GarrettCom MNS-6K 4.1.4 - Manuals

Upgrading to MNS-6K-SECURE ......................................... 36 List of commands in this chapter .......................................... 37 3 – IP Address and System Information ..................................... 39 IP Addressing ...........................................................

System Events ......................................................................... 272 MAC Address Table .............................................................. 277 List of commands in this chapter ........................................ 278 APPENDIX 1 - Command listing by Chapter ........

List of Figures F IGURE 1 - HyperTerminal screen showing the serial settings ................................................................. 25 F IGURE 2 - Prompt indicating the switch model number as well as mode of operation – note the commands to switch between the levels is not shown here. ......

Chapter 1 1 – Conventions Followed Conventions followed in the manual… o best use this document, please review some of the conventions followed in the manual, including screen captures, interactions and commands with the switch, etc. T Box shows interaction with the switch command line or screen cap...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Re Reab lated Topics lated topics show that GarrettCom strongly recommends reading out those topics. You may choose to skip those if you already have prior detailed knowledge on those subjects. j Tool box – Necessary software and hardwa...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Flow of the User Guide The manual is designed to guide the user through a sequence of events. Chapter 1 – this chapter Chapter 2 is the basic setup as required by the Magnum 6K family of switches. After completing Chapter 2, the configu...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 2 2 – Getting Started First few simple steps … his section explains how the GarrettCom Magnum 6K family of switches can be setup using the console port on the switch. Some of the functionality includes setting up the IP address ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E and a PC is networked to the switch, the switch’s command line interface (CLI) can be accessed via telnet. To manage the switch through in-band (networked) access (e.g. telnet, or Web Browser Interface), you should configure the switch ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Once the switch is configured with an IP address, the Command Line Interface (or CLI) is also accessible using telnet as well as the serial port. Access to the switch can be either through the console interface or remotely over the netw...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The switch has three modes of operation – Operator (least privilege), Manager and Configuration. The prompts for the switches change as the switch changes modes from Operator to Manager to Configuration. The prompts are shown in Figure ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Should a situation arise when there are multiple new switches powered up at the same time, there could be a situation of duplicate IP addresses. In this situation, only one Magnum switch will be assigned the IP address of 192.168.1.2 an...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • Power on the switch • Once the login prompt appears, login as manager using default password (manager) • Configure the IP address, network mask and default gateway as per the IP addressing scheme for your network • Set the Manager Pas...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Version : Magnum 6K25 build 14.1 Jul 28 2008 07:51:45 MAC Address : 00:20:06:25:b7:e0 IP Address : 192.168.1.150 Subnet Mask : 255.255.255.0 Gateway Address : 192.168.1.10 CLI Mode : Manager System Name : Magnum6K25 System Description :...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E command is shown below in Figure 6 Magnum6K25> enable manager Password: ******* Magnum6K25# F IGURE 7 - Switching users and privilege levels. Note the prompt changes with the new privilege level. Operator Privileges Operator privileg...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# user Magnum6K25(user)## add user=peter level=2 Enter User Password :****** Confirm New Password :****** Magnum6K25(user)## F IGURE 8 - Adding a user with Manager level privilege In this example, user ‘peter’ was added with M...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(user)## F IGURE 11 - Changing the privilege levels for a user In this example, user ‘peter’ was modified to Operator privileges. Modifying Access Privileges User access allows the network administrators to control as to who h...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(user)## useraccess user=peter group=vlan,user,system type=read enable Access rules set for Read Operation. Groups: All Command Groups. ML2400(user)## show users Sl# Username Access Permissions --- -------- ------------------ ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Help Typing the ‘ help ’ command lists the commands you can execute at the current privilege level. For example, typing ‘ help ’ at the Operator level shows Magnum6K25> help logout ping set terminal telnet walkmib Contextless Command...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E show active-vlan show address-table show age show alarm show arp show auth <config|ports> show backpressure show bootmode --more-- F IGURE 16 - Options for the ‘show’ command Context help Other ways to display help, specifically, ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25> se<TAB> password timeout vlan Magnum6K25> set F IGURE 19 - Listing commands options – note the command was not completed and the TAB key completed the command. Exiting To exit from the CLI interface and terminate...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Saving current configuration Configuration saved Saving current event logs Event logs saved Magnum6K25# F IGURE 21 – Upgrading to MNS-6K-SECURE After the license key is entered – please use the save command to save the key in flash memo...

