Instruction/ maintenance manual of the product IC36240 Asante Technologies
Go to page of 108
IntraCore ® IC36240 Series Layer 2+ Gigabit Ethernet Switch User ’ s Manual.
IntraCore IC36240 Layer 2+ Gigabit Ethernet Switch User’s Manual Asante Technologies, Inc. 2223 Oakland Road San Jose, CA 95131 USA SALES 800-662-9686 Home/Office Solutions 800-303-9121 Enterpris e Solutions 408-435-8388 TECHNICAL SUPPORT 801-566-8991: W orldwide 801-566-3787: F ax www.
Table of Contents Table of Conten ts ........................................................................................................................................................... 3 Chapter 1: Introduc tion ...............................
3.2 Connecting to a PC ......................................................................................................... ................................... 19 3.3 Passwords and Priv ileges Co mmands ...........................................
4.8.5 Scrolling Down a Line or a Scr een ........................................................................................ ....................... 35 4.8.6 Redisplaying the Current Comma nd Line .................................................
6.4 Using A ccess Li sts ......................................................................................................... .................................... 57 6.4.1 Create a St andard Acce ss List ..........................................
9.4 Spanning Tr ee Protocol C onfigurat ion....................................................................................... ......................... 81 9.4.1 STP Port Configur ation .............................................................
Chapter 1: Introduction The IntraCore IC36240 24-por t Layer 2+ Managed Giga bit Switch is a high-performance net work switch used to reduce network congestion a nd application response times. The 24-port IntraCore IC36240 multi-protoc ol switch supports Layer 2+ and Giga bit Ethernet switching.
1.2 Package Contents The following items are included in the s witch’s package: • Swi tch • AC power cord • USB cable for management console port • RS232 null-modem cable for manageme nt con.
1.3.1 LEDs The IC36240 front panel LE D display allo ws you to monitor the status of the switch. The IC36240 has one po wer LED indicator, one (optional) ext e rnal power LED and one f an LED. There are also LED indicators for each of the 24 ports. Refer to the following tabl e for LED information.
1.4 Management and Configuration The switch is managed usin g Command Line Interface (CLI ) in order to a ccess several different command modes. Entering a question mark (?) at each command mode’s prompt provides a list of commands.
Chapter 2: Hardware Installation and Setup Use the following guidelines to easi ly install the switch, ens uring that it ha s the proper power supply and environment. 2.1 Installation Overview Follow these steps to install the IntraCore IC36240 s witch: 1.
2.1.2 Recommended Installation Tools You need the following ad ditional tools and equ ipment to install the switch into an equipment rack: • Flat head screwdriver • Phillips head screwdriver • Antistatic mat or foam 2.1.3 Power Requirements The electrical outlet should be properl y grounded, locat ed near the switch and be easil y accessible.
5. Place the switch in the equipment rack. 6. Secure the switch by securing its mounting br acke ts onto the equipment rack with the appropriate screws (supplied). Important: Make sure the switch is supported until all the mounting scre ws for each bracket are secured to the equipment rack.
To verify the primary power status, use the Switch# show system command. Under System Informat ion, you see the power unit status. System Information ------------------ System up for: 000day(s), 01hr(s), 46min(s), 54sec(s) PROM Image Version/Date: 1.00C/Nov 11 2004 17:03:04 DRAM Size: 64.
Important: The switch must be located within 100 meters of its attached 10Bas eT or 100BaseTX dev ices. Use the following guidelines to determi ne the cabling requirements for the network devices: •.
• 1000BaseLH GBIC: Cables wit h SC-type fiber connectors; 10µ sing le-mode fiber media up to 20 km (65,617') • 1000BaseLX Long H aul GBIC: Cables with SC-type fiber connectors; 10µ single-m.
