DL manuals
3Com
Switch
3C17205-US - Corp SUPERSTACK 3 SWITCH 4400 24PORT
Implementation Manual

3Com 3C17205-US - Corp SUPERSTACK 3 SWITCH 4400 24PORT Implementation Manual

Manual is about: Implementation Guide

Page of 153

Download

Print this page

Bookmark us

http://www.3com.com/

Part No. DUA1720-3BAA04

Published January 2003

SuperStack

Switch Implementation Guide

Generic guide for units in the SuperStack 3 Switch 4400 Series:

3C17203, 3C17204, 3C17205, 3C17206

1 2 3 4 5 6 7 Next › »

Summary of 3C17205-US - Corp SUPERSTACK 3 SWITCH 4400 24PORT

Page 1
Http://www.3com.Com/ part no. Dua1720-3baa04 published january 2003 superstack ® 3 switch implementation guide generic guide for units in the superstack 3 switch 4400 series: 3c17203, 3c17204, 3c17205, 3c17206.
Page 2
3com corporation 5500 great america parkway, santa clara, california 95052-8145 copyright © 2003, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation...
Page 3: Ontents
C ontents a bout t his g uide conventions 10 related documentation 11 documentation comments 11 product registration 12 1 s witch f eatures o verview what is management software? 15 upgrading the switch 4400 se 15 switch features explained 17 automatic ip configuration 17 port security 17 power mana...
Page 4
Auto-negotiation 28 smart auto-sensing 29 aggregated links 29 how 802.3ad link aggregation operates 30 implementing 802.3ad aggregated links 31 aggregated links and your switch 33 aggregated link — manual configuration example 37 3 u sing m ulticast f iltering what is an ip multicast? 39 benefits of...
Page 5: Lan
How switch database entries get added 59 switch database entry states 60 6 u sing t raffic p rioritization what is traffic prioritization? 62 how traffic prioritization works 63 traffic classification 64 traffic marking 65 traffic re-marking 67 traffic prioritization 67 traffic queues 71 configuring...
Page 6: Ip C
Communication between vlans 87 creating new vlans 88 vlans: tagged and untagged membership 88 vlan configuration examples 89 using untagged connections 89 using 802.1q tagged connections 90 9 u sing w ebcache s upport what is webcache support? 93 benefits of webcache support 93 how webcache support ...
Page 7: Ip A
12 p ower m anagement and c ontrol what is power over ethernet? 113 benefits of power over ethernet 113 planning power budgets 114 calculating power budgets 114 implementing a power plan 115 configuring a guaranteed power plan 116 monitoring power usage 116 monitoring power usage leds 117 monitoring...
Page 8
G lossary i ndex.
Page 9: Bout
A bout t his g uide this guide describes the features of the superstack ® 3 switch 4400 series and outlines how to use these features to optimize the performance of your network. Most features detailed in this guide are common to all switches in the 4400 series. Refer to the management quick referen...
Page 10
10 a bout t his g uide conventions table 1 and table 2 list conventions that are used throughout this guide. Table 1 notice icons icon notice type description information note information that describes important features or instructions caution information that alerts you to potential loss of data ...
Page 11
Related documentation 11 related documentation in addition to this guide, each switch documentation set includes the following: ■ superstack 3 switch 4400 getting started guide this guide contains: ■ all the information you need to install and set up the switch in its default state ■ information on ...
Page 12
12 a bout t his g uide please include the following information when contacting us: ■ document title ■ document part number (on the title page) ■ page number (if appropriate) example: ■ superstack 3 switch implementation guide ■ part number: dua1720-3baa04 ■ page 25 please note that we can only resp...
Page 13: Witch
I s witch f eatures chapter 1 switch features overview chapter 2 optimizing bandwidth chapter 3 using multicast filtering chapter 4 using resilience features chapter 5 using the switch database chapter 6 using traffic prioritization chapter 7 status monitoring and statistics chapter 8 setting up vir...
Page 14
14.
Page 15: Witch
1 s witch f eatures o verview this chapter contains introductory information about the superstack ® 3 switch 4400 management software and supported features. It covers the following topics: ■ what is management software? ■ switch features explained for detailed descriptions of the web interface oper...
Page 16
16 c hapter 1: s witch f eatures o verview ■ network login ■ radius authentication of switch management login the switch 4400 and switch 4400 se can only be stacked together if the switch 4400 se has been upgraded using the switch 4400 se enhanced software upgrade (3c17207). This ensures that both s...
Page 17
Switch features explained 17 9 log in to the command line interface (cli) of the switch 4400 se unit that you are upgrading. 10 at the top-level menu, enter: system license add 11 enter the activation key for your upgrade license. Enter yes to confirm the installation of the license. The enhanced so...
Page 18
18 c hapter 1: s witch f eatures o verview ■ disconnect unauthorized device (dud) — disables a port if an unauthorized device transmits data on it. ■ switch management login — user name and password information is stored in a database on a radius server in your network. Log in attempts to the switch...
Page 19
