AT-8700XL SERIES SWITCH
USER GUIDE
Software Release 2.6.1
Contents
Where To Find More Information ...................................................................... 6
Technical support .............................................................................................. 7
Features of the AT-8700XL Series Switch ........................................................... 7
Connecting a Terminal or PC ........................................................................... 12
Logging In ...................................................................................................... 13
Setting Routes ................................................................................................ 15
Changing a Password ..................................................................................... 16
Using the Commands ..................................................................................... 17
Getting Command Line Help .......................................................................... 18
What is the GUI? ............................................................................................ 22
Accessing the Switch via the GUI .................................................................... 22
Using the GUI: Navigation and Features .......................................................... 32
Upgrading the GUI ......................................................................................... 38
Normal Mode and Security Mode ................................................................... 47
Loading and Uploading Files ........................................................................... 52
Upgrading Switch Software ............................................................................ 56
4
AT-8700XL Series Switch User Guide
For More About Operations and Facilities ........................................................ 62
Spanning Tree Protocol (STP) ........................................................................... 68
Routing Information Protocol (RIP) .................................................................. 70
IGMP Snooping .............................................................................................. 70
How to Avoid Problems .................................................................................. 75
Resetting Switch Defaults ............................................................................... 79
Troubleshooting IP Configurations .................................................................. 80
Software Release 2.6.1
C613-02030-00 REV B
Chapter 1
Introduction
Welcome to the AT-8700XL Series Advanced Fast Ethernet Switch, combining
wire speed Layer 2 and Layer 3 switching with Quality of Service (QoS)
features such as traffic classifiers and bandwidth limiting.
This guide introduces the AT-8700XL Series Switch and will guide you through
the most common uses and applications of your new switch. Getting started
will not take long—many applications are set up in just a few minutes. If you
have any questions about the switch, contact your authorised distributor or
reseller.
Your AT-8700XL Series Switch is supplied with default settings which allow
you to operate the switch immediately, without any configuration. Even if this
is all you want to do, you should still gain access to the switch configuration, if
only to change the manager password to prevent unauthorised access.
To take advantage of the advanced routing features, you will need to enter
detailed configuration. The switch has both a Command Line Interface (CLI)
and a Graphical User Interface (GUI) for configuration and management.
Before you can use the GUI, you will need to login to the switch and use its CLI
to allocate an IP address to at least one interface.
Why Read this User Guide?
Before you use your switch in a live network, please read this guide. The guide
tells you how to access and use the Command Line Interface (CLI) to configure
the switch software, and how to access and use the switch’s Graphical User
Interface (GUI). It then introduces a number of common switch functions and
how to configure them using the CLI. For information on configuration using
the GUI, see the context-sensitive online GUI help. For more detailed
descriptions of all commands, display outputs, and background information,
see the AT-8700XL Series Software Reference.
This user guide is organised into the following chapters:
■
Chapter 1, Introduction gives an overview of the switch features and of the
documentation supplied with your switch.
■
how to gain access to the command line interface.
6
AT-8700XL Series Switch User Guide
■
■
how to access and use the graphical user interface.
Chapter 4, Operating the switch introduces general operation, management
and support features, including loading and installing support files and
new releases.
■
■
Chapter 5, Switching describes how to configure Layer 2 and IP switching
features, including switch ports and VLANs.
you can use to monitor the switch and diagnose faults.
Where To Find More Information
Before installing the switch and any expansion options, read the important
safety information in the Safety and Statutory Information booklet.
Follow the Quick Install Guides’ step-by-step instructions for physically
installing the switch and any expansion options.
The AT-8700XL Series Hardware Reference gives detailed information about the
equipment hardware.
The context-sensitive online GUI help gives descriptions of each page and
element of the GUI.
Once you are familiar with the basic operations of the switch, use the AT-
8700XL Series Software Reference for full descriptions of routing features and
command syntax.
