Page is loading ...
FortiSwitch-548B
Version 5.2.0.2
User Guide
FortiSwitch-548B User Guide
Version 5.2.0.2
Revision 2
15 December 2010
© Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,
diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient,
FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam,
FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager,
Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and
FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks of their respective owners.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
- 3 -
Table of Contents
1. Introduction..................................................................................................................6
1.1 Scope...................................................................................................................6
1.2 Documentation.....................................................................................................6
1.3 Customer Service and Technical Support ............................................................6
1.4 Training.................................................................................................................6
2. Product Overview........................................................................................................8
2.1 Switch Description................................................................................................8
2.2 Features...............................................................................................................8
2.3 Front-Panel Components...................................................................................10
2.4 LED Indicators....................................................................................................10
2.5 Rear Panel Description ......................................................................................10
2.6 Management Options.........................................................................................11
2.7 Web-based Management Interface....................................................................11
2.8 Command Line Console Interface Through the Serial Port or Telnet.................11
2.9 SNMP-Based Management................................................................................11
3. Installation and Quick Startup....................................................................................14
3.1 Package Contents..............................................................................................14
3.2 Switch Installation...............................................................................................15
3.3 Installing the Switch in a Rack............................................................................16
3.4 Quick Starting the Switch ...................................................................................17
3.5 System Information Setup..................................................................................18
4. Console and Telnet Administration Interface .............................................................22
4.1 Local Console Management...............................................................................22
4.2 Set Up your Switch Using Console Access........................................................22
4.3 Set Up your Switch Using Telnet Access............................................................24
5. Web-Based Management Interface...........................................................................25
5.1 Overview ............................................................................................................25
5.2 How to log in.......................................................................................................26
5.3 Web-Based Management Menu.........................................................................27
6. Command Line Interface Structure and Mode-based CLI.........................................31
6.1 CLI Command Format........................................................................................31
6.2 CLI Mode-based Topology..................................................................................32
7. Switching Commands................................................................................................34
7.1 System Information and Statistics commands....................................................34
- 4 -
7.2 Device Configuration Commands.......................................................................42
7.3 Management Commands.................................................................................153
7.4 Spanning Tree Commands...............................................................................202
7.5 System Log Management Commands.............................................................222
7.6 Script Management Commands.......................................................................229
7.7 User Account Management Commands...........................................................231
7.8 Security Commands.........................................................................................237
7.9 CDP (Cisco Discovery Protocol) Commands...................................................269
7.10 SNTP (Simple Network Time Protocol) Commands.........................................274
7.11 MAC-Based Voice VLAN Commands ..............................................................280
7.12 LLDP (Link Layer Discovery Protocol) Commands..........................................284
7.13 Denial Of Service Commands..........................................................................301
7.14 VTP (VLAN Trunking Protocol) Commands .....................................................310
7.15 Protected Ports Commands.............................................................................316
7.16 Static MAC Filtering Commands.......................................................................318
7.17 System Utilities.................................................................................................320
7.18 DHCP Snooping Commands............................................................................342
7.19 IP Source Guard (IPSG) Commands ...............................................................350
7.20 Dynamic ARP Inspection (DAI) Command.......................................................353
7.21 Differentiated Service Command......................................................................360
7.22 ACL Command.................................................................................................389
7.23 IPv6 ACL Command.........................................................................................397