Switch features explained 19 capabilities — these capabilities are by default the parameters that provide the highest performance supported by the port. 1000base-sx ports do not support auto-negotiation of port speed. Ports operating at 1000 mbps only support full duplex mode. For details of the aut...
Page 20
20 c hapter 1: s witch f eatures o verview endstations in each multicast group to which multicast traffic should be forwarded. For more information about multicast filtering, see chapter 3 “using multicast filtering” . Resilient links the resilient link feature enables you to protect critical links ...
Page 21
Switch features explained 21 for more information about stp and rstp, see chapter 4 “using resilience features” . Switch database the switch database is an integral part of the switch and is used by the switch to determine if a packet should be forwarded, and which port should transmit the packet if...
Page 22
22 c hapter 1: s witch f eatures o verview rmon remote monitoring (rmon) is an industry standard feature for traffic monitoring and collecting network statistics. The switch software continually collects statistics about the lan segments connected to the switch. If you have a management workstation ...
Page 23
Switch features explained 23 traditional network design. As an example, with vlans you can segment your network according to: ■ departmental groups ■ hierarchical groups ■ usage groups for more information about vlans, see chapter 8 “setting up virtual lans” . Configuration save and restore the conf...
Page 24
24 c hapter 1: s witch f eatures o verview ■ the configuration can only be restored onto a device or stack which has the same physical connections and configuration, including expansion modules, as when the configuration was initially saved. The restore operation will be unsuccessful if the physical...
Page 25
Switch features explained 25 values using the cli or web interface after the configuration restore has been completed. For detailed descriptions of the configuration save and restore web interface operations and command line interface (cli) commands, please refer to the management interface referenc...
Page 26
26 c hapter 1: s witch f eatures o verview.
Page 27: Ptimizing
2 o ptimizing b andwidth there are many ways you can optimize the bandwidth on your network and improve network performance. If you utilize certain switch features you can provide the following benefits to your network and end users: ■ increased bandwidth ■ quicker connections ■ faster transfer of d...
Page 28
28 c hapter 2: o ptimizing b andwidth a link do not support auto-negotiation, both ends must be manually set to full duplex or half duplex accordingly. Ports operating at 1000 mbps support full duplex mode only. Flow control all switch ports support flow control, which is a mechanism that prevents p...
Page 29
Aggregated links 29 ■ 1000base-sx ports support auto-negotiation, however, the standard defines that 1000base-sx can only operate at 1000 mbps, full duplex mode, so they can only auto-negotiate flow control. Smart auto-sensing smart auto-sensing allows auto-negotiating multi-speed ports, such as 100...
Page 30
30 c hapter 2: o ptimizing b andwidth configured as 100base-tx and they are operating in full duplex, the potential maximum bandwidth of the connection is 800 mbps. Figure 1 switch units connected using an aggregated link . 3com recommends that you use ieee 802.3ad lacp automatic aggregations rather...
Page 31
Aggregated links 31 figure 2 dynamic reassignment of traffic flows the key benefits of 802.3ad link aggregation are: ■ automatic configuration — network management does not need to be used to manually aggregate links. ■ rapid configuration and reconfiguration — approximately one to three seconds. ■ ...
Page 32
32 c hapter 2: o ptimizing b andwidth figure 3 aggregated link — example ■ lacp pre-configured aggregations — if you need to know which aggregated link is associated with which device in your network you can use a lacp pre-configured aggregation. This allows you to manually configure the mac address...
Page 33
Aggregated links 33 aggregated links and your switch ■ when any port is assigned to an aggregated link (either manually or via lacp) it will adopt the configuration settings of the aggregated link. When a port leaves an aggregated link its original configuration settings are restored. ■ a maximum of...
Page 34
34 c hapter 2: o ptimizing b andwidth ■ when multiple links of different speed connect two devices only the highest speed links will be aggregated. The other links will be held in a standby state until there is a problem with a higher speed link(s). The lower speed link(s) will then become active. ■...
Page 35
Aggregated links 35 ■ member links must retain the same groupings at both ends of an aggregated link. For example, the configuration in figure 5 will not work as switch a has one aggregated link defined whose member links are then split between two aggregated links defined on switches b and c. Note ...
Page 36
36 c hapter 2: o ptimizing b andwidth ■ to gather statistics about an aggregated link, you must add together the statistics for each port in the aggregated link. ■ if you wish to disable a single member link of an aggregated link, you must first physically remove the connection to ensure that you do...
Page 37
Aggregated links 37 the switch also has a mechanism to prevent the possible occurrence of packet re-ordering when a link recovers too soon after a failure. Aggregated link — manual configuration example the example shown in figure 7 illustrates an 800 mbps aggregated link between two switch units, (...
Page 38