The AT-8700XL Series Switch Documentation Set
The documentation set for the AT-8700XL Series Switch includes:
■
■
■
AT-8700XL Series Safety and Statutory Information
AT-8700XL Series Quick Install Guide
AT-8700XL Series Documentation and Tools CD-ROM, which includes the
following PDF documents:
•
•
•
•
•
•
•
AT-8700XL Series Safety and Statutory Information
AT-8700XL Series Quick Install Guide
This User Guide
AT-8700XL Series Hardware Reference
AT-8700XL Series Software Reference
Uplink Module Quick Install Guide
Uplink Module Hardware Reference
Software Release 2.6.1
C613-02030-00 REV B
Introduction
7
The CD-ROM also includes:
•
AT-TFTP Server for Windows, for downloading software releases,
scripts and other files to or from an AT-8700XL switch.
•
Adobe Acrobat Reader for Windows for viewing and printing the
online documentation in PDF format. Get instant access to information
with full-text searching of PDF documents by keyword or phrase.
•
•
•
Microsoft Internet Explorer.
A demonstration version of F-Secure’s Secure Shell client for Windows.
Information about other Allied Telesyn routing and switching
products.
Technical support
For online support for your AT-8700XL Series Switch, see our on-line support
This site contains the latest switch software releases, patches, GUI resource files
and documentation. Download software upgrades from the Allied Telesyn web
site to your server, and the use the LOAD command to copy them to the
switch’s FLASH memory. Use the SET INSTALL command to enable the new
If you require further assistance, contact your authorised distributor or reseller.
Features of the AT-8700XL Series Switch
Software support for AT-8700XL Series Switches provides wirespeed Layer 2
and Layer 3 switching, including support for Virtual LANs.
Switching Features
The main Layer 2 features of the switch are:
■
■
■
■
Packet Forwarding at wire speed.
Store and Forward switching mode.
Autonegotiation of link speed and duplex mode for 10/100 Mbps speed on
■
Automatic, configurable MAC address learning and ageing, supporting up
to 255 static MAC addresses per switch.
■
■
Switch Filtering.
Layer 3 Filtering (Switching chapter in the AT-8700XL Series Software
Reference.
■
■
Software Release 2.6.1
C613-02030-00 REV B
8
AT-8700XL Series Switch User Guide
■
■
■
Classifiers to sort traffic for QoS and hardware filtering
Quality of Service
•
•
•
DSCP configuration enabling management of DiffServ domains
Priority queuing
Bandwidth limiting
■
■
■
IGMP snooping and Multicast VLAN Registration
Management Features
The following features enhance management of the switch:
■
■
■
■
A sophisticated and configurable event logging facility for monitoring and
alarm notification to single or multiple management centres.
Triggers for automatic and timed execution of commands in response to
events.
Scripting for automated configuration and centralised management of
configurations.
Dynamic Host Configuration Protocol (DHCP) for IP and IPv6. DHCP lets
you automatically assign IP addresses and other configuration information
to PCs and other hosts on TCP/IP networks.
■
Support for the Simple Network Management Protocol (SNMP), standard
MIBs and the Allied Telesyn Enterprise MIB, enabling the switch to be
managed by a separate SNMP management station.
■
■
■
Telnet client and server.
Secure Shell remote management.
An HTTP client that allows the direct download of files from a web server
to the switch’s FLASH memory.
For complete descriptions of these software features, see the AT-8700XL Series
Software Reference.
Layer 3 and Other Features
AT-8700XL Series Advanced Fast Ethernet Switches provide efficient and cost-
effective switching, terminal serving and integrated network management
over LANs. All models can run the same software suite and can provide all of
the following functions simultaneously (depending on the hardware
configuration):
■
■
TCP/IP routing.
IP multicasting support including Internet Group Management Protocol
(IGMP), IGMP snooping, IGMP proxy and Multicast VLAN Registration.
■
Ping Polling for determining device reachability and responding when a
device or link goes up or down.
Software Release 2.6.1
C613-02030-00 REV B
Introduction
9
■
■
■
■
■
■
■
■
OSPF and IP RIP routing protocols.
ARP, Proxy ARP and Inverse ARP address resolution protocols.
Sophisticated packet filtering.
Terminal serving using Telnet, with local host nicknames.
Integration with a Public Key Infrastructure (PKI).
Virtual Router Redundancy Protocol (VRRP).