Chapter 3 3 – IP Address and System Information First simple steps to follow… his section explains how the Magnum 6K family of switches can be setup using other automatic methods such as bootp and DHCP . Besides this, other parameters required for proper operation of the switch in a network are disc...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 40 To verify the IP address settings, the ‘show ipconfig’ command can be used. Magnum6K25> show ipconfig IP Address : 192.168.1.150 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.10 Magnum6K25> F IGURE 22 - Checking the I...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ht: is the “hardware type”. For the Magnum 6K family of switches, set this to ether (for Ethernet). This tag must precede the “ ha” ta g. ha: is the “hardware address”. Use the switch’s 12-digit MAC address ip: is the IP address to be a...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E switch is put on a network and the specific configurations are loaded from a centralized BootP server Magnum6K25# set bootmode type=dhcp Save Configuration and Restart System Magnum6K25# set bootmode type=auto Save Configuration and Res...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# show console Console/Serial Link Inbound Telnet Enabled : Yes Outbound Telnet Enabled : Yes Web Console Enabled : Yes SNMP Enabled : Yes Terminal Type : VT100 Screen Refresh Interval (sec) : 3 Baud Rate : 38400 Flow Control ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# user Magnum6K25(user)## useraccess user=peter service=telnet enable Telnet Access Enabled. Magnum6K25(user)## exit Magnum6K25# show session Current Sessions: SL # Session Id Connection User Name User Mode 1 1 163.10.10.14 ma...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • The user authentication layer (RFC 4252). This layer handles client authentication and provides a number of authentication methods. Authentication is client-driven , a fact commonly misunderstood by users; when one is prompted for a p...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Boot Mode : manual Inactivity Timeout(min) : 500 Address Age Interval(min) : 300 Inbound Telnet Enabled : Yes Web Agent Enabled : Yes SSH Server enabled : Yes Modbus Server Enabled : Yes Time Zone : GMT-08hours:00minutes Day Light Time ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# show dns DNS Server Address : 0.0.0.0 Domain Name : Not Set DNS Status : Disabled. Magnum6K25# set dns server=192.168.5.254 domain=customer-domain.com Domain Name Server Set. Magnum6K25# show dns DNS Server Address : 192.168...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Setting serial port parameters To be compliant with IT or other policies the console parameters can be changed from the CLI interface. This is best done by setting the IP address and then telnet over to the switch. Once connected using ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E System Contact : [email protected] System Location : Fremont, CA System ObjectId : 1.3.6.1.4.1.553.12.6 Magnum6K25# F IGURE 31 - System parameters using the show setup command. Most parameters here cannot be changed Magnum6K25# sho...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# snmp Magnum6K25(snmp)## setvar ? setvar : Configures system name, contact or location Usage: setvar [sysname|syscontact|syslocation]=<string> Magnum6K25(snmp)## setvar syslocation=Fremont System variable(s) set success...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set timeformat format=<12|24> Syntax set daylight country=< country name> Magnum6K25# set daylight ? set daylight : Sets the day light location Usage set daylight country=<name> Magnum6K25# set daylight country=...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 54 Syntax sntp [enable|disable] For example, to set the SNTP server to be 204.65.129.201 2 (with a time out of 3 seconds and a number of retries set to 3 times); allowing the synchronization to be ever 5 hours, the following commands ar...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 55 To upgrade to MNS-6K 4.x or MNS-6K-SECURE 14.x, make sure the switch is first upgraded to version 3.7 or higher Once the configuration is saved – the saved configuration can be loaded to restore back the settings. At this time the co...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E object or in a newer format as an ASCII (readable) file. The new format is preferred by GarrettCom and GarrettCom recommends all configuration files be saved in the new format. GarrettCom recommends saving the configuration in the old f...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E # of Magnum 6K switch configurations. As such, this script # provides insights into the configuration of Magnum 6K switch's # settings. GarrettCom recommends that modifications of this # file and the commands should be verified by the U...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E System portion of the file only. GarrettCom recommends editing the “script” file (see below) Note 2 – File names cannot have special characters such as *#!@$^&* space and control characters. Script files Script file is a file contai...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ==================================================================== 1 server 192.168.5.2 -- ****** 2 -- -- -- -- 3 -- -- -- -- 4 -- -- -- -- 5 -- -- -- -- 6 -- -- -- -- 7 -- -- -- -- 8 -- -- -- -- 9 -- -- -- -- 10 -- -- -- -- Magnum6K2...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E gvrp GVRP settings snmp SNMP settings web Web and SSL/TLS settings tacacs TACACS+ settings auth 802.1x Settings igmp IGMP Settings smtp SMTP settings If the module name is not specified the whole configuration is displayed. Magnum6K25# ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E deftrapcomm=public authtrap=disable com2sec_count=0 group_count=0 view_count=1 view1_name=all view1_type=included view1_subtree=.1 view1_mask=ff --more— <additional lines deleted for succinct viewing> F IGURE 45 – displaying speci...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# set secrets hide Secrets will be hidden. Magnum6K25# set secrets show Secrets will be visible. Magnum6K25# F IGURE 47 – Hide or display system passwords Erasing configuration To erase the configuration and reset the configur...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E smtp SMTP settings If the module name is not specified the whole configuration is erased. For example, ‘kill config save=system’ preserves the system IP address, netmask and default gateway. Magnum6K25# kill config save=system Do you wa...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax set bootmode type=<dhcp|bootp|manual|auto> [bootimg=<enable|disable>] [bootcfg=[<enable|disable>] – assign the boot mode for the switch Where <dhcp|bootp|manual|auto> - whe...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Where <get|put> - different xmodem file transfer operations – get a file from the server or put the information on the server [type=<app|config|oldconf|script|hosts|log>] – optional type field. This is useful to specify whet...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 71 Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been operational

Chapter 4 4 – IPv6 Next generation IP addressing his section explains how the access to the GarrettCom Magnum MNS-6K can setup using IPv6 instead of IPv4 addressing described earlier. IPv6 provides a much larger address space and is required today by many. IPv6 is available in MNS-6K-SECURE version ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 74 used as an identifier for the node. A single interface may be assigned multiple IPv6 addresses of any type. There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast addresses identify a single inter...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 75 Magnum6K25# ipconfig ip=fe80::220:6ff:fe25:ed80 mask=ffff:ffff:ffff:ffff:: Action Parameter Missing. "add" assumed. IPv6 Parameters Set. Magnum6K25# show ipv6 IPv6 Address : fe80::220:6ff:fe25:ed80 mask : ffff:ffff:ffff:ffff:...

77 5 – DHCP Server Access to other devices on the network…. his feature is available in MNS-6K-SECURE only. This section explains how DHCP services can be provided for devices on the network. MNS-6K can provide DHCP services. Network administrators use Dynamic Host Configuration Protocol (DHCP) serv...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 78 As described earlier, the Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, DNS servers and other IP parameters. When a DHCP configured machine boots up or regains con...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E intervention. Most administrators prefer to use static IP addresses (which are allocated out for such purposes) instead of using the manual mode. Allocating specific IP address for specific networks or VLANs also aids in securing the ne...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. DHCP Information The client sends a request to the DHCP server: either to request more information tha...