38 c hapter 2: o ptimizing b andwidth 3 connect port 2 on the upper switch to port 2 on the lower switch. 4 connect port 4 on the upper switch to port 4 on the lower switch. 5 connect port 6 on the upper switch to port 6 on the lower switch. 6 connect port 8 on the upper switch to port 8 on the lowe...
Page 39: Sing
3 u sing m ulticast f iltering multicast filtering improves the performance of networks that carry multicast traffic. This chapter explains multicasts, multicast filtering, and how multicast filtering can be implemented on your switch. It covers the following topics: ■ what is an ip multicast? ■ mul...
Page 40
40 c hapter 3: u sing m ulticast f iltering a multicast packet is identified by the presence of a multicast group address in the destination address field of the packet’s ip header. Benefits of multicast the benefits of using ip multicast are that it: ■ enables the simultaneous delivery of informati...
Page 41
Multicast filtering 41 figure 8 the effect of multicast filtering multicast filtering and your switch your switch provides automatic multicast filtering support using igmp (internet group management protocol) snooping. It also supports igmp query mode. Snooping mode snooping mode allows your switch ...
Page 42
42 c hapter 3: u sing m ulticast f iltering command will configure the switch 4400 series to automatically negotiate with compatible devices on vlan 1 to become the querier. The switch 4400 series is compatible with any device that conforms to the igmp v2 protocol. The switch 4400 series does not su...
Page 43
Igmp multicast filtering 43 enabling igmp multicast learning you can enable or disable multicast learning and igmp querying using the snoopmode command on the cli or the web interface. For more information about enabling igmp multicast learning, please refer to the management interface reference gui...
Page 44
44 c hapter 3: u sing m ulticast f iltering.
Page 45: Sing
4 u sing r esilience f eatures setting up resilience on your network helps protect critical links against failure, protects against network loops, and reduces network downtime to a minimum. This chapter explains the features supported by the switch that provide resilience for your network. It covers...
Page 46
46 c hapter 4: u sing r esilience f eatures resilience feature overview resilient links and stp/rstp cannot both be used on the network at the same time. Table 3 lists the key differences between each feature, so you can evaluate the benefits of each to determine which feature is most suitable for y...
Page 47
Spanning tree protocol (stp) 47 ■ symmetric (default) — the standby link remains as the active link even if the main link resumes normal operation. ■ switchback — the standby link continues as the active link until the main link resumes normal operation. The active link then switches back from the s...
Page 48
48 c hapter 4: u sing r esilience f eatures the protocol is a part of the ieee std 802.1d, 1998 edition bridge specification. To explain stp more effectively, your switch will be referred to as a bridge. Rapid spanning tree protocol (rstp) the rapid spanning tree (rstp) is an enhanced spanning tree ...
Page 49
What is stp? 49 rstp provides the same functionality as stp. For details on how the two systems differ, see “how rstp differs to stp” on page 52 . As an example, figure 9 shows a network containing three lan segments separated by three bridges. With this configuration, each segment can communicate w...
Page 50
50 c hapter 4: u sing r esilience f eatures if a link failure is detected, as shown in figure 11 , the stp process reconfigures the network so that traffic from lan segment 2 flows through bridge b. Figure 11 traffic flowing through bridge b stp determines which is the most efficient path between ea...
Page 51
How stp works 51 ■ each port to have a cost. This specifies the efficiency of each link, usually determined by the bandwidth of the link — the higher the cost, the less efficient the link. Table 4 shows the default port costs for a switch. Table 4 default port costs stp calculation the first stage i...
Page 52
52 c hapter 4: u sing r esilience f eatures all traffic destined to pass in the direction of the root bridge flows through the designated bridge. The port on this bridge that connects to the segment is called the designated bridge port. Stp configuration after all the bridges on the network have agr...
Page 53
How stp works 53 figure 12 port costs in a network ■ bridge a has the lowest bridge identifier in the network, and has therefore been selected as the root bridge. ■ because bridge a is the root bridge, it is also the designated bridge for lan segment 1. Port 1 on bridge a is therefore selected as th...
Page 54
54 c hapter 4: u sing r esilience f eatures ■ bridge c has been selected as the designated bridge for lan segment 3, because it offers the lowest root path cost for lan segment 3: ■ the route through bridges c and b costs 200 (c to b=100, b to a=100) ■ the route through bridges y and b costs 300 (y ...
Page 55
How stp works 55 figure 13 stp configurations.
Page 56
56 c hapter 4: u sing r esilience f eatures default behavior this section contains important information to note when using the rstp and fast start features, particularly if you already have existing switch 4400 units in your network with an older version of software. Rstp default behavior when usin...
Page 57