Chapter 3: Initial Software Setup Configure the switch by connecting directly to it th rough a console (out-of-band managem ent), running a terminal emulation program, such as HyperT erminal or by using telnet. 3.1 Connecting to a Console To connect the switch to a console or computer , set up the system in the following manner: 1.
e. Press the Configuration button from the Connect To window. e f. Set the data rate to 9600 Baud. g. Set data format to 8 data bits, 1 stop bit and no parit y. h. Set flow control to NONE. f g h Now that terminal is set up correctly, power on the sw itch.
3.3 Passwords and Privileges Commands The switch has not default pass word, which allows any one on the net work access to various privilege levels. T o prevent unauthorized changes to the switch’s configuration, you sho uld set an enable password for access to s witch management.
3.3.3 Password To specify a password on a line, use the password command in line confi guration mode. Use the no form of this command to remove the password.
3.4 Login Security Two methods are available o n the IntraCore IC36240 to co nfigur e an authentication quer y process for better login security: the username command for the g lobal configuration mode an d password and login commands from the line configuration mode.
5. Type ip address and the new addr ess. The following screen appears: Switch> enable Switch# configure Switch(config)# ip address 192.168.123.254/24 Switch(config)# end Switch# show ip Dhcp Client Enabled ..........: No IP Address ................
Chapter 4: Understanding the Command Line Interface (CLI) The switch utilizes Command Lin e Interface (CLI) to pr ovide access to seve ral different command modes. Each command mode provides a group of related commands. After logging into the system, you are autom atically in the user top (user E XEC) mode .
To list the commands available in user top m ode, enter a question mark (?). Use a space and a questi on mark (?) after entering a command to see all the options for that particular command. Command Purpose ? Lists the user EXEC commands. show ? Lists all the options avail able for the given command.
In general, the top (privileged) commands allow you to change terminal set tings on a temporary b asis, perform basic tests, and list system information. To list the commands av ailable in top mo de, enter a question mark (?) at the prompt, as shown in the following example.
To exit global config uration command mode and return to privile ged EXEC mode, use on e of the following commands: Command Purpose exit end Ctrl-Z Exits global configuration mo de and returns to privileged EXEC mode.
4.3.1 Interface Configuration Mode Many features are enabled on a per-interface basis. Interface configuration commands m odify the operation of an interface such as an Ethernet or serial port. In terface configuration commands al ways follow an interface global configuration command, which defin es the interface type as Ethernet.
In the following example, the switch shows the multiple Spanni ng Trees (MST) command. Switch(config)# spanning-tree mst configuration Switch(config-mst)# ? end End current mode and change to enable m.
To get help specific to a command mode, a command, a keyword, or an argument, perform one of the following commands: Command Purpose Help Obtain a brief description of the help system in an y command mode. ? List all commands available for a particu lar command mode.
Switch# configure ? configure Enter configuration mode Note that in the example below, if you e nter the ip comman d followed by the Return Key or Enter, the system returns the prompt that the command is incomplete. Switch# ip % Command incomplete. Switch# Generally, uppercase letters represent variables.
4.6 Using CLI Command History The CLI user interface provides a histor y or record of co mmands that you have e ntered. This feature is particularl y useful for recalling long or co mplex commands or entries, including access lists.
4.8.1 Moving Around on the Command Line Use the following keystrokes to move the cur sor around on the command line in order to make corrections or changes: Keystrokes Purpo se Press Ctrl-B or the left arrow. Move the cursor back one character. Press Ctrl-F or the right arrow.
4.8.3 Editing Command Lines That Wrap The enhanced editi ng feature provides a wraparound for comm ands that extend beyond a sing le line on the screen.
When you have completed th e entry, press Ctrl-A to check the complete syntax before pr essing Enter to execute the command. The dollar sign ($) appears at the end of the l ine to indicate that the line has been scrolled to the right: Switch(config)# access-list 101 permit icmp 192.
4.8.7 Transposing Mistyped Character s If you have mistyped a command e ntry, you can transpose the mist yped characters by using the follo wing command: Keystrokes Purpo se Press Ctrl-T . Transpose the character to the left of the cursor with the character located at the cursor.
Chapter 5: Managing the System and Configuration Files This chapter explains ho w to manage the system information, as well as how to manage the configuration files for the IntraCore IC36240.