Chapter 6 6 – SNTP Server Synchronizing the time…. fter discussing how to setup an SNTP client in an earlier chapter, it is important to figure out where the synchronizing server or the clock synchronization information comes from. This chapter discusses the details on how a Magnum switch can be set...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Time or Temps Atomique International (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and satellite navigation systems, telephone modems and portable clocks. In ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Stratum 2 devices will peer with other Stratum 2 devices to provide more stable and robust time for all devices in the peer group. Stratum 2 devices normally act as servers for Stratum 3 NTP requests. Stratum 3 These devices employ exac...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E MNS-6K-SECURE Implementation Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv <start|stop> - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server The usage of the comma...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 88 List of commands in this chapter Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv <start|stop> - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server

Chapter 7 7 – Access Considerations Securing the switch access…. his section explains how the access to the GarrettCom Magnum MNS-6K can be secured. Further security considerations are also covered such as securing access by IP address or MAC address. T Securing access It as ac is assumed here that ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Port Security The port security feature can be used to block computers from accessing the network by requiring the port to validate the MAC address against a known list of MAC addresses. This port security feature is provided on an Ethe...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Note 1: There is a limitation of 200 MAC addresses per port and 500 MAC addresses per Switch for Port Security. Note 2: All the commands listed above have to be executed under the port-security configuration mode. Syntax clear <histo...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 00:07:50:ef:31:40 00:e0:29:22:15:85 00:03:47:ca:ac:45 00:30:48:70:71:23 00:c1:00:7f:ec:00 11 ENABLE NONE NONE ENABLE 0 00:c1:00:7f:ec:00 13 ENABLE NONE NONE DISABLE 0 00:c1:00:7f:ec:00 F IGURE 62 – Allowing specific MAC address on speci...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 9) (Optional step) Set the notification to notify the management station on security breach attempts (Use command ‘signal port’ to make a log entry or send a trap) Magnum6K25# port-security Magnum6K25(port-security)## ps enable Port Sec...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Once port security is setup, it is important to manage the log and review the log often. If the signals are sent to the trap receiver, the traps should also be reviewed for intrusion and other infractions. Syslog and Logs Logs are avail...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Code Description 0 Emergency (or Fatal) system is unusable – called “fatal” in show log command 1 Alert : action must be taken immediately 2 Critical : critical conditions 3 Error : error conditions 4 Warning : warning conditions 5 Noti...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The ‘show log’ command displays the log information and the ‘clear log’ command clears the log entries. Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – display the log Syntax clear log [fatal|alert|crit|error|warn|note|i...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Server Enabled Magnum6K25 (syslog)## show syslog SysLog Status: Disabled Server ID: 2 SysLog Server Host : 192.168.5.98 Server Logging : Enabled Log Events : warn Local Log Events : Default Magnum6K25 (syslog)## syslog enable SysLog Ena...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E attempts. This provides a chronological entry of all intrusions attempted on a specific port. The event log records events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each event log...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E deny – deny specified services for specified IP addresses – IP addresses can be individual stations, a group of stations or subnets. The range is determined by the IP address and netmask settings remove – eliminate specified entry from ...

Chapter 8 8 – Access Using RADIUS Using a RADIUS server to authenticate access…. his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port Based Network Access Control , defines a mechanism for port-based network access control that makes use of the physical access characteristi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E received from the supplicant to a suitable authentication server. This allows the verification of user credentials to determine the consequent port authorization state. It is important to note that the authenticator’s functionality is i...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 108 F IGURE 69 – 802.1x authentication details 1. The supplicant (laptop/host) is initially blocked from accessing the network. The supplicant wanting to access these services starts with an EAPOL-Start frame 2. The authenticator (Magnu...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The Magnum MNS-6K software implements the 802.1x authenticator. It fully conforms to the standards as described in IEEE 802.1x, implementing all the state machines needed for port-based authentication. The Magnum MNS-6K Software authent...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(auth)## show-port reauth Port Reauth Status Reauth Period (sec) ================================================= 1 Enabled 300 2 Enabled 3600 3 Enabled 3600 4 Enabled 3600 5 Enabled 3600 6 Enabled 3600 7 Enabled 3600 8 Enabl...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 115 Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] - set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or PC port – [mandatory] – p...

Chapter 9 9 – Access Using TACACS+ Using a TACACS+ server to authenticate access…. his feature is available in MNS-6K-SECURE. TACACS+, short for Terminal Access Controller Access Control System, protocol provides access control for routers, network access servers and other networked computing device...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E is authentication where the user is verified against the network user database. The second stage is authorization, where it is determined whether the user has operator access or manager privileges. TACACS+ Packet Packet encryption is a ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ================================================ 1 10.21.1.170 49 Enabled secret 2 10.21.1.123 49 Enabled some 3 -- -- -- -- 4 -- -- -- -- 5 -- -- -- -- Magnum6K25(user)## tacserver delete id=2 TACACS+ server is deleted. Magnum6K25(user...

Chapter 10 10 – Port Mirroring and Setup Setup the ports for network speeds, performance as well as for monitoring…. his section explains how individual characteristics of a port on the GarrettCom Magnum 6K family of switches are setup. For monitoring a specific port, the traffic on a port can be mi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The set of commands show how port 11 is mirrored on port 13. Any traffic on port 11 is also sent on port 13. Magnum6K25# show port-mirror Sniffer Port : 0 Monitor Port : 0 Mirroring State : disabled Magnum6K25# port-mirror Magnum6K25(po...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E speed – specifically sets the speed to be 10 or 100Mbps. Note – this works only with 10/100 ports – with 10Mbps ports, the option is ignored. No error is shown. See speed settings section below. flow – sets up flow control on the port. ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E with the 802.3u standard, then the port configuration on the switch must be manually set to match the port configuration on the other device. Possible port setting combinations for copper ports are: • 10HDx: 10 Mbps, Half-Duplex • 10FDx...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E where xonlimit can be from 3 to 30, default value is 4 xofflimit from 3 to 127, default value is 6 Syntax show flowcontrol Back Pressure Back Pressure is for half duplex operations and the controls provided indicates the number of buffe...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Port Back Pressure : Disable Port Events Notify : log,trap,alarm Magnum6K25(device)## setport port=11 flow=enable bp=enable Magnum6K25(device)## show port Keys: E = Enable D = Disable H = Half Duplex F = Full Duplex M = Multiple VLAN's ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 129 programs (including some network games) are used. Storms can reduce network performance and cause bridges, routers, workstations, servers and PC's to slow down or even crash. Preventing broadcast storms The Magnum 6K family of switc...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 130 13 Enabled 19531 0 NO 14 Enabled 19531 0 NO 15 Enabled 19531 0 NO 16 Enabled 19531 0 NO Magnum 25(device) # rate-threshold p rate 6K # ort=11 =3500 Broadcast Rate Threshold set Magnum6K25(device)## show broadcast-protect ===========...

