MAGNUM 6K FAMILY OF SWITCHES

Managed Network Software (MNS)

MNS-6K-SECURE 14.4.5 and MNS-6K 4.4.5

CLI User Guide

Preface
This guide describes how to use the Command Line Interface (CLI) for the Magnum
family of switches. For the Secure Web Management Interface please refer to the
Secure Web Management (SWM) User Guide.
Some simple guidelines which will be useful for configuring and using the Magnum
6K family of switches:

If you need information on a specific command in the CLI, type the
command name after you type the word help (help <command> ) or just type
<command> [Enter].

If you need information on a specific feature in Web Management Interface,
use the online help provided in the interface.

If you need further information or datasheets on GarrettCom Magnum 6K
family of switches, refer to the GarrettCom web links at:
www.garrettcom.com/managed_switches.htm

GarrettCom Inc.
A Belden Brand
47823 Westinghouse Drive
Fremont, CA 94539-7437
Phone (510) 438-9071 • Fax (510) 438-9072
Email – Tech support – [email protected]
Email – Sales – [email protected]
WWW – www.garrettcom.com

i
Trademarks
GarrettCom Inc., a Belden Brand reserves the right to change specifications, performance
characteristics and/or model offerings without notice. GarrettCom, Magnum, S-Ring, Link-
Loss-Learn, Converter Switch, Convenient Switch and Personal Switch are trademarks and
Personal Hub is a registered trademark of GarrettCom, Inc.

NEBS is a registered trademark of Telcordia Technologies.

UL is a registered trademark of Underwriters Laboratories.

Ethernet is a trademark of Xerox Corporation.

Copyright  2013 GarrettCom, Inc., a Belden Brand. All rights reserved. No part of this
publication may be reproduced without prior written permission from GarrettCom, Inc.

Printed in the United States of America.

Part #: 84-00133
PK-0520202

ii
Table of Contents
Preface ............................................................................................................... i
Table of Contents .......................................................................................... iii
List of Figures .............................................................................................. xii
1 – Conventions Followed ......................................................................... 18
Flow of the User Guide ................................................................................ 20
2 – Getting Started ...................................................................................... 23
Before Starting................................................................................................ 23
MNS-6K Software Updates ..................................................................... 24
Console Connection ...................................................................................... 24
Console Setup................................................................................................. 25
Console Screen ............................................................................................... 25
Logging In for the First Time ...................................................................... 26
Setting IP Parameters .................................................................................... 26
Privilege Levels............................................................................................... 29
Operator Privileges ................................................................................... 30
Manager Privileges .................................................................................... 30
User Management .......................................................................................... 30
Add User .................................................................................................... 30
Delete User................................................................................................. 31
Modify Password ....................................................................................... 31
Modify Privilege Level .............................................................................. 31
Modifying Access Privileges .................................................................... 32
Help ................................................................................................................. 33
Displaying Help for an Individual Command ...................................... 34
Viewing Options for a Command .......................................................... 35
Context Help.............................................................................................. 35
Exiting ............................................................................................................. 37
Upgrading to MNS-6K-SECURE ............................................................... 37
iii
List of Commands In This Chapter ............................................................ 38
3 – IP Address and System Information ............................................... 40
IP Addressing ............................................................................................ 40
Importance of an IP Address ....................................................................... 40
DHCP and BootP ..................................................................................... 41
Bootp Database ......................................................................................... 41
Configuring Auto/DHCP/Bootp/Manual ........................................... 42
Using Telnet ............................................................................................... 43
Using HiDiscovery .................................................................................... 46
Using SSH .................................................................................................. 46
Domain Name System (DNS)...................................................................... 50
Setting Serial Port Parameters ...................................................................... 51
System Parameters ......................................................................................... 52
Date and Time................................................................................................ 53
Network Time (SNTP Client) ...................................................................... 55
Network Time (SNTP Server) ..................................................................... 56
Saving and Loading Configuration .............................................................. 56
Upgrading MNS-6K ...................................................................................... 61
TFTP Server ................................................................................................... 62
Script Files ...................................................................................................... 64
Displaying or Hiding Passwords .................................................................. 65
Host Names .................................................................................................... 69
Displaying Configuration .............................................................................. 70
Running Config, Saved Config, Script ........................................................ 72
Deleting Configuration ................................................................................. 74
Displaying Serial Number ............................................................................. 75
List of Commands In This Chapter ............................................................ 76
Other Commands .......................................................................................... 80
4 – IPv6........................................................................................................... 81
Assumptions .............................................................................................. 81

iv
Introduction to IPv6 ..................................................................................... 81
What’s Changed in IPv6? .............................................................................. 82
IPv6 Addressing ............................................................................................. 82
Configuring IPv6 ........................................................................................... 83
List of Commands In This Chapter ............................................................ 85
5 – DHCP Server ......................................................................................... 86
Modes of Operation ...................................................................................... 87
Technical Details ............................................................................................ 88
DHCP Discovery ........................................................................................... 88
DHCP Offers ................................................................................................. 89
DHCP Request............................................................................................... 89
DHCP Acknowledgement ............................................................................ 89
DHCP Information ....................................................................................... 90
DHCP Release................................................................................................ 90
Client Configuration ...................................................................................... 90
Option 82 ........................................................................................................ 90
MNS-6K-SECURE Implementation .......................................................... 91
List of Commands In This Chapter ............................................................ 93
6 – SNTP Server ......................................................................................... 95
SNTP - Prerequisites ................................................................................ 95
SNTP Server Overview ................................................................................. 95
Stratum Clocks ............................................................................................... 96
MNS-6K-SECURE Implementation .......................................................... 98
List of Commands In This Chapter ............................................................ 99
7 – Access Considerations....................................................................... 100
Securing Access ....................................................................................... 100
Passwords...................................................................................................... 100
Port Security ................................................................................................. 101
Network Security .....................................................................................101

v
 Configuring Port Security ...................................................................... 101
Syslog and Logs ............................................................................................ 106
Authorized Managers ..................................................................................112
List of Commands In This Chapter .......................................................... 114
8 – Access Using RADIUS ..................................................................... 116
RADIUS ................................................................................................... 116
802.1x ............................................................................................................ 116
Configuring Network Access ..................................................................... 119
Configuring User Access............................................................................. 124
List of Commands In This Chapter .......................................................... 125
9 – Access Using TACACS+ .................................................................. 127
TACACS – Flavors and History ........................................................... 127
TACACS+ Flow .......................................................................................... 128
TACACS+ Packet........................................................................................129
Configuring TACACS+ .............................................................................. 129
List of Commands In This Chapter .......................................................... 131
10 – Port Setup and Mirroring ................................................................ 133
Port Monitoring and Mirroring ............................................................. 133
Port Mirroring .............................................................................................. 133
Port Setup ..................................................................................................... 134
Speed Settings .......................................................................................... 136
Duplex Settings........................................................................................ 136
Back Pressure ........................................................................................... 137
Flow Control ............................................................................................ 137
Notify ........................................................................................................ 140
Broadcast Storms ....................................................................................140
Preventing Broadcast Storms ..................................................................... 140
Port Rate Limiting for Broadcast Traffic .................................................. 142
List of Commands In This Chapter .......................................................... 142
11 – VLAN ................................................................................................... 144

vi
 Why VLANs?...........................................................................................144
Creating VLANs .......................................................................................... 146
Using VLANs ............................................................................................... 147
List of Commands In This Chapter .......................................................... 157
12 – Spanning Tree Protocol (STP) ...................................................... 158
STP Features and Operation ................................................................. 158
Using STP ..................................................................................................... 159
List of Commands In This Chapter .......................................................... 169
13 – Rapid Spanning Tree Protocol (RSTP) ...................................... 170
RSTP Concepts .......................................................................................170
Transition from STP to RSTP ................................................................... 171
Configuring RSTP........................................................................................ 172
List of Commands In This Chapter .......................................................... 182
14 – S-Ring™ and Link-Loss-Learn™ (LLL) ................................... 184
S-Ring and LLL Concepts ..................................................................... 185
Comparing Resiliency Methods ................................................................. 186
RSTP/STP Operation Without S-Ring ................................................... 187
RSTP/STP Operation With S-Ring .......................................................... 189
LLL With S-Ring.......................................................................................... 191
Ring Learn Features..................................................................................... 191
Configuring S-Ring ...................................................................................... 191
List of Commands In This Chapter .......................................................... 195
15 – Dual-Homing .................................................................................... 197
Dual-Homing Concepts ......................................................................... 197
Dual-Homing Modes................................................................................... 200
Configuring Dual-Homing ......................................................................... 200
List of Commands In This Chapter .......................................................... 202
16 – Link Aggregation Control Protocol (LACP) ............................. 203
LACP Concepts.......................................................................................203

vii
LACP Configuration ...................................................................................204
List of Commands In This Chapter .......................................................... 214
17 – Quality of Service .............................................................................. 215
QoS Concepts .......................................................................................... 215
DiffServ and QoS ........................................................................................ 216
IP Precedence ............................................................................................... 217
Configuring QoS (MNS-6K ver 4.1.x) ...................................................... 218
Configuring QoS (MNS-6K ver 4.2.x) ...................................................... 223
List of Commands In This Chapter .......................................................... 226
18 – IGMP....................................................................................................228
IGMP Concepts ...................................................................................... 228
IGMP-L2 ...................................................................................................... 232
Configuring IGMP ...................................................................................... 235
List of Commands In This Chapter .......................................................... 242
19 – GVRP ................................................................................................... 243
GVRP Concepts ...................................................................................... 243
GVRP Operations ....................................................................................... 244
Configuring GVRP ...................................................................................... 249
GVRP Operations Notes............................................................................ 250
List of Commands In This Chapter .......................................................... 251
20 – LLDP ................................................................................................... 252
LLDP Concepts....................................................................................... 252
Configuring LLDP....................................................................................... 254
List of Commands In This Chapter .......................................................... 258
21 – SNMP................................................................................................... 259
SNMP Concepts ...................................................................................... 259
Traps .............................................................................................................. 261
Standards ....................................................................................................... 261
Configuring SNMP ...................................................................................... 262

viii
Configuring RMON ....................................................................................271
HiVision ........................................................................................................ 273
List of Commands In This Chapter .......................................................... 273
22 – MODBUS ........................................................................................... 276
MODBUS Overview ................................................................................... 276
Configuring MODBUS ............................................................................... 278
MODBUS Memory Map ............................................................................ 280
List of Commands In This Chapter .......................................................... 280
23 – PTP (IEEE 1588) .............................................................................. 281
IEEE 1588 Overview ..................................................................................281
24 – GMRP .................................................................................................. 289
25 – Static Multicast Group .................................................................... 293
26 – Miscellaneous Commands ............................................................. 296
Alarms, Traps, Alerts . . . ............................................................................ 296
Alarm Relays ................................................................................................. 297
Email.............................................................................................................. 302
Serial Connectivity ....................................................................................... 307
Banner Message............................................................................................ 308
Dual Power Supply ...................................................................................... 309
Fans and Temperature.................................................................................310
Power over Ethernet (PoE) ........................................................................ 311
Scheduled Reboot ........................................................................................ 318
Miscellaneous Commands .......................................................................... 320
Prompt .......................................................................................................... 322
Ping ................................................................................................................ 323
FTP Modes ................................................................................................... 323
System Events .............................................................................................. 324
MAC Address Table ....................................................................................329
List of Commands In This Chapter .......................................................... 330

ix
Appendix 1 - Command Listing by Chapter ...................................... 334
Chapter 2 – Getting Started........................................................................ 334
Chapter 3 – IP Address and System Information ................................... 335
Chapter 4 – IPv6 .......................................................................................... 339
Chapter 5 – DHCP Server .......................................................................... 339
Chapter 6 – SNTP Server ........................................................................... 340
Chapter 7 – Access Considerations ........................................................... 340
Chapter 8 – Access Using RADIUS.......................................................... 342
Chapter 9 – Access Using TACACS+ ...................................................... 343
Chapter 10 – Port Setup and Mirroring .................................................... 344
Chapter 11 - VLAN ..................................................................................... 345
Chapter 12 – Spanning Tree Protocol (STP) ........................................... 345
Chapter 13 – Rapid Spanning Tree Protocol ........................................... 346
Chapter 14 – S-Ring and Link-Loss-Learn ............................................... 347
Chapter 15 – Dual-Homing ........................................................................ 348
Chapter 16 – Link Aggregation Control Protocol (LACP) .................... 349
Chapter 17 – Quality of Service ................................................................. 349
Chapter 18 - IGMP...................................................................................... 350
Chapter 19 - GVRP ..................................................................................... 351
Chapter 20 – LLDP ..................................................................................... 351
Chapter 21 – SNMP ....................................................................................352
Chapter 22 – MODBUS ............................................................................. 355
Chapter 23 – PTP (IEEE 1588)................................................................. 355
Chapter 24 – GMRP....................................................................................356
Chapter 25 – Static Multicast Group ......................................................... 356
Chapter 26 – Miscellaneous Commands................................................... 356
Appendix 2 - Commands Sorted Alphabetically ............................... 360
Appendix 3 - Daylight Savings .............................................................. 385
Daylight Savings Time................................................................................. 385

x
Appendix 4 – Browser Certificates ....................................................... 387
Certificates .................................................................................................... 387
Using Mozilla Firefox .................................................................................. 388
Using Internet Explorer ..............................................................................392
Using Other Browsers .................................................................................393
Appendix 5 – Updating MNS-6K Software ........................................ 394
Step 1 - Getting Started ............................................................................ 395
Selecting The Proper Version..................................................................... 396
Downloading The MNS-6K Software ...................................................... 396
Next Steps ..................................................................................................... 401
Step 2 - Preparing To Load The Software .......................................... 402
Accessing The Switch .................................................................................. 402
Serial Connection ....................................................................................402
Network Access.......................................................................................403
Saving The Configuration ........................................................................... 403
Serial Connection ....................................................................................404
Network Access.......................................................................................406
Next Steps ................................................................................................ 407
Step 3 - Loading The MNS-6K Software ............................................ 408
Before Loading The MNS-6K Software ................................................... 408
Accessing The Switch .................................................................................. 408
Serial Connection ....................................................................................409
Network Access.......................................................................................410
Next Steps ................................................................................................ 411
Step 4 - Optional Step: Restoring The Configuration ..................... 412
Accessing The Switch ............................................................................. 412
Reloading The Configuration ................................................................ 412
Updating Boot Code Over The Network ................................................. 412
Appendix 6 – MODBUS Memory Map ............................................... 415
Index ............................................................................................................. 447

xi
List of Figures
FIGURE1 – HyperTerminal screen showing the serial settings. ................................................................................................... 25
FIGURE2 – Prompt indicating the switch model number as well as mode of operation – note the commands to switch
between the levels is not shown here. ............................................................................................................................ 25
FIGURE3 – As the switch tries to determine its mode of operation and its IP address, it may assign and release the IP
address a number of times. A continuous ping to the switch will show an intermittent response. ................................... 27
FIGURE4 – Setting IP address on the switch............................................................................................................................ 28
FIGURE5 – Rebooting the switch. ............................................................................................................................................ 28
FIGURE 6 – Viewing the basic setup parameters. You can use show setup or show sysconfig to view setup
parameters.................................................................................................................................................................. 29
FIGURE 7 – Switching users and privilege levels. Note the prompt changes with the new privilege level. ...................................... 30
FIGURE8 – Adding a user with Manager level privilege........................................................................................................... 30
FIGURE9 – Deleting a user. .................................................................................................................................................... 31
FIGURE10 – Changing the password for a specific user. ........................................................................................................... 31
FIGURE11 – Changing the privilege levels for a user. ................................................................................................................ 31
FIGURE12 – Creating user access privileges. ............................................................................................................................. 33
FIGURE 13 – Creating user access privileges. ............................................................................................................................ 33
FIGURE14 – Help command. ................................................................................................................................................. 34
FIGURE 15 – Help for a specific command. ............................................................................................................................ 34
FIGURE16 – Options for the show command. ....................................................................................................................... 35
FIGURE 17 – Listing commands available (at the operator level.) ............................................................................................. 36
FIGURE18 – Listing commands starting with a specific character. ............................................................................................ 36
FIGURE19 – Listing commands options – note the command was not completed and the TAB key completed the
command. ................................................................................................................................................................... 37
FIGURE20 – logout command. ................................................................................................................................................. 37
FIGURE21 – Upgrading to MNS-6K-SECURE. .................................................................................................................. 38
FIGURE22 – Checking the IP settings. ..................................................................................................................................... 41
FIGURE23 – Changing the boot mode of the switch.................................................................................................................. 43
FIGURE24 – Changing telnet access – note in this case, the enable command was repeated without any effect to the
switch. ........................................................................................................................................................................ 43
FIGURE25 – Reviewing the console parameters – note telnet is enabled. ................................................................................... 44
FIGURE26 – Example of a telnet session. ............................................................................................................................... 45
FIGURE27 – Managing and viewing multiple telnet sessions. .................................................................................................... 45
FIGURE28 – Setting up ssh. Since telnet sends the information in clear text, make sure that telnet is disabled to secure
the switch. Do not telnet to the switch to disable telnet. Preferred method is to do that via the console or using
SWM. The client access is not shown here. Commonly an application like PuTTY is used to access the
switch via ssh. Use the show console command to verify telnet is turned off................................................................... 49
FIGURE29 – Use of DNS. ..................................................................................................................................................... 51
FIGURE30 – Querying the serial port settings. ......................................................................................................................... 52
FIGURE31 – System parameters using the show setup command. Most parameters here cannot be changed. .............................. 52
FIGURE32 – System parameters using the show sysconfig command. Most parameters here can be changed............................... 53
FIGURE33 – Setting the system name, system location and system contact information. ............................................................ 53
FIGURE34 – Setting the system date, time and time zone. ....................................................................................................... 54
FIGURE35 – Setting the system daylight saving time. ............................................................................................................... 54
FIGURE36 – Setting up SNTP services. ................................................................................................................................. 56
FIGURE37 – Safeguards built into MNS-6K when downloading an incorrect version. In the above example, since the
switch is a 6K-25 the proper file to load is Rel_A_x.y.z - where x.y.z is the latest version of MNS-6K.
Rel_B_x.y.z is for the 6K-L model switches. ............................................................................................................. 58
FIGURE38 – Based on the SFTP, FTP, TFTP or Xmodem commands – the MNS-6K based switch can upload or
download different types of files and images. Other files such as host files can also be saved or loaded onto a
switch. ........................................................................................................................................................................ 60

xii
FIGURE39 – Using MNS-6K-SECURE, the Magnum 6K family of switches can be a TFTP server. Using the
TFTP client software on any PC, the operations to save a config file or save an image or load images from
one switch to another switch can be performed with ease. ............................................................................................. 61
FIGURE40 – Safeguards built into MNS-6K when downloading an incorrect version. In the above example, since the
switch is a 6K-25 the proper file to load is Rel_A_x.y.z - where x.y.z is the latest version of MNS-6K
Rel_B_x.y.z is for the 6K-L model switches. ............................................................................................................. 62
FIGURE41 – The 6K32FC switch is running MNS-6K-SECURE. The 6K25e switch is running MNS-6K. The
system administrator can update the software on the 6K25e switch from the 6K32FC switch. .................................... 63
FIGURE42 – Starting and stopping TFTP services. ................................................................................................................. 64
FIGURE43 – Commands to save the script using FTP. Similar options will be specified using TFTP etc. The user
name and password prompt information is not shown in the image above. ................................................................... 65
FIGURE44 – Example of Script file and use of set secrets command. Note all the commands in the script file are
CLI commands. This script provides insights into the configuration of Magnum MNS-6K settings.
GarrettCom recommends that modifications of this file and the commands should be verified by the User in a
test environment prior to use in a live production network. ........................................................................................ 68
FIGURE45 – Creating host entries on MNS-6K. ..................................................................................................................... 69
FIGURE46 – Enabling or disabling the pagination................................................................................................................... 70
FIGURE47 – Different groups for the show config command. ..................................................................................................... 70
FIGURE48 – show config command output. ........................................................................................................................ 71
FIGURE49 – Displaying specific modules using the show config command. ......................................................................... 71
FIGURE50 – Displaying configuration for different modules. Note that multiple modules can be specified on the
command line. ............................................................................................................................................................ 72
FIGURE51 – Displaying different configuration modes. ............................................................................................................. 74
FIGURE52 – Erasing configuration without erasing the IP address. .......................................................................................... 75
FIGURE53 – Display the serial number, factory code and other relevant setup information. ....................................................... 76
FIGURE54 – Configuring IPv6. ............................................................................................................................................... 84
FIGURE55 – Setting up DHCP Server and DHCP Relay on MNS-6K-SECURE. ............................................................ 93
FIGURE56 – Different Stratum NTP servers. .......................................................................................................................... 97
FIGURE57 – Using the SNTP commands. .............................................................................................................................. 98
FIGURE58 – Changing password for a given account. ............................................................................................................. 100
FIGURE59 – Port security configuration mode. ....................................................................................................................... 101
FIGURE60 – Port security configuration mode. ....................................................................................................................... 101
FIGURE61 – Port security – allowing specific MAC addresses on a specified port. (No spaces between specified MAC
addresses) ................................................................................................................................................................. 103
FIGURE62 – Port security - the port learns the MAC addresses. Note a maximum of 200 MAC addresses can be
learnt per port and a maximum of 500 per switch. Also, the action on the port must be set to none before
the port learns the MAC address information. ...................................................................................................... 103
FIGURE63 – Enabling and disabling port security. ................................................................................................................ 103
FIGURE64 – Viewing port security settings on a switch. On port 9, learning is enabled. This port has 6 stations
connected to it with the MAC addresses as shown. Other ports have learning disabled and the MAC
addresses are not configured on those ports. ............................................................................................................... 103
FIGURE65 – Enabling learning on a port. Note after the learning is enabled, the port security can be queried to find
the status of MAC addresses learned. If there were machines connected to this port, the MAC address would
be shown on port 11 as they are shown on port 9. ..................................................................................................... 104
FIGURE66 – Allowing specific MAC address on specific ports. After the MAC address is specified, the port or
specific ports or a range of ports can be queried as shown. .......................................................................................... 104
FIGURE67 – Removing a MAC address from port security.................................................................................................... 105
FIGURE68 – Setting the logging on a port. ............................................................................................................................. 105
FIGURE69 – Steps for setting up port security on a specific port. ............................................................................................. 106
FIGURE70 – Show log and clear log command. Note the logs are in the syslog format. The syslog commands are also
displayed. ................................................................................................................................................................. 111
FIGURE71 – Steps to allow deny or remove specific services. .................................................................................................... 114
FIGURE72 – 802.1x network components ............................................................................................................................. 117
FIGURE 73 – 802.1x authentication details .......................................................................................................................... 118
FIGURE74 – Securing the network with RADIUS using port access. .................................................................................... 124
FIGURE75 – enabling user access using the RADIUS server. ................................................................................................ 125

xiii
FIGURE76 – Flow chart describing the interaction between local users and TACACS authorization. .................................... 128
FIGURE77 – TACACS packet format................................................................................................................................. 129
FIGURE78 – Configuring TACACS+ ................................................................................................................................. 131
FIGURE79 – Enabling port mirroring.................................................................................................................................... 134
FIGURE80 – Port setup and viewing modules. Note - the timing module is displayed with IEEE 1588 (slot G)................... 136
FIGURE81 – Setting up back pressure and flow control on ports. ............................................................................................ 140
FIGURE82 – Setting up broadcast storm protection. Also shows how the threshold can be lowered for a specific port................ 142
FIGURE83 – VLAN as two separate collision domains. The top part of the figure shows two traditional Ethernet
segments. .................................................................................................................................................................. 144
FIGURE84 – Ports can belong to multiple VLANs. In this figure a simplistic view is presented where some ports
belong to VLANs 1, 2 and other ports belong to VLANs 2, 3. Ports can belong to VLANs 1, 2 and 3.
This is not shown in the figure. ................................................................................................................................. 145
FIGURE85 – routing between different VLANs is performed using a router such as a Magnum DX device or a
Layer 3 switch. ........................................................................................................................................................ 146
FIGURE86 – configuring VLANs on Magnum 6K switch. ................................................................................................... 147
FIGURE87 – VLAN operations .......................................................................................................................................... 156
FIGURE 88 – STP default values – refer to next section Using STP for more detailed explanation on the variables. .......... 159
FIGURE89 – Viewing STP configuration .............................................................................................................................. 160
FIGURE90 – STP Port status information............................................................................................................................. 161
FIGURE91 – Enabling STP .................................................................................................................................................. 163
FIGURE92 – Configuring STP parameters. ........................................................................................................................... 169
FIGURE93 – Enabling RSTP and reviewing the RSTP variables. ........................................................................................ 174
FIGURE94 – Reviewing the RSTP port parameters. ............................................................................................................... 175
FIGURE95 – Path cost as defined in IEEE 802.1d (STP) and 802.1w (RSTP). ............................................................... 176
FIGURE96 – RSTP information from a network with multiple switches. Note the show stp ports command can
be executed from the manager level prompt or from rstp configuration state as shown in the screen captures
earlier. ...................................................................................................................................................................... 176
FIGURE97 – Configuring RSTP on MNS-6K. .................................................................................................................... 182
FIGURE98 – Normal RSTP/STP operations in a series of switches. Note – this normal status is designated
RING_CLOSED................................................................................................................................................. 188
FIGURE 99 – A fault in the ring interrupts traffic. The blocking port now becomes forwarding so that traffic can reach
all switches in the network. Note the ES42 switches support LLL and can participate in S-Ring as an
access switch. ............................................................................................................................................................ 189
FIGURE 100 – More than one S-Ring pair can be selected and more than one S-Ring can be defined per switch. Note
the ES42 switches support LLL and can participate in S-Ring as an access switch. ................................................ 190
FIGURE101 – Activating S-Ring on the switch. ..................................................................................................................... 192
FIGURE 102 – S-Ring configuration commands for root switch. .............................................................................................. 194
FIGURE103 – Link Loss Learn (LLL) setup. Setup LLL on ports connected to other switches participating in S-
Ring. ........................................................................................................................................................................ 195
FIGURE104 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of a connectivity
break – the connection switches to the standby path or standby link.......................................................................... 198
FIGURE105 – Dual-homing using Magnum 6K family of switches. Note the end device (video surveillance camera) can
be powered using PoE options on Magnum 6K family of switches. In case of a connectivity break, the
connection switches to the standby path or standby link. ............................................................................................ 198
FIGURE106 – Using S-Ring and dual-homing, it is possible to build networks resilient not only to a single link
failure but also for one device failing on the network.................................................................................................. 199
FIGURE 107 – configuring dual-homing .................................................................................................................................. 201
FIGURE108 – Some valid LACP configurations. .................................................................................................................. 204
FIGURE109 – an incorrect LACP connection scheme for Magnum 6K family of switches. All LACP trunk ports
must be on the same module and cannot span different modules................................................................................. 205
FIGURE110 – In this figure, even though the connections are from one module to another, this is still not a valid
configuration (for LACP using 4 ports) as the trunk group belongs to two different VLANs. ................................ 205
FIGURE111 - In the figure above, there is no common VLAN between the two sets of ports, so packets from one
VLAN to another cannot be forwarded. There should be at least one VLAN common between the two
switches and the LACP port groups......................................................................................................................... 206