5.1.2 Specifying the Hostname The factory-assigned default host name is Switch . To specify or modify the host name for the network, use the hostname global config uration command.
To log messages, use the follo wing command in global configur ation mode. Command Purpose logging address IP address of the host to be used as a syslog server. logging facility Facility parameters for syslog messages. logging trap Set syslog server logging level.
You can add comments to a configuration file descri bin g the commands you hav e entered. Precede a comment with an exclamation point (!). Use the following commands to configure th e software from the terminal. Command Purpose configure Enters global configuration mode and select the termina l option.
The following is an example of cop ying the startup-config for use on the swit ch. Switch# copy startup-config ? running-config Update (merge with) current system configuration tftp:[//A.
The following is an example of copying the running-config for use on the switch. Switch# copy running-config ? startup-config Copy to startup configuration tftp:[//A.B.C.D/filename] Copy to tftp: file system Switch# copy running-config tftp Enter TFTP Server IP Address [A.
In the following example, the software is configured from the file my-config at IP address 19 2.168.123.59: Switch# copy tftp://192.168.123.59/my-confg running-config Download file ‘my-config’ from 192.168.123.59 to running-config? [y/n] y Accessing tftp://192.
5.3.3 Security Levels SNMPv3 has three levels of security. The lo west level does not provide authentication or privac y (noAuthNoPriv). This level is comparable to SNMPv1. T he second level pr ovides authentication, but no privac y (AuthNoPriv). The highest level provides auth entication and securit y (Aut hPriv).
To set up the community access string to per mit access to the SNMP, use the following command from the global command mode. Command Purpose Snmp-server community string [ view view-name ] { ro | rw } [ access-list-number ] Define the community access string.
5.3.5 SNMP Configuration Commands Command Purpose snmp-server Enable the SNMP agent. The first snmp-server g lobal configuration command enables SNMP. snmp-server engin eID { local engineid- string | remote host-ip-address [ udp-port port-number ] enginei d-string } Set Engine ID for local or remote devices.
All of the bridges (a switch is a comp lex bridge) on the network communicate with each other using special packets of data called Bridge Protocol Data Units (BPDUs).
Reducing the values of these timers makes the spanni ng tree react faster when the topology changes, but may cause temporary loops as the tree stabilizes i n its new configuration. Increasing the values of th ese timers makes the spanning tree react more slowl y to changes in topology, but will make an unintended reco nfiguration less likely.
• Alternate port—offers an alternate path toward the root s witch to that provided by the current root port. • Backup port—acts as a backup for t he path provided b y a designated port to ward the leaves of the spanning tree.
Configuring Link Ty pe Use the following interface mode co mm and to configure port link-t ype: Switch(config)# interface eth1 Switch(config-if-eth1)# spanning-tree link-type { point-to-point | shared.
5.4.4 Multiple Spanning-Tree (MST) MST extends the IEEE 802.1w rapid spanning tree (RST) algorithm to multiple spann ing trees. This extension provides both rapid conv ergence and load balancin g in a VLAN environment. MST allows you to build multiple span ning trees over tr unks.
5.5 Configuring VLAN VLANs are used to organize any group of net work nodes into separate broadcast dom ains. VLANs confine broadc ast traffic to the originating group and elim i nate broadcast storms in large net works. VLANs provide a secure and efficient network environment.
5.6 MAC Address Table The MAC Address Table is a table of nod e addresses that the switch automatically builds by “learning.” It performs this task by monitoring the packets that pass through the switch, checking the source and destinatio n addresses, and then recording the source addr ess information in the table.
Chapter 6: Configuring IP The Internet Protocol (IP) is a packet-based protocol used to exchange data over comput er networks. All other IP protocols are built on the foundation. IP is a network-layer protocol that cont ai ns addressing and control inform ation that allows data packets to be routed.
6.2 Establish Address Resolution A device in the IP can have both a local add ress (which uniquely identifies the device on its local segment or LAN) and a network address ( which identifies the network to which the device belongs).