132 11 – VLAN Create separate network segments (collision domains) across Magnum 6K family of switches….. hort for virtual LAN (VLAN) , a VLAN creates separate collision domains or network segments that can span multiple Magnum 6K family of switches. A VLAN is a group of ports designated by the swit...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 134 MNS-6K-SECURE supports up to 256 VLANs. F IGURE 80 – routing between different VLANs is performed using a router such as a Magnum DX device or a Layer 3 switch (L3-switch) MNS-6K supports up to 32 VLANs per switch. MNS-6K-SECURE sup...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax add id=<vlan Id> [name=<vlan name>] port=<number|list|range> [forbid=<number|list|range>] [<mgt|nomgt>] Disabling Management on VLAN Use the <nomgt> option when creating a VLAN as shown in the ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E have access to that information. No one else can access that VLAN. Similarly, if another switch had video surveillance equipment on VLAN 20 then only ports with access to VLAN 20 can have access to the video surveillance information. Fi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E VLAN Port Status. Port 14 Default ID : 1 Filter Status : ENABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Vlan: 10 Status: Active TAGGED Vlan: 20 Status: Active TAGGED Vlan: 30 Status: Active TAGGED In the above example, "...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 12 12 – Spanning Tree Protocol (STP) Create and manage alternate paths to the network panning Tree Protocol was designed to avoid loops in an Ethernet network. An Ethernet network using switches can have redundant paths – this m...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 148 Variable or Attribute Default Value STP capabilities Disabled reconfiguring general operation priority 32768 Bridge maximum age 20 seconds Hello time 2 seconds Forward delay 15 seconds Reconfiguring per-port STP path cost 0 Priority...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 149 Bridge ID : 80:00:00:20:06:25:ed:80 Bridge Priority : 32768 Bridge Forward Delay : 15 Bridge Hello Time : 2 Bridge Max Age : 20 Root Port : 0 Root Path Cost : 0 Designated Root : 80:00:00:20:06:25:ed:80 Designated Root Priority : 32...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 150 Designated Root : shows the MAC address of the bridge in the network elected or esignated as the root bridge. Normally when STP is not enabled the switch designates rity : shows the designated root bridge’s priority. Default value i...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 158 RSTP CONFIGURATION ----------------- Rapid STP/STP Enabled(Global) : NO Magnum6K25(stp)## F IGURE 86 – Configuring STP parameters List of commands in this chapter his command lists the switch’s full STP configuration, including ge s...

Chapter 13 13 – Rapid Spanning Tree Protocol (RSTP) Create and manage alternate paths to the network apid Spanning Tree Protocol (RTSP), like STP, was designed to avoid loops in an Ethernet network. Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) is an evolution of the Spanning Tree Protocol (STP)...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • STP relays configuration messages received on the root port going out of its designated ports. If an STP switch (bridge) fails to receive a message from its neighbor it cannot be sure where along the path to the root a failure occurre...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Even though RSTP interoperates with STP, RSTP is so much more efficient at establishing the network path and the network convergence in case of a failure is very fast. For this reason, GarrettCom recommends that all your network devices...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax rstp <enable|disable> - enable RSTP – by default, this is disabled and has to be manually activated Syntax port port=<number|list|range> [status=<enable|disable>] [migration=<enable>] [edge=<enable|disa...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E RSTP CONFIGURATION ----------------- Rapid STP/STP Enabled(Global) : YES RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16 Protocol : Normal RSTP Bridge ID : 00:00:00:20:06:25:ed:89 Bridge Priority : 0 Bridge Forward Delay : 15 Bridge Hel...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Root Path Cost : a path cost is assigned to individual ports for the switch to determine which ports are the forwarding points. A higher cost means more loops; a lower cost means fewer loops. More loops equal more traffic and a tree whi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Port#: indicates the port number. Value ranges from 01 to max number of ports in the switch Type: indicates the type of port – TP indicates Twisted Pair Priority: STP uses this to determine which ports are used for forwarding. Lower the...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 16 TP(10/100) 128 2000000 Disabled 00:10 Magnum6K25(rstp)## port port=9 status=enable Magnum6K25(rstp)## show rstp ports RSTP Port Configuration -------------------------------------------------------------------------------------------...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 14 14 – S-Ring™ and Link-Loss-Learn™ (LLL) Speed up recovery from faults in Ethernet networks S -Ring uses ring topology to provide fast recovery from faults. These are based on industry standard STP technologies. These technolo...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring and LLL concepts S-Ring is built upon networking software standards such as IEEE 02.1d Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol STP) based on IEEE 802.1w. The purpose of S-Ring is to define two orts which part...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 3. There can be multiple S-Rings on a given Magnum 6K switch. There can be multiple ring topologies in a network. Each ring has to be a separate ring. Ring of rings or overlapping rings are not supported at this time 4. S-Ring topologie...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E F IGURE 92 – Normal RSTP/STP operations in a series of switches. Note – this normal status is designated RING_CLOSED BP DU Tra ffic ForwardingPort BlockingPort BP DU Tra ffic ForwardingPort BlockingPort This normal status is designated ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E When the fault is cured, the re-emergence of the ring structure enables the BPDU packets to flow again between the ring’s port-pair. This is recognized by S-Ring (and RSTP/STP), and one of the ports in the ring’s port pair is changed to...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E please contact GarrettCom Inc. Sales (for purchasing the S-Ring feature) or Technical Support (to obtain the 12 character key.) If the S-Ring capability was purchased along with the switch, the software license code will be included wit...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • Same Duplex and • LLL - enable The necessary commands are Syntax stp – STP Configuration mode Syntax stp <enable|disable> - Start (Enable) or stop (Disable) STP Syntax set stp type=<stp|rstp> - set the spanning tree protoc...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Ports 1 and 7 Configured for sRing Operation Magnum6K25# show s-ring Magnum Ring Status: sRing Status: ENABLED Port 1 Port 2 Status 1 7 CLOSED F IGURE 96 – S-Ring configuration commands for root switch If the BPDU stream is broken, or i...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 15 15 – Dual-Homing Fault tolerance options for edge devices esigning and implementing high-availability Ethernet LAN topologies in networks can be challenging. Traditionally, the choices for redundancy for edge of the network d...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E F IGURE 98 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of a connectivity break – the connection switches to the standby path or standby link = Active link = Standby Link In those situations where the end d...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 189 switches upstream. With MNS-6K, the user has to define the set of ports which make up the dual-home ports. F IGURE 100 – Using S-Ring and dual-homing, it is possible to build networks resilient not only to a single link failure but ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Dual-Homing Modes There are two modes in which the dual-homing works. The first one is where the ports are “equivalent” i.e. if one port fails, the other one take over, however, if the first (failed) port recovers, the active port does ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# dualhome ? dualhome : Configures Dual homing Usage dualhome <enter> Magnum6K25# show dualhome Dual Homing Status : DISABLED Magnum6K25# dualhome Magnum6K25(dualhome)## dualhome add port1=10 port2=11 Dual Homing Ports c...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 16 16 – Link Aggregation Control Protocol (LACP) Increase Network throughput and reliability ink aggregation Link Aggregation Control Protocol (LACP) is part of an IEEE specification (IEEE 802.3ad) that allows several physical p...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The performance is improved because the capacity of an aggregated link is higher than each individual link alone. 10Mbps or 10/100Mbps or 100Mbps ports can be grouped together to form one logical link. Instead of adding new hardware to ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E F IGURE 102 – Some valid LACP configurations. Should trunks be created so as to span multiple ports, a “trunk mismatch” error message is printed on the console. An example of an incorrect configuration is shown below. Switch 1 Switch 2 ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring 2 S-Ring 1 F IGURE 109 – This architecture is not recommended LACP can be used for creating a reliable network between two facilities connected via a wireless bridge. As shown in the figure below, four trunk ports are connected t...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 200 F IGURE 110 – Creating a reliable infrastructure using wireless bridges (between two facilities) and LACP. “A” indicates a Wi-Fi wireless Bridge or other wireless Bridges. The list of commands to configure, edit and manage LACP on t...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 15 32768 Link Down Magnum6K25(lacp)## add port=12 Port(s) added successfully. Magnum6K25(lacp)## show lacp Orphan Ports: Port Priority Trunk ===================== 12 32768 Link Down 13 32768 Link Down 14 32768 Link Down 15 32768 Link Do...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 203 The output of the LACP command in the network shown below F IGURE 112 – The network for the ‘show lacp’ command listed below In the figure shown above, Switch 1 has ports 11 and 15 forming the first trunk, connecting to Switch 3. Sw...