Software Secure Sockets Layer (SSL).
802.1x port authentication.
Warning about FLASH memory
Before you start to configure your switch, note that it is possible to enter
commands that can impact severely on your switch’s performance.
DO NOT clear the FLASH memory completely. The software release files are
stored in FLASH, and clearing FLASH memory would leave no software to run
the switch.
While FLASH is compacting, do not restart the switch or use any commands
that affect the FLASH file subsystem. Do not restart the switch, or create, edit,
load, rename or delete any files until a message confirms that FLASH file
compaction is completed. Interrupting flash compaction may result in damage
to files. Damaged files are likely to prevent the switch from operating correctly.
Software Release 2.6.1
C613-02030-00 REV B
Chapter 2
Getting Started with the Command Line
Interface (CLI)
This Chapter
This chapter describes how to access the switch’s CLI, and provides basic
information about configuring the switch, including how to:
■
■
Set the Terminal Communication parameters to match the switch’s settings
■
■
Configure IP addresses on the switch interfaces over which you will
manage the switch. This is necessary if you will access the switch using the
■
■
Change the management password to limit unauthorised access to the
■
Use the command line interface to control the switch software, including
■
■
■
Enable any special feature licences (see “Enabling Special Feature Licences”
on page 18).
12
AT-8700XL Series Switch User Guide
Connecting a Terminal or PC
The first thing to do after physically installing the switch is to start a terminal
or terminal emulation session to access the switch. Then you can use the
command line interface (CLI) to configure the switch. If you wish to configure
the switch using the Graphical User Interface, you must first access the CLI and
assign an IP address to at least one interface.
You can use a PC running terminal emulation software as the manager console
instead of a terminal. Many terminal emulation applications are available for
the PC, but the most readily available is the HyperTerminal application
included in Microsoft® Windows™ 95, Windows™ 98, and Windows™ 2000.
In a normal Windows™ installation HyperTerminal is located in the
Accessories group. In Windows™ 2000, HyperTerminal is located in the Start >
Programs > Accessories > Communications menu.
The key to successfully using terminal emulation software with the switch is to
configure the communications parameters in the terminal emulation software
to match the default settings of the console port on the switch. For instructions
on how to configure HyperTerminal, see the AT-8700XL Series Hardware
Reference.
To start a terminal session, connect to the switch in one of the following ways:
■
■
Connect a VT100-compatible terminal to the RS-232 Terminal Port (asyn0),
set the communications parameters on the terminal (Table 1 on page 12),
and press [Enter] a few times until the switch’s login prompt appears; OR
Connect the COM port of a PC running terminal emulation software such
as Windows Terminal or HyperTerminal to the RS-232 Terminal Port
(asyn0), set the communications parameters on the terminal emulation
software (Table 1 on page 12), and press [Enter] a few times until the
switch’s login prompt appears.
Terminal Communication Parameters
Check that the terminal or modem’s communication settings match the settings
of the asynchronous port. By default, the asynchronous port (also known as the
Console, RS-232, or Config port) on the switch is set to the parameters shown
in Table 1 on page 12:
Table 1: Parameters for terminal communication
Parameter
Baud rate
Data bits
Parity
Value
9600
8
None
1
Stop bits
Flow control
Hardware
Refer to the user manual supplied with the terminal or modem for details of
how to change the communications settings for the terminal or modem.
Software Release 2.6.1
C613-02030-00 REV B
Getting Started with the Command Line Interface (CLI)
13
If a modem is connected, configure the switch to make and/or accept calls via
the modem. To set the CDCONTROL parameter to “CONNECT” and the
FLOW parameter to “HARDWARE”, enter the command:
SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE
If the terminal or modem is used with communications settings other than the
default settings, then configure the asynchronous port to match the terminal or
modem settings using the SET ASYN command.
See the switch’s online help or the Interfaces chapter in the AT-8700XL Series
Software Reference for more information on how to configure the asynchronous
port.
Logging In
When you access the switch from a terminal or PC connected to the RS-232
terminal port (asyn0), or via a Telnet or HTTP connection, you must enter a
login name and password to gain access to the command prompt. When the
switch is supplied, it has a manager account with an initial password friend.