6.3 Managing IP Multicast Traffic Multicast traffic is a means to transmit a multimedia str eam from the Internet (a video conferenc e, for example) without requiring a TCP conne ction from every re mote host that wants to receive the stream.
All systems on the subnet must suppor t the same version. T he switch does not automatically detect Version 1 systems and switch to Version 1. Config ure the s witch for Version 2 if all dev ices on the subnet support IGMP version 2.
When configuring an access li st, you can add multiple stat ements by adding criteria to the same number ed list. The order of the statements is important, as the switch tests addresses against the criteria in an access list one by one (in the order the statements are entered) unt il it finds a match.
Other types of traffic to consider include the follo wing. External protocols an d IP Addresses • ICMP from service provider IP Addresses Explicitly permitted return traffic for internal connections.
6.4.1 Create a Standard Access Lis t Standard access lists filter at Layer 3, and can al low or block access to networks and host addresses. T he parameters for a standard access list are des cribed below: • Access list number (1–99) : Identifies the ac cess list to which an entry belongs.
6.4.2 Create a MAC Acce ss List The IntraCore IC36240 has a 16K Mac address. The parameters for a MAC access list ar e described belo w: • MAC access-list standard (700-799): Ident ifies the access l ist to which an entry belongs. There is no limi t to how many entries make up a MAC access list, other than av ailable memory.
In the following example, an extended acces s list is creat ed to deny FTP and allo w all other traffic from subnet 192.168.123.0 to be for warded to all other networks or subnets. Note : Remember when the cursor reaches the right margin, the command line shifts 8 spaces to the left.
6.4.4 Creating an Access List w ith a Name From the global configuration mode, you can also create access lists. Usin g the Switch(config)#ip command you can name your access lis t, rather than using a numb er. T he new prompt reflects the named access list mode.
6.4.6 Configuring Common Access Li sts This section provides examples the most common ACLs used when configuring a net work. Change the IP addresses in the following examples when using them in your network. The following exampl e shows denying speci al-use address sources.
The following example sho ws explicitly denying all other DN S traffic. Switch(config)# access-list 110 deny udp any any eq 53 Switch(config)# access-list 110 deny tcp any any eq 53 The following example sho ws explicitly permitting intern et -sourced connections to publicl y accessible servers.
Chapter 7: VLAN Configuration A VLAN is a group of end stations with a common set of requirements, indep endent of physical location. VLANs have the same attributes as a physical LAN b ut allow you to group end stations even if the y are not located physicall y on the same LAN segment.
First, a VLAN is created and named tester . Switch# configure Switch(config)# vlan 2 Switch(config-vlan)# name tester Switch(config-vlan)# exit Switch(config)# exit Switch# show vlan In the output of the show vlan command, the ne w VLAN will be listed, but will not yet be active.
7.2 VLAN Port Membership Modes Assign a switchport to a VLAN by designating a members h ip mode. The membership m ode determines the type of traffic the port carries and the number of VLANs that bel ong to a specific port. The following is a list of the membership modes: • Static Access • Trunk (IEEE 802.
Use the following commands, beginning in config mode, to config ure the VLAN Allowed List for the trunk port: Command Purpose interface IFNAME Enter the interface name to a ccess the interface configuration mod e. switchport mode trunk This command designates the interface as IEEE 802.
Chapter 8: Quality of Service Configuration Quality of Service (QoS) is a general term referring to va riou s methods of traffic management you can e mploy on your network to ensure that traffic you identif y as high-prio rity can use a sufficient share of the available band width.
queues; the queue with the highest priorit y is serviced first until it is empty, then the lo wer queues are serviced in sequence. 8.2.1 Defining the Priority List A priority list contains the definitions for a set of priorit y queues. The priority list specifies in which queue a packet will be placed.
8.4.2 Configuring Traffic Shaping for an Access List To configure traffic shaping for outbound traffic on an acc ess list, use the following commands b eginning in global configuration mode: Command Purpose access-list access-list-number Assigns traffic to an access list .
