internal DSCP Values 260
Mapping CoS Priorities to Internal DSCP Values 262
11 QUALITY OF SERVICE 265
Overview 265
Configuring a Class Map 266
Creating QoS Policies 269
Attaching a Policy Map to a Port 279
12 VOIP TRAFFIC CONFIGURATION 281
Overview 281
Configuring VoIP Traffic 281
Configuring Telephony OUI 283
Configuring VoIP Traffic Ports 284
13 SECURITY MEASURES 288
AAA Authentication, Authorization and Accounting 289
Configuring Local/Remote Logon Authentication 290
Configuring Remote Logon Authentication Servers 291
Configuring AAA Accounting 296
Configuring AAA Authorization 302
Configuring User Accounts 305
C
ONTENTS
– 9 –
Web Authentication 307
Configuring Global Settings for Web Authentication 307
Configuring Interface Settings for Web Authentication 308
Network Access (MAC Address Authentication) 310
Configuring Global Settings for Network Access 312
Configuring Network Access for Ports 313
Configuring Port Link Detection 315
Configuring a MAC Address Filter 316
Displaying Secure MAC Address Information 318
Configuring HTTPS 319
Configuring Global Settings for HTTPS 319
Replacing the Default Secure-site Certificate 321
Configuring the Secure Shell 322
Configuring the SSH Server 325
Generating the Host Key Pair 326
Importing User Public Keys 328
Access Control Lists 330
Setting A Time Range 332
Showing TCAM Utilization 334
Setting the ACL Name and Type 335
Configuring a Standard IPv4 ACL 337
Configuring an Extended IPv4 ACL 339
Configuring a Standard IPv6 ACL 341
Configuring an Extended IPv6 ACL 343
Configuring a MAC ACL 345
Configuring an ARP ACL 347
Binding a Port to an Access Control List 349
Configuring ACL Mirroring 350
Showing ACL Hardware Counters 352
ARP Inspection 353
Configuring Global Settings for ARP Inspection 354
Configuring VLAN Settings for ARP Inspection 356
Configuring Interface Settings for ARP Inspection 358
Displaying ARP Inspection Statistics 359
Displaying the ARP Inspection Log 360
Filtering IP Addresses for Management Access 361
C
ONTENTS
– 10 –
Configuring Port Security 363
Configuring 802.1X Port Authentication 365
Configuring 802.1X Global Settings 367
Configuring Port Authenticator Settings for 802.1X 368
Configuring Port Supplicant Settings for 802.1X 372
Displaying 802.1X Statistics 374
DoS Protection 377
IPv4 Source Guard 379
Configuring Ports for IPv4 Source Guard 380
Configuring Static Bindings for IPv4 Source Guard 382
Displaying Information for Dynamic IPv4 Source Guard Bindings 384
IPv6 Source Guard 385
Configuring Ports for IPv6 Source Guard 385
Configuring Static Bindings for IPv6 Source Guard 387
Displaying Information for Dynamic IPv6 Source Guard Bindings 390
DHCP Snooping 391
DHCP Snooping Configuration 393
DHCP Snooping VLAN Configuration 395
Configuring Ports for DHCP Snooping 396
Displaying DHCP Snooping Binding Information 397
14 BASIC ADMINISTRATION PROTOCOLS 399
Configuring Event Logging 399
System Log Configuration 399
Remote Log Configuration 402
Sending Simple Mail Transfer Protocol Alerts 403
Link Layer Discovery Protocol 404
Setting LLDP Timing Attributes 405
Configuring LLDP Interface Attributes 407
Configuring LLDP Interface Civic-Address 410
Displaying LLDP Local Device Information 412
Displaying LLDP Remote Device Information 416
Displaying Device Statistics 424
Simple Network Management Protocol 426
Configuring Global Settings for SNMP 428
Setting the Local Engine ID 429
Specifying a Remote Engine ID 430
C
ONTENTS
– 11 –
Setting SNMPv3 Views 431
Configuring SNMPv3 Groups 434
Setting Community Access Strings 437
Configuring Local SNMPv3 Users 439