Chapter 17 17 – Quality of Service Prioritize traffic in a network uality of Service (QoS) refers to the capability of a network to provide different priorities to different types of traffic. Not all traffic in the network has the same priority. Being able to differentiate different types of traffic...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E the packet into one of the two queues, and depending on the precedence levels the queue could be rearranged to meet the QoS requirements. QoS refers to the level of preferential treatment a packet receives when it is being sent through ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E IP Precedence IP Precedence utilizes the three precedence bits in the IPv4 header's Type of Service (ToS) field to specify class of service for each packet. You can partition traffic in up to eight classes of service using IP precedence...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Not all packets received on a port have high priority. IGMP and BPDU packets have high priority by default. The Magnum 6K family of switches has the capability to set the priorities based on three different functions. They are Port QoS ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7. A weight is a number calculated ...

214 18 – IGMP Multicast traffic on a network nternet G roup M anagement P rotocol (IGMP) is defined in RFC 1112 as the standard for IP multicasting in the Internet. It is used to establish host memberships in particular multicast groups on a single network. The mechanisms of the protocol allows a ho...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E F IGURE 118 – IGMP concepts – advantages of using IGMP • PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) • Switch 1 ignores IGMP traffic and does not distinguish bet...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The next figure (below) shows a network running IP multicasting using IGMP without a multicast router. In this case, the IGMP-configured switch runs as a querier. PCs 2, 5, and 6 are members of the same IP multicast group. IGMP is confi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses in this range are “well known” or “reserved” addresses. Thus, if IP Multicast is enabled and there is an IP multicast group within the r...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E traffic only goes to the ports requesting the traffic. The Magnum 6K family of switches, using IGMP-L2, can perform the similar tasks a Layer 3 device performs for IGMP. For a Layer 2 IGMP environment, all Magnum 6K family of switches h...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Since the query and the join information is exchanged between the neighboring switches, the topology does not matter. The design issue to consider is the timing difference between a topology recovery and IGMP refresh (recovery). Garrett...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E group del ip=<group ip> - delete ports from a specific IGMP broadcast group Magnum6K25# igmp Magnum6K25(igmp)## igmp enable IGMP is enabled Magnum6K25(igmp)## show igmp IGMP State : Enabled ImmediateLeave : Disabled Querier : Enab...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The output of “show igmp” provide useful information. The following information is provided: IGMP State shows if IGMP is turned on (Enable) or off (Disable). Immediate Leave provides a mechanism for a particular host that wants to leave...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 226 Querier Response Interval : 10 Magnum6K25(igmp)## set-querier disable IGMP querier status is disabled Magnum6K25(igmp)## show igmp IGMP State : Enabled ImmediateLeave : Disabled Querier : Disabled Querier Interval : 125 Querier Resp...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 227 GroupIp PortNo Timer Vlanid LeavePending ------------------------------------------------------------------------------ 0.0.0.0 1 155 1 0 239.0.1.10 10 STATIC 0 0 239.0.1.10 11 STATIC 0 0 239.0.1.10 12 STATIC 0 0 239.0.10.10 10 STAT...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 19 19 – GVRP Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) eneric A ttribute R egistration P rotocol (GARP) and VLAN registration over GARP is called GVRP. GVRP is defined in the IEEE 802.1q an...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E the default VLAN set to untagged and configure other static VLANs on the ports as either “Tagged or Forbid ” . (“Forbid” is discussed later in this chapter.) GVRP Operations A GVRP-enabled port with a Tagged or Untagged static VLAN send...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E If a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. In the figure below, tagged VLAN port...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • If there is no static VLAN with the advertised VID on the receiving port, then dynamically create a VLAN with the same VID as in the advertisement, and allow that VLAN’s traffic • If the switch already has a static VLAN with the same ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ============================================ VLAN ID | NAME | VLAN STATUS ============================================ 1 | Default VLAN | Static Active 2 | Blue | Static Active 10 | dyn10 | Dynamic Active Magnum6K25(gvrp)## F IGURE 130 ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E configuration Learn Generate advertisements. Forward advertisements for other VLANs Receive advertisements and dynamically join any advertised VLAN Receive advertisements and dynamically join any advertised VLAN that has the same VID as...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 236 Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN Syntax gvrp <enable|disable > - enable or disable GVRP Syntax show-vlan – list all...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 237 Magnum6K25(gvrp)## set-forbid vlan=2 forbid=11-15 Magnum6K25(gvrp)## show-forbid ============================================ VLAN ID | FORBIDDEN PORTS ========= ==================== === ============ 1 | None 2 | 11, 12, 13, 14, 15 ...