Enter your login name at the login prompt:
login: manager
Enter the password at the password prompt:
password: friend
After you log into the manager account you can enter commands from this
document and from the AT-8700XL Series Software Reference.
Assigning an IP Address
To configure the switch to perform IP routing (for example, to access the
Internet) you need to configure IP. You also need to configure IP if you want to
manage the switch from a Telnet session or with the GUI. For detailed
instructions on accessing the switch with the GUI, see “Accessing the Switch
First enable IP, using the command:
ENABLE IP
Then, add an IP address to each of the switch interfaces that you want to
process IP traffic.
For the default VLAN, use the command:
ADD IP INTERFACE=vlan1 IPADDRESS=ipadd MASK=mask
where:
■
■
ipadd is an unused IP address on your LAN.
mask is the subnet mask (for example 255.255.255.0)
Software Release 2.6.1
C613-02030-00 REV B
14
AT-8700XL Series Switch User Guide
If IP addresses on your LAN are assigned dynamically by DHCP, you can set
the switch to request an IP address from the DHCP server, using the
commands:
ADD IP INTERFACE=vlan1 IPADDRESS=DHCP
ENABLE IP REMOTEASSIGN
You do not need to set the MASK parameter because the subnet mask received
from the DHCP server is used.
If you use DHCP to assign IP addresses to devices on your LAN, and you want to
manage the switch within this DHCP regime, it is recommended that you set your
DHCP server to always assign the same IP address to the switch. This will enable you
to access the GUI by browsing to that IP address, and will also let you use the switch as
a gateway device for your LAN. If you need the switch's MAC address for this, it can be
displayed using the command SHOW SWITCH.
To change the IP address for an interface, enter the command:
SET IP INTERFACE=interface IPADDRESS=ipadd MASK=ipadd
When you are configuring the switch remotely, if you change the configuration (for
example, the VLAN membership) of the port over which you are configuring, the switch
is likely to break the connection.
For more information about switch ports and Virtual LANs (VLANs), see
AT-8700XL Series Software Reference. For more information about IP addressing
Protocol (IP) chapter in the AT-8700XL Series Software Reference.
Assigning an IP Address
To configure the switch to perform IP routing (for example, to access the
Internet) you need to configure IP. You also need to configure IP if you want to
manage the switch from a Telnet session or with the GUI. For detailed
First enable IP, using the command:
ENABLE IP
Then, add an IP address to each of the switch interfaces that you want to
process IP traffic. For example, for Ethernet port 0, use the command:
ADD IP INTERFACE=eth0 IPADDRESS=ipadd MASK=mask
where:
■
■
ipadd is an unused IP address on your LAN.
mask is the subnet mask (for example 255.255.255.0)
Software Release 2.6.1
C613-02030-00 REV B
Getting Started with the Command Line Interface (CLI)
15
If IP addresses on your LAN are assigned dynamically by DHCP, you can set
the switch to request an IP address from the DHCP server, using the
commands (for Ethernet port 0, for example):
ADD IP INTERFACE=eth0 IPADDRESS=DHCP
ENABLE IP REMOTEASSIGN
You do not need to set the MASK parameter because the subnet mask received
from the DHCP server is used.
If you use DHCP to assign IP addresses to devices on your LAN, and you want to
manage the switch within this DHCP regime, it is recommended that you set your
DHCP server to always assign the same IP address to the switch. This will enable you
to access the GUI by browsing to that IP address, and will also let you use the switch as
a gateway device for your LAN. If you need the switch's MAC address for this, it can be
displayed using the command SHOW SWITCH.
To change the IP address for an interface, enter the command:
SET IP INTERFACE=interface IPADDRESS=ipadd MASK=ipadd
Setting Routes
The process of routing packets consists of selectively forwarding data packets
from one network to another. Your switch makes a decision to send a packet to
a particular network on information it learns dynamically from listening to the
selected route protocol and on the static information entered as part of the
configuration process. In addition, you can configure user-defined filters to
restrict the way packets are sent.