xiv
FIGURE112 – This configuration is similar to the previous configuration, except there is a common VLAN (VLAN
1) between the two sets of LACP ports. This is a valid configuration. ...................................................................... 206
FIGURE113 – In the architecture above, using RSTP and LACP allows multiple switches to be configured together in
a meshed redundant link architecture. First define the RSTP configuration on the switches. Then define the
LACP ports. Then finally connect the ports together to form the meshed redundant link topology as shown
above. ....................................................................................................................................................................... 207
FIGURE114 – LACP, along with RSTP/STP brings redundancy to the network core or backbone. Using this
reliable core with a dual-homed edge switch brings reliability and redundancy to the edge of the network. ................... 208
FIGURE115 – This architecture is not recommended................................................................................................................ 209
FIGURE116 – Creating a reliable infrastructure using wireless bridges (between two facilities) and LACP. A indicates
a Wi-Fi wireless Bridge or other wireless Bridges. ..................................................................................................... 210
FIGURE117 – Configuring LACP. ....................................................................................................................................... 212
FIGURE118 – The network for the show lacp command listed below: ................................................................................. 213
FIGURE119 – LACP information over a network. ................................................................................................................ 214
FIGURE120 – ToS and DSCP ............................................................................................................................................. 216
FIGURE121 - IP Precedence ToS Field in an IP Packet Header. ........................................................................................... 217
FIGURE122 – Port weight settings and the meaning of the setting. .......................................................................................... 219
FIGURE123 – QoS configuration and setup. .......................................................................................................................... 223
FIGURE124 – Port weight settings and the meaning of the setting. .......................................................................................... 224
FIGURE125 – QoS configuration and setup. .......................................................................................................................... 226
FIGURE126 – IGMP concepts – advantages of using IGMP. ................................................................................................ 230
FIGURE127 – IGMP concepts: Isolating multicast traffic in a network. ................................................................................. 231
FIGURE128 - In a Layer 2 network, an IGMP multicast traffic goes to all the nodes. In the figure, T1, a surveillance
camera, using multicast, will send the traffic to all the nodes - R1 through R6 - irrespective of whether they
want to view the surveillance traffic or not. The traffic is compounded when additional cameras are added to
the network. The end result is that users R1 through R6 see the network as heavily loaded and simple day to
day operations may appear sluggish........................................................................................................................... 233
FIGURE129 – Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can minimize multicast
traffic as shown above. Each switch has the IGMPL2 turned on. Each switch can exchange the IGMP
query message and respond properly. R4 wants to view surveillance traffic from T1. As shown by (1), a join
request is sent by R4. Once the join report information is exchanged, only R4 receives the video surveillance
traffic, as shown by (2). No other device on the network gets the video surveillance traffic unless they issue a
join request as well. .................................................................................................................................................. 234
FIGURE130 – Enabling IGMP and query the status of IGMP. ........................................................................................... 236
FIGURE131 – Displaying IGMP groups. .............................................................................................................................. 237
FIGURE132 – Configuring IGMP. ........................................................................................................................................ 240
FIGURE133 – Adding broadcast groups using the group command. ........................................................................................ 241
FIGURE134 – Setting IGMP-L2. ......................................................................................................................................... 241
FIGURE135 – GVRP operation – see description below. ....................................................................................................... 244
FIGURE136 – VLAN Assignment in GVRP enabled switches. Non GVRP enabled switches can impact VLAN
settings on other GVRP enabled switches. ................................................................................................................ 245
FIGURE137 – Port settings for GVRP operations. ................................................................................................................ 246
FIGURE138 – Command to check for dynamically assigned VLANs. ................................................................................... 246
FIGURE139 – Converting a dynamic VLAN to a static VLAN. ....................................................................................... 247
FIGURE140 – GVRP options. .............................................................................................................................................. 248
FIGURE141 – GVRP configuration example......................................................................................................................... 250
FIGURE142 – LLDP Frame ................................................................................................................................................ 254
FIGURE143 – TLV field description ..................................................................................................................................... 254
FIGURE144 – Organizationally specific TLV ....................................................................................................................... 254
FIGURE145 – Commands for configuring LLDP .................................................................................................................. 257
FIGURE146 – Configuring SNMP – most of the command here are SNMP v3 commands. .................................................. 271
FIGURE147 – Configuring RMON groups............................................................................................................................ 272
FIGURE148 - MODBUS Communications stack. ................................................................................................................. 277
FIGURE149 - Interconnecting different MODBUS devices...................................................................................................... 277
FIGURE150 - MODBUS networks can be built using Magnum family of products, including Magnum 6K family of
switches and Magnum DX routers. .......................................................................................................................... 278

xv
FIGURE 151 – Configuring MODBUS. ................................................................................................................................ 279
FIGURE 152 – Using the Magnum 10KT as a boundary clock along with a grandmaster clock from Symmetricom.
The SCADA device acts as an ordinary clock as it has one source and adjusts its time from the PTP
packets. .................................................................................................................................................................... 283
FIGURE 153 – The Magnum 10KT switch can be setup as a Boundary Clock (BC) or Transparent Clock (TC)
depending on the devices being connected and the hierarchy. If it gets too complicated, the MNS-6K auto
function can be used. ................................................................................................................................................. 284
FIGURE 154 – Configuration and setup of PTP commands. Note the show modules command displays which module
has the hardware enable PTP support. The example step though disabling PTP on all ports except the ports
on module "G". ....................................................................................................................................................... 287
FIGURE 155 - The Magnum Switch is transparent for received GMRP packets, regardless of the GMRP setting. ................. 290
FIGURE 156 – Configuration and setup of GMRP commands. ............................................................................................. 291
FIGURE 157 – Configuration to enable/disable multicast and setup of multicast group commands. ........................ 294
FIGURE 158 – Predefined conditions for the relay ................................................................................................................... 298
FIGURE 159 – Setting up the external electrical relay and alerts ............................................................................................. 302
FIGURE 160 – setting SMTP to receive SNMP trap information via email. .......................................................................... 306
FIGURE 161 – Optimizing serial connection (shown for HyperTerminal on Windows). The highlighted fields are the
ones to change as described. ....................................................................................................................................... 307
FIGURE 162 – setting up a banner message ............................................................................................................................ 309
FIGURE 163 – Query dual power supply status. Note the switch here is different as the model supports dual power
supplies. Also, in the example above, one power connection was unplugged to show the failure. ............................... 310
FIGURE 164 – Display the status of fans and internal ambient temperature. .......................................................................... 310
FIGURE 165 – PoE commands on 6KM switch highlighting the fact that a PoE command for a port is valid for a
whole module ............................................................................................................................................................ 316
FIGURE 166 – PoE commands on the Magnum 10KT switch. .............................................................................................. 318
FIGURE 167 – Scheduled reboot commands. ........................................................................................................................... 320
FIGURE 168 – History commands.......................................................................................................................................... 322
FIGURE 169 – Setting custom prompts ................................................................................................................................... 323
FIGURE 170 – Using the ping command. ............................................................................................................................... 323
FIGURE 171 - Setting the FTP mode...................................................................................................................................... 324
FIGURE 172 – Event log shown on the screen. ........................................................................................................................ 325
FIGURE173 – Using exportlog to export the event log information. ........................................................................................ 326
FIGURE 174 – Listing of severity - sorted by subsystem and severity ........................................................................................ 329
FIGURE 175 – Display of the internal switching decision table ............................................................................................... 330
FIGURE 176 – On finding a mismatch between the certificate and the accesses site, Mozilla Firefox pops the window.
Note – the site was accessed using the IP address. Typically, sites accessed by their IP address will trigger
this mismatch. .......................................................................................................................................................... 388
FIGURE 177 – Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates. .................... 389
FIGURE 178 – Firefox forces you to get the certificate before it lets you access the site. ............................................................. 390
FIGURE 179 – Here, you can view the certificate, permanently make an exception and confirm the exception. The
locations to do those are identified in this figure. ........................................................................................................ 391
FIGURE 180 – Self signed certificate from GarrettCom Inc. for the MNS-6K family.............................................................. 392
FIGURE 181 – Using Internet Explorer. ................................................................................................................................ 393
FIGURE 182 – Accessing the GarrettCom site for downloading. ............................................................................................. 398
FIGURE 183 – Select the Software folder to get the latest version of MNS-6K. ....................................................................... 399
FIGURE 184 – Navigate to the MNS-6K folder to download the latest MNS-6K software and the Release Notes. ............... 399
FIGURE 185 – Navigate to the proper version of the switch. For 6KL models select the 6KL folder. For all other
models, select the 6K folder. ...................................................................................................................................... 400
FIGURE 186 – Use the copy command to copy the files to the proper location. ......................................................................... 400
FIGURE 187 – HyperTerminal screen showing the serial settings. Note other operating systems may not have the
Hyper Terminal command. Please use an appropriate terminal emulation software for that operating system............. 403
FIGURE 188 – Using telnet command to connect to a Magnum 6K switch with IP address 192.168.10.11. ......................... 403
FIGURE 189 – Example of saveconf command using serial interface. ...................................................................................... 404
FIGURE 190 – Invoke the Receive file to start the Xmodem transfer program. In the figure above the Windows
based HyperTerminal screen is shown. ...................................................................................................................... 405

xvi
FIGURE 191 – Make sure to select the Xmodem protocol and the proper directory where the configuration is saved.
Click on the Receive button to start the file transfer. ................................................................................................. 405
FIGURE 192 – Status window for Xmodem using HyperTerminal using Windows. ............................................................... 406
FIGURE193 – Message which shows the completion of the file transfer from the saveconf command. ................................... 406
FIGURE 194 – Example of saving the scripts or the configuration file usign the saveconf or the ftp / tftp commands. .............. 407
FIGURE195 – Upgrade using serial connection. ...................................................................................................................... 409
FIGURE 196 – File upload status window under Xmodem using HyperTerminal in Windows. .............................................. 409
FIGURE 197 – Upgrading the switch using the serial interface. ............................................................................................... 410
FIGURE 198 – Dialog for upgrading the image using tftp....................................................................................................... 411
FIGURE 199 – Updating the boot code over the network using the upgrade command. Make sure to reboot the switch
after the boot loader upgrade is completed. ................................................................................................................. 413

xvii
 Chapter

1
1 – Conventions Followed
Conventions followed in the manual…

T o best use this document, please review some of the conventions followed in the
manual, including screen captures, interactions and commands with the switch.

A box shows interaction with the switch command line or screen captures from
the switch or computer for clarity.

Commands typed by a user will be shown in a different color and this

font

Switch prompt: shown in Bold font, with a # or > at the end. For this manual
we will use Magnum10KT# as the default prompt.

Syntax rules
Optional entries are shown in [square brackets]
Parameter values within are shown in < pointed brackets >
Optional parameter values are shown again in [square brackets]

Thus
Syntax command [parameter1=<value1>[parameter2=<value2>]]
parameter3=<value3|value4>

In the example above:

Parameter 1 and Parameter 2 are optional values
Parameter 2 can be used optionally only if Parameter 1 is specified
Parameter 3 is mandatory.

18
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Related Topics: Related topics show that GarrettCom strongly

recommends reading about those topics. You may choose to skip those
if you already have prior detailed knowledge on those subjects.

Tool box: Necessary software and hardware components needed (or

recommended to have) as a prerequisite. These include serial ports on a
computer, serial cables, TFTP or FTP software, serial terminal emulation
software etc.

Caution or take notice: Things to watch out for in case of problems or

potential problems. This is also used to draw attention to a special issue,
capability or fact.

MNS-6K-SECURE: The functionality described in the related section is

available in MNS-6K-SECURE version only. To upgrade from MNS-6K
to MNS-6K-SECURE, please contact the GarrettCom Sales or Support
staff. MNS-6K-SECURE has all the commands MNS-6K has and more.
The additional commands in the manual will be shown by the lock icon
shown here. MNS-6K-SECURE is a licensed feature of GarrettCom Inc.
Each switch with MNS-6K is upgraded to MNS-6K-SECURE with the license key
provided for that switch from GarrettCom Inc.

Terminology: Whenever the word PC is used it implies a UNIX™, Linux™,

Windows™ or any other operating system based workstation, computer, personal
computer, laptop, notebook or any other computing device. Most of the manual uses
Windows based examples. While effort has been made to indicate other Operating
System interactions, it is best to use a Windows based machine when in doubt.

Supported MNS-6K Version: The documentation reflects features of MNS-6K version

4.XX or later. If your switch is not at the current version, GarrettCom Inc. recommends
upgrading to the latest version. Please refer Updating MNS-6K Software on page 394
for information on upgrading the software on Magnum 6K family of switches.

Product Family: This manual is for all the Magnum 6K family of switches.

At the end of each chapter, is a List of the Commands covered in the chapter as
well as a brief synopsis of what they do.

19
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Flow of the User Guide

The manual is designed to guide the user through a sequence of events.

Chapter 1 is an explaination of terms and conventions used in this User Guide.

Chapter 2 is the basic setup as required by the Magnum 6K family of switches. After
completing Chapter 2, the configuration can be done using the Secure Web Management
(SWM) interface. Chapter 2 is perhaps the most critical chapter in what needs to be done
by the network administrator once the switch is received.

Chapter 3 focuses on operational issues of the switch. This includes time synchronization
using the command line interface or using a time server on the network. The TFTP
server capabilities are also covered in this chapter.

Chapter 4 through Chapter 8 focuses on security and access consideration. Bad

passwords trump any security setup, so setup the manager passwords carefully as
described in Chapter 2. Chapter 4 describes how to setup port access using MAC address
security.
Chapter 5 describes the functionality of a DHCP server and how the
switch can be used as a DHCP server.

Chapter 6 reviews time synchronization issues and SNTP services

Chapter 7 discusses access consideration and how the access can be

secured.

Chapter 8 describes how a RADIUS server can be used for authentication

and access.

Chapter 9 essentially is similar to Chapter 7, and talks about using a

TACACS+ server for authenticating access to devices on the network.

Chapter 10 shows port mirroring and preventing broadcast storms. Port mirroring is
necessary in a network to reflect traffic from one port onto another port so that the traffic
can be captured for protocol analysis or intrusion analysis.

Chapter 11 describes VLANs. VLANs provide security as well as traffic separation. This
chapter shows how VLANs can be setup and managed.

At this stage the network and the switch are secured. It is now critical to make the
network more reliable. This User Guide switches gears and describes STP, RSTP and S-
Ring technologies which can be used for making the network reliable. These technologies
allow resiliency in a network. Chapters 12 through Chapter 14 discuss some resiliency
techniques.

20
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 12 shows how STP can be setup and used. Today, RSTP is preferred over STP.

Chapter 13 shows how RSTP is setup and used as well as how RSTP can be used with
legacy devices which support STP only.

Chapter 14 focuses on S-Ring™ and setup of S-Ring.

Chapter 15 introduces dual homing and how dual homing can be used to bring resiliency
to edge devices.

Chapter 16 describes LACP and how LACP can be used to increase the throughput
using 10/100 Mbps ports or in situations where resiliency is needed between switches
(trunks). Once the network is made resilient, the network manager may want to setup
prioritization of traffic.

Chapter 17 focuses on Quality of Service (QoS) and other prioritization issues.

Chapter 17 focuses on IGMP. It is used to establish host memberships in particular

multicast groups on a single network.

Chapter 18 focuses on GVRP. GVRP makes it easy to propagate VLAN information

across multiple switches.

Chapter 20 describes LLDP a network standard that provides a vendor-neutral

method by which devices which follow this standard can advertise their identity,
their capabilities, their neighbors, their operating conditions etc. on a Local Area
Network (LAN).

Chapter 21 shows how the SNMP parameters can be setup for managing the switch with
network management software such as HiVision™ and Castle Rock SNMPc™

Chapter 22 talks about MODBUS and its applications in the Industrial Market, how it
can interoperate with other devices and how it can be configured.

Chapter 23 talks about PTP and IEEE 1588 time synchronization.

Chapter 24 describes GMRP and the distribution of data packets with a Multicast
address as the destination address on Layer 2.

Chapter 25 shows Static Multicast Groups that are controlled by the IGMP and
GMRP protocols. It provides the control of mulitcasts by adding groups of ports to
multicast addresses in the switching table.

Chapter 26 includes miscellaneous commands to improve the overall ease of use and
other diagnostic information.

21
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

22
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

2
2 – Getting Started
First few simple steps …

T his section explains how the GarrettCom Magnum 6K family of switches can be setup using the
console port on the switch. Some of the functionality includes setting up the IP address of the
switch, securing the switch with a user name and password, setting up VLAN’s and more.

Before Starting
Before you start, it is recommended to acquire the hardware listed below and be ready
with the items listed.

For initial configuration through the serial/console port, you will need:
1) A female-female null modem cable. This cable is available from GarrettCom Inc.
2) Serial port – if your PC does not have a serial port, you may want to invest in a USB to
serial converter. Alternately a USB to serial cable can also be used.
3) A PC (or a workstation/computer) with a terminal emulation program such as
HyperTerminal (included with Windows) or Teraterm-pro, minicom or other
equivalent software. (Make sure the software supports Xmodem protocol, as you may
need this in the future to update the MNS-6K software.)
4) Enough disk space to store and retrieve the configuration files as well as copy software
files from GarrettCom. We recommend at least 15MB of disk space for this purpose.
5) Decide on a manager level account name and password for access security.
6) IP address, netmask, default gateway for the switch being configured.

As a default, the switch has an IP (Internet Protocol) address =192.168.1.2 and a subnet
mask. For first time use, the IP address has to be assigned. This can only be done by
using the console interface.

The same procedure can also be used for other configuration changes or updates – e.g. changing
the IP address, VLAN assignments and more. Once the IP address is assigned and a PC is
networked to the switch, the switch’s command line interface (CLI) can be accessed via Telnet.
To manage the switch through in-band (networked) access (e.g. Telnet, or Web Browser
Interface), you should configure the switch with an IP address and subnet mask compatible with
your network. You should also change the manager password to control access privileges from
the console.

23
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Many other features such as optimizing the switch’s performance, traffic engineering and traffic
prioritizing, VLAN configuration, and improving network security can be configured through the
switch’s console interface as well as in-band (networked) access, once the IP address is setup.
Besides the IP address, setting up the SNMP parameters allows configuration and monitoring
through an SNMP network management station running a network management program (e.g.
HiVision from Hirschmann or SNMPc from Castle Rock – available from GarrettCom Inc.)

MNS-6K Software Updates

Magnum switches already have the necessary software loaded on them. If a software
upgrade is needed or the MNS-6K software needs to be updated to the current
version, please refer to Updating MNS-6K Software on page 394 or the
GarrettCom web site for more information.
• The Login prompt is shown when the connection to the GarrettCom Magnum 6K Switch is
successful and the switch is ready for the configuration commands. Should you get a boot
prompt, please contact GarrettCom Technical Support at (510) 438-9071, email –
[email protected].

The IP address of the switch is assigned automatically from a DHCP server or a BootP server. If
these servers do not exist, the switch will be assigned an IP address that was previously configured
or a static IP address of 192.168.1.2 with a netmask of 255.255.255.0 (if that address is not in use).
It is recommended that the user uses Secure Web Management (SWM) capabilities built into MNS-
6K to setup and manage the switch. Please refer to the MNS-6K SWM User Guide for more
information.

Console Connection
The connection to the console is accessed through the DB-9 RJ-45 connector on the switch
marked on the Magnum 6K family of switches as a console port. This interface provides access
to the commands the switch can interpret and is called the Command Line Interface (or CLI).
This interface can be accessed by attaching a VT100 compatible terminal or a PC running a
terminal emulation program to the console port on the Magnum 6K family of switches.

USB to serial adapters are also available for laptops or computers that do not native serial ports
but have access to USB ports.

The interface through the console or the Console Management Interface (or CMI) enables you to
reconfigure the switch and to monitor switch status and performance.

Once the switch is configured with an IP address, the Command Line Interface (or CLI) is also
accessible using telnet as well as the serial port. Access to the switch can be either through the
console interface or remotely over the network.

The Command Line Interface (CLI) enables local or remote unit installation and maintenance.
The Magnum 6K family of switches provides a set of system commands which allow effective

24
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

monitoring, configuration and debugging of the devices on the network.

Console Setup
Connect the console port on the switch to the serial port on the computer using the serial cable
listed above. The settings for the HyperTerminal software emulating a VT100 are shown in Figure
1 below. Make sure the serial parameters are set as shown (or bps = 38400, data bits=8,
parity=none, stop bits=1, flow control=none).

FIGURE1 – HyperTerminal screen showing the serial settings.

Console Screen
Once the console cable is connected to the PC and the software configured, MNS-6K legal
disclaimers and other text scrolls by on the screen.

The switch has two modes of operation – Operator (least privilege) and Manager. The context
prompts for the switches change as the switch changes modes from Operator to Manager. The
context prompts are shown in Figure 2 below.

Magnum10KT> Operator Level – for running operations queries

Magnum10KT# Manager Level – for setting and reviewing commands
FIGURE2 – Context Prompt indicating the switch model number as well as mode of operation – note the
commands to switch between the levels is not shown here.

25
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The prompt can be changed by the user. See the Chapter 26 - Miscellaneous Commands, Prompt
on page 322 for more details. This manual was documented on a Magnum 10KT switch, and for
clarity, the prompt shown in the manual will be Magnum10KT.

For additional information on default users, user levels and more, see Chapter 2 -

User Management on page 30 in this User Guide.

Logging In for the First Time

For the first time, use the default user name and passwords assigned by GarrettCom for the
Magnum 6K family of switches. They are:

Username – manager Password – manager

Username – operator Password – operator

We recommend you login as manager for the first time to setup the IP address as well as change
user passwords or create new users.

Setting IP Parameters
To setup the switch, the IP address and other relevant TCP/IP parameters have to be specified. A
new GarrettCom Magnum switch looks for a DHCP or a BootP server. If a DHCP or a BootP
server is present, the switch will be assigned an IP address from those servers. Failing to find
these servers, the IP address is automatically assigned to 192.168.1.2 with a netmask of
255.255.255.0.

Should a situation arise when there are multiple new switches powered up at the same time, there
could be a situation of duplicate IP addresses. In this situation, only one Magnum switch will be
assigned the IP address of 192.168.1.2 and netmask of 255.255.255.0. The other switches will not
be assigned an IP address till the static IP address of 192.168.1.2 is freed up or reassigned.

This situation may not be prevalent in all cases. As the switch tries to determine
the mode of operation and its IP address it may assign and release the IP address
a number of times. A continuous ping to the switch will show an intermittent
response as this happens. This is normal behavior and is shown below. Once the
switch assigns itself an IP address the intermittent ping issue is no longer
prevalent.

26
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE3 – As the switch tries to determine its mode of operation and its IP address, it may assign and release
the IP address a number of times. A continuous ping to the switch will show an intermittent response.

To change the IP address, ensure that the IP address to be assigned to the switch is known or
contact your system/network administrator to get the IP address information. Follow the steps
listed below to configure the IP address manually.

• Ensure the power is off

• Follow the steps described above for connecting the console cable and setting the
console software
• Power on the switch
• Once the login prompt appears, login as manager using default password (manager)
• Set the Manager Password (recommended–refer to the next section)
• Configure the IP address, subnet mask and default gateway as per the IP addressing
scheme for your network
• Save the settings (without saving, the changes made will be lost)
• Power off the switch (or a software reboot as discussed below)
• Power on the switch – login with the new login name and password
• From the PC (or from the switch) ping the IP address specified for the switch to
ensure connectivity
• From the switch ping the default gateway specified (ensure you are connected to the
network to check for connectivity) to ensure network connectivity

27
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax ipconfig [ip=<ipaddress>] [mask=<subnet-mask>] [dgw=<gateway>]

ipconfig [add|del] [ip=<ipV6 address>] [mask=<ipV6 mask(0..128)>]
[dgw=<ipv6 gateway>]

Magnum10KT#ipconfig ip=192.168.1.150 mask=255.255.255.0 dgw=192.168.1.10

Magnum10KT#save

Magnum10KT#show ipconfig
IP Address : 192.168.130.43
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.130.1
IPv6 Address : fe80::220:6ff:fe3c:ce90 mask : ffff:ffff:ffff:ffff::
IPv6 Gateway : ::

Magnum 10KT#show ip
IP Address : 192.168.130.43
FIGURE4 – Setting IP address on the switch.