7.24 CoS (Class of Service) Command ...................................................................401
7.25 Domain Name Server Relay Commands .........................................................408
8. Routing Commands.................................................................................................414
8.1 Address Resolution Protocol (ARP) Commands..............................................414
8.2 IP Routing Commands.....................................................................................420
8.3 Open Shortest Path First (OSPF) Commands .................................................432
8.4 BOOTP/DHCP Relay Commands....................................................................468
8.5 Routing Information Protocol (RIP) Commands...............................................471
8.6 Router Discovery Protocol Commands ............................................................480
8.7 VLAN Routing Commands ...............................................................................483
8.8 Virtual Router Redundancy Protocol (VRRP) Commands ...............................484
9. IP Multicast Commands...........................................................................................493
9.1 Distance Vector Multicast Routing Protocol (DVMRP) Commands..................493
9.2 Internet Group Management Protocol (IGMP) Commands..............................498
9.3 MLD Commands ..............................................................................................507
- 5 -
9.4 Multicast Commands........................................................................................513
9.5 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands............519
9.6 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands...........523
9.7 IGMP Proxy Commands...................................................................................532
9.8 MLD Proxy Commands ....................................................................................537
10. IPv6 Commands......................................................................................................542
10.1 Tunnel Interface Commands............................................................................542
10.2 Loopback Interface Commands .......................................................................544
10.3 IPv6 Routing Commands .................................................................................546
10.4 OSPFv3 Commands ........................................................................................566
10.5 RIPng Commands............................................................................................597
10.6 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands............602
10.7 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands...........605
11. Web-Based Management Interface.........................................................................614
11.1 Overview ..........................................................................................................614
11.2 System Menu ...................................................................................................615
11.3 Switching Menu................................................................................................694
11.4 Routing Menu...................................................................................................785
11.5 Security Menu ..................................................................................................841
11.6 IPv6 Menu ........................................................................................................865
11.7 QOS Menu .......................................................................................................899
11.8 IPv4 Multicast Menu.........................................................................................933
11.9 IPv6 Multicast Menu.........................................................................................958
- 6 -
1. Introduction
1.1 Scope
This document describes:
how to install the FortiSwitch-548B switch (the Switch)
how to use the CLI console to manage the Switch
how to use the web-based management interface to configure the Switch
1.2 Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the most up-to-date
versions of Fortinet publications, as well as additional technical documentation such as technical notes.
1.2.1 Fortinet Knowledge Base
The Fortinet Knowledge Base provides additional Fortinet technical documentation, such as
troubleshooting and how-to-articles, examples, FAQs, technical notes, a glossary, and more. Visit the
Fortinet Knowledge Base at http://kb.fortinet.com.
1.2.2 Comments on Fortinet Technical Documentation
Please send information about any errors or omissions in this or any Fortinet technical document to
.
1.3 Customer Service and Technical Support
Fortinet Technical Support provides services designed to make sure that your Fortinet products install
quickly, configure easily, and operate reliably in your network.
To learn about the technical support services that Fortinet provides, visit the Fortinet Technical Support
web site at https://support.fortinet.com.
You can dramatically improve the time that it takes to resolve your technical support ticket by providing
your configuration file, a network diagram, and other specific information. For a list of required
information, see the Fortinet Knowledge Center article What does Fortinet Technical Support require in
order to best assist the customer?T
1.4 Training
Fortinet Training Services provides classes that orient you quickly to your new equipment, and
certifications to verify your knowledge level. Fortinet provides a variety of training programs to serve the
needs of our customers and partners world-wide.
- 7 -
To learn about the training services that Fortinet provides, visit the Fortinet Training Services web site at
http://campus.training.fortinet.com, or email them at [email protected].
- 8 -
2. Product Overview
2.1 Switch Description
FortiSwitch-548B is a SFP+ 10-Gigabit Ethernet backbone switch designed for adaptability and
scalability. The Switch provides a management platform and uplink to backbone. Alternatively, the Switch
can utilize up to 48 10-Gigabit Ethernet ports to function as a central distribution hub for other switches,
switch groups, or routers. The built-in 1000/100/10 Ethernet port is for out of service. The
FortiSwitch-548B power system provides two power supplies. The FortiSwitch-548B SFP+ port also
provides 1-Gigabit speed by manual settings.
2.2 Features
• Supports 48 SFP+ 10-Gigabit Ethernet ports
• 1 built-in 1000/100/10 Ethernet port for out of band switch mangement.