Using stp on a network with multiple vlans 57 using stp on a network with multiple vlans the ieee std 802.1d, 1998 edition does not take into account vlans when it calculates stp information — the calculations are only performed on the basis of physical connections. For this reason, some network con...
Page 58
58 c hapter 4: u sing r esilience f eatures.
Page 59: Sing
5 u sing the s witch d atabase what is the switch database? The switch database is used by the switch to determine where a packet should be forwarded to, and which port should transmit the packet if it is to be forwarded. The database contains a list of entries — each entry contains three items: ■ m...
Page 60
60 c hapter 5: u sing the s witch d atabase switch database entry states databases entries can have three states: ■ learned — the switch has placed the entry into the switch database when a packet was received from an endstation. Note that: ■ learned entries are removed (aged out) from the switch da...
Page 61: Sing
6 u sing t raffic p rioritization using the traffic prioritization capabilities of your switch provides quality of service (qos) to your network through increased reliability of data delivery. You can prioritize traffic on your network to ensure that high priority data is transmitted with minimum de...
Page 62
62 c hapter 6: u sing t raffic p rioritization se, upgrade the product to the switch 4400 se enhanced software upgrade (3c17207). For a list of the features supported by your switch, please refer to the management quick reference guide that accompanies your switch. For detailed descriptions of the c...
Page 63
How traffic prioritization works 63 for a look at a 3com white paper on how to gain control of the network, please refer to the pdf format article at this link: http://www.3com.Com/other/pdfs/products/en_us/getcontrolofth enetwork.Pdf (correct at time of publication) how traffic prioritization works...
Page 64
64 c hapter 6: u sing t raffic p rioritization ■ traffic remarking — if a traffic packet enters the switch with a priority marking requesting an unacceptable level of service, the switch can re-mark it with a different priority value to downgrade its level of service. ■ traffic prioritization — once...
Page 65
How traffic prioritization works 65 traffic marking after traffic has been identified through classification, it must be marked to ensure that other devices such as layer 2 switches or routers on the network know how to prioritize the application, device or user that generated it. The switch uses tw...
Page 66
66 c hapter 6: u sing t raffic p rioritization the traffic marking and prioritization supported by the switch using layer 2 information is compatible with the relevant sections of the ieee std 802.1d, 1998 edition (incorporating ieee 802.1p). The ieee 802.1d standard is the most widely used prioriti...
Page 67
How traffic prioritization works 67 ■ dscp is backward compatible with ipv4 tos, which allows operation with any existing devices with layer 3 tos enabled prioritization scheme in use. Traffic re-marking traffic entering the switch may get downgraded or discarded depending on the network policies an...
Page 68
68 c hapter 6: u sing t raffic p rioritization not the egress port is tagged for that vlan. If it is, then the new 802.1p tag is used in the extended 802.1d header. By default, the superstack 3 switch 4400 se supports a basic level of qos. To make advanced traffic prioritization available on the swi...
Page 69
How traffic prioritization works 69 figure 15 shows how traffic prioritization works at layer 2. The switch will check a packet received at the ingress port for ieee 802.1d traffic classification, and then prioritize it based upon the ieee 802.1p value (service levels) in that tag. It is this 802.1p...
Page 70
70 c hapter 6: u sing t raffic p rioritization figure 16 advanced traffic prioritization and marking 1 the packet received at the ingress port is checked for any of the supported traffic classification methods (dscp, tcp/udp ports, ip address, protocol) to identify the traffic. 2 the classification ...
Page 71
Configuring traffic prioritization on the switch 71 ■ otherwise, if there are no other classifiers except the 802.1p tag, then the packet will pass through the switch with the original 802.1p priority tag. ■ otherwise, if the received packet does not have an 802.1p tag, then a default 802.1p tag (wh...
Page 72
72 c hapter 6: u sing t raffic p rioritization correctly by other parts of the network, or it can discard the packet. Your switch offers 6 predefined standard service levels which are shown in table 8 on page 74 . 3 create a qos profile — the next step is to create a qos profile. A qos profile can b...
Page 73
Important qos considerations 73 is received has an nbx classifier in it such as the default profile does, the switch will automatically detect nbx telephone voice traffic and prioritize accordingly. The switch also has an nbx classifier for ethernet type 0x8868, which is the layer 2 nbx traffic. Nbx...
Page 74
74 c hapter 6: u sing t raffic p rioritization ■ traffic marking is performed as a result of classification, and so you should aim to perform the marking only once to reduce the additional requirements that qos places upon the capabilities of your network infrastructure. ■ as dscp uses a field in th...
Page 75
Example qos configurations 75 example qos configurations figure 17 shows a simple example of how qos can be implemented on a university campus. It shows how traffic receives the appropriate prioritization and treatment across the network according to the applications used (traffic type), at which lo...