This User Guide assumes the reader is familiar with IP addressing schemes as well as how net mask
is used and how default gateways and routers are used in a network.

Reboot gives an opportunity to save the configuration prior to shutdown. For a reboot – simply
type in the command reboot.

Magnum10KT# reboot
Proceed on rebooting the switch? [ 'Y' or 'N' ] Y
Do you wish to save current configuration? [ 'Y' or 'N' ] Y
Magnum10KT#
FIGURE5 – Rebooting the switch.

MNS-6K forces an answer the prompts with a Y or a N to prevent accidental keystroke errors
and loss of work.

The parameters can be viewed at any time by using the show command. The show command will
be covered in more detail later in various sections throughout the document.

Magnum10KT# show setup

Version : Magnum 10KT build 14.4.4 May 27
2013 12:03:47 Build ID 1333024938
MAC Address : 00:20:06:25:b7:e0
IP Address : 192.168.1.150
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.1.10

28
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

CLI Mode : Manager

System Name : Magnum10KT
System Description : Magnum 10KT Managed Switch
System Contact : [email protected]
System Location : Fremont, CA
System ObjectId : 1.3.6.1.4.1.553.12.20
System Serial No : 43576812
Original Factory Config Code : 10KT-sp

Magnum10KT# show sysconfig

System Name : Magnum10KT

System Contact : [email protected]
System Location : HO, Fremont, CA
Boot Mode : manual
Inactivity Timeout(min) : 100
Address Age Interval(min) : 300
Inbound Telnet Enabled : Yes
Web Agent Enabled : Yes
SSH Server enabled : No
Modbus Server Enabled : Yes
Time Zone : GMT-08hours:00minutes
Day Light Time Rule : USA
System UpTime : 350 Days 7 Hours 49 Mins 48 Secs

Magnum10KT#
FIGURE 6 – Viewing the basic setup parameters. You can use show setup or show sysconfig to view
setup parameters.

Some of the parameters in the Magnum 6K family of switches are shown above. The list of
parameters below indicates some of the key parameters on the switch and the recommendations
for changing them (or optionally keeping them the same).

Privilege Levels
Two privilege levels are available, Manager and Operator. Operator is at privilege Level 1 and
the Manager is at privilege Level 2 (the privilege increases with the levels). For example, to setup a
user for basic monitoring capabilities use lower number or operator level privilege (Level 1).

The Manager level provides all Operator level privileges plus the ability to perform system-level
actions and configuration commands. To select this level, enter the enable <user-name>
command at the Operator level prompt and enter the Manager password, when prompted.
Syntax enable <user-name>
For example, switching from an Operator level to Manager level, using the enable command is
shown below in Figure 6.

29
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT> enable manager

Password: *******
Magnum10KT#
FIGURE 7 – Switching users and privilege levels. Note the prompt changes with the new privilege level.

Operator Privileges
Operator privileges allow views of the current configurations but do not allow changes to the
configuration. A > character delimits the Operator-level prompt.

Manager Privileges
Manager privileges allow configuration changes. The changes can be done at the manager prompt
or for global configuration as well as specific configuration. A “#” character delimits any Manager
prompt.

User Management
A maximum of five users can be added per switch for MNS-6K and a maximum of twenty users
can be added for MNS-6K-SECURE. Users can be added, deleted or changed from a manager
level account. There can be more than one manager account, subject to the maximum number of
users on the switch.

MNS-6K-SECURE allows a maximum of twenty (20) users. Using MNS-6K-secure

you can also configure access to the switch using TACACS+ capabilities, described
later on in this manual.
MNS-6K-SECURE also allows users to be authenticated using a RADIUS server,
just like a TACACS+ server. Please refer to Chapter 8 - Access Using RADIUS on
page 116 for more details.

Add User
To add a user, use the command add as shown below. The user name has to be a unique name and
can be up to 24 characters long. The password is recommended to be at least 8 characters long with a
mix of upper case, lower case, numbers and special characters.

Syntax add user=<name> level=<number>

Magnum10KT# user
Magnum10KT(user)## add user=peter level=2
Enter User Password:******
Confirm New Password:******
Magnum10KT(user)##
FIGURE8 – Adding a user with Manager level privilege.

30
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

In this example, user peter was added with Manager privilege.

Delete User

Syntax delete user=<name>

Magnum10KT(user)##delete user=peter
Confirm User Deletion(Y/N): Y
User successfully deleted
Magnum10KT(user)##
FIGURE9 – Deleting a user.

In this example, user peter was deleted.

Modify Password

Syntax passwd user=<name>

Magnum10KT(user)## passwd user=peter

Enter New Password:******
Confirm New Password :******
Password has been modified successfully
Magnum10KT(user)##
FIGURE10 – Changing the password for a specific user.

In this example, password for peter was modified.

Strong passwords should be 8 to 32 characters long and should include upper case,
lower case, numerals as well as special characters such as space, ! @ # $ % ^ & * ( )
_-+=

Modify Privilege Level

Syntax chlevel user=<name> level=<number>

Magnum10KT(user)## chlevel user=peter level=1

Access Permission Modified
Magnum10KT(user)##
FIGURE11 – Changing the privilege levels for a user.

In this example, user peter was modified to Operator privileges.

31
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Modifying Access Privileges

User access allows the network administrators to control who has read and write access and for
which set of command groups. The command groups are defined as the set of commands within
a specific function such as VLAN, Access privileges (as described in this section), user ids and
managing those and more. Further, administrators can also control as to what protocols are used
by users (e.g. web or SSH but not telnet). To control access privileges, the commands used are:

Syntax useraccess user=<name> service=<telnet|web> <enable|disable> - defines

the services available to the user to access the device for modifying the configuration
Syntax useraccess user=<name> group=<list> type=<read|write>
<enable|disable> - set read or write access for the command group
Syntax useraccess groups – displays the current groups

Where
user=<name> specifies the user id
service=<telnet|web> specifies which service (telnet or web) the user has access to.
<enable|disable> specifies whether the services are allowed or not allowed
group=list – specifies which group the user belongs to
type=<read|write> - specifies whether the user has authority to change the
configuration or not
groups – specifies the groups the user has access to. The groups are defined as system,
user, access, device, port, vlan, portsec, ps, mirror, lacp, stp, igmp, software, file,
debug

Magnum10KT# user

Magnum10KT(user)## useraccess

Usage
useraccess user=<name> service=<telnet|web|acl> <enable|disable>
useraccess user=<name> group=<list> type=<read|write> <enable|disable>
useraccess groups

Magnum10KT(user)## add user=peter level=2

Enter User Password : *****
Confirm New Password : *****

Magnum10KT(user)## useraccess user=peter group=vlan,user,system type=read enable

Access rules set for Read Operation.

Groups: All Command Groups.

Magnum10KT (user)## show users

Sl# Username Access Permissions

32
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

--- -------- ------------------

1 manager Manager
Read Access: All Command Groups
Write Access: All Command Groups
2 operator Operator
Read Access: All Command Groups
Write Access: All Command Groups
3 peter Manager
Read Access: All Command Groups
Write Access: All Command Groups

Magnum10KT(user)## exit

Magnum10KT#

FIGURE12 – Creating user access privileges.

After this command, user Peter will not have read access to the VLAN, system and user groups.

In another example, if the user Peter is not allowed to access the switch using telnet, the access
can be blocked using the steps shown below:

Magnum10KT# user
Magnum10KT(user)## add user=peter level=2
Enter User Password :*****
Confirm New Password :*****
Magnum10KT(user)## useraccess user=peter service=telnet disable
Telnet Access Disabled.
FIGURE 13 – Creating user access privileges.

After this command, user Peter will not have telnet access to the switch. User Peter only has
console access or SWM access (or access via SSH for MNS-6K-SECURE.)

The user peter has to be added before this command can be successfully executed.

Help
Typing the help command lists the commands you can execute at the current privilege level. For
example, typing help at the Operator level shows:

33
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# help

authorize degrade exportlog

ftp kill ipconfig
logout ping set
sftp terminal telnet
tftp upgrade xmodem

Contextless Commands:

! ? clear
enable exit help
save show whoami
reboot reboot-scheduler

access alarm auth

device dualhome dhcprelay
dhcpserver gmrp gvrp
igmp lacp lldp
port-mirror port-security ptp
qos rmon rstp
smtp snmp sntp
sntpserver syslog tacacs
tftpserver user vlan

Magnum10KT>
FIGURE14 – Help command.

Displaying Help for an Individual Command

Help for any command that is available at the current context level and can be viewed by typing
help followed by the command string to define the command.

Syntax help <command string>

For example, to list the Help for the set time command:

Magnum10KT# help set time

set time : Sets the device Time

Usage
set time hour=<0-23> min=<0-59> sec=<0-59>

Groups: system
Magnum10KT#
FIGURE 15 – Help for a specific command.

34
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Viewing Options for a Command

The options for a specific command can be displayed by typing the command and pressing enter.
Syntax command <Enter>

Magnum10KT# show <Enter>

Usage
show active-stp
show active-snmp
show active-vlan
show address-table
show age
show alarm
show arp
show auth <config|ports>
show userauthorder
show backpressure
--more--
FIGURE16 – Options for the show command.

Context Help

Other ways to display help, specifically, with reference to a command or a set of commands, use
the TAB key.
Syntax <TAB>
Syntax <Command string> <TAB>
Syntax <First character of the command> <TAB>

35
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

For example, following the syntax listed above, the <TAB> key will list the available commands
in the particular privilege level:

Magnum10KT> <TAB>
?
access
alarm
auth
authorize
clear
degrade
device
dhcprelay
dhcpserver
dualhome
enable
--more--
FIGURE 17 – Listing commands available (at the operator level.)

OR

Magnum10KT> s <TAB>
save
set
sftp
show
smtp
snmp
sntp
sntpserver
syslog
Magnum10KT>
FIGURE18 – Listing commands starting with a specific character.

OR

Magnum10KT> set<TAB>
bootmode
date
daylight
dns
ftp
history
logsize
motd
password
prompt
reboot-date
reboot-frequency
reboot-reminder
reboot-time

36
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

secrets
serial
snmp
stp
time
timeformat
timeout
timezone
Magnum10KT> set
FIGURE19 – Listing commands options – note the command was not completed and the TAB key completed the
command.

Exiting
To exit from the CLI interface and terminate the console session use the logout command. The
logout command will prompt you to ensure that the logout was not mistakenly typed.

Syntax logout

Magnum10KT# logout

Logging out from the current session...[ 'Y' or 'N'] Y

Connection to the host lost

FIGURE20 – logout command.

Upgrading to MNS-6K-SECURE
MNS-6K-SECURE license can be purchased with the purchase of the switch. In
that case a license key will be issues to you with the delivery of the switch. This
license key will be needed to upgrade the version.

Any MNS-6K switch can be upgraded to MNS-6K-SECURE by purchasing the

necessary license key for the switch. Once the license key is obtained, the command
to upgrade the switch is

37
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax authorize secure key=<16character license key> - Upgrade MNS-6K to MNS-6K-

SECURE

Magnum10KT# authorize secure key=1122334455667788

Security Module Successfully Authorized

Please Save Configuration..

Magnum10KT# save

Saving current configuration

Configuration saved

Saving current event logs

Event logs saved

Magnum10KT# show keys

Module Key Description

------ ---------------- ------------------------
secure 1122334455667788 Secure Management Module

Magnum10KT#
FIGURE21 – Upgrading to MNS-6K-SECURE.

After the license key is entered – use the save command to save the key in flash
memory. It is recommended to preserve the information for future use.

List of Commands In This Chapter

Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>] [dgw=<gateway>]
[add|del] – to set IP address on the switch

Syntax save – save changes made to the configuration

Syntax reboot – restart the switch – same effect as physically turning off the power

Syntax show setup – show setup parameters

38
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show config – show config parameters

Syntax enable <user-name> - changing the privilege level

Syntax add user=<name> level=<number> - adding a user

Syntax delete user=<name> - deleting a user

Syntax passwd user=<name> - changing a password for a user

Syntax chlevel user=<name> level=<number> - changing the user privilege level

Syntax help <command string> - help for a specific command

Syntax command <Enter> - options for a command

Syntax <TAB> - listing all commands available at the privilege level

Syntax <command string> <TAB> - options for a command

Syntax <first character of the command> <TAB> - listing commands starting with the character

Syntax logout – logout from the CLI session

Syntax useraccess user=<name> service=<telnet|web> <enable|disable> - defines the

services available to the user to access the device for modifying the configuration

Syntax useraccess user=<name> group=<list> type=<read|write> <enable|disable>

- set read or write access for the command group

Syntax useraccess groups – displays the current groups

Syntax authorize secure key=<16character license key> - Upgrade MNS-6K to MNS-6K-

SECURE

39
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

3
3 – IP Address and System Information
First simple steps to follow…

T his section explains how the Magnum 6K family of switches can be setup using other automatic
methods such as bootp and DHCP. Besides this, other parameters required for proper operation
of the switch in a network are discussed.

IP Addressing

It is assumed that the user has familiarity with IP addresses, classes of IP addresses
and related netmask schemes that are Class A, Class B and Class C addressing.

Importance of an IP Address
Without an IP address, the switch will operate as a standalone Layer 2 switch. Without an IP address,
you cannot:

• Use the web interface to manage the switch.

• Use telnet to access the CLI.
• Use any SNMP Network Management software to manage the switch.
• Use NTP protocol or an NTP server to synchronize the time on the switch.
• Use TFTP or FTP to download the configurations or upload software updates.
• Run ping tests to test connectivity.

To set the IP address, refer to Chapter 2 - Setting IP Parameters on page 26.

Once the IP address is set, the CLI can be accessed via the telnet programs as well
as the console interface. From now on, all commands discussed are accessible
from the CLI, irrespective of the access methods, either serial port or in band
using telnet.

40
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

To verify the IP address settings, the show ipconfig command can be used.

Magnum10KT> show ipconfig

IP Address : 192.168.130.43
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.130.1
IPv6 Address : fe80::220:6ff:fe3c:ce90 mask : ffff:ffff:
ffff: ffff::
IPv6 Gateway : ::
Magnum10KT>
FIGURE22 – Checking the IP settings.

Besides manually assigning IP addresses, there are other means to assign an IP address
automatically. The two most common procedures are using DHCP and bootp.

DHCP and BootP

DHCP is commonly used for setting up addresses for computers, users and other
user devices on the network. bootp is the older cousin of DHCP and is used for
setting up IP addresses of networking devices such as switches, routers, VoIP phones
and more. Both of them can work independent of each other. Both of them are widely used in the
industry. It’s best to check with your network administrator as to what protocol to use and what
the related parameters are. DHCP and bootp require respective services on the network. DHCP
and bootp can automatically assign an IP address. It is assumed that the reader knows how to
setup the necessary bootp parameters (usually specified on Linux/UNIX systems in
/etc/boopttab1).

Bootp Database
Bootp keeps a record of systems supported in a database – a simple text file. On most systems, the
bootp service is not started as a default and has to be enabled. A sample entry by which the bootp
software will look up the database and update the IP address and subnet mask of the switch would
be as follows:
M10KTswitch:\
ht=ether:\
ha=002006250065:\
ip=192.168.1.88:\
sm=255.255.255.0:\
gw=192.168.1.1:\
hn:\
vm=rfc1048

where
set boot

1 Note – on Windows systems – the location of the file will vary depending on the software being used.

41
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Configuring Auto/DHCP/Bootp/Manual

By default, the switch is configured for auto. As describer earlier in Chapter 2, in the auto mode,
the switch will first look for a DHCP server. If a DHCP server is not found, it will then look for a
BootP server. If that server is not found, the switch will first inspect to see if the IP address
192.168.1.2 with a netmask of 255.255.255.0 is free. If the IP address is free, MNS-6K will assign
the switch that IP address. If the address is not free, MNS-6K will poll the network for DHCP
server then BootP server then check if the IP address 192.68.1.2 is freed up. This mode of
assigning the IP address can be changed by using the set bootmode command.

Syntax set bootmode type=<dhcp|bootp|manual|auto>

[bootimg=<enable|disable>] [bootcfg=[<enable|disable>] – assign the boot mode
for the switch
Where
<dhcp|bootp|manual|auto> - where
dhcp – look only for DHCP servers on the network for the IP address. Disable
bootp or other modes
bootp – look only for bootp servers on the network. Disable dhcp or other mode
manual – do not set the IP address automatically
auto - the switch will first look for a DHCP server. If a DHCP server is not found,
it will then look for a BootP server. If that server is not found, the switch will
check to see if the switch had a pre-configured IP address. If it did, the switch
would be assigned that IP address. If the switch did not have a pre-configured IP
address, it would inspect if the IP address 192.168.1.2 with a netmask of
255.255.255.0 is free. If the IP address is free, MNS-6K will assign the switch
that IP address. If the address is not free, MNS-6K will poll the network for
DHCP server then BootP server then check if the IP address 192.68.1.2 is freed
up
bootimg=<enable|disable> - valid with type=bootp only. This option allows the switch
to load the image file from the BootP server. This is useful when a new switch is put on
a network and the IT policies are set to load only a specific MNS-6Kimage which is
supported and tested by IT personnel.
bootcfg=<enable|disable> - valiad with type=bootp only. This option allows the switch
to load the configuration file from the BootP server. This is useful when a new switch
is put on a network and the specific configurations are loaded from a centralized BootP
server.

42
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# set bootmode type=dhcp

Save Configuration and Restart System
Magnum10KT# set bootmode type=auto
Save Configuration and Restart System
Magnum10KT# set bootmode type=bootp bootimg=enable bootcfg=disable
Network application image download is enabled.
Network application config download is disabled.
Save Configuration and Restart System
Magnum10KT#
FIGURE23 – Changing the boot mode of the switch.

Using Telnet
By default, the telnet client is enabled on the GarrettCom Magnum 6K family of switches. MNS-
6K supports five simultaneous sessions on a switch – four telnet sessions and one console session.
This allows many users to view, discuss or edit changes to the MNS-6K. This also becomes useful
as two remote people want to view the commands and other settings on the switch. The telnet
client can be disabled by using the telnet disable command. Telnet can also be disabled for a
specific user by using the useraccess command discussed in Chapter 2 – Modifying
Access Privileges on page 32.

Multiple telnet sessions started from the CLI interface or the command line are serviced by MNS-
6K in a round robin fashion – i.e. one session after another. If one telnet session started from
MNS-6K interface is downloading a file, the other windows will not be serviced till the file transfer
is completed.

Syntax telnet <enable|disable>

Magnum10KT#access
Magnum10KT(access)##telnet enable
Access to Telnet already enabled
Magnum10KT(access)##exit
Magnum10KT#
FIGURE24 – Changing telnet access – note in this case, the enable command was repeated without any effect to the
switch.

43
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The show console command can show the status of the telnet client as well as other console
parameters.

Magnum10KT# show console

Console/Serial Link
Inbound Telnet Enabled : Yes
Outbound Telnet Enabled : Yes
Web Console Enabled : Yes
SNMP Enabled : Yes
Terminal Type : VT100
Screen Refresh Interval (sec) : 3
Baud Rate : 38400
Flow Control : None
Session Inactivity Time (min) : 10
Magnum10KT#
FIGURE25 – Reviewing the console parameters – note telnet is enabled.

Users can telnet to a remote host from the Magnum 6K family of switches.

Syntax telnet <ipaddress> [port=<port number>]

The default port for telnet is 23.

Magnum10KT# telnet 192.168.1.21

Telnet : using default port 23

Copyright (c) 2001-2013 GarrettCom Inc All rights reserved.

RESTRICTED RIGHTS
-----------------
Use, duplication or disclosure is subject to U.S. Government
restrictions
as set forth in Sub-division (b)(3)(ii) of the rights in Technical Data
and
Computer Software clause at 52.227-7013.

GarrettCom, Inc.
47823 Westinghouse Drive
Fremont CA 94539-9072
USA

www.garrettcom.com

Magnum 6K32F Version: 14.4.4

44
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Event Log Storage Space is almost full. Do you want to clean up?
[Y/N]:
Login : manager
Password : *******
FIGURE26 – Example of a telnet session.

While MNS-6K times out an idle telnet session, it may be useful to see who is currently connected to the
switch. It may also be useful for a person to remotely terminate a telnet session. To facilitate this, MNS-
6K supports two commands:

Syntax show session

Syntax kill session id=<session> - terminate a telnet session

Magnum10KT# show session

Current Sessions:

SL # Session Id Connection User Name User Mode

1 1 163.10.10.14 manager Manager
2 2 163.11.11.15 peter Manager
3 3 163.12.12.16 operator Operator
Magnum10KT# kill session id=3
```
*****WARNING****
Session Terminated.
Magnum10KT#
FIGURE27 – Managing and viewing multiple telnet sessions.

In the above example, the user with user-id peter is given telnet access (which was disabled earlier in
Chapter 2). Then multiple users telnet into the switch. This is shown using the show session command.
The user operator session is then terminated using the kill session command.

The default port – port 23 is used for telnet.

A maximum of four simultaneous telnet sessions are allowed at any time on the
switch. The commands in these telnet windows are executed in a round robin – i.e. if
one window takes a long time to finish a command, the other windows may
encounter a delay before the command is completed. For example, if one window is
executing a file download, the other windows will not be able to execute the
command before the file transfer is completed. Another example, if a outbound
telnet session is started from the switch (through a telnet window) then the other
windows will not be able to execute a command till the telnet session is completed.

45
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Using HiDiscovery
All GarrettCom Magnum switches can be configured using the HiDiscovery tool from Belden
(Hirschmann). This includes setting the IP addresses or changing the IP addresses once that has
been set.

Using SSH
SSH is available in MNS-6K-SECURE.

The Telnet, rlogin, rcp, rsh commands have a number of security weakness; all
communications are in clear text and no machine authentication takes place. These
commands are open to eavesdropping and tcp/ip address spoofing. Secure Shell or
SSH is a network protocol that allows data to be exchanged over a secure channel
between two computers. SSH uses public/private key RSA authentication to check the identity of
communicating peer machines, encryption of all data exchanged (with strong algorithms such as
blowfish, 3DES, IDEA etc.). Encryption provides confidentiality and integrity of data. The goal of
SSH was to replace the earlier rlogin, Telnet and rsh protocols, which did not provide strong
authentication or guarantee confidentiality.

In 1995, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, designed the first
version of the protocol (now called SSH-1).

In 1996, a revised version of the protocol, SSH-2, was designed, incompatible with SSH-1. SSH-2
features both security and feature improvements over SSH-1. Better security, for example, comes
through Diffie-Hellman key exchange and strong integrity checking via MACs. New features of
SSH-2 include the ability to run any number of shell sessions over a single SSH connection. Since
SSH-1 has inherent design flaws which make it vulnerable to, e.g., man-in-the-middle attacks, it is
now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.
While most modern servers and clients support SSH-2, some organizations still use software with
no support for SSH-2, and thus SSH-1 cannot always be avoided.

In all versions of SSH, it is important to verify unknown public keys before accepting them as
valid. Accepting an attacker's public key as a valid public key has the effect of disclosing the
transmitted password and allowing man in the middle attacks.

SSH is most commonly used:

• With an SSH client that supports terminal protocols, for remote administration of the SSH
server computer via terminal (character-mode) console--can be used as an alternative to a
terminal on a headless server.
• In combination with SFTP, as a secure alternative to FTP which can be set up more easily
on a small scale without a public key infrastructure and X.509 certificates.

46
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

While there are other uses for SSH, the two most common uses are described above and are
relevant to this manual.

SSH uses port 22 as a default. Note Telnet uses port 23 as a default port.

The SSH-2 protocol has a clean internal architecture, defined in RFC 4251 with well-separated
layers. These are:

• The transport layer (RFC 4253). This layer handles initial key exchange and server
authentication and sets up encryption, compression and integrity verification. It exposes to
the upper layer an interface for sending and receiving plaintext packets of up to 32,768
bytes each; more can be allowed by the implementation. The transport layer also arranges
for key re-exchange, usually after 1 GB of data has been transferred or after 1 hour has
passed, whichever is sooner.

• The user authentication layer (RFC 4252). This layer handles client authentication and
provides a number of authentication methods. Authentication is client-driven, a fact
commonly misunderstood by users; when one is prompted for a password, it may be the
SSH client prompting, not the server. The server merely responds to client's authentication
requests. Widely used user authentication methods include the following:
o password: A method for straightforward password authentication, including a
facility allowing a password to be changed. This method is not implemented by all
programs.
o publickey: A method for public key-based authentication, usually supporting at
least DSA or RSA keypairs, with other implementations also supporting X.509
certificates.
o keyboard-interactive (RFC 4256): A versatile method where the server sends one
or more prompts to enter information and the client displays them and sends back
responses keyed-in by the user. Used to provide one-time password authentication
such as S/Key or SecurID. Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to effectively provide password
authentication, sometimes leading to inability to log in with a client that supports
just the plain password authentication method. This method is not supported.
o GSSAPI authentication methods which provide an extensible scheme to perform
SSH authentication using external mechanisms such as Kerberos 5 or NTLM,
providing single sign on capability to SSH sessions. These methods are usually
implemented by commercial SSH implementations for use in organizations, though
OpenSSH does have a working GSSAPI implementation; this method is not
supported.
• The connection layer (RFC 4254). This layer defines the concept of channels, channel
requests and global requests using which SSH services are provided. A single SSH
connection can host multiple channels simultaneously, each transferring data in both
directions. Channel requests are used to relay out-of-band channel specific data, such as the

47
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

changed size of a terminal window or the exit code of a server-side process. The SSH client
requests a server-side port to be forwarded using a global request. Standard channel types
include:
• shell for terminal shells, SFTP and exec requests, including SCP transfers.
• direct-tcpip for client-to-server forwarded connections.
• forwarded-tcpip for server-to-client forwarded connections.

The commands for SSH are:

Syntax ssh <enable|disable|keygen> - Enable or disable the server. Also can be used for generating the
key used by ssh.

Syntax ssh port=<port|default> - Select a different port number for SSH communication.

Syntax show ssh – Display the ssh settings.

Magnum10KT# access

Magnum10KT (access)## ssh ?

ssh <enable|disable> : Enables or Disables the SSH
ssh keygen : Generate Security Keys.
ssh port=<port|default> : Set TCP/IP Port

Usage
ssh <enable|disable|keygen>
ssh port=<port|default>

Magnum10KT (access)## show ssh

SSH is disabled

Magnum10KT (access)## ssh keygen

SSH Key Generation Started. This will take several minutes to complete.
Upon completion, the keys will be saved to flash memory.

Magnum10KT (access)## ssh enable

Enabling Access to SSH

Magnum10KT (access)## show ssh

SSH is enabled

Magnum10KT (access)## telnet disable

ERROR: Connected through telnet.

Magnum10KT (access)## exit

48
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show console

Console/Serial Link

Inbound Telnet Enabled : Yes

Outbound Telnet Enabled : Yes
Web Console Enabled : Yes
SSH Server Enabled : Yes
Modbus Server Enabled : Yes
SNMP Enabled : Yes
Terminal Type : VT100
Screen Refresh Interval (sec) : 3
Baud Rate : 38400
Flow Control : None
Session Inactivity Time (min) : 10

Magnum10KT# show sysconfig

System Name : Magnum 10KT
System Contact : [email protected]
System Location : Fremont, CA
Boot Mode : manual
Inactivity Timeout(min) : 500
Address Age Interval(min) : 300
Inbound Telnet Enabled : Yes
Web Agent Enabled : Yes
SSH Server enabled : Yes
Modbus Server Enabled : Yes
Time Zone : GMT-08hours:00minutes
Day Light Time Rule : None
System UpTime : 350 Days 7 Hours 49 Mins 48 Secs

Magnum10KT#

FIGURE28 – Setting up ssh. Since telnet sends the information in clear text, make sure that telnet is disabled to secure the
switch. Do not telnet to the switch to disable telnet. Preferred method is to do that via the console or using SWM. The client
access is not shown here. Commonly an application like PuTTY is used to access the switch via ssh. Use the show console
command to verify telnet is turned off.

SSH sessions cannot originate from the switch to another device.

A maximum of four SSH session can be active at the same time

49
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Domain Name System (DNS)

DNS functionality is available in MNS-6K-SECURE.

Domain Name System (DNS) associates various sorts of information with domain names or
logical computer names. A DNS server provides the necessary services as the phone book
for the Internet: it translates human-readable computer hostnames, e.g. google.com or yahoo.com
into the IP addresses that networking equipment needs for communications. Most
organizations deploy an internal DNS server so that the support personnel does not have to
remember IP addresses, but instead remembers logical names. DNS services on MNS
requires an interaction with DNS servers. These servers can be defined within MNS-6K using the
commands:

Syntax set dns [server=<ip>] [domain=<domain name>] <enable|disable|clear>

- Specify a DNS server to look up domain names. The sever IP can be a IPV6 address as well as an
IPV4 address.

Syntax show dns – Display the DNS settings.

Magnum10KT# show dns

DNS Server Address : 0.0.0.0
Domain Name : Not Set
DNS Status : Disabled.

Magnum10KT# set dns server=192.168.5.254 domain=customer-domain.com

Domain Name Server Set.

Magnum10KT# show dns

DNS Server Address : 192.168.5.254
Domain Name : customer-domain.com
DNS Status : Disabled.

Magnum10KT# set dns enable

DNS enabled.

Magnum10KT# show dns

DNS Server Address : 192.168.5.254
Domain Name : customer-domain.com
DNS Status : Enabled.

Magnum10KT# ping server

192.168.5.2 is alive, count 1, time = 20ms

Magnum10KT# set dns clear

50
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

DNS Information Cleared

Magnum10KT# show dns

DNS Server Address : 0.0.0.0
Domain Name : Not Set
DNS Status : Disabled.

Magnum10KT# ping server

ERROR: Host Not Found

Magnum10KT#
FIGURE29 – Use of DNS.

Domain name information as well as the IP address of the Domain server is needed
before DNS service is enabled.

DNS Server IP address can be an IVv6 address.

Setting Serial Port Parameters

To be compliant with IT or other policies the console parameters can be changed from the CLI
interface. This is best done by setting the IP address and then telnet over to the switch. Once
connected using telnet, the serial parameters can be changed. If you are using the serial port,
remember to set the VT-100 emulation software properties to match the new settings.

Syntax set serial [baud=<rate>] [data=<5|6|7|8>] [parity=<none|odd|even>]

[stop=<1|1.5|2>] [flowctrl=<none|xonxoff>]

Where <rate> = standard supported baud rates

Warning – Changing these parameters through the serial port will cause loss of
connectivity. The parameters of the terminals software (e.g. Hyper Terminal etc.)
will also have to be changed to match the new settings.

51
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

To see the current settings of the serial port, use the show serial command.

Magnum10KT# show serial

Baud Rate : 38400
Data : 8
Parity : No Parity
Stop : 1
Flow Control : None
FIGURE30 – Querying the serial port settings.

System Parameters
The system parameters can be queried and changed. To query the system parameters, two
commands are used frequently. They are show sysconfig and show setup. Both the commands
are shown below.

Magnum10KT# show setup

Version : Magnum 10KT build 14.4 May 27
2012 12:03:47 Build ID 1319694706
MAC Address : 00:20:06:25:b7:e0
IP Address : 67.109.247.197
Subnet Mask : 255.255.255.224
Gateway Address : 67.109.247.193
CLI Mode : Manager
System Name : Magnum10KT
System Description : Magnum 10KT Managed Switch
System Contact : [email protected]
System Location : Fremont, CA
System ObjectId : 1.3.6.1.4.1.553.12.20
System Serial No : 43576812
Original Factory Config Code : 10KT-sp
Magnum10KT#
FIGURE31 – System parameters using the show setup command. Most parameters here cannot be changed.

Using show sysconfig:

Magnum10KT# show sysconfig

System Name : Magnum10KT
System Contact : [email protected]
System Location : HO, Fremont, CA
Boot Mode : manual
Inactivity Timeout(min) : 10
Address Age Interval(min) : 300
Inbound Telnet Enabled : Yes
Web Agent Enabled : Yes

52
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

SSH Server enabled : No

Modbus Server Enabled : Yes
Time Zone : GMT-08hours:00minutes
Day Light Time Rule : USA
System UpTime : 350 Days 7 Hours 49 Mins 48 Secs
Magnum10KT#
FIGURE32 – System parameters using the show sysconfig command. Most parameters here can be changed.

System variables can be changed. Below is a list of system variables which GarrettCom
recommends changing.

System Name: Using a unique name helps you to identify individual devices in a network.

System Contact and System Information: This is helpful for identifying the administrator
responsible for the switch and for identifying the locations of individual switches.

To set these variables, change the mode to be SNMP configuration mode from the manager mode.

Syntax snmp
Syntax setvar [sysname|syscontact|syslocation]=<string> where string is a character
string, maximum 24 characters long

Magnum10KT# snmp
Magnum10KT(snmp)## setvar ?
setvar : Configures system name, contact or location
Usage:
setvar [sysname|syscontact|syslocation]=<string>
Magnum10KT(snmp)## setvar syslocation=Fremont
System variable(s) set successfully
Magnum10KT(snmp)## exit
Magnum10KT#
FIGURE33 – Setting the system name, system location and system contact information.

Date and Time

It may be necessary to set the day, time or the time zone manually. This can be done by using the
set command with the necessary date and time options. These are listed below:

Syntax set timezone GMT=[+ or -] hour=<0-14> min=<0-59>

Syntax set date year=<2001-2035> month=<1-12> day=<1-31>

[format=<mmddyyyy|ddmmyyyy|yyyymmdd>]

Syntax set time hour=<0-23> min=<0-59> sec=<0-59>

53
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Thus to set the time to be 08:10 am in the - 8 hours from GMT (PST or time zone on west coast
of USA) and to set the date to be 15 October 2013, the following set of commands are used:

Magnum10KT# set time hour=8 min=30 sec=0

success in setting device time
Magnum10KT# show time
Time : 8:30:04
Magnum10KT# show timezone
Timezone : GMT-08hours:00minutes
Magnum10KT# set date year=2013 month=10 day=15
Success in setting device date
Magnum10KT# show date
System Date : Wednesday 10-15-2003 (in mm-dd-yyyy format)
Magnum10KT#
FIGURE34 – Setting the system date, time and time zone.

Rebooting the switch resets the time to the default. Synchronizing with the time server resets the
time. Other relevant date and time commands are:

Syntax set timeformat format=<12|24> - define the time format

Syntax set daylight country=< country name|none> - set the DST setting by using rules for
the country

Syntax set daylight country=name [sthr=<0..23> stmin=<0..59> stdate=<1..31>

stmon=<Jan..Dec> stday=<Sun..Sat> endhr=[0..23> endmin=<0..59>
enddate=<1..31> endmon=<Jan..Dec> endday=<Sun..Sat>] - specify the daylight
saving time specifying the country name, start month/day/time and end month/day/time

Magnum6K25# set daylight ?

set daylight : Sets the day light location

Usage
set daylight country=<name>
Magnum6K25# set daylight country=USA

Success in setting daylight savings to the given location/country USA

Magnum6K25# show daylight

Daylight savings location name : USA

Magnum6K25#
FIGURE35 – Setting the system daylight saving time.

54
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

See Appendix 3 for additional information on Daylight Savings Time. The lists of countries for the
time zone are: Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq,
Italy, London, Namibia, Portugal, Russia, Spain, Sweden, Switzerland, Syria, USA. This list is updated
and is best to check the help built into the command for the list of countries.

Network Time (SNTP Client)

Many networks synchronize the time using a network time server. The network time server
provides time to the different machines using the Simple Network Time Protocol (SNTP). To
specify the SNTP server, one has to:
1) Set the IP parameters on the switch.
2) Define the SNTP parameters.

To set the SNTP parameter, enter the SNTP configuration mode from the manager. The setsntp,
sync, sntp commands can then be used to setup the time synchronization automatically from the
SNTP server. Note that it is not sufficient to setup the SNTP variables. Make sure to setup the
synchronization frequency as well as enable SNTP. The list of relevant commands are listed below:

Syntax setsntp server =<ipaddress> timeout =<1-10> retry =<1-3>

Syntax sync [hour=<0-24>] [min=<0-59>] (default = 24 hours)

The time zone and daylight savings time information have to be set for SNTP
server to set the proper time.

Syntax sntp [enable|disable]

For example, to set the SNTP server to be 204.65.129.2012 (with a time out of 3 seconds and a
number of retries set to 3 times); allowing the synchronization to be ever 5 hours, the following
commands are used:

Magnum10KT# sntp

Magnum10KT(sntp)## setsntp server=204.65.129.201 timeout=3 retry=3

SNTP server is added to SNTP server database

Magnum10KT(sntp)## sync hour=5

2 There are numbers of public NTP servers. Search on the internet using ‘NTP Servers’ yields the necessary server IP addresses.

55
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Do not forget to enable

sntp for time
Magnum10KT(sntp)## sntp enable
SNTP is already enabled.

Magnum10KT(sntp)## exit
Magnum10KT(sntp)#
FIGURE36 – Setting up SNTP services.

Network Time (SNTP Server)

SNTP server feature is available in MNS-6K-SECURE only.

Refer to Chapter 6 - SNTP Server on page 95 in this manual.

Saving and Loading Configuration

After configuration changes are made, all the changes are automatically registered but not saved
i.e. the effect of the change is immediate, however, if power fails, the changes are not saved and
restored, unless the changes are saved using the save command. It is also a good practice to save
the configuration on another server on the network using the TFTP or FTP protocols.

Using MNS-6K-SECURE, the switch can be enabled as a TFTP server. Any machine acting as a
TFTP client can thus save the configuration file as well or can be the client to upgrade the
software.

Once the configuration is saved, the saved configuration can be loaded to restore back the settings.
Make sure the machine specified by the IP address has the necessary services running on it. For
serial connections, X-modem can be used.

File name in many situations has to be a unique file name as over-writing files are not permitted by
most FTP and TFTP servers (or services). Only alpha-numeric characters are allowed in the file
name. Special characters like !@#$%&*(\|){/};[,’]” (or other control characters e.g. ^G) are not
allowed.

MNS-6K software can be updated as needed.

To upgrade to MNS-6K 4.x or MNS-6K-SECURE 14.x, make sure the switch is

first upgraded to version 3.7 or higher.

To update MNS-6K, please load the Rel_B_x.y.z.bin (where x.y.z is the version
number) for 6K-L model switches.

56
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

To update MNS-6K for all other 6K series of switches please load the Rel_A_x.y.x.bin (where
x.y.x is the version number.)

Note based on the above, if the wrong version is loaded, MNS-6K will print an error message. See
below:

57
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# tftp get type=app host

Error :Invalid Parameter

Magnum10KT# tftp get type=app ip=192.168.5.2 file=Rel_B_4.1.10.bin

Do you want to load application image? [ 'Y' or 'N']Y

Downloading the image...please wait
Received 1915783 Bytes. Checking Integrity..
Uploaded image is not a valid image for this device.
The device you are upgrading is Magnum 10KT.
Please Load the proper version of MNS-6K from www.garrettcom.com.

ERROR: Failed Image Verification.

FIGURE37 – Safeguards built into MNS-6K when downloading an incorrect version. In the above example, since
the switch is a 6K-25 the proper file to load is Rel_A_x.y.z - where x.y.z is the latest version of MNS-6K.
Rel_B_x.y.z is for the 6K-L model switches.

Before the software is updated, it is strongly advised to save the configurations. The re-loading of
the configuration is not usually necessary; however, in certain situations it maybe needed and it is
advised to save the configurations before a software update. Most software updates will require a
restart of the switch to make the new version active. Without a reboot the older configuration will
continue to be used by the Magnum 6K family of switches.

During a Reboot process, the user is prompted: Reboot Y/N. Select Y, the prompt is then: Save
Current Configuration? You must select No if you don’t want to save the running or modified
configuration. If you want to save the configuration, please select Y.

Along with the FTP command listed below, MNS-6K also supports normal FTP as well as passive
FTP. Passive FTP is used by many companies today to work with firewall policies and other
security policies set by companies. The commands for setting the type of FTP are:

Syntax set ftp mode=<normal|passive> - set the ftp mode of operation3

Syntax show ftp - display the current ftp operation mode

With MNS-6K additional capabilities have been added to save and load configurations. The
commands are:

Syntax ftp <get|put|list|del> [type=<app|config|oldconf|script|hosts|log

|cert>] [host=<hostname>] [ip=<ipaddress>] [file=<filename>]

3FTP uses a set of separate ports for the data stream and command stream. This causes problems in security conscious companies
who prefer that the client initiate the file transfer as well as the stream for the commands. To accommodate that, ftp added the
capability called “passive ftp” in which the client initiating the connection initiates both the data and command connection request.
Most companies prefer passive ftp and GarrettCom MNS-6K provides means to operate in those environments.

58
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

[user=<user>] [pass=<password>] – upload and download information using ftp

command

Where
<get|put|list|del> - different FTP operations
[type=<app|config|oldconf|script|hosts|log|cert>] – Optional type field.
This is useful to specify whether a log file or host file is uploaded or downloaded.
This can also perform the task of exporting a configuration file or uploading a
new image to the switch.
Note - cert allows a new certificate to be loaded to the switch. The default
certificate is a self signed certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>]
[pass=<password>] – parameters associated with the FTP server for proper
communications with the server.

The sftp command is available in MNS-6K-SECURE version.

Syntax stftp<get|put| list|del > [type=<app|config|oldconf|script|hosts|log

cert>] [host=<hostname>] [ip=<ipaddress>] [file=<filename>] – upload and
download information using sftp (Secure ftp) command

Where
<get|put| list|del > - different sftp operations – Get a file from the server or put
the information on the server or list files on the server or delete files from the
server.
[type=<app|config|oldconf|script|hosts|log|cert>] – Optional type field.
This is useful to specify whether a log file or host file is uploaded or downloaded.
This can also perform the task of exporting a configuration file or uploading a
new image to the switch.
Note - cert allows a new certificate to be loaded to the switch. The default
certificate is a self signed certificate from GarrettCom Inc.

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Parameters

associated with TFTP server for proper communications with the server.

Syntax tftp <get|put> [type=<app|config|oldconf|script|hosts|log|cert>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – upload and
download information using tftp command

Where
<get|put> - different tftp operations – Get a file from the server or put the
information on the server.

59
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

[type=<app|config|oldconf|script|hosts|log|cert>] – Optional type field.

This is useful to specify whether a log file or host file is uploaded or downloaded.
This can also perform the task of exporting a configuration file or uploading a
new image to the switch.
Note - cert allows a new certificate to be loaded to the switch. The default
certificate is a self signed certificate from GarrettCom Inc.

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Parameters

associated with the TFTP server for proper communications with the server.

Syntax xmodem <get|put> [type=<app|config|script|hosts|log|cert>] –

Upload and download information using Xmodem commands and console connection.

Where
<get|put> - different Xmodem file transfer operations – Get a file from the server
or put the information on the server.
[type=<app|config|script|hosts|log|cert>] – optional type field. This is
useful to specify whether a log file or host file is uploaded or downloaded. This
can also perform the task of exporting a configuration file or uploading a new
image to the switch.
Note - cert allows a new certificate to be loaded to the switch. The default
certificate is a self signed certificate from GarrettCom Inc.

The details are conceptually explained in the figure below:

FIGURE38 – Based on the SFTP, FTP, TFTP or Xmodem commands – the MNS-6K based switch can upload
or download different types of files and images. Other files such as host files can also be saved or loaded onto a switch.

60
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE39 – Using MNS-6K-SECURE, the Magnum 6K family of switches can be a TFTP server. Using the
TFTP client software on any PC, the operations to save a config file or save an image or load images from one switch
to another switch can be performed with ease.

Prior to Release 3.2, the configuration was saved only as a binary object (file). With
Release 3.2 and beyond, the configuration can be saved in the older format – binary
object or in a newer format as an ASCII (readable) file. The new format is preferred by
GarrettCom and GarrettCom recommends all configuration files be saved in the new
format. GarrettCom recommends saving the configuration in the old format only if there
are multiple Magnum 6K family of switches on the network and they all run different
versions of MNS-6K. GarrettCom recommends to upgrade all switches to the most
current release of MNS-6K.

Upgrading MNS-6K
MNS-6K software can be updated when needed. Please refer to the release notes for a specific
release regarding changes and bug fixes for the release. GarrettCom recommends using the latest
release of MNS-6K.

To upgrade to MNS-6K 4.x or MNS-6K-SECURE 14.x, make sure the switch is

first upgraded to version 3.7 or higher.

To update MNS-6K, please load the Rel_B_x.y.z.bin (where x.y.z is the version
number) for 6K-L model switches.

61
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

To update MNS-6K for all other 6K series of switches please load the Rel_A_x.y.x.bin (where
x.y.x is the version number).

Note: Based on the above, if the wrong version is loaded, MNS-6K will print an error message.
See below:

Magnum10KT# tftp get type=app ip=192.168.5.2 file=Rel_B_4.1.11.bin

Do you want to load application image? [ 'Y' or 'N']

Downloading the image...please wait
Received 1915783 Bytes. Checking Integrity..
Uploaded image is not a valid image for this device.
The device you are upgrading is Magnum 10KT.
Please Load the proper version of MNS-6K from www.garrettcom.com.

ERROR: Failed Image Verification.

FIGURE40 – Safeguards built into MNS-6K when downloading an incorrect version. In the above example, since
the switch is a 6K-25 the proper file to load is Rel_A_x.y.z - where x.y.z is the latest version of MNS-6K
Rel_B_x.y.z is for the 6K-L model switches.

Before the software is updated, it is strongly advised to save the configurations. The re-loading of
the configuration is not usually necessary; however, in certain situations it may be needed and it is
advised to save configurations before a software update. Most software updates will require a
restart of the switch to make the new version active. Without a reboot the older configuration will
continue to be used by the Magnum 6K family of switches.

During a Reboot process, the user is prompted: Reboot Y/N, select Y, the prompt is then: Save
Current Configuration? You must select No if you don’t want to save the running or modified
configuration. If you want to save the configuration, please select Y.

TFTP Server
To ease the file upload and download capabilities, MNS-6K-SECURE support TFTP
server capabilities. This also provides a secure mechanism to upgrade other switches on
the network. Using MNS-6K-SECURE, administrators secure the network as well as
secure each device. Using the TFTP server, administrators can:

1) Upgrade other MNS-6K switches in the network using the TFTP server command.

2) Download the configuration, host, script as well as the MNS-6K binary files for the switch. Text