Configuring Remote SNMPv3 Users 441
Specifying Trap Managers 444
Creating SNMP Notification Logs 448
Showing SNMP Statistics 450
Remote Monitoring 452
Configuring RMON Alarms 453
Configuring RMON Events 456
Configuring RMON History Samples 458
Configuring RMON Statistical Samples 461
Switch Clustering 463
Configuring General Settings for Clusters 464
Cluster Member Configuration 465
Managing Cluster Members 467
Ethernet Ring Protection Switching 468
ERPS Global Configuration 472
ERPS Ring Configuration 472
ERPS Forced and Manual Mode Operations 488
Connectivity Fault Management 492
Configuring Global Settings for CFM 496
Configuring Interfaces for CFM 499
Configuring CFM Maintenance Domains 500
Configuring CFM Maintenance Associations 504
Configuring Maintenance End Points 509
Configuring Remote Maintenance End Points 511
Transmitting Link Trace Messages 513
Transmitting Loop Back Messages 515
Transmitting Delay-Measure Requests 516
Displaying Local MEPs 518
Displaying Details for Local MEPs 519
Displaying Local MIPs 521
Displaying Remote MEPs 522
Displaying Details for Remote MEPs 523
C
ONTENTS
– 12 –
Displaying the Link Trace Cache 525
Displaying Fault Notification Settings 527
Displaying Continuity Check Errors 528
OAM Configuration 529
Enabling OAM on Local Ports 529
Displaying Statistics for OAM Messages 532
Displaying the OAM Event Log 533
Displaying the Status of Remote Interfaces 534
Configuring a Remote Loop Back Test 535
Displaying Results of Remote Loop Back Testing 537
15 IP CONFIGURATION 540
Using the Ping Function 540
Using the Trace Route Function 542
Address Resolution Protocol 543
Setting the ARP Timeout 544
Displaying ARP Entries 545
Setting the Switch’s IP Address (IP Version 4) 545
Configuring the IPv4 Default Gateway 545
Configuring IPv4 Interface Settings 546
Setting the Switch’s IP Address (IP Version 6) 549
Configuring the IPv6 Default Gateway 550
Configuring IPv6 Interface Settings 551
Configuring an IPv6 Address 555
Showing IPv6 Addresses 558
Showing the IPv6 Neighbor Cache 559
Showing IPv6 Statistics 561
Showing the MTU for Responding Destinations 566
16 IP SERVICES 568
Domain Name Service 568
Configuring General DNS Service Parameters 568
Configuring a List of Domain Names 569
Configuring a List of Name Servers 571
Configuring Static DNS Host to Address Entries 572
Displaying the DNS Cache 573
Dynamic Host Configuration Protocol 574
Specifying A DHCP Client Identifier 574
C
ONTENTS
– 13 –
Configuring DHCP Relay Option 82 575
Configuring the PPPoE Intermediate Agent 579
Configuring PPPoE IA Global Settings 579
Configuring PPPoE IA Interface Settings 581
Showing PPPoE IA Statistics 583
17 MULTICAST FILTERING 586
Overview 586
Layer 2 IGMP (Snooping and Query) 587
Configuring IGMP Snooping and Query Parameters 589
Specifying Static Interfaces for a Multicast Router 593
Assigning Interfaces to Multicast Services 595
Setting IGMP Snooping Status per Interface 597
Filtering IGMP Query Packets and Multicast Data 602
Displaying Multicast Groups Discovered by IGMP Snooping 603
Displaying IGMP Snooping Statistics 604
Filtering and Throttling IGMP Groups 608
Enabling IGMP Filtering and Throttling 608
Configuring IGMP Filter Profiles 609
Configuring IGMP Filtering and Throttling for Interfaces 611
MLD Snooping (Snooping and Query for IPv6) 613
Configuring MLD Snooping and Query Parameters 613
Setting Immediate Leave Status for MLD Snooping per Interface 615
Specifying Static Interfaces for an IPv6 Multicast Router 616
Assigning Interfaces to IPv6 Multicast Services 618
Showing MLD Snooping Groups and Source List 620