• Support two power supplies
Software will detect power failure and read information(what power install on your system)
• IEEE 802.3z and IEEE 802.3x compliant Flow Control for all 10-Gigabit ports
• Supports 802.1D STP, 802.1S MSTP, and 802.1w Rapid Spanning Tree for redundant back up
bridge paths
• Supports 802.1Q VLAN, Protocol-based VLAN, Subnet-based VLAN, MAC-based VLAN, Protected
Port, Double VLAN, Voice VLAN, GVRP, GMRP, IGMP snooping, 802.1p Priority Queues, Port
Channel, port mirroring
• Supports VTP (VLAN Trunking Protocol)
• Supports CDP
• Supports LLDP with potential communication problems detection
• Supports Port Security
• Multi-layer Access Control (based on MAC address, IP address, VLAN, Protocol, 802.1p, DSCP)
• Quality of Service (QoS) customized control
• 802.1x (port-based) access control and RADIUS Client support
• TACACS+ support
• Administrator-definable port security
• Supports DHCP Snooping, Dynamic ARP Inspection and IP Source Guard (IPSG)
• ARP support
• IP Routing support
• OSPF v2 and v3 support
• RIP v1/v2 and RIPng support
• Router Discovery Protocol support
• Virtual Router Redundancy Protocol (VRRP) support
- 9 -
• VLAN routing support
• IP Multicast support
• IGMP v1, v2, and v3 support
• DVMRP support
• Protocol Independent Multicast - Dense Mode (PIM-DM) support for IPv4 and IPv6
• Protocol Independent Multicast - Sparse Mode (PIM-SM) support for IPv4 and IPv6
• IPV6 function
Supports DHCPv6 protocol, OSPFv3 protocol, Tunneling, loopback
Provides to configure IPv6 rotuing interface, routing preference
• DHCP Client and Relay support
• DNS Client and Relay support
• Per-port bandwidth control
• SNMP v.1, v.2, v.3 network management, RMON support
• Supports Web-based management
• CLI management support
• Fully configurable either in-band or out-of-band control via RS-232 console serial connection
• Telnet remote control console
• TraceRoute support
• Traffic Segmentation
• TFTP/FTP upgrade
• SysLog support
• Simple Network Time Protocol support
• Web GUI Traffic Monitoring
• SSH Secure Shell version 1 and 2 support
• SSL Secure HTTP TLS Version 1 and SSL version 3 support
• Fibre Channel Over Ethernet(FCoE)
FIP Snooping
• Data Center Bridge(DCB)
Enhanced Transmission Selection(ETS, IEEE 802.1Qaz)
Priority Flow Control(PFC, IEEE 802.1Qbb)
Congestion Notification(CN, IEEE 802.1Qau)
- 10 -
2.3 Front-Panel Components
The front panel of the Switch consists of 48 10-Gigabit interfaces, 2 LED indicators, 1 built-in 1000/100/10
RJ-45 Ethernet service ports, an RS-232 communication port, and 48 port LEDs.
The upper LED indicators display power status. The lower LED indicators displays the status of the
switch. An RS-232 DCE console port is for setting up and managing the Switch via a connection to a
console terminal or PC using a terminal emulation program. Each port LED has two colors: Color green
represents port link status; Color Orange represents port activity status and it will be blinking if the port
has an activity.
2.4 LED Indicators
The Status LED indicator represnts status of the switch. The Power LED indicator represent power ON or
OFF.
2.5 Rear Panel Description
The rear panel of the Switch contains Dual Redundant AC power connector and Four Fans. The four fans
can be built in back-to-front and front-to-back(depend on customer requirement).
The AC power connector is a standard three-pronged connector that supports the power cord. Plug the
female connector of the provided power cord into this socket, and the male side of the cord into a power
outlet. The Switch automatically adjusts its power setting to any supply voltage in the range from 100 ~
240 VAC at 50 ~ 60 Hz.
- 11 -
2.6 Management Options
The system may be managed by using one Service Ports through a Web Browswer,Telent, SNMP
function and using the console port on the front panel through CLI command.
2.7 Web-based Management Interface
After you have successfully installed the Switch, you can configure the Switch, monitor the LED panel,
and display statistics graphically using a Web browser, such as Mozilla FireFox (version 3.6 or higher) or
Microsoft® Internet Explorer (version 5.0 or above).
!
To access the Switch through a Web browser, the computer running the Web browser must
have IP-based network access to the Switch.
2.8 Command Line Console Interface Through the Serial Port or Telnet
You can also connect a computer or terminal to the serial console port or use Telnet to access the Switch.
The command-line-driven interface provides complete access to all switch management features.