based files such as the host file can be modified and uploaded again.

3) Other switches can be upgraded and updated by incorporating a TFTP server in the network.

The MNS-6K-SECURE uses the following pre-defined file names for loading the different files:

Application file or MNS-6K image app.bin

62
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Script file or configuration commands script.txt

Configuration file or GCI internal format config file config.txt

Host file or list of Host names and IP addresses hosts.txt

Using these default file names, other switches on the network can be updated.

Magnum 6K32FC
with MNS-6K-SECURE
Tftp server started

Magnum 6K25e with MNS-6K

User connected to this switch
using telnet (CLI) or SWM

FIGURE41 – The 6K32FC switch is running MNS-6K-SECURE. The 6K25e switch is running MNS-6K.
The system administrator can update the software on the 6K25e switch from the 6K32FC switch.

In the example above, to update the software on the 6K25e switch, the system administrator needs to:

1) Activate the TFTP server on the MNS-6K-SECURE switch.

2) Connect to the 6K25e switch using telnet or SWM.
3) User then uses the tftp commands with the file names specified above to upgrade the 8K25e
switch. For example the command would look like:
Magnum10KT# tftp get type=app host=6K32FC file=app.bin

Note - app.bin  this file is used to get the MNS-6K binary from the 6K32FC switch. MNS-6K on the
Magnum 6K25e switch will recognize that file and upgrade the MNS-6K software on Magnum 8K25e
switch.

Syntax tftpsrv <start|stop> – start and stop TFTP server services

Magnum10KT# tftpserver

Magnum10KT(tftpserver)## tftpsrv start

63
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Server started successfully

Magnum10KT(tftpserver)## tftpsrv stop

Stopping TFTP Server...

TFTP Server Stopped.
Magnum10KT(tftpserver)## exit

Magnum10KT#
FIGURE42 – Starting and stopping TFTP services.

Script Files
To display the configuration or to view specific modules configured, the show config command is used
as described below:

Script file is a file containing a set of CLI commands which are used to configure the switch. CLI
commands are repeated in the file for clarity, providing guidance to the user editing the file as to
what commands can be used for modifying variables used by MNS-6K. The script file does not
have a check sum at the end and is used for configuring a large number of switches easily. As with
any configuration file that is uploaded, GarrettCom recommends that modifications of this file and
the commands should be verified by the User in a test environment prior to use in a live
production network.

Save the script file commands such as FTP or TFTP can be used. For example, using the ftp command,
the sequence of commands are shown below:

64
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show ftp

Current FTP Mode: NORMAL

Magnum10KT# set ftp mode=passive

FTP Set to Passive Mode

Magnum10KT# show ftp

Current FTP Mode: PASSIVE

Magnum10KT# set ftp mode=normal

FTP Set to Normal Mode

Magnum10KT# show ftp

Current FTP Mode: NORMAL

Magnum10KT# ftp put type=script ip=192.168.5.2 file=filename
Do you wish to export configuration file? [ 'Y' or 'N'] Y
Successfully exported the configuration
Magnum10KT#
FIGURE43 – Commands to save the script using FTP. Similar options will be specified using TFTP etc. The user
name and password prompt information is not shown in the image above.

The commands for user access can be encrypted when saving the script file. Note that
when the script file is loaded back to the switch, ensure the encrypted password is
replaced back in clear text. To encrypt and save the config file, use the CLI command.

Displaying or Hiding Passwords

When the script file is saved, there may be security concerns as to whether passwords
associated with user id’s are saved in clear text or not. In those situations, the set secrets
command can be use to mask out the password. On the screen the user password is always
shown as “password”. The password is masked or visible in clear text in the script file based on
the set secrets command.

Syntax set secrets <hide|show- Hides or encrypts the user access password. Default is shown.

Syntax show secrets - Displays the status of the secrets command.

The script file will look familiar as all the commands saved in the script file are described in this manual.
A sample of the script file is shown below:

Magnum10KT# show secrets

Secrets will be visible.

65
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show config

#!META 33 33 33 87 0
#System Manager#
set bootmode type=manual
ipconfig ip=192.168.5.5 mask=255.255.255.0 dgw=192.168.5.1
access
exit
#User Management#
user
add user=peter level=1 pass=password
exit
#Access#
access
exit
#HOSTS#
access
exit
authorize secure key=1122334455667788
#Alarm Config#
alarm
exit

Magnum10KT# user

Magnum10KT(user)## add user=peter level=1

User is added
Enter User Password :**** with password
none
Confirm New Password :****

Magnum10KT(user)##

Magnum10KT# tftp put type=script ip=192.168.5.2 file=scriptfile

Do you want to export script file? [ 'Y' or 'N']

Building Script File...
Uploading Script File...please wait
Script Upload Successful.

<After the file is saved, the contents of the file are viewed. The contents are displayed below>

# Magnum 10KT build 14.1.11 May 8 2011 15:47:42 Build ID 1288809006

#Modules: 33 33 87 0
#Slot A: 2 Giga SFP-1000
##########################################################
# System Manager - This area configures System related
#
# information.
#
##########################################################
set bootmode type=manual
ipconfig ip=192.168.5.5 mask=255.255.255.0 dgw=192.168.5.1
set timeout=10

66
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

access
telnet enable
snmp enable
web enable
ssh disable
modbus enable
ssl enable
ssh port=22
modbus port=502
modbus device=0
exit
##########################################################
# User Accounts - This area configures user accounts for
#
# accessing this system.
#
##########################################################
user
add user=manager level=2 pass=manager
useraccess user=manager service=telnet enable
useraccess user=manager service=web enable
useraccess user=manager service=acl enable
useraccess user=manager group=all type=read enable
useraccess user=manager group=all type=write enable
add user=operator level=1 pass=operator
useraccess user=operator service=telnet enable
useraccess user=operator service=web enable
useraccess user=operator service=acl enable
useraccess user=operator group=all type=read enable
useraccess user=operator group=all type=write enable
add user=peter level=1 pass=none
Note: The password
useraccess user=peter service=telnet enable
useraccess user=peter service=web enable is visible in clear text
useraccess user=peter service=acl enable
useraccess user=peter group=all type=read enable
useraccess user=peter group=all type=write enable
exit
<Other details omitted>

<After this, use the set secrets command to hide the password>

Magnum10KT# set secrets hide

Secrets will be hidden.

Magnum10KT# show secrets

Secrets will be hidden.

Magnum10KT# tftp put type=script ip=192.168.5.2 file=scriptfile-hide

Do you want to export script file? [ 'Y' or 'N']

Building Script File...
Uploading Script File...please wait
Script Upload Successful.

67
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

<After the file is saved, the contents of the file are viewed. The contents are displayed below:>

# Magnum 10KT build 14.1.11 May 8 2011 15:47:42 Build ID 1288809006

#Modules: 33 33 87 0
#Slot A: 2 Giga SFP-1000
##########################################################
# System Manager - This area configures System related
#
# information.
#
##########################################################
set bootmode type=manual
ipconfig ip=192.168.5.5 mask=255.255.255.0 dgw=192.168.5.1
set timeout=10
access
telnet enable
snmp enable
web enable
ssh disable
modbus enable
ssl enable
ssh port=22
modbus port=502
modbus device=0
exit
##########################################################
# User Accounts - This area configures user accounts for #
# #
# accessing this system. #
# #
##########################################################
user
add user=manager level=2 pass=password
useraccess user=manager service=telnet enable
useraccess user=manager service=web enable
useraccess user=manager service=acl enable
useraccess user=manager group=all type=read enable
useraccess user=manager group=all type=write enable
add user=operator level=1 pass=password
useraccess user=operator service=telnet enable
useraccess user=operator service=web enable
useraccess user=operator service=acl enable
useraccess user=operator group=all type=read enable
useraccess user=operator group=all type=write enable
add user=peter level=1 pass=password The password
useraccess user=peter service=telnet enable is now masked
useraccess user=peter service=web enable
useraccess user=peter service=acl enable
useraccess user=peter group=all type=read enable
useraccess user=peter group=all type=write enable
exit
FIGURE44 – Example of Script file and use of set secrets command. Note all the commands in the script file
are CLI commands. This script provides insights into the configuration of Magnum MNS-6K settings. GarrettCom

68
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

recommends that modifications of this file and the commands should be verified by the User in a test environment
prior to use in a live production network.

Host Names
Instead of typing in IP addresses of commonly reached hosts, MNS-6K allows host names to be
created with the necessary host names and IP addresses, user names and passwords.

Syntax host <add|edit|del> name=<host-name> [ip=<ipaddress>] [user=<user>]

[pass=<password>] – Create a host entry for accessing host. This is equivalent to creating a
host table on many systems. Maximum of 10 such entries are allowed.

Syntax show host– Displays the host table entries.

Magnum10KT# access
Magnum10KT(access)## host
Usage
host <add|edit|del> name=<host-name> [ip=<ipaddress>] [user=<user>
[pass=<password>]
Magnum10KT(access)## host add name=server ip=192.168.5.2
Host added successfully

Magnum10KT(access)## show host

No Host Name IP Address User Password
====================================================================
1 server 192.168.5.2 -- ******
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --
6 -- -- -- --
7 -- -- -- --
8 -- -- -- --
9 -- -- -- --
10 -- -- -- --
Magnum10KT(access)##
FIGURE45 – Creating host entries on MNS-6K.

Syntax more <enable|disable|show- Enable or disable the scrolling of lines one page at
a time.

69
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Example:

Magnum10KT# more show

CLI Display paging enabled.
Magnum10KT# more disable
CLI Display paging disabled.
Magnum10KT#
FIGURE46 – Enabling or disabling the pagination.

Displaying Configuration
To display the configuration or to view specific modules configured, the show config command is used
as described below:

Syntax show config [group=<group list>][run|saved|script]

Where module-name can be affected:

Name Areas affected

system IP Configuration, Boot mode, Users settings (e.g.
login names, passwords)
event Event Log and Alarm settings
port Port settings, Broadcast Protection and QoS
settings
bridge Age time setting
stp STP, RSTP, S- Ring and LLL settings
ps Port Security settings
mirror Port Mirror settings
ptp PTP settings
sntp SNTP settings
llan VLAN settings
gvrp GVRP settings
gmrp GMRP settings
snmp SNMP settings
web Web and SSL/TLS settings
tacacs TACACS+ settings
auth 802.1x Settings
igmp IGMP Settings
smtp SMTP settings

FIGURE47 – Different groups for the show config command.

If the module name is not specified the whole configuration is displayed.

70
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show config

#!META 46 87 67 177 177
#System Manager#
set bootmode type=manual
ipconfig ip=192.168.130.8 mask=255.255.255.0 dgw=192.168.130.1
set timeout=100000
access
exit
#User Management#
user
exit
#Access#
access
exit
#HOSTS#
access
gdp disable
gdp proxy status=disable
exit

authorize secure key=a7aade538564cfed

#Alarm Config#

--more--
FIGURE48 – show config command output.

Magnum10KT# show config module=snmp

#!META 46 87 67 177 177
#SNMP#
set snmp type=all
snmpv3
exit
set snmp type=v1
snmp
authentraps disable
exit
set snmp type=v1
rmon
exit

Magnum10KT#

FIGURE49 – Displaying specific modules using the show config command.

Magnum10KT# show config module=snmp,system

#!META 46 87 67 177 177
#System Manager#
set bootmode type=manual
ipconfig ip=192.168.130.8 mask=255.255.255.0 dgw=192.168.130.1
set timeout=100000

71
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

access
exit
#User Management#
user
exit
#Access#
access
exit
#HOSTS#
access
gdp disable
gdp proxy status=disable
exit
authorize secure key=a7aade538564cfed
#SNMP#
--more—
FIGURE50 – Displaying configuration for different modules. Note that multiple modules can be specified on the
command line.

Running Config, Saved Config,

Script
When CLI commands are used to modify the configuration of MNS-6K or MNS-6K-SECURE, the
changes are effective immediately. These changes are listed as the running configuration.

The running configuration is not saved till the save command is used. After the save command, the
running configuration and the saved configuration are the same. With modifications, the configurations
may change over time, and there may be significant differences between saved configurations and
running configuration.

Whenever the script file is saved using the TFTP or the FTP command, the saved configuration is only
saved. To summarize:

Running configuration has all the changes made since the last save or reboot. The changes are
accumulated in one or multiple sessions.

Saved configuration used during a reboot or restart of the switch. The running configuration is
discarded during the reboot. Even with changes made, when a configuration is saved using Xmodem,
TFTP, FTP or SFTP, the saved configuration is saved.

Script configuration is the detailed listing of all commands needed to set the configuration on the
switch. The Script option always uses the saved configuration to load the commands from.

Default configuration displayed with the show config command is the running configuration.

To illustrate this, please review the example below:

72
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# kill config

<after all the config is erased and switch is rebooted…>

Magnum10KT# ipconfig ip=192.168.5.5 mask=255.255.255.0 dgw=192.168.5.1

IP Parameters Set.
Magnum10KT#
Magnum10KT# show config saved
#CFGV4
#!META 33 33 33 87 0 There is no saved config as the
config was erased. The default
configuration can be viewed once
Magnum10KT# save the save command is issued or by
the show config script command.
Saving current configuration...
Configuration saved

Saving current event logs...

Event logs saved

Magnum10KT# show config saved

#CFGV4
#!META 33 33 33 87 0
#System Manager#
set bootmode type=manual
ipconfig ip=192.168.5.5 mask=255.255.255.0 dgw=192.168.5.1
access
exit
#User Management# While the saved configuration is
user shown, this was done right after a
exit reset of the configuration. The
#Access# saved configuration and running
#HOSTS# configuration is the same. If the
access command show config run was
exit issued before the save command,
#Alarm Config# the same configuration would have
alarm been displayed.
exit Note the configuration is
#Port Management# condensed - i.e. the default
device commands are not displayed.
#Broadcast Protection#
--more—
Magnum10KT# show config run There is no difference
#!META 46 87 67 177 177 in saved and run
#System Manager# config at this time
set bootmode type=manual
ipconfig ip=192.168.130.8 mask=255.255.255.0 dgw=192.168.130.1
set timeout=100000
access
exit
#User Management#
user
exit
#Access#

73
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

access
exit
#HOSTS#
access
gdp disable
gdp proxy status=disable
exit
authorize secure key=a7aade538564cfed
#Alarm Config#
The script option
--more—
lists all the
commands
Magnum10KT# show config script
#Magnum 10KT build 14.4.4Beta Mar 8 2013 16:29:29
#Modules: 87 67 177 177
##########################################################
# System Manager - This area configures System related #
# information. #
##########################################################
set bootmode type=manual
ipconfig ip=192.168.130.8 mask=255.255.255.0 dgw=192.168.130.1
set timeout=100000
reboot-scheduler disable
set reboot-date year=2010 month=1 day=1
set reboot-time hour=0 min=0 sec=0
set reboot-frequency freq=once
set reboot-reminder rmdr=1
access
telnet enable
snmp enable
web enable
ssh disable
modbus enable

--more--
FIGURE51 – Displaying different configuration modes.

Deleting Configuration
To delete the configuration and reset the configurations to factory default, you can use the command kill
config. This command is a hidden command and the on-line help and other help functions normally
do not display this command. The kill config command resets everything to the factory default. The
reset does not take place till the switch reboots.

It is recommended to save the configuration using saveconf command discussed above

before using the kill config command. The kill config will also reset the IP address
and all other parameters as well unless the save option described below is used.

Syntax kill config [save=module-name] – resets the system configuration. The module-

74
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

name option does not reset the specific module parameters. The modules are listed below:

The module-names are:

Name Areas affected

system IP Configuration, Boot mode, Users settings (e.g.
login names, passwords)
event Event Log and Alarm settings
port Port settings, Broadcast Protection and QoS settings
bridge Age time setting
stp STP, RSTP, S- Ring and LLL settings
ps Port Security settings
mirror Port Mirror settings
ptp PTP settings
sntp SNTP settings
vlan VLAN settings
gvrp GVRP settings
gmrp GMRP settings
snmp SNMP settings
web Web and SSL/TLS settings
tacacs TACACS+ settings
auth 802.1x Settings
igmp IGMP Settings
smtp SMTP settings
If the module name is not specified the whole configuration is erased.

For example, kill config save=system preserves the system IP address, netmask and default
gateway.

Magnum10KT# kill config save=system

Do you want to erase the configuration? [ 'Y' or 'N'] Y
Successfully erased configuration...Please reboot.
FIGURE52 – Erasing configuration without erasing the IP address.

Once the configuration is erased, please reboot the switch for the changes to take effect.

Displaying Serial Number

To display the serial number of the unit, use the command show setup as shown below. The command
also displays other information related to the switch.

Syntax show setup – Display the setup, serial number, factory code information and more.

75
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show setup

Version : Magnum 10KT build 14.4 May 27 2012 12:03:47

Build ID 1333024938
MAC Address : 00:20:08:03:05:09
IP Address : 192.168.5.5
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.5.1
CLI Mode : Manager
System Name : Magnum 10KT
System Description : Magnum 10KT Managed Switch
System Contact : [email protected]
System Location : Fremont, CA
System ObjectId : 1.3.6.1.4.1.553.12.20
System Seriial No. : 43576812
Original Factory Config Code : 10KT-sp

Magnum10KT#

FIGURE53 – Display the serial number, factory code and other relevant setup information.

List of Commands In This Chapter

Syntax set bootmode type=<dhcp|bootp|manual|auto> [bootimg=<enable|disable>]
[bootcfg=[<enable|disable>] – Assign the boot mode for the switch.
Where
<dhcp|bootp|manual|auto> - where
dhcp – Look only for DHCP servers on the network for the IP address. Disable
bootp or other modes.
bootp – Look only for bootp servers on the network. Disable dhcp or other mode.
manual – Do not set the IP address automatically.
auto - The switch will first look for a DHCP server. If a DHCP server is not found,
it will then look for a BootP server. If that server is not found, the switch will
check to see if the switch had a pre-configured IP address. If it did, the switch
would be assigned that IP address. If the switch did not have a pre-configured IP
address, it would inspect if the IP address 192.168.1.2 with a netmask of
255.255.255.0 is free. If the IP address is free, MNS-6K will assign the switch
that IP address. If the address is not free, MNS-6K will poll the network for
DHCP server then BootP server then check if the IP address 192.68.1.2 is freed
up.
bootimg=<enable|disable> - Valiad with type=bootp only. Allows the switch to load
the image file from the BootP server. This is useful when a new switch is put on a
network and the IT policies are set to load only a specific MNS-6Kimage which is
supported and tested by IT personnel.
bootcfg=<enable|disable> - Valiad with type=bootp only. Allows the switch to load the
configuration file from the BootP server. This is useful when a new switch is put on a
network and the specific configurations are loaded from a centralized BootP server .

76
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax telnet <enable|disable> - Enables or disables telnet sessions.

Syntax telnet <ipaddress> [port=<port number>] – Telnet from the switch

Syntax ssh <enable|disable|keygen> - Enable or disable the server. Also can be used for generating the
key used by ssh.

Syntax ssh port=<port|default> - Select a different port number for SSH communication.

Syntax show ssh – Display the ssh settings.

Syntax set dns [server=<ip>] [domain=<domain name>] <enable|disable|clear> - Specify

a DNS server to look up domain names. The sever IP can be a IPV6 address as well as an IPV4
address.

Syntax show dns – Display the DNS settings.

Syntax set serial [baud=<rate>] [data=<5|6|7|8>] [parity=<none|odd|even>]

[stop=<1|1.5|2>] [flowctrl=<none|xonxoff>] – Sets serial port parameters.

Syntax snmp – Enter the snmp configuration mode.

Syntax setvar [sysname|syscontact|syslocation]=<string> - Sets the system name, contact and

location information.

Syntax set timezone GMT=[+ or -] hour=<0-14> min=<0-59> - Sets the timezone.

Syntax set date year=<2001-2035> month=<1-12> day=<1-31>

[format=<mmddyyyy|ddmmyyyy|yyyymmdd>] – Sets the date and the format in which the
date is displayed.

Syntax set time hour=<0-23> min=<0-59> sec=<0-59> – Sets the time (as well as the timezone.)

Syntax set timeformat format=<12|24> - Define the time format.

Syntax set daylight country=< country name|none> - Set the DST setting by using rules for the
country.

Syntax set daylight country=name [sthr=<0..23> stmin=<0..59> stdate=<1..31>

stmon=<Jan..Dec> stday=<Sun..Sat> endhr=[0..23> endmin=<0..59> enddate=<1..31>
endmon=<Jan..Dec> endday=<Sun..Sat>] - Specify the daylight saving time specifying the country
name, start month/day/time and end month/day/time.

Syntax setsntp server = <ipaddress> timeout = <1-10> retry = <1-3> - Setup the SNTP server.

Syntax sync [hour=<0-24>] [min=<0-59>] – Setup the frequency at which the SNTP server is queried.

77
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax sntp [enable|disable] – Enables or disables the SNTP services.

Syntax saveconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – Saves the

configuration on the network using TFTP, FTP or serial protocols.

Syntax loadconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – Loads the previously

saved configuration from the network using TFTP, FTP or serial protocols.

Syntax kill config [save=module_name] – Resets the system configuration. The module_name option does not
reset the specific module parameters. The modules are system, event, port, bridge, stp, ptp, ps, mirror, sntp, vlan,
gvrp, gmrp and snmp.

Syntax show session – Display telnet sessions active on the switch.

Syntax kill session id=<session> - Kill a specific telnet session.

Syntax set ftp mode=<normal|passive> - Set the FTP mode of operation.

Syntax show ftp- Display the current ftp operation mode.

Syntax ftp <get|put|list|del> [type=<app|config|oldconf|script|hosts|log|cert>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>]
[pass=<password>] – Upload and download information using FTP command.

Where
<get|put|list|del> - Different FTP operations.
[type=<app|config|oldconf|script|hosts|log|cert>] – Optional type field. This is
useful to specify whether a log file or host file is uploaded or downloaded. This can also
perform the task of exporting a configuration file or uploading a new image to the
switch.
Note - cert allows a new certificate to be loaded to the switch. The default certificate is a
self signed certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>]
[pass=<password>] – Parameters associated with the FTP server for proper
communications with the server.

Syntax stftp<get|put| list|del > [type=<app|config|oldconf|script|hosts|log|cert>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Upload and download
information using SFTP (Secure FTP) command.

Where
<get|put| list|del > - Different SFTP operations – get a file from the server or put the
information on the server or list files on the server or delete files from the server.
[type=<app|config|oldconf|script|hosts|log>] – Optional type field. This is useful
to specify whether a log file or host file is uploaded or downloaded. This can also
perform the task of exporting a configuration file or uploading a new image to the
switch.

78
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Note - cert allows a new certificate to be loaded to the switch. The default certificate is a
self signed certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – parameters associated
with tftp server for proper communications with the server

Syntax tftp <get|put> [type=<app|config|oldconf|script|hosts|log|cert>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Upload and download
information using TFTP command.

Where
<get|put> - Different TFTP operations – get a file from the server or put the information
on the server.
[type=<app|config|oldconf|script|hosts|log>] – Optional type field. This is useful
to specify whether a log file or host file is uploaded or downloaded. This can also
perform the task of exporting a configuration file or uploading a new image to the
switch.
Note cert allows a new certificate to be loaded to the switch. The default certificate is a
self signed certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Parameters associated
with TFTP server for proper communications with the server.

Syntax stftp<get|put| list|del > [type=<app|config|oldconf|script|hosts|log>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – Upload and download
information using SFTP (Secure FTP) command.

Syntax xmodem <get|put> [type=<app|config|script|hosts|log|cert>] – Upload and

download information using Xmodem commands and console connection.

Where
<get|put> - different Xmodem file transfer operations – Get a file from the server or put
the information on the server.
[type=<app|config|script|hosts|log|cert>] – optional type field. This is useful to
specify whether a log file or host file is uploaded or downloaded. This can also perform
the task of exporting a configuration file or uploading a new image to the switch.
Note cert allows a new certificate to be loaded to the switch. The default certificate is a
self signed certificate from GarrettCom Inc.

Syntax tftpsrv <start|stop> – Start and stop TFTP server services.

Syntax host <add|edit|del> name=<host-name> [ip=<ipaddress>] [user=<user>]

[pass=<password>] – Create a host entry for accessing host. This is equivalent to creating a host
table on many systems. Maximum of 10 such entries are allowed.

Syntax show host – Displays the host table entries.

79
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax climode <script|console|show> - Set the interactive CLI mode on (console) or off (script). To see
the mode – use the show option.

Syntax more <enable|disable|show> - Enable or disable the scrolling of lines one page at a time.

Syntax show config [module=<module-name>] [run|saved|script] – Displays the configuration.

Syntax set secrets <hide|show> - Sets the system parameter to display or hide the passwords.

Syntax show secrets - Display the secrets setting.

Syntax kill config [save=module-name] – Resets the system configuration. The module-name option does
not reset the specific module parameters. The modules are listed below:

Other Commands
Syntax configure access – sets the access parameters (e.g. disable telnet session)

Syntax show ipconfig – shows IP parameters set

Syntax show console – reviews console settings

Syntax show serial – reviews serial settings

Syntax show setup – reviews system parameters

Syntax show sysconfig – reviews settable system parameters

Syntax show time – shows the system time

Syntax show timezone – shows the system timezone

Syntax show date – shows the system date

Syntax show uptime – shows the amount of time the switch has been operational

80
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

4
4 – IPv6
Next generation IP addressing

T his section explains how the access to the GarrettCom Magnum MNS-6K can setup using IPv6
instead of IPv4 addressing described earlier. IPv6 provides a much larger address space and is
required today by many. IPv6 is available in MNS-6K-SECURE version only.

Assumptions

It is assumed here that the user is familiar with IP addressing schemes and has
other supplemental material on IPv6 configuration, routing, setup and other items
related to IPv6. This User Guide does not address those details.

Introduction to IPv6
IPv6 is short for Internet Protocol Version 6. IPv6 is the next generation protocol or IPng and
was recommended to the IETF to replace the current version Internet Protocol, IP Version 4
(IPv4). IPv6 was recommended by the IPv6 (or IPng) Area Directors of the Internet Engineering
Task Force at the Toronto IETF meeting on July 25, 1994 in RFC 1752, The Recommendation
for the IP Next Generation Protocol. The recommendation was approved by the Internet
Engineering Steering Group and made a proposed standard on November 17, 1994. The core set