The following examples sho w setting the rate of interf ace Ethernet 1 to 100M, setting an associated access list and limiting the rate of the access list on the interface to 200M. Switch(config)# inter eth1 Switch(config-if-eth1)# rate-limit input 100000000 Switch(config-if-eth1)# access-list 1 permit 192.
Chapter 9: Configuring the Switch Using the GUI This chapter provides and overvie w of configuring the switch with the graph ical user interf ace (GUI). For more information about the different features and ho w to implement them refer to the chapters specific to that function.
• System Check Information • Save The following example sho ws the main screen menu bar. 9.2 Information Screens To monitor the switch use the two information screens. T he follo wing sections describe the Front Panel a nd the General Information screens.
Use this screen to view statistics about all the ports on the s witch. The following example sho ws the Front Panel information screen. Click on a specific port number h yperlink to go to the Port Configuration and Port Statis tics Information screen.
The table below lists the traditiona l classes and ranges of IP address es and their status. Class Address or Range Status A 0.0.0.0 1.0.0.0 to 126.0.0.0 127.0.0.0 Reserved Available Reserved B 128.0.0.0 to 191.0.0.0 255.255.255.0 Available C 192.0.0.
9.3 Port Configuration Menu From the port configuration screen, you ca n view current information and config ure individual ports. To access the Port Configuration screen, clic k on Port Config in the menu bar on the left side of the screen. To configure individual ports click on the port number on t he left side of the screen.
1. Click on the port number from the Front Panel Information Screen • You are now at the Port Configurati on a nd Port Statistics screen. From this screen, you can set the port status, auto-negotiation, flow control, and default priorit y. Yo u also use this screen to view and manage traffic on a specific port.
a b c d e From this screen, you can also navigate b etween different ports and go to different units in the network. To go to another port number change the port number at the top of the screen and press Go.
9.4 Spanning Tree Prot ocol Configuration The Spanning T ree Protocol (STP) is par t of the IEEE 802.1D standard. It provi des for a redund ant network without the redundant traffic through closed paths.
Use the Spanning Tree Protocol Confi guration screen to vie w information and configure spanning trees . The information about current spanning trees d isplayed on the l eft side of the screen include the bridge ID, desig nated root, root port, root port cost, hello time, maximum age and forward delay information.
The lower the assigned port path cost is, the more likel y that port will be accessed. The default port path cost for a 10 Mbps or 100 Mbps port is t he result of the equation: Path cost = 1000/LAN speed (in Mbps) Therefore, for 10 Mbps ports, the default port path cost is 100.
• Select the ports on each bridge that for ward traffic, and place the redundant ports in bloc king states To change the global ST P status, select t he desired state from the drop down menu.
Use this screen to set the read/write access and to enable or disa ble the trap authentication for this s witch. The default SNMP read community access is pub lic; the default SN MP write community access is private; the default trap authentication is disable.
1 2 3 4 5 To restore the defaults pr ess the Restore but ton. 9.6 Address Table Screen Use this screen to view IP address tables. From the main screen yo u can view the stat us of each ports, the address counts of the VID, IP and MAC addresses. You can searc h for specific IP and MAC addresses and sort the results either IP or MAC.
The following example sho ws the Address Table screen. Click on the port number to filter the display a nd sho w the address table for a specific port.
The following screen shows the output from selecting Port 1. T he Address table at the bottom of the screen filtered out all the ports except port 1 . The MAC address of the switch is identified as “self”. To sort the Address Table by IP address, cli ck the Sort by IP button.
To sort the Address Table by MAC address, click the Sort by MAC button. Your table will be sorted numerically by MAC address. 9.7 VLAN Configuration VLANs are used to organize any group of net work nodes into separate broadcast dom ains. VLANs confine broadc ast traffic to the originating group and elim i nate broadcast storms in large net works.
To access the VLAN configuration screen click on VLAN in the menu bar on the left side of the screen To sort the display enter the VLAN ID numb er you want the display to start with and pr ess GO. The following example shows the output from the VLAN Group information screen.