2.9 SNMP-Based Management
You can manage the Switch with an SNMP-compatible console program. The Switch supports SNMP
version 1.0, version 2.0, and version 3.0. The SNMP agent decodes the incoming SNMP messages and
responds to requests with MIB objects stored in the database. The SNMP agent updates the MIB objects
to generate statistics The Switch supports a comprehensive set of MIB extensions:
• RFC1643 Ether-like MIB
• RFC1493 Bridge
• RFC 2819 RMON
• RFC 2233 Interface MIB
• RFC 2571 (SNMP Frameworks)
• RFC 2572 (Message Processing for SNMP)
• RFC 2573 (SNMP Applications)
• RFC 2576 (Coexistence between SNMPs)
• RFC 2618 (Radius-Auth-Client-MIB)
• RFC 2620 (Radius-Acc-Client-MIB)
• RFC 1724 (RIPv2-MIB)
• RFC 1850 (OSPF-MIB)
• RFC 1850 (OSPF-TRAP-MIB)
• RFC 2787 (VRRP-MIB)
- 12 -
• RFC 3289 - DIFFSERV-DSCP-TC
• RFC 3289 - DIFFSERV-MIB
• QOS-DIFFSERV-EXTENSIONS-MIB
• QOS-DIFFSERV-PRIVATE-MIB
• RFC 2674 802.1p
• RFC 2932 (IPMROUTE-MIB)
• Fortinet Enterprise MIB
• ROUTING-MIB
• MGMD-MIB
• RFC 2934 PIM-MIB
• DVMRP-STD-MIB
• IANA-RTPROTO-MIB
• MULTICAST-MIB
• FASTPATH-ROUTING6-MIB
• IEEE8021-PAE-MIB
• INVENTORY-MIB
• MGMT-SECURITY-MIB
• QOS-ACL-MIB
• QOS-COS-MIB
• RFC 1907 - SNMPv2-MIB
• RFC 2465 - IPV6-MIB
• RFC 2466 - IPV6-ICMP-MIB
• TACACS-MIB
• USM-TARGET-TAG-MIB
• IGMP/MLD Snooping
• IGMP/MLD Layer2 Multicast
• QoS – IPv6 ACL
• Voice VLAN
• Guest VLAN
• LLDP MED
• RFC 2925 (DISMAN-TRACEROUTE-MIB)
• RFC 2080 (RIPng)
• OSPFV3-MIB
- 13 -
- 14 -
3. Installation and Quick Startup
3.1 Package Contents
Before you begin installing the Switch, confirm that your package contains the following items:
• One FortiSwitch-548B Layer III 10-Gigabit Managed Switch
• Mounting kit: 2 mounting brackets and screws
• Four rubber feet with adhesive backing
• One AC power cord
• This User’s Guide with Registration Card
• CLI Reference
• CD-ROM with User’s Guide and CLI Reference
- 15 -
3.2 Switch Installation
Installing the Switch Without the Rack
1. Install the Switch on a level surface that can safely support the weight of the Switch and its attached
cables. The Switch must have adequate space for ventilation and for accessing cable connectors.
2. Set the Switch on a flat surface and check for proper ventilation. Allow at least 5 cm (2 inches) on
each side of the Switch and 15 cm (6 inches) at the back for the power cable.
3. Attach the rubber feet on the marked locations on the bottom of the chassis.
The rubber feet are recommended to keep the unit from slipping.
- 16 -
3.3 Installing the Switch in a Rack
You can install the Switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below.
1. Use the supplied screws to attach a mounting bracket to each side of the Switch.
2. Align the holes in the mounting bracket with the holes in the rack.
3. Insert and tighten two screws through each of the mounting brackets.
- 17 -
3.4 Quick Starting the Switch
1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access
to the FortiSwitch-548B Series Switch locally. From a remote workstation,the device must be
configured with IP information (IP address, subnet mask, and default gateway).
2. Turn the Power ON.
3. Allow the device to load the software until the login prompt appears. The device initial state is called
the default mode.
4. When the prompt asks for operator login, do the following:
• Type the word admin in the login area. Since a number of the Quick Setup commands require
administrator account rights, FORTINET suggests logging into an administrator account.
• Do not enter a password because there is no password in the default mode.
• Press the <Enter> key
• The CLI Privileged EXEC mode prompt will be displayed.
• Use “configure” to switch to the Global Config mode from Privileged EXEC.
• Use “exit” to return to the previous mode.