of IPv6 protocols were made an IETF draft standard on August 10, 1998.
IPv6 is a new version of IP which is designed to be an evolutionary step from IPv4. It is a natural
increment to IPv4. It can be installed as a normal software upgrade in internet devices and is
interoperable with the current IPv4. Its deployment strategy is designed to not have any
dependencies. IPv6 is designed to run well on high performance networks (e.g. Gigabit Ethernet,
OC-12, ATM, etc.) and at the same time still be efficient for low bandwidth networks (e.g.
wireless). In addition, it provides a platform for new internet functionality that will be required in
the near future.
IPv6 includes a transition mechanism which is designed to allow users to adopt and deploy IPv6
in a highly diffuse fashion and to provide direct interoperability between IPv4 and IPv6 hosts.
The transition to a new version of the Internet Protocol is normally incremental, with few or no
critical interdependencies. Most of today's internet uses IPv4, which is now nearly twenty years
old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems.

81
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new
machines added to the Internet.
IPv6 fixes a number of problems in IPv4, such as the limited number of available IPv4 addresses.
It also adds many improvements to IPv4 in areas such as routing and network auto configuration.
IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a
transition period.

What’s Changed in IPv6?

The changes from IPv4 to IPv6 fall primarily into the following categories:
• Expanded Routing and Addressing Capabilities: IPv6 increases the IP address
size from 32 bits to 128 bits, to support more levels of addressing hierarchy and a
much greater number of addressable nodes, and simpler auto-configuration of
addresses. The scalability of multicast routing is improved by adding a scope field to
multicast addresses.
• A new type of address called a anycast address is defined, to identify sets of nodes
where a packet sent to an anycast address is delivered to one of the nodes. The use of
anycast addresses in the IPv6 source route allows nodes to control the path which
their traffic flows.
• Header Format Simplification: Some IPv4 header fields have been dropped or
made optional, to reduce the common-case processing cost of packet handling and to
keep the bandwidth cost of the IPv6 header as low as possible despite the increased
size of the addresses. Even though the IPv6 addresses are four time longer than the
IPv4 addresses, the IPv6 header is only twice the size of the IPv4 header.
• Improved Support for Options: Changes in the way IP header options are encoded
allows for more efficient forwarding, less stringent limits on the length of options, and
greater flexibility for introducing new options in the future.
• Quality-of-Service Capabilities: A new capability is added to enable the labeling of
packets belonging to particular traffic "flows" for which the sender requests special
handling, such as non-default quality of service or "real- time" service.
• Authentication and Privacy Capabilities: IPv6 includes the definition of extensions
which provide support for authentication, data integrity, and confidentiality. This is
included as a basic element of IPv6 and will be included in all implementations.

IPv6 Addressing
IPv6 addresses are 128-bits long and are identifiers for individual interfaces and sets of interfaces.
IPv6 addresses of all types are assigned to interfaces, not nodes. Since each interface belongs to a
single node, any of that node's interfaces' unicast addresses may be used as an identifier for the
node. A single interface may be assigned multiple IPv6 addresses of any type.

82
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast
addresses identify a single interface. Anycast addresses identify a set of interfaces such that a
packet sent to an anycast address will be delivered to one member of the set. Multicast addresses
identify a group of interfaces, such that a packet sent to a multicast address is delivered to all of
the interfaces in the group. There are no broadcast addresses in IPv6, their function being
superseded by multicast addresses.
IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs. 32).
This is 4 Billion times 4 Billion times 4 Billion (296) times the size of the IPv4 address space (232).
This works out to be:
340,282,366,920,938,463,463,374,607,431,768,211,456
This is an extremely large address space. In a theoretical sense this is approximately
665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth,
assuming the earth surface is 511,263,971,197,990 square meters. In the most pessimistic estimate
this would provide 1,564 addresses for each square meter of the surface of the planet Earth. The
optimistic estimate would allow for 3,911,873,538,269,506,102 addresses for each square meter of
the surface of the planet Earth. Approximately fifteen percent of the address space is initially
allocated. The remaining 85% is reserved for future use.
The details on the addressing are covered by numerous articles on the WWW as well as other
literature and are not covered here.

Configuring IPv6
The commands used for IPv6 are the same as those used for IPv4. Some of the commands will
be discussed in more details later. The only exception is the ping command where there is a
special command for IPv6. That commands is ping6 and the syntax is as

Syntax ping6 <IPv6 address> - pings an IPv6 station

There is also a special command to ping the status of IPv6. That command is:

Syntax show ipv6 - displays the IPv6 information

83
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

To configure IPv6, the following sequence of commands can be used:

Magnum10KT# ipconfig ?
ipconfig : Configures the system IP address, subnet mask and gateway

Usage
ipconfig [ip=<ipaddress>] [mask=<subnet-mask>] [dgw=<gateway>]
ipconfig [add|del] [ip=<ipV6 address>] [mask=<ipV6 mask(0..128)>]
[dgw=<ipv6 gateway>]
Magnum10KT# ipconfig ip=fe80::220:6ff:fe25:ed80 mask=ffff:ffff:ffff:ffff::

Action Parameter Missing. "add" assumed.

IPv6 Parameters Set.
Magnum10KT# show ipv6

IPv6 Address : fe80::220:6ff:fe25:ed80 mask : ffff:ffff:ffff:ffff::

Magnum10KT# show ipconfig

IP Address : 192.168.5.5
Subnet Mask : 255.255.255.0
Gateway Address : 192.168.5.1
IPv6 Address : fe80::220:6ff:fe25:ed80
mask : ffff:ffff:ffff:ffff::
IPv6 Gateway : ::

Magnum10KT#
FIGURE54 – Configuring IPv6.

In addition to the commands listed above, the commands which support IPv6 addressing are:

• RADIUS (802.1x)
• TACACS +
• Syslog
• SNTP Client
• SNTP Server
• SWM/SSL
• FTP Client
• SFTP Client
• PING
• SMTP
• TELNET Server
• TELNET client
• SNMP
• SSH

84
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

For example, using IPv6 with FTP is shown below:

Syntax ftp <IPv6 address> - ftp to an IPv6 station

Example – ftp fe80::220:6ff:fe25:ed80

If the end station supports IPv6 addressing (as most Linux and Windows systems do), one can
access the switch using the IPv6 addressing as shown in the example below:
http://fe80::220:6ff:fe25:ed80

List of Commands In This Chapter

Syntax ipconfig [add|del] [ip=<ipV6 address>] [mask=<ipV6 mask(0..128)>]
[dgw=<ipv6 gateway>] – configure and IPv6 address. The add/delete option can be used to
add or delete IPv4/IPv6 addresses
Syntax show ipconfig – display the IP configuration information – including IPv6 address
Syntax ping6 <IPv6 address> - pings an IPv6 station
Syntax show ipv6 - displays the IPv6 information
Syntax ftp <IPv6 address> - ftp to an IPv6 station
Syntax telnet <IPv6 address> - telnet to an IPv6 station

85
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

5
5 – DHCP Server
Access to other devices on the network…

T his feature is available in MNS-6K-SECURE only. This section explains how DHCP
services can be provided for devices on the network. MNS-6K can provide DHCP services.
Network administrators use Dynamic Host Configuration Protocol (DHCP) servers to
administer IP addresses and other configuration information to IP devices on the network. This
automation provides better control, allows better utilization of IP addresses and finally reduces
the maintenance burden. Using DHCP, non active IP address can be reused.

The DHCP client uses the DHCP protocol to obtain IP addresses and other parameters such as
the default gateway, subnet mask, and IP addresses of DNS servers from a DHCP server. The
DHCP protocol provides a framework for passing configuration information to hosts on a
TCP/IP network and is defined by several RFCs. DHCP was a natural evolution from the
Bootstrap Protocol (BOOTP), adding the capability of expiration of IP addresses (a lease),
automatic allocation and reuse of network addresses and additional configuration options. DHCP
captures the behavior of BOOTP relay agents, and DHCP participants can interoperate with
BOOTP participants. The DHCP server ensures that all IP addresses are unique4, e.g., no IP
address is assigned to a second client while the first client's assignment is valid (its lease has not
expired).

DHCP emerged as a standard protocol in October 1993. DHCP evolved form the older BOOTP
protocols, where IP address leases were given for infinite time and as networks evolved, BOOTP
faced a restriction as to additional information needed to support different options for proper
operation of network devices. Due to the backward compatibility of DHCP, very few networks
continue to use only BOOTP. RFC 2131 (March 1997) provides the most commonly
implemented DHCP definition. This implementation is widely used and has proven to be
interoperable across multiple vendor platforms and operating systems. There are other definitions
of the protocol as defined in RFC 3315 (dated July 2003), which describes DHCPv6 (DHCP in
an IPv6 environment). New RFC’s such as RFC 3396 and RFC 4391 enhance the capabilities of
DHCP. Some of these options are not widely implemented.

As described earlier, the Dynamic Host Configuration Protocol (DHCP) automates the
assignment of IP addresses, subnet masks, default gateway, DNS servers and other IP parameters.

4 To keep the unique IP address assignment, network administrators must ensure no manual IP addresses are set and there is only

one DHCP server on the network (or on a VLAN.)

86
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

When a DHCP configured machine boots up or regains connectivity after a power outage or
network outage, the DHCP client sends a query requesting necessary information from a DHCP
server. The DHCP server listens for such requests and responds back to the client providing
information such as the default gateway, the domain name, the DNS servers, other servers such as
time servers, extent of the lease and more. The query is typically initiated immediately after
booting up and must be completed before the client can initiate IP-based communication with
other hosts. The DHCP server replies to the client with an IP address, subnet mask, default
gateway, and other requested information such as DNS server and more.

Modes of Operation
DHCP provides three modes for allocating IP addresses. The best-known mode is dynamic,
where the client is provided a lease on an IP address for a period of time. Depending on the
stability of the network, this could range from hours (a wireless network at an airport or guest
access in an office) to months (for desktops in a lab or in an office.) At any time before the lease
expires, the DHCP client can request renewal of the lease on the current IP address. A properly-
functioning client will use the renewal mechanism to maintain the same IP address throughout its
connection to a single network. Maintaining the same IP address is important to correct
functioning of higher-layer protocols and applications. However, if the lease actually expires, the
client must initiate a new negotiation of an IP address from the server's pool of addresses. As part
of the negotiation, it can request its expired IP address, but there are no guarantees that it will get
the same IP address. Many ISP’s today provide internet connectivity to the home over DSL or
cable modems using the DHCP protocol to better utilize the IP space. The DSL router or the
cable modem follows the same principles to allocate and reuse the IP address described above.

The second mode for allocation of IP addresses is automatic (also known as DHCP Reservation),
where the address is permanently assigned to a client. In this mode an IP address is reserved
based on the MAC address of the device. When the lease expires, the same IP address is allocated
back to the client as long as the MAC address matches. This guarantees the same IP address even
after a power outage or a reboot5. The network administrators need to change the MAC address
should they want to reallocate the IP address to a different device. This reservation method is
widely used to allocate IP addresses to a specific zone or a subnet.

The third mode for allocation is manual, in which the address is selected at the client, manually by
the user or by some other means, and the DHCP protocol messages are used to inform the server
that the address has been allocated. The manual mode is rarely used as it requires human
intervention. Most administrators prefer to use static IP addresses that are allocated for such
purposes, instead of using the manual mode.

Allocating specific IP address for specific networks or VLANs also aids in securing the network.
Firewall rules or access rules can be written and designed for specific address ranges, which are

5 This is true as long as the DHCP server is accessible and responds to the query.

87
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

allocated out by the DHCP server. Since the allocation is automated and controlled, the network
manager can leverage this automation for security automation as well.

Technical Details
Since the DHCP client evolved from BOOTP, the DHCP protocol uses the same two IANA
assigned ports as BOOTP: 67/udp for the server side, and 68/udp for the client side. For DHCP
to function across a firewall including those on PCs or end devices, it is important to unblock or
allow these ports to be used by the device.

DHCP operations fall into four basic operations. These operations are:
1) IP lease request
2) IP lease offer
3) IP lease selection and
4) IP lease acknowledgement.

These operations are shown in the figure below:

DHCP Discovery
The client broadcasts on the physical subnet to find available servers. Network administrators can
configure a local router to forward DHCP packets to a DHCP server on a different subnet. This
client-implementation creates a UDP packet with the broadcast destination of 255.255.255.255 or
subnet broadcast address.

88
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

A client can also request its last-known IP address. If the client is still in a network where this IP
is valid, the server might grant the request. Otherwise, it depends whether the server is set up as
authoritative or not. An authoritative server will deny the request, making the client ask for a new
IP immediately. A non-authoritative server simply ignores the request, leading to an
implementation dependent time out for the client to give up on the request and ask for a new IP.

DHCP Offers
When a DHCP server receives an IP lease request from a client, it extends an IP lease offer. This
is done by reserving an IP address for the client and sending a DHCPOFFER message across the
network to the client. This message contains the client's MAC address, followed by the IP address
that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP
server making the offer. The server determines the configuration, based on the client's hardware
address as specified in the CHADDR field. The server specifies the IP address in the YIADDR
field.

DHCP Request
When the client PC receives an IP lease offer, it must tell all the other DHCP servers that it has
accepted an offer. To do this, the client broadcasts a DHCPREQUEST message containing the
IP address of the server that made the offer. When the other DHCP servers receive this message,
they withdraw any offers that they might have made to the client. They then return the address
that they had reserved for the client back to the pool of valid addresses that they can offer to
another computer. Any number of DHCP servers can respond to an IP lease request, but the
client can only accept one offer per network interface card.

DHCP Acknowledgement
When the DHCP server receives the DHCPREQUEST message from the client, it initiates the
final phase of the configuration process. This acknowledgement phase involves sending a
DHCPACK packet to the client. This packet includes the lease duration and any other
configuration information that the client might have requested. At this point, the TCP/IP
configuration process is complete. The server acknowledges the request and sends the
acknowledgement to the client. The system as a whole expects the client to configure its network
interface with the supplied options.

89
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

DHCP Information
The client sends a request to the DHCP server: Either to request more information than the
server sent with the original DHCP ACK; or to repeat data for a particular application. Such
queries do not cause the DHCP server to refresh the IP expiration time in its database.

DHCP Release
The client sends a request to the DHCP server to release the DHCP and the client releases its IP
address as well. The DHCP protocol does not define the sending of DHCP Release as mandatory,
as the release of IP address is up to the client.

Client Configuration
A DHCP server can provide optional configuration parameters to the client. RFC 2132 defines
the available DHCP options, which are summarized here. Defined by Internet Assigned Numbers
Authority (IANA) - DHCP and BOOTP PARAMETERS.

Option 82
Option 82 was designed to allow a DHCP Relay Agent to insert circuit specific information into a
request that is being forwarded to a DHCP server. Specifically the option works by setting two
sub-options: Circuit ID and Remote ID.
The Circuit ID sub-option is supposed to include information specific to which circuit the request
came in on. It's an identifier that is specific to the relay agent, so what kind of circuit is described
will vary depending on the relay agent. In an Ethernet-based network this is probably a port on a
switch.
The Remote ID sub-option was designed to carry information relating to the remote host end of
the circuit. In practice, this sub-option usually contains information that identifies the relay agent.
In the case of an Ethernet network, this is the MAC address of the relay agent.
In its default configuration, server. It is useful in statistical analysis, as well as, indicating where an
assigned IP address the DHCP Relay Agent Information Option passes along port and agent
information to a central DHCP physically connects to the network. It may also be used to make
DHCP decisions based on where the request is coming from or even which user is making the
request.

90
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

MNS-6K-SECURE Implementation
MNS-6K implements the DHCP server for MNS-6K-SECURE. The commands to implement
the DHCP server are:

Syntax - dhcpsrv <start|stop> - start or stop the DHCP server. By default, the server is off.

Syntax - config startip=<start ip> endip=<endip> mask=<mask> [dns=<dns1, dns2,

…dns10>] [gateway=<gateway>] [leasetime=<lease time(1..10 hours)>] – configure
the DHCP lease request parameters such as starting IP address, ending IP address, DNS server
parameters, default gateway IP address and lease time

Syntax – addlease ip=<ip> mac=<mac> [leasetime=<lease time (1..10)>] – add a specific host
with a specific IP address

Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device

Syntax - clear-reserveip ip=<ip> - clear the reverse IP assigned

Syntax - config dhcpserverip=<DHCP server IP> <add|del> port=<port|list|range> -

configure the DHCP server IP and add/delete DHCP services on specified ports on the switch

Syntax - dhcprly <start|stop> - start/stop the DHCP relay services

Syntax – show dhcprly <config|status> - display the DHCP relay services information

Syntax – show dhcpsrv <config|status|leases> - display the DHCP server configuration, leases as
well as status

DHCP Services are available for the default VLAN only. If DHCP services are
needed for other VLANs or routing is needed for VLANs, GarretttCom
recommends using the MNS-DX product family for such purposes.

Magnum10KT# dhcpserver

Magnum10KT(dhcpserver)## config ?
config : To set the starting ip and ending ip of DHCP server lease pool and
lease time

Usage
config startip=<start ip> endip=<end ip> mask=<mask> [dns=<dns>]
[gateway=<gateway>] [leasetime=<lease time(1..10 hours)>]

91
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(dhcpserver)## config startip=192.168.10.100 endip=192.168.10.200

mask=255.255.255.0 gateway=192.168.10.254 dns=172.168.15.1 leasetime=8

Magnum10KT(dhcpserver)## dhcpsrv start

DHCP Server Started Successfully

Magnum10KT(dhcpserver)## show dhcpsrv status

DHCP SERVER RUNNING

Magnum10KT(dhcpserver)## show dhcpsrv leases

DHCP Server Leases

IP MAC Expires(sec)
------------------------------------------------
192.168.10.100 00:20:06:a1:12:c3 Never
192.168.10.101 00:20:06:a1:12:25 Expired
Magnum10KT(dhcpserver)## show dhcpsrv config

DHCP Server Configuration

-------------------------
StartIP : 192.168.10.100
EndIP : 192.168.10.200
Mask : 255.255.255.0
DNS Server : 172.168.15.1
Gateway : 192.168.10.1
Lease time : 8 Hours
Magnum10KT(dhcpserver)## dhcpsrv stop

The Server takes few seconds to Stop.................................

Magnum10KT(dhcpserver)## exit

Magnum 10KT# dhcprelay

Magnum 10KT(dhcprelay)## config ?
config : To set the dhcp server ip and port list

Usage
config dhcpserverip=<dhcp server ip> <add|del> port=<port|list|range>

Groups: system

Magnum 10KT(dhcprelay)## dhcprly ?

dhcprelay : Starts or Stops
Usage
dhcprly <start|stop>
Groups: system
Magnum 10KT(dhcprelay)## show dhcprly ?
Usage

92
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

show dhcprly <config|status>

Groups: system
Magnum 10KT(dhcprelay)## config dhcpserverip=192.168.3.10 add port=5-8

Magnum 10KT(dhcprelay)## dhcprly start

Magnum 10KT(dhcprelay)## show dhcprly config

DHCP Relay Configuration

-----------------------------------------
DHCP Server IP : 192.168.3.10
DHCP Relay Port List : 5-8

Magnum 10KT(dhcprelay)## show dhcprly status

DHCP Relay Running

Magnum 10KT(dhcprelay)## dhcprly stop

The DHCP Relay takes few seconds to Stop..

Magnum 10KT(dhcprelay)## show dhcprly status

DHCP Relay Stopped

FIGURE55 – Setting up DHCP Server and DHCP Relay on MNS-6K-SECURE.

List of Commands In This Chapter

Syntax - dhcpsrv <start|stop> - start or stop the DHCP server. By default, the server is off

Syntax - config startip=<start ip> endip=<endip> mask=<mask> [dns=<dns1,

dns2,..dns10>] [gateway=<gateway>] [leasetime=<lease time(1..10 hours)>] –
configure the DHCP lease request parameters such as starting IP address, ending IP address, DNS server
parameters, default gateway IP address and lease time

Syntax – addlease ip=<ip> mac=<mac> [leasetime=<lease time (1..10)>] – add a specific host
with a specific IP address

Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device

Syntax - clear-reserveip ip=<ip> - clear the reverse IP assigned

Syntax - config dhcpserverip=<DHCP server IP> <add|del> port=<port|list|range> -

configure the DHCP server IP and add/delete DHCP services on specified ports on the switch

93
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax - dhcprly <start|stop> - start/stop the DHCP relay services

Syntax - show dhcprly <config|status> - display the DHCP relay services information

Syntax - show dhcpsrv <config|status|leases> - display the DHCP server configuration, leases as well
as status

94
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

6
6 – SNTP Server
Synchronizing the time…

A fter discussing how to setup an SNTP client in an earlier chapter, it is important to figure out
where the synchronizing server or the clock synchronization information comes from. This
chapter discusses the details on how a Magnum switch can be setup as a SNTP server.

SNTP - Prerequisites

It is assumed here that the user is familiar with issues on why time synchronization
is needed between systems on a network. If not, sooner or later the importance of
having the same time for logs, software updates, synchronized or scheduled
restarts etc. will be realized by the system administrator as well as the network administrator. If
the user is not familiar with the importance of time synchronization it is strongly recommended to
read up various articles available on the Internet on this topic.

SNTP Server is available only on MNS-6K-SECURE.

Not all models of the GarrettCom 6K family of switches support the SNTP server as this
functionality requires a clock that needs to be accurate. While all devices can be SNTP clients, a
select set of devices can be SNTP servers.

SNTP Server Overview

The standard timescale used by most nations of the world is Coordinated Universal Time (UTC),
which is based on the Earth's rotation about its axis. Time Zone offsets are typically set to the
UTC, including GMT, which is an approximation of UTC.

International Atomic Time (TAI, from the French name Temps Atomique International) is a
high-precision atomic time standard that tracks proper time on Earth's period. TAI is the
principal realization of Terrestrial Time, and the basis for Coordinated Universal Time (UTC)
which is used for civil timekeeping all over the Earth's surface. The Gregorian calendar, which is
based on the Earth's rotation about the Sun, uses the UTC to designate things such as time, date,

95
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

month, year etc. The UTC timescale is modified with respect to International Atomic Time or
Temps Atomique International (TAI) by inserting leap seconds at intervals of about 18 months.
UTC time is disseminated by various means, including radio and satellite navigation systems,
telephone modems and portable clocks.

In 1981 the time synchronization technology was documented in the now historic Internet
Engineering Note series as IEN-173. The first specification of a public protocol developed from
it appeared in RFC-778. The first deployment of the technology in a local network was as an
integral function of the Hello routing protocol documented in RFC-891, which survived for many
years in a network prototyping and test bed operating system called the Fuzzball. There was
considerable discussion during 1989 about the newly announced Digital Time Synchronization
Ser-vice (DTSS), which was adopted for the Enterprise network. The DTSS and NTP
communities had much the same goals, but somewhat different strategies for achieving them.
One problem with DTSS, as viewed by the NTP community, was a possibly serious loss of
accuracy, since the DTSS design did not discipline the clock frequency. The problem with the
NTP design, as viewed from the DTSS community, was the lack of formal correctness principles
in the design process.

Simple Network Protocol (SNTP) is described in RFC-1769 as well as in RFC-2030. SNTP is

compatible with NTP as implemented for the IPv4, IPv6 and OSI protocol stacks. SNTP has
been used in several standalone NTP servers integrated with GPS receivers.

The article from NIST http://tf.nist.gov/timefreq/service/pdf/computertime.pdf provides

details on time synchronization services as well as ports time synchronization services need to
communicate on. http://physics.nist.gov/GenInt/Time/time.html provides a walk through the
history of time and time synchronization on the NIST site. There are many other interesting
articles available on Internet.

Stratum Clocks
NTP uses a hierarchical system of clock stratum. The stratum levels define the distance from the
reference clock and exist to prevent cycles in the hierarchy. Note that this is different from the
notion of clock stratum used in telecommunications systems.
Stratum 0
These are devices such as atomic (cesium, rubidium) clocks, GPS clocks or other radio
clocks. Stratum-0 devices are not attached to the network; instead they are locally
connected to computers (e.g. via an RS-232 connection.) The atomic clock at the NIST
Denver facility is an example of the Stratum 0 clock.
Stratum 1
These are computers attached to Stratum 0 devices. Normally they act as time servers for
timing requests from Stratum 2 servers via NTP. These computers are also referred to as
time servers. Time servers from NIST and USNO are examples of Stratum 1 servers.
Stratum 2
These are computers that send NTP requests to Stratum 1 servers. Normally a Stratum 2
computer will reference a number of Stratum 1 servers and use the NTP algorithm to

96
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

gather the best data sample, dropping any Stratum 1 servers that seem obviously wrong.
Stratum 2 devices will peer with other Stratum 2 devices to provide more stable and
robust time for all devices in the peer group. Stratum 2 devices normally act as servers for
Stratum 3 NTP requests.
Stratum 3
These devices employ exactly the same NTP functions of peering and data sampling as
Stratum 2, and can themselves act as servers for lower strata, potentially up to 16 levels.
NTP (depending on what version of NTP protocol in use) supports up to 256 strata.

This is summarized in the figure below:

Stratum 0

Stratum 1

Stratum 2

Stratum 3
FIGURE56 – Different Stratum NTP servers.

Special purpose receivers are available for many time-dissemination services, including the Global
Position System (GPS) and other services operated by various national governments. For reasons
of cost and convenience, it is not possible to equip every computer with one of these receivers.
However, it is possible to equip some number of computers, routers or switches acting as primary
time servers to synchronize a much larger number of secondary servers and clients connected by a
common network.

Several Magnum 6K switches with MNS-6K-SECURE can act as Stratum 2 or