Page 76
76 c hapter 6: u sing t raffic p rioritization table 9 example qos profile rules other configuration examples and guidelines for an explanation of how to block mp3 streaming from the internet, please refer to the pdf format article at this link: http://www.3com.Com/other/pdfs/products/en_us/3com_ss4...
Page 77: Tatus
7 s tatus m onitoring and s tatistics this chapter contains details of the features that assist you with status monitoring and statistics. It covers the following topics: ■ roving analysis port ■ rmon for detailed descriptions of the web interface operations and the command line interface (cli) comm...
Page 78
78 c hapter 7: s tatus m onitoring and s tatistics roving analysis is not supported: ■ across a stack of switch 4400 units. ■ in a single switch 4400 (48-port) unit within a stack of switch 4400 units, or across a stack of switch 4400 units. Rmon using the rmon capabilities of a switch allows you to...
Page 79
Benefits of rmon 79 the group is useful for analyzing the traffic patterns and trends on a lan segment or vlan, and for establishing the normal operating parameters of your network. Alarms the alarms group provides a mechanism for setting thresholds and sampling intervals to generate events on any r...
Page 80
80 c hapter 7: s tatus m onitoring and s tatistics ■ it reduces the load on the network and the management workstation traditional network management involves a management workstation polling network devices at regular intervals to gather statistics and identify problems or trends. As network sizes ...
Page 81
Rmon and the switch 81 when using the rmon features of the switch, note the following: ■ after the default sessions are created, they have no special status. You can delete or change them as required. ■ the greater the number of rmon sessions, the greater the burden on the management resources of th...
Page 82
82 c hapter 7: s tatus m onitoring and s tatistics the audit log the switch keeps an audit log of all management user sessions, providing a record of a variety of changes, including ones relating to rmon. The log can only be read by users at the security access level using an snmp network management...
Page 83
Rmon and the switch 83 you can configure the email address to which you wish the notifications to be sent. However, you cannot change the factory default notification messages for event emails. Rmon traps continue to be sent, in addition to any email notifications you may receive. The events that ca...
Page 84
84 c hapter 7: s tatus m onitoring and s tatistics.
Page 85: Etting
8 s etting u p v irtual lan s setting up virtual lans (vlans) on your switch increases the efficiency of your network by dividing the lan into logical, rather than physical, segments which are easier to manage. This chapter explains more about the concept of vlans and explains how they can be implem...
Page 86
86 c hapter 8: s etting u p v irtual lan s figure 18 a network setup showing three vlans benefits of vlans the main benefit of vlans is that they provide a network segmentation system that is far more flexible than any traditional network. Using vlans also provides you with three other benefits: ■ v...
Page 87
Vlans and your switch 87 ■ vlans help to control traffic with traditional networks, congestion can be caused by broadcast traffic that is directed to all network devices whether they require it or not. Vlans increase the efficiency of your network because each vlan can be set up to contain only thos...
Page 88
88 c hapter 8: s etting u p v irtual lan s figure 19 two vlans connected via a router creating new vlans if you want to move a port from the default vlan to another vlan, you must first define information about the new vlan on your switch. Vlans: tagged and untagged membership your switch supports 8...
Page 89
Vlan configuration examples 89 identify which packets belong in which vlans. To communicate between vlans a router must be used. Vlan configuration examples this section contains examples of vlan configurations. It describes how to set up your switch to support simple untagged and tagged connections...
Page 90
90 c hapter 8: s etting u p v irtual lan s to set up the configuration shown in figure 20 : 1 configure the vlans define vlan 2 on the switch. Vlan 1 is the default vlan and already exists. 2 add ports to the vlans add ports 10, 11 and 12 of the switch as untagged members to vlan 2. Using 802.1q tag...
Page 91
Vlan configuration examples 91 to set up the configuration shown in figure 21 : 1 configure the vlans on switch 1 define vlan 2. Vlan 1 is the default vlan and already exists. 2 add endstation ports on switch 1 to the vlans place the endstation ports in the appropriate vlans as untagged members. 3 a...
Page 92
92 c hapter 8: s etting u p v irtual lan s.
Page 93: Sing
9 u sing w ebcache s upport this chapter outlines the webcache support feature, explains the key benefits of using this feature, and gives examples of how and why you would use it in your network. To make webcache support available on the superstack 3 switch 4400 se, upgrade the product to the switc...
Page 94
94 c hapter 9: u sing w ebcache s upport ■ latency is reduced as the webcache is able to deliver web content faster than the time required to retrieve information over a wan connection. Because the redirection decision is based upon the destination tcp port, the solution is transparent to end users ...
Page 95