- 18 -
3.5 System Information Setup
3.5.1 Quick Start up Software Version Information
Table 2-1. Quick Start up Software Version Information
Command Details
show hardware Allows the user to see the HW & SW version
the device contains
System Description - switch's model name
show version Allows the user to see Serial Number, Part
Number, and Model name
See SW loader, bootrom and operation
version
See HW version
3.5.2 Quick Start up Physical Port Data
Table 2-2. Quick Start up Physical Port
Command Details
show Interface status { <slot/port> |
all}
Displays the Ports slot/port
Type - Indicates if the port is a special type of
port
Admin Mode - Selects the Port Control
Administration State
Physical Mode - Selects the desired port
speed and duplex mode
Physical Status - Indicates the port speed and
duplex mode
Link Status - Indicates whether the link is up or
down
Link Trap - Determines whether or not to send
a trap when link status changes
LACP Mode - Displays whether LACP is
enabled or disabled on this port
Flow Mode - Indicates the status of flow control
on this port
Cap. Status - Indicates the port capabilities
during auto-negotiation
3.5.3 Quick Start up User Account Management
Table 2-3. Quick Start up User Account Management
Command Details
show users Displays all users that are allowed to access
the switch
User Access Mode - Shows whether the user
is able to chan
g
e
p
arameters on the switch
- 19 -
(Read/Write) or is only able to view (Read
Only).
As a factory default, admin has Read/Write
access and guest has Read Only access.
There can only be one Read/Write user and up
to 5 Read Only users.
show loginsession
Displays all login session information
username <username> {passwd |
nopasswd}
Allows the user to set passwords or change
passwords needed to login
A prompt will appear after the command is
entered requesting the old password. In the
absence of an old password leave the area
blank. The operator must press enter to
execute the command.
The system then prompts the user for a new
password then a prompt to confirm the new
password. If the new password and the
confirmed password match a message will be
displayed.
The user password should not be more than
eight characters in length.
copy running-config startup-config
[filename]
This will save passwords and all other
changes to the device.
If you do not save config, all configurations will
be lost when a power cycle is performed on the
switch or when the switch is reset.
3.5.4 Quick Start up IP Address
To view the network parameters the operator can access the device by the following three methods.
• Simple Network Management Protocol - SNMP
• Telnet
• Web Browser
Table 2-4. Quick Start up IP Address
Command Details
show ip interface Displays the Network Configurations
IP Address - IP Address of the interface
Default IP is 192.168.2.1
Subnet Mask - IP Subnet Mask for the
interface. Default is 255.255.255.0
Default Gateway - The default Gateway for this
interface
Default value is 0.0.0.0
Burned in MAC Address - The Burned in MAC
Address used for inband connectivity
Network Configurations Protocol Current -
Indicates which network protocol is being
used. Default is none
- 20 -
Management VLAN Id - Specifies VLAN id
Web Mode - Indicates whether HTTP/Web is
enabled.
Java Mode - Indicates whether java mode is
enabled.
ip address
(Config)#interface vlan 1
(if-vlan 1)#ip address <ipaddr> <netmask>
(if-vlan 1)#exit
(Config)#ip default-gateway <gateway>
IP Address range from 0.0.0.0 to
255.255.255.255
Subnet Mask range from 0.0.0.0 to
255.255.255.255
Gateway Address range from 0.0.0.0 to
255.255.255.255
Displays all of the login session information
3.5.5 Quick Start up Uploading from Switch to Out-of-Band PC
Table 2-5. Quick Start up Uploading from Switch to Out-of-Band PC (XMODEM)
Command Details
copy startup-config xmodem
<filename>
This starts the upload and displays the mode
of uploading and the type of upload it is and
confirms the upload is taking place.
For example:
If the user is using HyperTerminal, the user
must specify where the file is going to be
received by the pc.
3.5.6 Quick Start up Downloading from Out-of-Band PC to Switch
Table 2-6 Quick Start up Downloading from Out-of-Band PC to Switch
Command Details
copy xmodem startup-config
<filename>
Sets the download datatype to be an image or
config file.
The URL must be specified as: xmodem:
filepath/ filename
For example:
If the user is using HyperTerminal, the user
must specify which file is to be sent to the
switch. The Switch will restart automatically
once the code has been downloaded.
3.5.7 Quick Start up Downloading from TFTP Server
Before starting a TFTP server download, the operator must complete the Quick Start up for the
IPAddress.
Table 2-7 Quick Start up Downloading from TFTP Server
Command Details
/