Stratum 3 servers. Make sure the SNTP client is configured to synchronize
information from other Stratum 1 or Stratum 2 servers.

97
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

www.ntp.org provides a list of NTP servers available by continent/country. For example, as of

this writing, for North America, http://www.north-america.pool.ntp.org has over 842 NTP
servers.

MNS-6K-SECURE Implementation
Syntax sntpserver – enter the SNTP Server configuration mode

Syntax sntpsrv <start|stop> - Start or stop the SNTP Services

Syntax show sntpsrv – display the status of SNTP server

The usage of the commands are shown below:

Magnum10KT# sntpserver
Magnum10KT(sntpserver)##
Magnum10KT(sntpserver)## sntpsrv ?
sntpserver : Starts or Stops

Usage
sntpsrv <start|stop>

Groups: system
Magnum10KT(sntpserver)## show sntpsrv

SNTP SERVER Running

Magnum10KT(sntpserver)## sntpsrv stop

Stopping SNTP Server...

SNTP Server Stopped.
Magnum10KT(sntpserver)## show sntpsrv

SNTP SERVER Stopped

Magnum10KT(sntpserver)## sntpsrv start

SNTP server started.

Magnum10KT(sntpserver)## show sntpsrv

SNTP SERVER Running

Magnum10KT(sntpserver)## exit
Magnum10KT#
FIGURE57 – Using the SNTP commands.

98
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

A Tech Brief on the GarrettCom web site describes how this capability can be used to
create time servers in a network. To review this tech brief, go to www.garrettcom.com
and click on Support  Software Support and look for Tech Briefs.

List of Commands In This Chapter

Syntax sntpserver – enter the SNTP Server configuration mode

Syntax sntpsrv <start|stop> - Start or stop the SNTP Services

Syntax show sntpsrv – display the status of SNTP server

99
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

7
7 – Access Considerations
Securing the switch access…

T his section explains how the access to the GarrettCom Magnum MNS-6K can be secured. Further
security considerations are also covered such as securing access by IP address or MAC address.

Securing Access

It is assumed here that the user is familiar with issues concerning security as well as
securing access for users and computers on a network. Secure access on a network can
be provided by authenticating against an allowed MAC address as well as IP address.

Passwords
Magnum 6K family of switches comes with a factory default password for the manager as well as
the operator account. Passwords can be changed from the user id by using the command set
password command.

Syntax set password

Example:

Magnum10KT# set password

Enter New Password :*******
Confirm New Password :*******
Password has been modified successfully
Magnum10KT#
FIGURE58 – Changing password for a given account.

Other details on managing users and the passwords are covered in Chapter 2 - User Management on
page 30.

100
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Port Security
The port security feature can be used to block computers from accessing the network by requiring
the port to validate the MAC address against a known list of MAC addresses. This port security
feature is provided on an Ethernet, Fast Ethernet, or Gigabit Ethernet port. In case of a security
violation, the port can be configured to go into the disable mode or drop mode. The disable mode
disables the port, not allowing any traffic to pass through. The drop mode allows the port to remain
enabled during a security violation and drop only packets that are coming in from insecure hosts.
This is useful when there are other network devices connected to the Magnum 6K family of
switches. If there is an insecure access on the secondary device, the Magnum 6K family of switches
allows the authorized users to continue to access the network; the unauthorized packets are dropped
preventing access to the network.

Network Security
Network security hinges on the ability to allow or deny access to network resources.
The access control aspect of secure network services involves allowing or disallowing
traffic based on information contained in packets, such as the IP address, MAC
address, or other content. Planning for access is a key architecture and design consideration. For
example, which ports are configured for port security? Normally rooms with public access like a
lobby or conference rooms should be configured with port security. Once that is decided, the next
few decisions are who are the authorized and unauthorized users? What action should be taken
against authorized as well as unauthorized users? How are the users identified as authorized or
unauthorized?

Configuring Port Security

Login as a Level 2 user or as a manager to configure port security. Once logged in, get to the port-
security configuration level to setup and configure port security.

Syntax port-security

For example:
Magnum10KT# configure port-security

Magnum10KT(port-security)##
FIGURE59 – Port security configuration mode.

Alternately, the following commands can also be used to enter the port-security configuration mode:

Magnum10KT# port-security

Magnum10KT(port-security)##
FIGURE60 – Port security configuration mode.

From the port-security configuration mode, the switch can be configured to:
1) Auto-learn the MAC addresses

101
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

2) Specify individual MAC addresses to allow access to the network

3) Validate or change the settings

The commands for doing the above actions are:

Syntax allow mac=<address|list|range> port=<num|list|range>

Syntax learn port=<number-list> <enable|disable>

Syntax show port-security

Syntax action port=<num|list|range> <none|disable|drop>

Syntax signal port=<num|list|range> <none|log|trap|logandtrap>

Syntax ps <enable|disable>

Syntax remove mac=<all|address|list|range> port=<num|list|range>

Syntax signal port=<num|list|range> <none|log|trap|logandtrap>

Where
allow mac – Configures the switch to setup allowed MAC addresses on specific ports.

learn port – Configures the switch to learn the MAC addresses associated with specific port
or a group of ports.

Show port-security – Shows the information on port security programmed or learned.

action port – Specifies the designated action to take in case of a non-authorized access.

ps – port security – Allows port security to be enabled or disabled.

remove mac – Removes specific or all MAC addresses from port security lookup.

signal port=<num|list|range> - Observe list of specified ports and notify if there is a

security breach on the list of port specified. The signal can be a log entry, a trap to the trap
receiver specified as part of the SNMP commands, where it is specified or both.

Note 1: There is a limitation of 200 MAC addresses per port and 500 MAC addresses
per Switch for Port Security.
Note 2: All the commands listed above have to be executed under the port-security
configuration mode.

102
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug]

|terminal |arp|portstats|addr] – clear command to clear various aspects of the MNS-6K
information – most notably clear addr – clears the addresses learned

Let’s look at a few examples:

Magnum10KT(port-security)## allow mac=00:c1:00:7f:ec:00,00:60:b0:88:9e:00 port=18

FIGURE61 – Port security – allowing specific MAC addresses on a specified port. (No spaces between specified
MAC addresses)

Magnum10KT(port-security)## action port=9,10 none

Magnum10KT(port-security)## learn port=9,10 enable
FIGURE62 – Port security - the port learns the MAC addresses. Note a maximum of 200 MAC addresses can
be learnt per port and a maximum of 500 per switch. Also, the action on the port must be set to none before the
port learns the MAC address information.

Magnum10KT(port-security)## ps enable
Port Security is already enabled
Magnum10KT(port-security)## ps disable
Port Security Disabled
Magnum10KT(port-security)## ps enable
Port Security Enabled
FIGURE63 – Enabling and disabling port security.

Magnum10KT(port-security)## show port-security

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------

9 ENABLE LOG NONE ENABLE 6 00:e0:29:2a:f1:bd

00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
10 ENABLE NONE NONE DISABLE 0 Not Configured
11 ENABLE NONE NONE DISABLE 0 Not Configured
12 ENABLE NONE NONE DISABLE 0 Not Configured
13 ENABLE NONE NONE DISABLE 0 Not Configured
14 ENABLE NONE NONE DISABLE 0 Not Configured
15 ENABLE NONE NONE DISABLE 0 Not Configured
16 ENABLE NONE NONE DISABLE 0 Not Configured

Magnum10KT(port-security)##
FIGURE64 – Viewing port security settings on a switch. On port 9, learning is enabled. This port has 6 stations
connected to it with the MAC addresses as shown. Other ports have learning disabled and the MAC addresses are
not configured on those ports.

103
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(port-security)## learn port=11 enable

Port Learning Enabled on selected port(s)
Magnum10KT(port-security)## show port-security

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------

9 ENABLE LOG NONE ENABLE 6 00:e0:29:2a:f1:bd

00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
10 ENABLE NONE NONE DISABLE 0 Not Configured
11 ENABLE NONE NONE ENABLE 0 Not Configured
12 ENABLE NONE NONE DISABLE 0 Not Configured
13 ENABLE NONE NONE DISABLE 0 Not Configured
14 ENABLE NONE NONE DISABLE 0 Not Configured
15 ENABLE NONE NONE DISABLE 0 Not Configured
16 ENABLE NONE NONE DISABLE 0 Not Configured

Magnum10KT(port-security)##
FIGURE65 – Enabling learning on a port. Note after the learning is enabled, the port security can be queried to
find the status of MAC addresses learned. If there were machines connected to this port, the MAC address would be
shown on port 11 as they are shown on port 9.

Magnum10KT(port-security)## allow mac=00:c1:00:7f:ec:00 port=9,11,13

Specified MAC address(es) allowed on selected port(s)

Magnum10KT(port-security)## show port-security port=9,11,13

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------
9 ENABLE LOG NONE ENABLE 6 00:e0:29:2a:f1:bd
00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
00:c1:00:7f:ec:00
11 ENABLE NONE NONE ENABLE 0 00:c1:00:7f:ec:00
13 ENABLE NONE NONE DISABLE 0 00:c1:00:7f:ec:00
FIGURE66 – Allowing specific MAC address on specific ports. After the MAC address is specified, the port or
specific ports or a range of ports can be queried as shown.

Magnum10KT(port-security)## remove mac=00:c1:00:7f:ec:00 port=13

Specified MAC address(es) removed from selected port(s)

Magnum10KT(port-security)## show port-security port=13

104
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ----- ------ ----- ----- -----------
13 ENABLE LOG NONE ENABLE 0 Not Configured

Magnum10KT(port-security)##
FIGURE67 – Removing a MAC address from port security.

Magnum10KT(port-security)## signal port=11 logandtrap

Port security Signal type set to Log and Trap on selected port(s)
FIGURE68 – Setting the logging on a port.

The figures listed above show the necessary commands to setup port security. The recommended steps to
setup security are:
1) Set the MNS-6K software to allow port security commands. Use the port-security command.
2) Enable port security. Use the enable ps command.
3) Enable learning on the required ports. Use the learn port=11 enable command for port 11.
4) Verify learning is enabled and the MAC addresses are being learned on required ports. Use the
show port-security port=11 command.
5) Save the port-security configuration. Use the save command.
6) Disable learning on the required ports. Use the learn port=11,15 disable command.
7) Optional step: Add any specific MAC addresses, if needed, to allow designated devices to access
the network. Use the add mac=00:c1:00:7f:ec:00 port=11,15 command.
8) Disable access to the network for unauthorized devices. Use the action port=11 <diable|drop>
depending on if the port should be disabled or the packet dropped. Follow that with the show
port-security command to verify the setting.
9) Optional step: Set the notification to notify the management station on the security breach
attempts. Use the command signal port to make a log entry or to send a trap.

Magnum10KT# port-security

Magnum10KT(port-security)## ps enable

Port Security is already enabled

Magnum10KT(port-security)## learn port=11 enable

Port Learning Enabled on selected port(s)

Magnum10KT(port-security)## show port-security

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------
9 ENABLE LOG NONE ENABLE 6 00:e0:29:2a:f1:bd
00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
10 ENABLE NONE NONE DISABLE 0 Not Configured

105
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

11 ENABLE NONE NONE ENABLE 0 00:c1:00:7f:ec:00

12 ENABLE NONE NONE DISABLE 0 Not Configured
13 ENABLE NONE NONE DISABLE 0 Not Configured
14 ENABLE NONE NONE DISABLE 0 Not Configured
15 ENABLE NONE NONE DISABLE 0 Not Configured
16 ENABLE NONE NONE DISABLE 0 Not Configured

Magnum10KT(port-security)## save

Saving current configuration

Configuration saved
Magnum10KT(port-security)## learn port=11 disable

Port Learning Disabled on selected port(s)

Magnum10KT(port-security)## action port=11 drop

Port security Action type set to Drop on selected port(s)

Magnum10KT(port-security)## show port-security port=11

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ----- ------ ----- ----- -----------
11 ENABLE NONE DROP DISABLE 0 00:c1:00:7f:ec:00

Magnum10KT(port-security)## signal port=11 logandtrap

Port security Signal type set to Log and Trap on selected port(s)
Magnum10KT(port-security)## exit

Magnum10KT#
FIGURE69 – Steps for setting up port security on a specific port.

Once port security is setup, it is important to manage the log and review the log often. If the signals are
sent to the trap receiver, the traps should also be reviewed for intrusion and other infractions.

Syslog and Logs

Logs are available on MNS-6K as well as MNS-6K-SECURE. Syslog functionality is

a feature of MNS-6K-SECURE.

All events occurring on the Magnum 6K family of switches are logged. These logs are in compliance
with the definitions of RFC 3164, though not all the nuances of the syslog are implemented as

106
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

specified by the RFC. What is done with each individual message, to quote the RFC, will depend on
individual company policies.

An administrator may want to have all messages stored locally as well as to have all messages of a
high severity forwarded to another device. It may be appropriate to also have messages from a
particular facility sent to some or all of the users of the device and displayed on the system console.

“However the administrator decides to configure the disposition of the event messages, the process
of having them sent to a syslog collector generally consists of deciding which facility messages and
which severity levels will be forwarded, and then defining the remote receiver. For example, an
administrator may want all messages that are generated by the mail facility to be forwarded to one
particular event message collector. Then the administrator may want to have all kernel generated
messages sent to a different syslog receiver while, at the same time, having the critically severe
messages from the kernel also sent to a third receiver. It may also be appropriate to have those
messages displayed on the system console as well as being mailed to some appropriate people, while
at the same time, being sent to a file on the local disk of the device. Conversely, it may be
appropriate to have messages from a locally defined process only displayed on the console but not
saved or forwarded from the device. In any event, the rules for this will have to be generated on the
device. Since the administrators will then know which types of messages will be received on the
collectors, they should then make appropriate rules on those syslog servers as well.” – RFC 3164

The events can be as shown below:

Code Description
0 Emergency or Fatal: System is unusable – called fatal in the
show log command.
1 Alert: Action must be taken immediately.
2 Critical: Critical conditions
3 Error: Error conditions
4 Warning: Warning conditions
5 Notice: Normal but significant condition – called note in show
log command.
6 Informational: Informational messages
7 Debug: Debug-level messages

The above categories are defined for MNS as:

Fatal Or Emergency
Alert Same as Alert
Crit Or Critical
Error Same as Error
Warn Or Warning

107
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Note Or Notice
Info Or Informational
Debut Same as Debug

For example: show log [fatal|alert|crit|error|warn|note|info|debug]

A few points to note about logs:

• By default, the logging is limited to the first six levels.
• The event log is now automatically saved to flash, so rebooting will not loose them. Note: Since
the event logs are written on the flash, once the flash memory is full, the logs stop writing. It is
important to erase the log periodically or use syslog capability to download the logs to a syslog
server. Syslog is available on MNS-6K-SECURE only.
• The event log now includes more information, because of the additional flexibility built into the
log engine. For example, it now logs the IP address and user name of a remote user login.
• The log size parameter is now redefined as the max size of the log that is saved to the flash.
More events might appear in the log as they happen, but the whole list will be trimmed to the
specified max size when a save command is issued, or the system rebooted.

These logs are in compliance with the definitions of RFC 3164, though not all the nuances of the
syslog are implemented as specified by the RFC.

The show log command displays the log information and the clear log command clears the log
entries.

Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – displays the log

Syntax clear log [fatal|alert|crit|error|warn|note|info|debug]– clears the log

Syntax set logsize size=<1-1000> - set the number of lines to be collected in the log before the oldest
record is re-written

Syntax syslog – syslog context commands

Syntax server add host=<host|ip> [port=<port>] [event=<all|none|default|list>] –

add a syslog server. Maximum of five servers can be defined.

Syntax server edit id=<id> [host=<host|ip>] [port=<port>]

[event=<all|none|default|list>] - edit the server setup and which syslog messages the server should
receive

Syntax server del id=<id> - delete a Syslog server

108
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax server <enable|disable> id=<id> - enable or disable the log messages being sent to a syslog
server

Syntax syslog <enable|enable> - enable or disable the syslog messages

Syntax show syslog – display the syslog settings

Magnum10KT# show log

S Date Time Log Description
-- ------- ------- ----------------------------
Note 06-17-2007 09:57:27 P.M CLI:Session Timed Out for User manager on Telnet:
Note 06-17-2007 09:57:27 P.M CLI:Session Term. User manager on Telnet:
Note 06-17-2007 10:00:06 P.M CLI:Session Started from Telnet: 192.168.5.2
Note 06-17-2007 10:00:12 P.M CLI:User manager Login From Telnet: 192.168.5.2
Note 06-17-2007 10:08:58 P.M CLI:User manager Logout From Telnet: 192.168.5.2
Note 06-17-2007 10:08:58 P.M CLI:Session Term. User manager on Telnet:
Note 01-01-2001 12:00:00 A.M SYSMGR:System Was Rebooted By power cycle
Note 01-01-2001 12:00:00 A.M SNTP:System Clock Set to Default
Note 01-01-2001 12:01:32 A.M WEB:Session Started from SWM: 192.168.5.2
Note 01-01-2001 12:01:47 A.MWEB:User manager Login From SWM: 192.168.5.2
Note 01-01-2001 12:04:16 A.M SYSMGR:Loaded Application Ver 3.7
Note 01-01-2001 12:00:00 A.M SYSMGR:System Was Rebooted By HW Watchdog
Note 01-01-2001 12:00:00 A.M SNTP:System Clock Set to Default
Note 01-01-2001 12:01:13 A.M WEB:Session Started from SWM: 192.168.5.2
Note 01-01-2001 12:01:25 A.M WEB:User manager Login From SWM: 192.168.5.2
Note 06-23-2007 09:57:01 A.M SNTP:System Time Zone Set to -08:00
Note 06-23-2007 05:59:02 P.M SNTP:SNTP Client Started
Note 06-23-2007 05:59:09 P.M SNTP:SNTP Time Synchronized
Note 06-23-2007 05:59:10 P.M SNTP:SNTP Time Synchronized
Note 06-23-2007 05:59:36 P.M CLI:Session Started from Telnet: 192.168.5.2
Note 06-23-2007 05:59:39 P.M SNTP:SNTP Time Synchronized
Note 06-23-2007 05:59:40 P.M SNTP:SNTP Time Synchronized
Note 06-23-2007 05:59:49 P.M CLI:User manager Login From Telnet: 192.168.5.2
Note 06-23-2007 06:11:32 P.M CLI:Session Timed Out for User manager onTelnet:
Note 06-23-2007 06:11:32 P.M CLI:Session Term. User manager on Telnet:
Note 06-23-2007 06:18:05 P.M CLI:Session Started from Telnet: 192.168.5.2
Note 06-23-2007 06:18:16 P.M CLI:User manager Login From Telnet: 192.168.5.2

Magnum10KT# clear log

Clear Logged Events? [ 'Y' or 'N'] Y

Magnum10KT# show log

Magnum10KT# show syslog

SysLog Status: Disabled

No Syslog Servers Configured.

Local Log Events : Default

Magnum10KT# syslog
Magnum10KT (syslog)## server ?

109
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Usage
server add host=<host|ip> [port=<port>]event=<all|none|default|list>]
server edit id=<id> [port=<port>] [event=<all|none|default|list>]
server del id=<id>
server <enable|disable> id=<id>

Magnum10KT (syslog)## server add host=192.168.5.2

Server Added
The start of setting up
the syslog capabilities,
Magnum10KT (syslog)## show syslog
a feature of MNS-6K-
SECURE.
SysLog Status: Disabled

Server ID: 1
SysLog Server Host : 192.168.5.2
Server Logging : Disabled
Log Events : Default

Local Log Events : Default

Magnum10KT (syslog)## server add host=192.168.5.98

Server Added
Magnum10KT (syslog)## show syslog

SysLog Status: Disabled

Server ID: 1
SysLog Server Host : 192.168.5.2
Server Logging : Disabled
Log Events : Default

Server ID: 2
SysLog Server Host : 192.168.5.98
Server Logging : Disabled
Log Events : Default

Local Log Events : Default

Magnum10KT (syslog)## server edit id=2 event=warn

Server Modified
Magnum10KT (syslog)## show syslog

SysLog Status: Enabled

Server ID: 1
SysLog Server Host : 192.168.5.2
Server Logging : Disabled
Log Events : Default

Server ID: 2

110
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

SysLog Server Host : 192.168.5.98

Server Logging : Disabled
Log Events : warn

Local Log Events : Default

Magnum10KT (syslog)## server del id=1

Server Deleted
Magnum10KT (syslog)## show syslog

SysLog Status: Disabled

Server ID: 2
SysLog Server Host : 192.168.5.98
Server Logging : Disabled
Log Events : warn

Local Log Events : Default

Magnum10KT (syslog)## server enable id=2

Server Enabled
Magnum10KT (syslog)## show syslog

SysLog Status : Disabled

Server ID: 2
SysLog Server Host : 192.168.5.98
Server Logging : Enabled
Log Events : warn

Local Log Events : Default

Magnum10KT (syslog)## syslog enable

SysLog Enabled

Magnum10KT (syslog)## show syslog

SysLog Status : Enabled

Server ID: 2
SysLog Server Host : 192.168.5.98
Server Logging : Enabled
Log Events : warn

Local Log Events : Default

Magnum10KT (syslog)## exit

FIGURE70 – Show log and clear log command. Note the logs are in the syslog format. The syslog commands are also
displayed.

111
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The log shows the most recent event at the top of the listing. If the log is filled when the switch detects a
new event, the oldest entry is dropped off the listing.

As discussed in the prior section, any port can be set to monitor security as well as make a log of the
events that take place. The logs for the events are stored on the switch. When the switch detects an
event on a port, it sets an “alert flag” for that port and makes the event information available.

The default log size is fifty rows. To change the log size, use the set logsize
command.

When the switch detects an intrusion attempt on a port, it records the date and time stamp, the
MAC address, the port on which the access was attempted and the action taken by MNS-6K
software. The event log lists the most recently detected security violation attempts. This provides a
chronological entry of all intrusions attempted on a specific port.
The event log records events as single-line entries listed in chronological order, and serves as a tool
for isolating problems. Each event log entry is composed of four fields:
• Severity – the level of severity (see below)
• Date – date the event occurred. See Chapter 3 - Date and Time on page 53.
• Time – time the event occurred.
• Log Description – description of the event as detected by the switch.

• Severity is one of eight severities described at the beginning of this section.

Authorized Managers

This feature is available in MNS-6K-SECURE.

Just as port security allows and disallows specific MAC addresses from accessing a
network, the MNS-6K software can allow or block specific IP addresses or a range of IP
addresses to access the switch. The command used for that is:

Syntax access – access configuration mode

Syntax allow ip=<ipaddress> mask=<netmask> service=<name|list> - authorize

managers

112
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax deny ip=<ipaddress> mask=<netmask> service=<name|list> - deny access to

a specific IP address(s) or a subnet
Syntax remove ip=<ipaddress> mask=<netmask> - remove specific IP address(s) or subnet
Syntax removeall - remove all managers

Syntax show ip-access – display list of authorized managers

access – context are the access commands

allow – allow specified services for specified IP addresses – IP addresses can be individual
stations, a group of stations or subnets. The range is determined by the IP address and
netmask settings.
deny – deny specified services for specified IP addresses – IP addresses can be individual
stations, a group of stations or subnets. The range is determined by the IP address and
netmask settings.
remove – eliminate specified entry from the authorized manager list
removeall – remove all authorized managers
service – the services allowed or denied are telnet, web and SNMP

It is assumed here that the user is familiar with IP addressing schemes, (Class A, B, C etc.),
subnet masking and masking issues such as how many stations are allowed for a given
subnet mask.

In the examples, any computer on 192.168.5.0 network is allowed. Note how the subnet mask is
used to indicate that. Also a specific station with IP address 192.168.15.25 is allowed. Again note
how the subnet mask is used to allow only one specific station in the network. An older station with
the IP address 192.168.15.15 is removed.

Magnum10KT# access

Magnum10KT(access)## allow ip=192.168.5.0 mask=255.255.255.0 service=telnet

Service(s) allowed for specified address

Magnum10KT(access)## allow ip=192.168.15.25 mask=255.255.255.255 service=telnet

Service(s) allowed for specified address

Magnum10KT(access)## remove ip=192.168.15.15 mask=255.255.255.255

Access entry removed

Magnum10KT(access)## exit

113
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show ip-access

==========================================================================
IP Address | Mask | Telnet | Web | SNMP |
==========================================================================
192.168.5.0 255.255.255.0 ALLOWED DENIED DENIED
192.168.15.25 255.255.255.255 ALLOWED DENIED DENIED

FIGURE71 – Steps to allow deny or remove specific services.

List of Commands In This Chapter

Syntax set password – set or change password
Syntax configure port-security – sets the port authorization based on MAC addresses
Syntax port-security – configure port security settings
Syntax allow mac=<address|list|range> port=<num|list|range> - specify a specific MAC
address or MAC address list
Syntax learn port=<number-list> <enable|disable> - learn MAC addresses connected to the
Magnum 6K switch
Syntax show port-security – display port security settings
Syntax action port=<num|list|range> <none|disable|drop> - action to perform in case of
breach of port security
Syntax signal port=<num|list|range> <none|log|trap|logandtrap> - port to monitor and
signal to send in case of breach of port security
Syntax ps <enable|disable> - enable or disable port security
Syntax remove mac=<all|address|list|range> port=<num|list|range> - remove a MAC
address entry
Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – display the log

Syntax clear log [fatal|alert|crit|error|warn|note|info|debug]– clear the log

Syntax set logsize size=<1-1000> - set the number of line to be collected in the log before the oldest
record is re-written

Syntax syslog – syslog context commands

Syntax server add host=<host|ip> [port=<port>] [event=<all|none|default|list>] –

add a syslog server. Maximum of five servers can be defined

Syntax server edit

id=<id>[host=<host|ip>][port=<port>][event=<all|none|default|list>] -
edit the server setup as well as which syslog messages the server should receive

114
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax server del id=<id> - delete a Syslog server

Syntax server <enable|disable> id=<id> - enable or disable the log messages being sent to a
syslog server

Syntax syslog <enable|enable> - enable (or disable) the syslog messages

Syntax show syslog – display the syslog settings

Syntax access – setup access configuration parameters

Syntax allow ip=<ipaddress> mask=<netmask> service=<name|list> - allow specific
IP address or range of addresses as a trusted host(s)
Syntax deny ip=<ipaddress> mask=<netmask> service=<name|list> - deny specific
IP address or range of IP addresses
Syntax remove ip=<ipaddress> mask=<netmask> - delete a specific IP address from the
access or trusted host list
Syntax removeall – remove all IP addresses of trusted hosts
Syntax show ip-access – display all trusted hosts
Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug]
|terminal |arp|portstats|addr] – clear command to clear various aspects of the MNS-6K
information – most notably “clear addr” – clears the addresses learnt or “clear log” to clear the logs
(and the type of logs)

115
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

8
8 – Access Using RADIUS
Using a RADIUS server to authenticate access…

T his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port Based
Network Access Control, defines a mechanism for port-based network access control that
makes use of the physical access characteristics of IEEE 802 LAN infrastructure. It
provides a means of authenticating and authorizing devices attached to LAN ports that have
point-to-point connection characteristics. It also prevents access to that port in cases where the