What is webcache support? 95 the redirected tcp port number can be changed through the cli using the feature cacheconfig changeport command, or via the web interface by selecting system > cache config > change tcp port. If your switch is configured to generate snmp traps, you may see a trap containi...
Page 96
96 c hapter 9: u sing w ebcache s upport webcache support example figure 22 shows a switch 4400 in a network with a webcache connected to the network and enabled. The switch identifies all http traffic flowing through it and redirects all http traffic to the webcache. Figure 22 example of a network ...
Page 97
Webcache support example 97 important considerations this section contains some important considerations when using webcache support on the switch 4400. ■ the switch 4400 supports the superstack 3 webcache 1000/3000. ■ the webcache must be connected directly to the switch 4400 — there must be no int...
Page 98
98 c hapter 9: u sing w ebcache s upport.
Page 99: Sing
10 u sing a utomatic ip c onfiguration this chapter explains more about ip addresses and how the automatic configuration option works. It covers the following topics: ■ how your switch obtains ip information ■ how automatic ip configuration works ■ important considerations for detailed information o...
Page 100
100 c hapter 10: u sing a utomatic ip c onfiguration how your switch obtains ip information your switch has two ways to obtain its ip address information: ■ automatic ip configuration (default) — the switch attempts to configure itself by communicating with address allocation servers on the network ...
Page 101
How automatic ip configuration works 101 automatic process to detect its ip information using the automatic configuration process, the switch goes through the following sequence of steps: 1 the dhcp client that resides in the switch makes up to four attempts to contact a dhcp server on the network r...
Page 102
102 c hapter 10: u sing a utomatic ip c onfiguration important considerations this section contains some important points to note when using the automatic ip configuration feature. The dynamic nature of automatically configured ip information means that a switch may change its ip address whilst in u...
Page 103: Aking
11 m aking y our n etwork s ecure this chapter outlines the port security and switch management login features, explains the key benefits of using these features, and gives examples of how and why you would use them in your network. For detailed descriptions of the web interface operations and the c...
Page 104
104 c hapter 11: m aking y our n etwork s ecure port security the switch 4400 supports the following port security modes, which you can set for an individual port or a range of ports: ■ no security port security is disabled and all network traffic is forwarded through the port without any restrictio...
Page 105
What is network login? 105 nbx mode offers a reduced level of network security because the switch port is accessible at all times to allow nbx phone traffic to be automatically forwarded. When the port is configured in the network login with nbx operational mode and the client device is removed, the...
Page 106
106 c hapter 11: m aking y our n etwork s ecure to make network login available on the superstack 3 switch 4400 se, upgrade the product to the switch 4400 se enhanced software upgrade (3c17207). How network login works when network login is enabled the switch acts as a relay agent between the client...
Page 107
What is disconnect unauthorized device (dud)? 107 for further information about radius, see “what is radius?” on page 112 . Important considerations this section contains some important considerations when using network login on the switch 4400. ■ before you enable network login you must ensure that...
Page 108
108 c hapter 11: m aking y our n etwork s ecure you can configure dud to perform one of the following actions if an unauthorized client device transmits data on the port: ■ permanently disable the port the port is disabled and data from the unauthorized client device is not transmitted. ■ temporaril...
Page 109
What is switch management login? 109 to make radius authentication of switch management login available on the superstack 3 switch 4400 se, upgrade the product to the switch 4400 se enhanced software upgrade (3c17207). Benefits of radius authentication day-to-day network maintenance can become a sub...
Page 110
110 c hapter 11: m aking y our n etwork s ecure figure 24 radius authentication operation 3com vendor specific attribute the default user levels on the switch (monitor, manager, admin) are supported by a 3com vendor specific attribute (vsa). The vendor-id for 3com is 43. You must configure the radiu...
Page 111
What is switch management login? 111 figure 25 3 com vendor specific attribute for further information about configuring the switch for switch management login and radius authentication, please refer to the management interface reference guide supplied in html format on the cd-rom that accompanies y...
Page 112
112 c hapter 11: m aking y our n etwork s ecure what is radius? Remote authentication dial-in user service (radius) is an industry standard protocol for carrying authentication, authorization and configuration information between a network device and a shared authentication server. Transactions betw...
Page 113: Ower
12 p ower m anagement and c ontrol this chapter outlines the use of power over ethernet (802.3af), explains the benefits, and gives examples of how you can use it in your network. Power over ethernet and power management are only available on the switch 4400 pwr (3c17205). What is power over etherne...