Your switch maintains a table of routes which holds information about routes
to destinations. The route table tells the switch how to find a remote network or
host. A route is uniquely identified by IP address, network mask, next hop,
ifIndex, protocol and policy. A list of routes comprises all the different routes to
a destination. The routes may have different metrics, next hops, policy or
protocol. A list of routes is uniquely identified by its IP address and net mask.
The routing table is maintained dynamically by using one or more routing
protocols such as RIP, EGP and OSPF. These act to exchange routing
information with other switches or hosts.
You can also add static routes to the route table to define default routes to
external switches or networks and to define subnets.
To add a static route, enter the command:
ADD IP ROUTE=ipadd INTERFACE=interface NEXTHOP=ipadd
[CIRCUIT=miox-circuit] [DLCI=dlci]
[MASK=ipadd][METRIC=1..16] [METRIC1=1..16]
[METRIC2=1..65535][POLICY=0..7] [PREFERENCE=0..65535]
To displays the entire routing table, including both static and dynamic routes,
enter the command:
SHOW IP ROUTE
For more information about setting IP routes, see the Internet Protocol (IP)
chapter in the AT-8700XL Series Software Reference.
Software Release 2.6.1
C613-02030-00 REV B
Changing a Password
You should change this password to prevent unauthorised access to the switch.
Enter the command:
SET PASSWORD
The switch prompts you for the current password, for the new password, and
for confirmation of the new password. The password can contain any printable
characters, and must be at least a minimum length, by default six characters.
(To change the default minimum length, see the SET USER command in the
Operations chapter, AT-8700XL Series Software Reference.)
Choosing a Password
All users, including managers, should take care in selecting passwords. Tools
exist that enable hackers to guess or test many combinations of login names
and passwords easily. The User Authentication Facility (UAF) provides some
protection against such attacks by allowing the manager to set the number of
consecutive login failures allowed and a lockout period when the limit is
exceeded.
However, the best protection against password discovery is to select a good
password and keep it secret. When choosing a password:
■
Do make it six or more characters in length. The UAF enforces a minimum
password length, which the manager can change. The default is six
characters.
■
■
Do include both alphabetic (a–z) and numeric (0–9) characters.
Do include both uppercase and lowercase characters. The passwords
stored by the switch are case-sensitive, so “bgz4kal” and “Bgz4Kal” are
different.
■
Do avoid words found in a dictionary, unless combined with other random
alphabetic and numeric characters.
■
■
Do not use the login name, or the word “password” as the password.
Do not use your name, your mother’s name, your spouse’s name, your
pet’s name, or the name of your favourite cologne, actor, food or song.
■
■
Do not use your birth date, street number or telephone number.
Do not write down your password anywhere.
Make sure you remember the new password created as you cannot retrieve a
lost password. Recovery of access to the switch is complex.
Once you have logged into the manager account you are able to enter
commands from this guide and from the AT-8700XL Series Software Reference.
Getting Started with the Command Line Interface (CLI)
17
Using the Commands
You control the switch with commands described in this document and in the
AT-8700XL Series Software Reference. While the keywords in commands are not
case sensitive, the values entered for some parameters are (especially
passwords). The switch supports command line editing and recall. Command
line editing functions and keystrokes are shown in Table 2 on page 17.
Table 2: Command line editing functions and keystrokes .
Function
VT100 Terminal
Dumb terminal
Not available
[Delete] or [Backspace]
Not available
[Ctrl/U]
Move cursor within command line ←, →
Delete character to left of cursor
Toggle between insert/overstrike
Clear command line
[Delete] or [Backspace]
[Ctrl/O]
[Ctrl/U]
Recall previous command
Recall next command
↑ or [Ctrl/B]
↓ or [Ctrl/F]
[Ctrl/B]
[Ctrl/F]
Display command history
[Ctrl/C] or
[Ctrl/C]
SHOW PORT HISTORY
or SHOW PORT HISTORY
Clear command history
RESET PORT HISTORY
[Tab] or [Ctrl/I]
RESET PORT HISTORY
[Tab] or [Ctrl/I]
Recall matching command
The switch assumes that the width of the terminal screen is 80 characters, and
performs command line wrapping at the 80th column regardless of the setting
of the terminal. To execute a command the cursor does not need to be at the
end of the line. The default editing mode is insert mode. Characters are
inserted at the cursor position and any characters to the right of the cursor are
pushed to the right to make room. In overstrike mode, characters are inserted
at the cursor position and replace any existing characters.