Chapter 20 20 – SNMP Managing your network using SNMP imple Network Management Protocol (SNMP) enables management of the network. There are many software packages which provide a graphical interface and a graphical view of the network and its devices. The graphical interface and view would not be po...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Simple Network Management Protocol Version 3 (SNMPv3) – The third version of SNMP, the enhancements made to secure access, different levels of access and security. SNMP engine – A copy of SNMP that can either reside on the local or remo...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Notification host – An SNMP entity to which notifications (traps and informs) are to be sent Notify view – A view name (not to exceed 64 characters) for each group that defines the list of notifications that can be sent to each user in ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E • RMON MIB (RFC 1757) • RMON: groups 1, 2, 3, and 9 (Statistics, Events, Alarms, and History) • Version 1 traps (Warm Start, Cold Start, Link Up, Link Down, Authentication Failure, Rising Alarm, Falling Alarm) RFC 1901-1908 – SNMPv2 • R...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax community [write=<write community>] [read=<read community>] [trap=<trap community>] – set the necessary community strings Syntax authtraps <enable|disable> - enables or disables authentication traps genera...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(snmpv3)## show-user id=1 User ID : 1 User Name : jsmith User Type : read-write Auth. Pass something Priv. Pass : Auth. Type : MD5 Auth. Level : auth Subtree : Magnum6K25(snmpv3)## exit Magnum6K25# show snmp SNMPv3 Configurati...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows Syntax show active-snmp – shows the version of SNMP currently in use Syntax community [write=<write community>...

Chapter 21 21 – Miscellaneous Commands Improving productivity and manageability here are several features built into the Magnum 6K family of switches which help with the overall productivity and manageability of the switch. These items are examined individually in this chapter. T Alarm Relays In a w...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 257 Event ID Event Description Signal Type 1 S-RING OPEN SUSTAINED 2 Cold Start MOMENTARY 3 Warm Start MOMENTARY 4 Link Up MOMENTARY 5 Link Down MOMENTARY 6 Authentication Failure MOMENTARY 7 RMON Rising Alarm 9 MOMENTARY 8 RMON Falling...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax period time=<1..10> - sets the duration of relay action for the momentary type signal. This may be needed to adjust to the behavior of the circuit or relay. Default is 3 seconds. Time is in seconds Syntax del event=<even...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP/RSTP Reconfigured MOMENTARY Magnum6K25(alarm)## alarm disable Alarm system Disabled Magnum6K25(alarm)## del event=1,3,5,7 Ala...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E sending and receiving emails, it is extremely beneficial for a network administrator to receive emails in case of faults and alerts. The Magnum 6K family of switches can be setup to send an email alert when a trap is generated. If this ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 265 Magnum6K25# F IGURE 138 – setting SMTP to receive SNMP trap information via email Email alerts can be forwarded to be received by other devices such as Cell phones, pagers etc. Most interfaces to SMTP are already provided by the cel...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 266 Banner Message essage is available in MNS-6K-SECURE. t one as to deter unauthorized access. Some users may inadvertently connect to the MOTD stands for Message of the Day, a term used by system administrators to show the status f th...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 267 Please disconnect if you are an unauthorized user. Thanks. MOTD Updated. It will be displayed at next login. Magnum6K25# show motd Motd : This is a secure device. Unauthorized access is prohibited. Please disconnect if you are an un...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 269 Magnum 6K 5# se 2 t history ? set history : Set Histo ry Size Usage set history size=<1-100> Groups: All. Magnum 6K25# set history size=100 History Size is Set Magnum6K25# show history 1 : show version 2 : show setup 3 : show ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 270 $$ : $ Character $r : New Line $b : Space A f ow the system prompt can be setup is shown below. 6K25# snmp ew examples on h Magnum Magnum6K25(snmp)## setvar sysname=Core System variable(s) set successfully Magnum6K25(snmp)## exit Ma...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 271 F IGURE 143 – Using the ping command Many devices do not respond to ping or block ping commands. Make sure that the target device does respond or the network does allow the ping packets to ropagate through. p FTP m is supported on M...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 272 System Events All events occurring on the Magnum 6K family of switches are logged. The events can be escription as shown below Code D 0 Emergency (or Fatal) system is unusable – called “fatal” in show log command 1 Alert : action mu...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 273 arrettCom recommends that this capability should be used centralize the logs. Magnum6K2 # The system events can be sent to a Syslog server using the Syslog capabilities in MNS-6K-SECURE. Gto show log 5 S DATE TIME Log Description --...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 274 Do you wish to export the event logs? [ 'Y' or 'N'] Y Successfully uploaded the event log file. Magnum6K25# F IGURE 146 – Using exportlog to export the event log information In the table below, the following acronyms are used for Se...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Subsystem Description Severity TCP/IP Duplicate IP a.b.c.d sent from MAC address XXXXXX C TCP/IP Unable to allocate memory for an ICMP packet C TCP/IP IP packet from a.b.c.d , with checksum error dropped D TCP/IP Bad IP fragments from a...