Page 114
114 c hapter 12: p ower m anagement and c ontrol increased reliability a device powered by a power over ethernet switch will be able to take advantage of the facilities available to the switch. The switch can be fitted with a redundant power supply or uninterruptible power supply, increasing its upt...
Page 115
Planning power budgets 115 have not had their power guaranteed. See “configuring a guaranteed power plan” on page 116 . 2 any device connected to a lower port number will take priority over a device connected to a higher port number. If the switch needs to remove power from a device it will remove p...
Page 116
116 c hapter 12: p ower m anagement and c ontrol supplied with power if all the existing power requirements can also be met. See “configuring a guaranteed power plan” below. ■ once power has been guaranteed to a port it will be reserved for that port even if the device or port is not currently in us...
Page 117
Monitoring power usage 117 monitoring power usage leds the switch has four power utilization leds that show the current level of power supplied by the unit as shown in table 13 . Monitoring port leds the switch’s port leds show ethernet information or power over ethernet information depending on the...
Page 118
118 c hapter 12: p ower m anagement and c ontrol monitoring power usage using the web interface the switch keeps statistics on the power usage of each port. To view the power usage for a port: 1 log into the web interface. 2 from the device view, select physical interface > power > detail. The poe d...
Page 119
Problem solving 119 4 click reset meters if you want to reset the average power and peak power. 5 click ok when you have finished. Displaying a graphical summary the switch can also display a graphical summary of the state of ports and the power they supply. To view the graphical summary: 1 log into...
Page 120
120 c hapter 12: p ower m anagement and c ontrol.
Page 121: Ppendices
Ii a ppendices and i ndex appendix a configuration rules appendix b network configuration examples appendix c ip addressing glossary index.
Page 122
122.
Page 123: Onfiguration
A c onfiguration r ules configuration rules for gigabit ethernet gigabit ethernet is designed to run over several media: ■ single-mode fiber optic cable, with connections up to 5 km (3.1 miles). Support for distances over 5 km is supported depending on the module specification. ■ multimode fiber opt...
Page 124
124 a ppendix a: c onfiguration r ules configuration rules for fast ethernet the topology rules for 100 mbps fast ethernet are slightly different to those for 10 mbps ethernet. Figure 26 illustrates the key topology rules and provides examples of how they allow for large-scale fast ethernet networks...
Page 125
Configuration rules for fast ethernet 125 ■ a total network span of 325 m (1066 ft) is allowed in single-repeater topologies (one hub stack per wiring closet with a fiber link to the collapsed backbone). For example, a 225 m (738 ft) fiber link from a repeater to a router or switch, plus a 100 m (32...
Page 126
126 a ppendix a: c onfiguration r ules.
Page 127: Etwork
B n etwork c onfiguration e xamples this chapter contains the following sections: ■ simple network configuration examples ■ segmentation switch example ■ collapsed backbone switch example ■ desktop switch example ■ advanced network configuration examples ■ improving the resilience of your network ■ ...
Page 128
128 a ppendix b: n etwork c onfiguration e xamples simple network configuration examples the following illustrations show some simple examples of how the switch 4400 family and 4900 family can be used in your network. Segmentation switch example the example in figure 27 shows how a 10/100 switch suc...
Page 129
Simple network configuration examples 129 collapsed backbone switch example the example in figure 28 shows how a switch 4400 stack can act as a backbone for both shared and switched network segments. Figure 28 using the switch 4400 as a collapsed backbone.
Page 130
130 a ppendix b: n etwork c onfiguration e xamples desktop switch example the example in figure 29 shows how a switch 4400 can be used for a group of users that require dedicated 10 mbps or 100 mbps connections to the desktop. The switch 4400 stack has a 1000base-t module fitted that allows it to pr...
Page 131
Advanced network configuration examples 131 advanced network configuration examples this section shows some network examples that illustrate how you can set up your network for optimum performance using some of the features supported by your switch. Improving the resilience of your network figure 30...
Page 132
132 a ppendix b: n etwork c onfiguration e xamples enhancing the performance of your network figure 31 shows how you can set your network up to enhance its performance. All ports are auto-negotiating and smart auto-sensing and will therefore pass data across the network at the optimum available spee...
Page 133
Advanced network configuration examples 133 utilizing the traffic prioritization features of your network the example in figure 32 shows a network configuration that demonstrates how you can utilize the different types of quality of service (qos profiles) to ensure a high level of service and priori...
Page 134
134 a ppendix b: n etwork c onfiguration e xamples.
Page 135: Ip A