Commands are limited to 1000 characters, excluding the prompt. Path names
of up to 256 characters, including file names, and file names up to 16 characters
long, with extensions of 3 characters, are supported.
Aliases
The command line interface supports aliases. An alias is a short name for an
often-used longer character sequence. When the user presses [Enter] to execute
the command line, the command processor first checks the command line for
aliases and substitutes the replacement text. The command line is then parsed
and processed normally. Alias substitution is not recursive—the command line
is scanned only once for aliases.
Aliases are created and destroyed using the commands:
ADD ALIAS=name STRING=substitution
DELETE ALIAS=name
Software Release 2.6.1
C613-02030-00 REV B
18
AT-8700XL Series Switch User Guide
Getting Command Line Help
Online help is available for all switch commands. A multilingual, language-
independent online help facility provides help information via the command:
HELP [topic]
If a topic is not specified, a list of available topics is displayed. The HELP
command displays information from the system help file stored in FLASH
memory. The help file uses a simple mark-up language to identify topics,
access level (USER or MANAGER) and help text. Both standard ASCII and
Unicode character encodings are supported. Alternate help files can be
uploaded and stored in FLASH, then activated using the command:
SET HELP=helpfile
To display the current help file, enter the command:
SHOW SYSTEM
The help file is easily modified, for example to provide detailed site-specific
support information. The mark-up language specification and preprocessor
program are available from your authorised distributor or reseller.
Also, typing a question mark “?” at the end of a partially completed command
displays a list of the parameters that may follow the current command line,
with the minimum abbreviations in uppercase letters (see Figure 1 on page 18).
The current command line is then re-displayed, ready for further input.
Figure 1: Using the question mark character (“?”) to display help for the current command.
Manager > ADD ?
Options : ACC APPletalk BGP CLASSifier BOOTp BRIDge DECnet FRamerelay GRE IP IPX
ISDN LAPD LOG MIOX NTP OSPF PERM PPP RADius SA SCript SNmp STReam STT TRIGger
TACacs USEr X25C X25T TDM
Manager > ADD ACC ?
Options : CALL SCript DOmainname
Manager > ADD ACC CALL ?
Options : DIrection DScript CScript RScript POrt ENcapsulation AUthentication
DOmainname
Setting System Parameters
You can set some general system parameters to ensure the switch’s
compatibility with the public network, and to aid network administration.
Some services, for instance ISDN, use slightly different versions in different
countries. To make sure that the switch uses protocols consistent with the
services it is connected to, set the system territory to the country or region in
which your switch operates. Enter the command:
SET SYSTEM TERRITORY={AUSTRALIA|CHINA|EUROPE|JAPAN|KOREA|
NEWZEALAND|USA}
Software Release 2.6.1
C613-02030-00 REV B
Getting Started with the Command Line Interface (CLI)
19
In Australia only: to use the Micro service, SET SYSTEM LOCATION=australia; to
use the OnRamp service, SET SYSTEM LOCATION=europe.
System name, location and contact parameters can help a remote network
administrator identify the switch. By convention the system name is the full
domain name. Set the name of the switch, for example:
SET SYSTEM NAME=nd1.co.nz
the location of the switch, for example:
SET SYSTEM LOCATION=”Head Office, 3rd floor east”
and a contact name and phone number for the network administrator
responsible for the switch, for example:
SET SYSTEM CONTACT=”Anna Brown 03-456 789”
The name, location, and contact are strings 1 to 80 characters in length of any
printable character. If the string includes spaces enclose the string in double
quotes.
Set the switch’s real time clock to the current local time in 24 hour notation
(hh:mm:ss), for example:
SET TIME=14:50:00
and to the current date (dd-mmm-yy, or dd-mmm-yyyy), for example:
SET DATE=29-JAN-02
or
SET DATE=29-JAN-2003
Software Release 2.6.1
C613-02030-00 REV B
|