3. Click Apply 2 4. Click on the VLAN ID number in the VLAN table to move to the configuration page for the new VLAN From the VLAN Group Configuration page, you can enable or disab le the management access and link a VLAN to a specific port.
The following example sho ws output from creating a new VLAN (4) with the name Asante and assig ning it to port 7. To remove a VLAN from an associated port follow these steps: 1. Click the membership check box of the des ired port to deselect the assoc iation.
To access the IGMP configuration screen clic k on the IGMP button in the menu bar on the left side of the screen. The following example sho ws the IGMP main screen. Use th is screen to view the IGMP information. To enable or disable IGMP on a specific VLAN by entering the VLAN ID number selecting the d esire d state and clicking appl y.
3. Click Apply To configure a specific VLAN click on the VLAN ID number access the a dvanced IGM P configuration screen. The following example sho ws the IGMP information for VLAN1. Multicast switches send IGMP host-query messag es to disc over which multicast gro ups are present on attached networks.
3. Click Apply 1 2 3 9.9 Web CLI Screen Use the Web Command Line Interface (CLI) screen to use acce ss the CLI from an http server. This feature provides the flexibility of the CLI with the usability of the GUI. You can set the clock, ping the system and sho w the running configuration.
The following example sho ws the main access point of the CLI from the Web interface. 9.10 System Clock Menu You can set the system clock from the System Clock Menu. After selecting the correct date and time for the system click apply. The operatio n resets the switch using the time you specif y.
After you set the desired date and time click appl y. 9.11 Save Click on Save to automatically retain an y configuration chan ges you made. 97 Asante IntraCore IC36240 User’s Manual.
Appendix A: Basic Troubleshooting In the unlikely event that the s witch does not operate properly, follo w the troubleshooting tips below. If more help is needed, contact Asante’s technical support at www.asante.com/support . Problem Possible Solutions The Power LED is not lit.
Appendix B: Specifications The sections below list the feat ures and product specificati ons for the IntraCore IC36240 switch. Connectors: 24 RJ-45 auto-MDI/MDIX Ports 24 10/100/1000BaseT ports that h.
Security User password, SNMP access filter, port security (MAC address filter with notification), 802.1x (port-based, L2/L4 ACL, RADIUS, TACACS+ Management Male DB9 RS-232 DTE (auto bau d to 115k), US.
Appendix C: FCC Complian ce and Warranty Statements C.1 FCC Compliance Statement This equipment has bee n tested and found to comply with t he limits for a Class A digital devic e, pursuant to part 15 of the FCC Rules.
C.3 IntraCare Warranty Statement Products: IntraCore IC36240 Duration: 3 years Advanced Warrant y United States: Second Business Day Replacement: Other countries: See your local distributor or resell er 1.
Appendix D: Online Warranty Registration Please register this product online at http:// www.asante.com/support/supRegistration.asp or by filling out and mailin g the card below.
Index Access List apply ..................................................................... 63 classifica tion ......................................................... 58 configuring standar d ............................................. 60 create expa nded .
ping ....................................................................... 38 save, GU I .............................................................97 show running- config ............................................. 39 show sy stem .............
general information scree n ................................... 76 IGMP configur ation ............................................... 93 IP address tables .................................................. 86 MAC addres s ............................
default ................................................................... 11 privileg ed .............................................................. 20 securi ty ................................................................. 22 setting .......
default ................................................................... 50 forward time .......................................................... 47 global config uratio n ..............................................83 GUI .....................
An important point after buying a device Asante Technologies IC36240 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Asante Technologies IC36240 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Asante Technologies IC36240 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Asante Technologies IC36240 you will learn all the available features of the product, as well as information on its operation. The information that you get Asante Technologies IC36240 will certainly help you make a decision on the purchase.
If you already are a holder of Asante Technologies IC36240, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Asante Technologies IC36240.
However, one of the most important roles played by the user manual is to help in solving problems with Asante Technologies IC36240. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Asante Technologies IC36240 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