C ip a ddressing this chapter provides some background detail on the ip information that needs to be assigned to your switch to enable you to manage it across a network. The topics covered are: ■ ip addresses ■ subnets and subnet masks ■ default gateways ip addressing is a vast topic and there are w...
Page 136
136 a ppendix c: ip a ddressing 192.168.100.X (where x is a number between 1 and 254) with a subnet mask 255.255.255.0. If you are using slip, use the default slip address of 192.168.101.1 with a subnet mask of 255.255.255.0. These suggested ip addresses are part of a group of ip addresses that have...
Page 137
Ip addresses 137 dotted decimal notation the actual ip address is a 32-bit number that is stored in binary format. These 32 bits are segmented into 4 groups of 8 bits — each group is referred to as a field or an octet. Decimal notation converts the value of each field into a decimal number, and the ...
Page 138
138 a ppendix c: ip a ddressing subnets and subnet masks you can divide your ip network into sub-networks also known as subnets. Support for subnets is important because the number of bits assigned to the device part of an ip address limits the number of devices that may be addressed on any given ne...
Page 139
Subnets and subnet masks 139 as shown in this example, the 32 bits of an ip address and subnet mask are usually written using an integer shorthand. This notation translates four consecutive 8-bit groups (octets) into four integers that range from 0 through 255. The subnet mask in the example is writ...
Page 140
140 a ppendix c: ip a ddressing the subnet mask 255.255.255.255 is reserved as the default broadcast address. Default gateways a gateway is a device on your network which is used to forward ip packets to a remote destination. An alternative name for a gateway is a router. “remote” refers to a destin...
Page 141: Lossary
G lossary 3com network supervisor the 3com network management application used to manage 3com’s networking solutions. 10base-t the ieee specification for 10 mbps ethernet over category 3, 4 or 5 twisted pair cable. 100base-fx the ieee specification for 100 mbps fast ethernet over fiber-optic cable. ...
Page 142
142 g lossary bandwidth the information capacity, measured in bits per second, that a channel can transmit. The bandwidth of ethernet is 10 mbps, the bandwidth of fast ethernet is 100 mbps, and the bandwidth of gigabit ethernet is 1000 mbps. Baud the signalling rate of a line, that is, the number of...
Page 143
143 dns domain name system. This system maps a numerical internet protocol (ip) address to a more meaningful and easy-to-remember name. When you need to access another device on your network, you enter the name of the device, instead of its ip address. Dud disconnect unauthorized device. A port secu...
Page 144
144 g lossary half duplex a system that allows packets to transmitted and received, but not at the same time. Contrast with full duplex. Hub a device that regenerates lan traffic so that the transmission distance of that signal can be extended. Hubs are similar to repeaters, in that they connect lan...
Page 145
145 internet group management protocol internet group management protocol (igmp) is a protocol that runs between hosts and their immediate neighboring multicast routers. The protocol allows a host to inform its local router that it wishes to receive transmissions addressed to a specific multicast gr...
Page 146
146 g lossary loop an event that occurs when two network devices are connected by more than one path, thereby causing packets to repeatedly cycle around the network and not reach their destination. Mac media access control. A protocol specified by the ieee for determining which devices have access t...
Page 147
147 power over ethernet power supplied using either the spare pairs or signal pairs of an ethernet cable using the ieee 802.3af standard. Protocol a set of rules for communication between devices on a network. The rules dictate format, timing, sequencing and error control. Radius remote authenticati...
Page 148
148 g lossary server a computer in a network that is shared by multiple endstations. Servers provide endstations with access to shared network services such as computer files and printer queues. Slip serial line internet protocol. A protocol that allows ip to run over a serial line (console port) co...
Page 149
149 tcp relates to the content of the data travelling through a network — ensuring that the information sent arrives in one piece when it reaches its destination. Ip relates to the address of the endstation to which data is being sent, as well as the address of the destination network. Telnet a tcp/...
Page 150
150 g lossary.
Page 151: Ndex
I ndex 151 i ndex a addresses classes 137 ip 135 advantages of power over ethernet 113 aggregated links 18, 29 aging time, definition 60 alarm events 81 alarm settings, default 81 alarms (rmon group) 79, 80 audit log 82 auto-ip 100 automatic ip configuration 100 auto-negotiation 18, 28 b backup 23 b...
Page 152
152 i ndex obtaining 136 subnet mask 138 subnetwork portion 138 ip multicast addressing 39 ip routing address classes 137 l learned sdb entries 60 leds power 117 m mac (media access control) addresses ip address 136 manual configuration 100 masks subnet 138 matrix (rmon group) 80 max age 52 monitori...
Page 153
I ndex 153 designated bridge port 52 example 52 hello bpdus 52 max age 52 priority 50 root bridge 50 root path cost 51 root port 51 using on a network with multiple vlans 57 subnet mask 138 defined 138 example 138 numbering 139 subnets 138 subnetworking defined 138 subnet mask 138 sub-networks. See ...