APPENDIX 1 APPENDIX 1 - Command listing by Chapter A rich environment – this Appendix provides a reference to the commands by chapter Chapter 2 – Getting Started Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>] [dgw=<gateway>] – to set IP address on the switch Syntax save – s...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E bootcfg=<enable|disable> - valid with type=bootp only. This option allows the switch to load the configuration file from the BootP server. This is useful when a new switch is put on a network and the specific configurations are lo...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax tftp <get|put> [type=<app|config|oldconf|script|hosts|log>] [host=<hostname>] [ip=<ipaddress>] [file=<filename>] – upload and download information using tftp command Where <get|put> - different...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax – addlease ip=<ip> mac=<mac> [leasetime=<lease time (1..10)>] – add a specific host with a specific IP address Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device Syn...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |arp|portstats|addr] – clear command to clear various aspects of the MNS-6K information – most notably “clear addr” – clears the addresses le...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E transmit – [optional] This is the transmit period, this is the time in seconds the authenticator waits to transmit another request for identification from the supplicant. Default value is 30. Values can be from 1 to 65535 seconds Syntax...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-255. If no ports are s...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax lll del port=<port|list|range> - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp <enable|disable> - Start (Enable) or stop (Disab...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E priority, the higher the priority. The port with the highest priority is the primary port (over which certain types of traffic like IGMP is transmitted) Syntax del port=<number|list|range> - delete specified ports from the LACP me...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set-forbid vlan=<tag vlanid> forbid=<port-number|list|range> - sets the forbid GVRP capability on the ports specified Syntax show-forbid – display the ports with GVRP forbid capabilities Chapter 20 – SNMP Syntax snmp ...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax authtrap <enable|disable> - enables or disables authentication traps generation Syntax show-authtrap - displays the current value of authentication trap status. Syntax deftrap community =<string> - defines the default...

APPENDIX 2 APPENDIX 2 - Commands sorted alphabetically Command Description !! repeat the last command !<n> repeat the “n”th command (as indicated by a show history) <command string> <TAB> options for a command <Down-arrow> opposite of Up-arrow key <first character of the c...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |arp|portstats|addr] clear command to clear various aspects of the MNS-6K information – most notably “clear addr” – clears the a...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description enable <user-name> changing the privilege level engineid string = <string> Every agent has to have an engineID (name) to be able to respond to SNMPv3 messages. The default engine ID value is “6K_v3Engine”...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description port-mirror <enter> configure port mirror settings port-security configure port security settings priority [port=<number|list|range>] value=<0-255 | 0-65535> specifies the port or switch level prior...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description rmon enter the RMON configuration mode to setup RMON groups and communities rstp enter the RSTP configuration mode rstp <enable|disable> enable RSTP – by default, this is disabled and has to be manually activat...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description set date year=<2001-2035> month=<1-12> day=<1-31> [format=<mmddyyyy|ddmmyyyy|yyyymmdd>] sets the date and the format in which the date is displayed set daylight country=< country name> s...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description setport port=<num|list|range> [status=<enable|disable>] [control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] setting the port characteristic for an 802.1x network setport port...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description set-qi interval=<value> The IGMP querier router periodically sends general host-query messages. These messages are sent to ask for group membership information. This is sent to the all-system multicast group ad...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description show-router displays detected IGMP-enabled router ports show-stats port=<num> displays 802.1x related statistics show-timers show the values of the timers set for RSTP show-trap [id=<id#>] shows the confi...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description snmp enter the SNMP Configuration mode snmpv3 enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows sntp [enable|disable] enable or disable the SNTP services sntpser...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description start vlan=<name|number|list|range> activate the VLAN configuration static vlan=<VID> convert a dynamic VLAN to a static VLAN statistics def-owner=<string> def- comm=<string> define the RMON s...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description telnet <ipaddress> [port=<port number>] telnet from the switch. The IP address can be an IPv4 address or an IPv6 address timers forward-delay=<4-30> hello=<1-10> age=<6-160> change the S...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description user <add|delete> id=<id> [username=<name>] [usertype=<readonly|readwrite>] [authpass=<pass-phrase>] [privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>]...

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 325 Intentionally left blank

APPENDIX 3 APPENDIX 3 - Daylight Savings No time like the present... Daylight Savings Time Magnum6K Switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. In addition to the value "none" (no time changes), there are fifteen pre-defined settin...

D A Y L I G H T S A V I N G S T I M E 327 Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq, Italy, London, Namibia, Portugal, Russia, Spain, Sweden, Switzerland, Syria, USA Note – as of Release 3.7, the new daylight saving times dates enforced as of 2007, for th...

APPENDIX 4 APPENDIX 4 – Browser Certificates You shouldn't overestimate the I.Q. of crooks — NYT: Stuart A. Baker, General Counsel for the NSA There is no security on this earth. Only opportunity. – Douglas MacArthur Certificates Certificates are means for authenticating the validity of sites, serve...

B R O W S E R C E R T I F I C A T E S F IGURE 150 – Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates Once the “Add Exception” button is displayed, make sure you click on it. 330

B R O W S E R C E R T I F I C A T E S F IGURE 152 – Here, you can view the certificate, permanently make an exception and confirm the exception. The locations to do those are identified in this figure The self signed certificate from GarrettCom is shown in the next figure. 332

B R O W S E R C E R T I F I C A T E S F IGURE 153 – Self signed certificate from GarrettCom Inc for MNS-6K Once accepted, the user does not need to go through these steps again. Using Internet Explorer (ver 7.x) Internet Explorer version 7.x provides a warning when the certificates do not match. The...