Multicast VLAN Registration for IPv4 621
Configuring MVR Global Settings 622
Configuring MVR Domain Settings 625
Configuring MVR Group Address Profiles 626
Configuring MVR Interface Status 629
Assigning Static MVR Multicast Groups to Interfaces 631
Displaying MVR Receiver Groups 633
Displaying MVR Statistics 634
Multicast VLAN Registration for IPv6 638
Configuring MVR6 Global Settings 639
Configuring MVR6 Domain Settings 641
C
ONTENTS
– 14 –
Configuring MVR6 Group Address Profiles 642
Configuring MVR6 Interface Status 645
Assigning Static MVR6 Multicast Groups to Interfaces 647
Displaying MVR6 Receiver Groups 649
Displaying MVR6 Statistics 650
SECTION III COMMAND LINE INTERFACE 655
18 USING THE COMMAND LINE INTERFACE 658
Accessing the CLI 658
Console Connection 658
Telnet Connection 658
Entering Commands 660
Keywords and Arguments 660
Minimum Abbreviation 660
Command Completion 660
Getting Help on Commands 660
Partial Keyword Lookup 662
Negating the Effect of Commands 663
Using Command History 663
Understanding Command Modes 663
Exec Commands 663
Configuration Commands 664
Command Line Processing 666
CLI Command Groups 667
19 GENERAL COMMANDS 669
prompt 669
reload (Global Configuration) 670
enable 671
quit 672
show history 672
configure 673
disable 674
reload (Privileged Exec) 674
show reload 675
end 675
C
ONTENTS
– 15 –
exit 675
20 SYSTEM MANAGEMENT COMMANDS 677
Device Designation 677
hostname 678
Banner Information 678
banner configure 679
banner configure company 680
banner configure dc-power-info 681
banner configure department 681
banner configure equipment-info 682
banner configure equipment-location 683
banner configure ip-lan 683
banner configure lp-number 684
banner configure manager-info 685
banner configure mux 685
banner configure note 686
show banner 687
System Status 687
show access-list tcam-utilization 688
show memory 688
show process cpu 689
show running-config 689
show startup-config 691
show system 692
show tech-support 692
show users 693
show version 693
show watchdog 694
watchdog software 694
Frame Size 695
jumbo frame 695
File Management 696
General Commands 697
boot system 697
copy 698
delete 701
C
ONTENTS
– 16 –
dir 701
whichboot 702
Automatic Code Upgrade Commands 703
upgrade opcode auto 703
upgrade opcode path 704
upgrade opcode reload 705
show upgrade 706
TFTP Configuration Commands 706
ip tftp retry 706
ip tftp timeout 707
show ip tftp 707
Line 708
line 708
databits 709
exec-timeout 710
login 711
parity 712
password 712
password-thresh 713
silent-time 714
speed 714
stopbits 715
timeout login response 716
disconnect 716
terminal 717
show line 718
Event Logging 719
logging facility 719
logging history 720
logging host 721
logging on 721
logging trap 722
clear log 723
show log 723
show logging 724
SMTP Alerts 725
C
ONTENTS
– 17 –
logging sendmail 726
logging sendmail host 726
logging sendmail level 727
logging sendmail destination-email 728
logging sendmail source-email 728
show logging sendmail 729
Time 729
SNTP Commands 730
sntp client 730
sntp poll 731
sntp server 731
show sntp 732
NTP Commands 732
ntp authenticate 732
ntp authentication-key 733
ntp client 734
ntp server 735
show ntp 736
Manual Configuration Commands 736
clock summer-time (date) 736
clock summer-time (predefined) 738
clock summer-time (recurring) 739
clock timezone 740
calendar set 741
show calendar 741
Time Range 742
time-range 742
absolute 743
periodic 744
show time-range 745
Switch Clustering 745
cluster 746
cluster commander 747
cluster ip-pool 747
cluster member 748
rcommand 749
C
ONTENTS
– 18 –
show cluster 749