B R O W S E R C E R T I F I C A T E S 334 F IGURE 154 – Using IE 7 Using Other Browsers There are many other browsers such as Opera, Safari which are also widely used. There are similar mechanisms built into these browsers to inspect the certificate and create an exception. Please refer to their res...

U P D A T I N G M N S - 6 K – S T E P 1 Step 1 1. Getting Started Decide which version to use….. his document describes how to upgrade the MNS-6K software on a Magnum 6K switch. The methods described for updating the MNS-6K software are either locally at the console port on the Magnum 6K switch or r...

U P D A T I N G M N S - 6 K – S T E P 1 2) Enough disk space to store and retrieve the configuration files as well as copy software files from GarrettCom. We recommend at least 15MB of disk space for this purpose 3) Connection to the Internet. Make sure the connection does not block FTP file transfe...

U P D A T I N G M N S - 6 K – S T E P 1 b) If the site uses another socket number for ftp connections, use the socket number at the end of the URL. For example, if the network administrator has setup a firewall to use socket number 1684, the URL would be as follows: ftp://ftp.garrettcom.com:1684 c) ...

U P D A T I N G M N S - 6 K – S T E P 1 F IGURE 155 – Accessing the GarrettCom site for download. Note – if the browser does not support the login prompt, you can type in the user name and password on the URL as follows: ftp://m6kuser:[email protected] 3) After successful login, select the ...

U P D A T I N G M N S - 6 K – S T E P 1 F IGURE 156 – Select the proper version to use after successful login 4) Navigate to the folder MNS-6K. See Figure 3. (There are other folders with additional software, MIBs as well as additional useful information for the Magnum-6K switches which you may want...

U P D A T I N G M N S - 6 K – S T E P 1 341 F IGURE 158 – Use the copy command to copy the files to the proper location 6) Make sure you remember where the files are stored as these files will be needed for the next step. Next steps 1) Access the GarrettCom Magnum 6K switch. The access can be over t...

U P D A T I N G S O F T W A R E – S T E P 2 Step 2 2. Preparing to load the software Backup your existing configuration….. nce the MNS-6K software is downloaded from the GarrettCom site, it is strongly recommended that the existing configuration of the switch is preserved before the MNS-6K software ...

U P D A T I N G S O F T W A R E – S T E P 2 343 F IGURE 159 - HyperTerminal screen showing the serial settings Network Access Prerequisites - a PC (or workstation/computer) with telnet software and the IP address of the Magnum 6K switch (or DNS name associated with the switch) to be upgraded. Access...

U P D A T I N G S O F T W A R E – S T E P 2 1) Serial file transfer capability such as X-modem or equivalent 2) TFTP server 3) FTP server As a good practice, GarrettCom recommends that you should have all these capabilities available on your local computer if you plan to upgrade additional switches ...

U P D A T I N G S O F T W A R E – S T E P 2 F IGURE 162 – Invoke the “Receive File” to start the Xmodem transfer program. In the figure above the Windows XP based HyperTerminal screen is shown Once the “Receive File” is invoked (as shown in Figure above) follow the dialog to save the file in the pro...

U P D A T I N G S O F T W A R E – S T E P 2 F IGURE 164 – Status window for Xmodem (using HyperTerminal under Windows XP) When the file transfer is completed, the window shown in Figure 10 exits and the completion message is displayed as shown in Figure 11. Successfully uploaded the configuration Ma...

U P D A T I N G S O F T W A R E – S T E P 2 347 This will save the file 6kconfig-10.11 to the specified IP address (192.168.10.99) in the default TFTP folder. Using FTP would be the same as Figure 12, except replace 'mode=tftp' with 'mode=ftp' In some situations (e.g. routed networks), TFTP or FTP s...

U P D A T I N G S O F T W A R E – S T E P 3 Step 3 3. Loading the MNS-6K software Load the new version of the MNS-6K image….. T this stage, the Magnum MNS-6K software has been downloaded from the GarrettCom site, and the configuration saved. The Magnum-6K switch is now ready to upload the new MNS-6K...

U P D A T I N G S O F T W A R E – S T E P 3 Serial Connection Prerequisites - make sure the directory and the file name of the MNS-6K software image downloaded in steps 1 and 2 is known. To use the serial connection to update the MNS-6K image, the command dialog is shown below: Magnum6K25# show vers...

U P D A T I N G S O F T W A R E – S T E P 3 Upgrade is Successful. Please reboot Magnum 6Kxx to start the application Magnum6K25# reboot Proceed on rebooting the switch? [ 'Y' or 'N' ] Y Do you wish to save current configuration? [ 'Y' or 'N' ] Y (The switch will now reboot. After the reboot, the Ma...

U P D A T I N G S O F T W A R E – S T E P 3 351 Magnum6K25# show version MNS-6K-Secure Ver: 14.1 Date:Jul 28 2008 Time:07:51:45 Build ID 1217245902 Magnum6K25# upgrade mode=tftp 192.168.10.99 file=Rel4.2.bin Do you wish to upgrade the image? [ 'Y' or 'N'] Y Upgrade is Successful. Please reboot Magnu...

U P D A T I N G S O F T W A R E – S T E P 4 Step 4 4. (Optional Step) Restoring the configuration Optionally, restore back the original configuration and update the boot code….. t this optional step, the original configuration has been saved, MNS-6K image copied from the www.garrettcom.com site and ...

U P D A T I N G S O F T W A R E – S T E P 4 353 Updating boot code over the network As discussed in step 1 – selecting the proper version , with either upgrade path (to Version 2.7.1B or to Version 3.0), the boot code will be updated. At boot up time, the Magnum 6K switch identifies that there is a ...

I N D E X Index !!, 302 !<n>, 302 802.1d, 147, 151, 159, 160, 162, 165, 172, 293 802.1q, 230 802.1Q, 132, 147 802.1w, 159, 160, 165, 175 802.1x, 106, 107, 108, 109, 114, 289 access, 46, 61, 102, 103, 104, 250, 288 action, 91, 92, 95, 104, 287 action port, 91 add, 30, 37, 94, 135, 138, 145, 200...