show cluster members 749
show cluster candidates 750
21 SNMP COMMANDS 751
General SNMP Commands 753
snmp-server 753
snmp-server community 753
snmp-server contact 754
snmp-server location 754
show snmp 755
SNMP Target Host Commands 756
snmp-server enable traps 756
snmp-server host 757
SNMPv3 Commands 759
snmp-server engine-id 759
snmp-server group 760
snmp-server user 761
snmp-server view 763
show snmp engine-id 764
show snmp group 764
show snmp user 765
show snmp view 766
Notification Log Commands 767
nlm 767
snmp-server notify-filter 767
show nlm oper-status 769
show snmp notify-filter 769
Additional Trap Commands 769
memory 769
process cpu 770
22 REMOTE MONITORING COMMANDS 771
rmon alarm 772
rmon event 773
rmon collection history 774
rmon collection rmon1 775
show rmon alarms 776
C
ONTENTS
– 19 –
show rmon events 776
show rmon history 776
show rmon statistics 777
23 AUTHENTICATION COMMANDS 778
User Accounts and Privilege Levels 779
enable password 779
username 780
privilege 781
show privilege 782
Authentication Sequence 782
authentication enable 782
authentication login 783
RADIUS Client 785
radius-server acct-port 785
radius-server auth-port 786
radius-server host 786
radius-server key 787
radius-server retransmit 787
radius-server timeout 788
show radius-server 788
TACACS+ Client 789
tacacs-server host 789
tacacs-server key 790
tacacs-server port 791
tacacs-server retransmit 791
tacacs-server timeout 792
show tacacs-server 792
AAA 793
aaa accounting commands 793
aaa accounting dot1x 794
aaa accounting exec 795
aaa accounting update 796
aaa authorization exec 797
aaa group server 798
server 798
accounting dot1x 799
C
ONTENTS
– 20 –
accounting commands 799
accounting exec 800
authorization exec 800
show accounting 801
Web Server 802
ip http port 802
ip http server 803
ip http secure-port 803
ip http secure-server 804
Telnet Server 805
ip telnet max-sessions 806
ip telnet port 806
ip telnet server 807
show ip telnet 807
Secure Shell 807
ip ssh authentication-retries 810
ip ssh server 811
ip ssh server-key size 812
ip ssh timeout 812
delete public-key 813
ip ssh crypto host-key generate 813
ip ssh crypto zeroize 814
ip ssh save host-key 815
show ip ssh 815
show public-key 815
show ssh 816
802.1X Port Authentication 817
General Commands 818
dot1x default 818
dot1x eapol-pass-through 818
dot1x system-auth-control 819
Authenticator Commands 819
dot1x intrusion-action 819
dot1x max-reauth-req 820
dot1x max-req 820
dot1x operation-mode 821
C
ONTENTS
– 21 –
dot1x port-control 822
dot1x re-authentication 822
dot1x timeout quiet-period 823
dot1x timeout re-authperiod 823
dot1x timeout supp-timeout 824
dot1x timeout tx-period 825
dot1x re-authenticate 825
Supplicant Commands 826
dot1x identity profile 826
dot1x max-start 826
dot1x pae supplicant 827
dot1x timeout auth-period 828
dot1x timeout held-period 828
dot1x timeout start-period 829
Display Information Commands 829
show dot1x 829
Management IP Filter 832
management 832
show management 833
PPPoE Intermediate Agent 834
pppoe intermediate-agent 834
pppoe intermediate-agent format-type 835
pppoe intermediate-agent port-enable 836
pppoe intermediate-agent port-format-type 836
pppoe intermediate-agent trust 837
pppoe intermediate-agent vendor-tag strip 838
clear pppoe intermediate-agent statistics 838
show pppoe intermediate-agent info 839
show pppoe intermediate-agent statistics 840
24 GENERAL SECURITY MEASURES 841
Port Security 842
port security 842
show port security 844
Network Access (MAC Address Authentication) 846
network-access aging 847
network-access mac-filter 847
/