authentication and authorization fails. Although 802.1x is mostly used in wireless networks, this
protocol is also implemented in LANs. The Magnum 6K family of switches implements the
authenticator, which is a major component of 802.1x.

RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a server that has been
traditionally used by many Internet Service Providers (ISP) as well as Enterprises to
authenticate dial in users. Today, many businesses use the RADIUS server for authenticating users
connecting into a network. For example, if a user connects a PC into the network, whether the PC
should be allowed access or not provides the same issues as to whether or not a dial in user should be
allowed access into the network or not. A user has to provide a user name and password for
authenticated access. A RADIUS server is well suited for controlling access into a network by
managing the users who can access the network on a RADIUS server. Interacting with the server and
taking corrective action(s) is not possible on all switches. This capability is provided on the Magnum
6K family of switches.

RADIUS servers and its uses are also described by one or more RFCs.

802.1x
There are three major components of 802.1x: - Supplicant, Authenticator and Authentication
Server (RADIUS Server). In the figure below, the PC acts as the supplicant. The supplicant is an
entity being authenticated and desiring access to the services. The switch is the authenticator. The
authenticator enforces authentication before allowing access to services that are accessible via
that port. The authenticator is responsible for communication with the supplicant and for

116
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

submitting the information received from the supplicant to a suitable authentication server. This
allows the verification of user credentials to determine the consequent port authorization state. It
is important to note that the authenticator’s functionality is independent of the actual
authentication method. It effectively acts as a pass-through for the authentication exchange.

802.1x
Switch

Authenticator
Supplicant
Authentication
Server (RADIUS)

FIGURE72 – 802.1x network components

The RADIUS server is the authentication server. The authentication server provides a standard
way of providing Authentication, Authorization, and Accounting services to a network.
Extensible Authentication Protocol (EAP) is an authentication framework which supports
multiple authentication methods. EAP typically runs directly over data link layers such as PPP or
IEEE 802, without requiring IP. EAP over LAN (EAPOL) encapsulates EAP packets onto 802
frames with a few extensions to handle 802 characteristics. EAP over RADIUS encapsulates
EAP packets onto RADIUS packets for relaying to RADIUS authentication servers.

The details of the 802.1x authentication are shown below:

117
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE 73 – 802.1x authentication details

1. The supplicant (laptop/host) is initially blocked from accessing the network. The
supplicant wanting to access these services starts with an EAPOL-Start frame.
2. The authenticator (Magnum 6K switch), upon receiving an EAPOL-start frame, sends a
response with an EAP-Request/Identity frame back to the supplicant. This will inform
the supplicant to provide its identity.
3. The supplicant then sends back its own identification using an EAP-Response/Identity
frame to the authenticator (Magnum 6K switch.) The authenticator then relays this to the
authentication server by encapsulating the EAP frame on a RADIUS-Access-Request
packet.
4. The RADIUS server will then send the authenticator a RADIUS-Access-Challenge
packet.
5. The authenticator (Magnum 6K switch) will relay this challenge to the supplicant using an
EAP-Request frame. This will request the supplicant to pass its credentials for
authentication
6. The supplicant will send its credentials using an EAP-Response packet.
7. The authenticator will relay using a RADIUS-Access-Request packet.
8. If the supplicant’s credentials are valid, RADIUS-Access-Accept packet is sent to the
authenticator.
9. The authenticator will then relay this on as an EAP-Success and provides access to the
network.
10. If the supplicant does not have the necessary credentials, a RADIUS-Access-Deny packet
is sent back and relayed to the supplicant as an EAP-Failure frame. The access to the
network continues to be blocked.

118
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The Magnum MNS-6K software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for port-
based authentication. The Magnum MNS-6K software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS
authentication server.

The Magnum MNS-6K software authenticator has the following characteristics:

• Allows control on ports using STP-based hardware functions. EAPOL frames are
Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.
• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS
server.
• Limits the authentication of a single host per port.
• The Magnum 6K family of switches provides the IEEE 802.1x MIB for SNMP
management.

Configuring Network Access

On enabling 802.1x ports, ensure the port that connects to the RADIUS servers is manually
authenticated. To authenticate the port, use the setport command. The CLI commands to
configure and perform authentication with a RADIUS server are:

Syntax auth - configuration mode to configure the 802.1x parameters

Syntax show auth <config|ports> - show the 802.1x configuration or port status

Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] - define the

RADIUS server – use UDP socket number if the RADIUS authentication is on port other than 1812

Syntax auth <enable|disable> - enables or disables the 802.1x authenticator function on MNS-6K
switch

Syntax setport port=<num|list|range> [status=<enable|disable>]

[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] - setting
the port characteristic for an 802.1x network

Syntax backend port=<num|list|range> supptimeout=<1-240>] [servertimeout=<1-

240>] [maxreq=<1-10>] - configure parameters for EAP over RADIUS

port – [mandatory] – port(s) to be configured

supptimeout – [optional] This is the timeout in seconds the authenticator waits for the
supplicant to respond back. Default value is 30 seconds. Values can range from 1 to 240
seconds.

119
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

servertimeout – [optional] This is the timeout in seconds the authenticator waits for the
backend RADIUS server to respond back. The default value is 30 seconds. Values can
range from 1 to 240 seconds.
maxreq – [optional] The maximum number of times the authenticator will retransmit an
EAP Request packet to the supplicant before it times out the authentication session. Its
default value is 2. It can be set to any integer value from 1 to 10.

Syntax portaccess port=<num|list|range> [quiet=<0-65535>] [maxreauth=<0-10>]

[transmit=<1-65535>] - set port access parameters for authenticating PCs or supplicants

port – [mandatory] – ports to be configured

quiet – [optional] This is the quiet period, the amount of time, in seconds, the supplicant
is held after an authentication failure before the authenticator retries the supplicant for
connection. The default value is 60 seconds. Values can range from 0 to 65535 seconds.
maxreauth – [optional] The number of re-authentication attempts that are permitted
before the port becomes unauthorized. Default value is 2. Values are integers and can
range from 0 to 10.
transmit – [optional] This is the transmit period, this is the time in seconds the
authenticator waits to transmit another request for identification from the supplicant.
Default value is 30. Values can be from 1 to 65535 seconds.

Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] -

set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or
PC

port – [mandatory] – ports to be configured

status – [optional] This enables/disables re-authentication
period – [optional] this is the re-authentication period in seconds. This is the time the
authenticator waits before a re-authentication process will be done again to the
supplicant. Default value is 3600 seconds (1 hour). Values can range from 10 to 86400
seconds.

Syntax show stats port=<num> - displays 802.1x related statistics

Syntax trigger-reauth port=<num|list|range> - manually initiate a re-authentication of supplicant

120
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Make sure there is no 802.1x or

RADIUS server defined. Note only
one RADIUS server can be defined
Magnum10KT# show auth config for the whole network.
802.1X Authenticator Configuration
========================================
Status : Disabled
UserAuthentication Status : Disabled

RADIUS Authentication Server The RADIUS server is on port #2.

============================== This port is authenticated manually. If
IP Address : 0.0.0.0 the RADIUS server is several hops
UDP Port : 1812 away, it may be necessary to
Shared Secret : authenticate the interconnection
ports. Note this command is
Magnum10KT# auth executed before the auth enable
command.
Magnum10KT(auth)## setport port=2 status=enable control=forceauth initialize=assert

This command is not necessary,

Successfully set port control parameter(s)
however is shown for completeness in
case there was a RADIUS server
Magnum10KT(auth)## auth disable defined and a previously set
802.1X Authenticator is disabled. authentication scheme.

Magnum10KT(auth)## authserver ip=192.168.1.239 secret=secret

Successfully set RADIUS Authentication Server parameter(s)

Magnum10KT(auth)##auth enable Enable the authentication

802.1X Authenticator is enabled.

Magnum10KT(auth)## show auth ports

Port Status Control Initialize Current State

================================================================
1 Enabled Auto Deasserted Authorized
2 Enabled ForcedAuth Asserted Unauthorized Port 2 is where
3 Enabled Auto Deasserted Authorized RADIUS server
4 Enabled Auto Deasserted Unauthorized is connected.
5 Enabled Auto Deasserted Unauthorized
6 Enabled Auto Deasserted Unauthorized
7 Enabled Auto Deasserted Unauthorized
8 Enabled Auto Deasserted Unauthorized
9 Enabled Auto Deasserted Unauthorized
10 Enabled Auto Deasserted Unauthorized
11 Enabled Auto Deasserted Unauthorized
12 Enabled Auto Deasserted Unauthorized
13 Enabled Auto Deasserted Unauthorized
14 Enabled Auto Deasserted Unauthorized
15 Enabled Auto Deasserted Unauthorized
16 Enabled Auto Deasserted Unauthorized
-- Port not available

121
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command included for

Magnum10KT(auth)## show auth config completeness – validate the
RADIUS server settings
802.1x Authenticator Configuration
========================================
Status : Enabled

RADIUS Authentication Server

Backend command is used for
========================================
setting characteristics of the
IP Address : 192.168.1.239
UDP Port : 1812 timeouts and number of
Shared Secret : secret requests before access is
denied.
Magnum10KT(auth)## backend port=2 supptimeout=45 servertimeout=60 maxreq=5
Successfully set backend server authentication parameter(s)

Magnum10KT(auth)## show port backend

Port Supp Timeout Server Timeout Max Request The authenticator waits for
(sec) (sec) the supplicant to respond
================================================= back for 45 seconds; the
1 30 30 2 authenticator waits for 60
2 45 60 5 seconds for the backend
3 30 30 2 RADIUS server to
4 30 30 2 respond back and the
5 30 30 2 authenticator will
6 30 30 2 retransmit an EAP request
7 30 30 2 packet 5 times to the
8 30 30 2 supplicant before it times
9 30 30 2 out the authentication
10 30 30 2 session.
11 30 30 2
12 30 30 2
13 30 30 2 The amount of time, in
14 30 30 2 seconds, the supplicant is
15 30 30 2 held after an authentication
16 30 30 2 failure before the
authenticator retries the
supplicant for connection is
Magnum10KT(auth)## portaccess port=2 quiet=120 maxreauth=7 transmit=120
changed to 120 seconds, the
Successfully set port access parameter(s) number of re-authentication
attempts that are permitted
Magnum10KT(auth)## show-port access before the Port becomes
Unauthorized is set to 7 and
Port Quiet Period Max Reauth Tx Period the time in seconds the
(sec) (sec) authenticator waits to
================================================= transmit another request for
1 60 2 30 identification from the
2 120 7 120 supplicant is changed to 120
3 60 2 30 seconds. These values can
4 60 2 30 be changed on all ports
5 60 2 30 depending on devices being
6 60 2 30 authenticated.
7 60 2 30
8 60 2 30
9 60 2 30

122
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

10 60 2 30
11 60 2 30
12 60 2 30
13 60 2 30
14 60 2 30
15 60 2 30
16 60 2 30 Force the
authentication
Magnum10KT(auth)## reauth port=1 status=enable period=300 period on port 1
every 5 minutes –
Successfully set re-authentication parameter(s) all other ports are
force authenticated
every hour as the
show-port reauth
command shows.
Magnum10KT(auth)## show-port reauth

Port Reauth Status Reauth Period (sec)

=================================================
1 Enabled 300
2 Enabled 3600
3 Enabled 3600
4 Enabled 3600
5 Enabled 3600
6 Enabled 3600
7 Enabled 3600
8 Enabled 3600
9 Enabled 3600
10 Enabled 3600
11 Enabled 3600
12 Enabled 3600
13 Enabled 3600
14 Enabled 3600
15 Enabled 3600
16 Enabled 3600

Magnum10KT(auth)## show-stats port=3

Port 3 Authentication Counters See FIGURE 73 on

authEntersConnecting : 3 page 118 for the
authEapLogoffsWhileConnecting : 0 meaning of these
authEntersAuthenticating : 3
authAuthSuccessesWhileAuthenticating : 2
authAuthTimeoutsWhileAuthenticating : 0
authAuthFailWhileAuthenticating : 0
authAuthReauthsWhileAuthenticating : 0
authAuthEapStartsWhileAuthenticating : 1
authAuthEapLogoffWhileAuthenticating : 0
authAuthReauthsWhileAuthenticated : 0
authAuthEapStartsWhileAuthenticated : 0
authAuthEapLogoffWhileAuthenticated : 0
backendResponses : 5
backendAccessChallenges : 2
backendOtherRequestsToSupplicant : 0

123
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

backendNonNakResponsesFromSupplicant : 2
backendAuthSuccesses : 2
backendAuthFails : 0

Magnum10KT(auth)## trigger-reauth port=3

Force re-authentication on
Successfully triggered re-authentication
port 3.

FIGURE74 – Securing the network with RADIUS using port access.

Configuring User Access

If a RADIUS server is available, user access to MNS-6K-SECURE can be controlled and managed via
the RADIUS server. The capability works the same way as the TACACS+ server. In this case the
existing RADIUS server is used instead of the TACACS+ server.

The command to enable RADIUS users is shown below:

Syntax userauth <enable|disable> - enable or disable user access to MNS-6K-SECURE by

authenticating the user against the RADIUS server.

To use the above command, please make sure the RADIUS servers are defined and RADIUS is
enabled.

Magnum10KT# auth
Here we assume the RADIUS
Magnum10KT(auth)## show auth config server is the same as used in
the prior example.
802.1x Authenticator Configuration
========================================
Status : Enabled

RADIUS Authentication Server

========================================
IP Address : 192.168.1.239
UDP Port : 1812 This command is not needed - repeated
Shared Secret : secret here for clarity - i.e. make sure the
server port is force authorized.
Magnum10KT(auth)## setport port=2 status=enable control=forceauth initialize=assert

Successfully set port control parameter(s)

Enable authentication via

Magnum10KT(auth)##auth enable RADIUS

124
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

802.1X Authenticator is enabled.

Enable user authentication via
RADIUS
Magnum10KT(auth)## userauth enable
User authentication enabled.

FIGURE75 – enabling user access using the RADIUS server.

List of Commands In This Chapter

Syntax auth - configuration mode to configure the 802.1x parameters

Syntax show auth <config|ports> - show the 802.1x configuration or port status

Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] - define the RADIUS

server – use UDP socket number if the RADIUS authentication is on port other than 1812

Syntax auth <enable|disable> - enables or disables the 802.1x authenticator function on MNS-6K
switch

Syntax setport port=<num|list|range> [status=<enable|disable>]

[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] - setting
the port characteristic for an 802.1x network

Syntax backend port=<num|list|range> supptimeout=<1-240>] [servertimeout=<1-

240>] [maxreq=<1-10>] - configure parameters for EAP over RADIUS

port – [mandatory] – port(s) to be configured

supptimeout – [optional] This is the timeout in seconds the authenticator waits for the
supplicant to respond back. Default value is 30 seconds. Values can range from 1 to 240
seconds.
servertimeout – [optional] This is the timeout in seconds the authenticator waits for the
backend RADIUS server to respond back. The default value is 30 seconds. Values can
range from 1 to 240 seconds.
maxreq – [optional] The maximum number of times the authenticator will retransmit an EAP
Request packet to the Supplicant before it times out the authentication session. Its default
value is 2. It can be set to any integer value from 1 to 10.

Syntax portaccess port=<num|list|range> [quiet=<0-65535>] [maxreauth=<0-10>]

[transmit=<1-65535>] - set port access parameters for authenticating PCs or supplicants

port – [mandatory] – ports to be configured

quiet – [optional] This is the quiet period, the amount of time, in seconds, the supplicant is
held after an authentication failure before the authenticator retries the supplicant for
connection. The default value is 60 seconds. Values can range from 0 to 65535 seconds.

125
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

maxreauth – [optional] The number of re-authentication attempts that are permitted

before the port becomes unauthorized. Default value is 2. Values are integers and can
range from 0 to 10.
transmit – [optional] This is the transmit period, this is the time in seconds the
authenticator waits to transmit another request for identification from the supplicant.
Default value is 30. Values can be from 1 to 65535 seconds.

Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-

86400>] -set values on how the authenticator (Magnum 6K switch) does the re-authentication with the
supplicant or PC

port – [mandatory] – ports to be configured

status – [optional] This enables/disables re-authentication
period – [optional] this is the re-authentication period in seconds. This is the time the
authenticator waits before a re-authentication process will be done again to the
supplicant. Default value is 3600 seconds (1 hour). Values can range from 10 to 86400
seconds.

Syntax show stats port=<num> - displays 802.1x related statistics

Syntax trigger-reauth port=<num|list|range> - manually initiate a re-authentication of supplicant

Syntax userauth <enable|disable> - enable or disable user access to MNS-6K-SECURE by

authenticating the user against the RADIUS server

126
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

9
9 – Access Using TACACS+
Using a TACACS+ server to authenticate access…

T his feature is available in MNS-6K-SECURE. TACACS+, short for Terminal Access Controller
Access Control System, protocol provides access control for routers, network access servers and
other networked computing devices via one or more centralized servers. TACACS+ provides separate
authentication, authorization and accounting services.

TACACS – Flavors and History

TACACS allows a client to accept a username and password and send a query to a
TACACS authentication server, sometimes called a TACACS daemon (server) or
simply TACACSD. This server was normally a program running on a host. The
host would determine whether to accept or deny the request and sent a response back.

The TACACS+ protocol is the latest generation of TACACS. TACACS is a simple UDP based
access control protocol originally developed by BBN for the MILNET (Military Network).
Cisco’s enhancements to TACACS are called XTACACS. XTACACS is now replaced by
TACACS+. TACACS+ is a TCP based access control protocol. TCP offers a reliable connection-
oriented transport, while UDP offers best-effort delivery.

TACACS+ improves on TACACS and XTACACS by separating the functions of

authentication, authorization and accounting and by encrypting all traffic between the Network
Access Server (NAS) and the TACACS+ clients or services or daemon. It allows for arbitrary
length and content authentication exchanges, which allows any authentication mechanism to be
utilized with TACACS+ clients. The protocol allows the TACACS+ client to request very fine-
grained access control by responding to each component of a request.

The Magnum 6K family of switches implements a TACACS+ client.

1. TACACS+ servers and daemons use TCP Port 49 for listening to client
requests. Clients connect to this port number to send authentication and
authorization packets.

127
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

2. There can be more than one TACACS+ server on the network. MNS-6K supports a
maximum of five TACACS+ servers.

TACACS+ Flow
TACACS works in conjunction with the local user list on the MNS-6K software operating system.
Please refer to Chapter 2 - Add User on page 30. The process of authentication as well as
authorization is shown in the flow chart below:

Start
Login as Operator

Login
No

Is User Manager? Yes User in Local

User List?

Yes

Login as Manager No

Logout TACACS+ Enabled?

No

Yes
Yes
Authentication failure Connection failure
Connect to Additional
Logout TACACS server to Servers?
authenticate

Authorized as Authenticated No
Operator or Logout
Authorization Failure TACACS+
Login as Operator
authorization

Authorized as
Manager
Login as Manager

FIGURE76 – Flow chart describing the interaction between local users and TACACS authorization.

128
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The above flow diagram shows the tight integration of TACACS+ authentication with the local
user-based authentication. There are two stages a user goes through in TACACS+. The first stage
is authentication where the user is verified against the network user database. The second stage is
authorization, where it is determined whether the user has operator access or manager privileges.

TACACS+ Packet
Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and are
not readable by protocol capture and sniffing devices such as EtherReal or others. Packet data is
hashed and shared using MD5 and secret string defined between the Magnum 6K family of
switches and the TACACS+ server.

32 bits wide
4 4 8 8 8 bits
Major Minor Packet type Sequence no. Flags
Version Version
Session ID
Length
FIGURE77 – TACACS packet format.

• Major Version – The major TACACS+ version number.

• Minor Version – The minor TACACS+ version number. This is intended to allow
revisions to the TACACS+ protocol while maintaining backwards compatibility
• Packet type – Possible values are:
TAC_PLUS_AUTHEN:= 0x01 (Authentication)
TAC_PLUS_AUTHOR:= 0x02 (Authorization)
TAC_PLUS_ACCT:= 0x03 (Accounting)
• Sequence number – The sequence number of the current packet for the current
session.
• Flags – This field contains various flags in the form of bitmaps. The flag values
signify whether the packet is encrypted.
• Session ID – The ID for this TACACS+ session.
• Length - The total length of the TACACS+ packet body (not including the header.)

Configuring TACACS+
CLI commands to configure TACACS+ are:

Syntax show tacplus <status|servers> - show status of TACACS or servers configured as TACACS+
servers

129
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax tacplus <enable|disable> [ order=<tac,local | local,tac>] - enable or disable TACACS

authentication, specifying the order the server or local database is looked up where tac,local implies, first
the TACAS+ server, then local logins on the device. Default order is Local then the TACACS+ server.
Syntax tacserver <add|delete> id=<num> [ip=<ip-addr>] [port=<tcp-port>]
[encrypt=<enable|disable>] [key=<string>] [mgrlevel=<level>]
[oprlevel=<level>] – adds a list of up to five TACACS+ servers where
<add|delete> – [mandatory] adds or delete a TACACS+ server
id=<num> – [mandatory] the order in which the TACACS+ servers should be polled for
authenticaton
[ip=<ip-addr>] – [mandatory for add] the IP address of the TACACS+ server
[port=<tcp-port>] – [optional for add] TCP port number on which the server is listening
[encrypt=<enable|disable>] – [optional for add] enable or disable packet encryption
[key=<string>] – [optional for add, mandatory with encrypt] when encryption is enabled,
the secret shared key string must be supplied
[mgrlevel=<level>] and [oprlevel=<level>] – [optional] specifies the manager and
operator level as defined on the TACACS+ server for the respective level of login

This command works in the user

configuration mode as well. Note
Magnum10KT# show tacplus servers maximum of five TACACS+ servers.

ID TACACS+ Server Port Encrypt Key

================================================
1 10.21.1.170 49 Enabled secret
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --

Magnum10KT# user To configure TACACS+ enter the user

configuration mode.
Magnum10KT(user)##
Check the status of TACACS+
Magnum10KT(user)## show tacplus status authentication. Note this command
was run in the user configuration
TACACS+ Status : Disabled mode.

Magnum10KT(user)## tacplus disable

TACACS+ Tunneling is disabled.

Magnum10KT(user)## tacserver add id=2 ip=10.21.1.123 encrypt=enable key=some

TACACS+ server is added.

Magnum10KT(user)## show tacplus servers

ID TACACS+ Server Port Encrypt Key

================================================
1 10.21.1.170 49 Enabled secret

130
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

2 10.21.1.123 49 Enabled some

3 -- -- -- --
4 -- -- -- --
5 -- -- -- --

Magnum10KT(user)## tacserver delete id=2

TACACS+ server is deleted.

Magnum10KT(user)## show tacplus servers

ID TACACS+ Server Port Encrypt Key

================================================
1 10.21.1.170 49 Enabled secret
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --

Magnum10KT(user)## tacplus enable

TACACS+ is enabled.

Magnum10KT(user)##
FIGURE78 – Configuring TACACS+

List of Commands In This Chapter

Syntax show tacplus <status|servers> - show status of TACACS or servers configured as
TACACS+ servers

Syntax tacplus <enable|disable> [ order=<tac,local | local,tac>] - enable or disable

TACACS authentication, specifying the order in which the server or local database is looked up where
tac,local implies, first the TACAS+ server, then local logins on the device

131
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax tacserver <add|delete> id=<num> [ip=<ip-addr>] [port=<tcp-port>]

[encrypt=<enable|disable>] [key=<string>] [mgrlevel=<level>]
[oprlevel=<level>] – adds a list of up to five TACACS+ servers where
<add|delete> – [mandatory] adds or delete a TACACS+ server
id=<num> – [mandatory] the order in which the TACACS+ servers should be polled for
authenticaton
[ip=<ip-addr>] – [mandatory for add] the IP address of the TACACS+ server
[port=<tcp-port>] – [optional for add] TCP port number on which the server is listening
[encrypt=<enable|disable>] – [optional for add] enable or disable packet encryption
[key=<string>] – [optional for add, mandatory with encrypt] when encryption is enabled,
the secret shared key string must be supplied
[mgrlevel=<level>] and [oprlevel=<level>] – [optional] specifies the manager and
operator level as defined on the TACACS+ server for the respective level of login

132
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

10
10 – Port Setup and Mirroring
Setup the ports for network speeds, performance as well as for monitoring…

T his section explains how individual characteristics of a port on the GarrettCom Magnum 6K
family of switches are setup. For monitoring a specific port, the traffic on a port can be mirrored
on another port and viewed by protocol analyzers. Other setup includes automatically setting up
broadcast storm prevention thresholds.

Port Monitoring and Mirroring

An Ethernet switch sends traffic from one port to another port, unlike a hub or a
shared network device, where the traffic is broadcast on each and every port.
Capturing traffic for protocol analysis or intrusion analysis can be impossible on a
switch unless all the traffic for a specific port is reflected on another port, typically a monitoring
port. The Magnum 6K family of switches can be instructed to repeat the traffic from one port
onto another port. This process - when traffic from one port is reflecting to another port - is
called port mirroring. The monitoring port is also called a sniffing port. Port monitoring becomes
critical for trouble shooting and for intrusion detection.

Port Mirroring
Monitoring a specific port can be done by port mirroring. Mirroring traffic from one port to
another port allows analysis of the traffic on that port. The commands for port mirroring are:

Syntax show port-mirror – displays the status of port mirroring

Syntax port-mirror - enter the port mirror configuration mode

Syntax setport monitor=<number|list|range> sniffer=<sniffer port number> -

setup a prot mirrior port

Syntax prtmr <enable|disable> - enable and disable port mirroring

133
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The set of commands show how port 11 is mirrored on port 13. Any traffic on port 11 is also
sent on port 13.

Magnum10KT# show port-mirror

Sniffer Port : 0
Monitor Port : 0
Mirroring State : disabled
Magnum10KT# port-mirror
Magnum10KT(port-mirror)## setport monitor=11 sniffer=13
Port 11 set as Monitor Port
Port 13 set as Sniffer Port
Magnum10KT(port-mirror)## prtmr enable
Port Mirroring Enabled
Magnum10KT(port-mirror)## exit
Magnum10KT# show port-mirror
Sniffer Port : 13
Monitor Port : 11
Mirroring State : enabled
Magnum10KT#
FIGURE79 – Enabling port mirroring.

Once port monitoring is completed, for security reasons, GarrettCom strongly recommends that
the port mirroring be disabled using the prtmr diable command.

1) More than one port can be set to port mirror at a time and traffic from
multiple ports can be captured on the single port.
2) Both the ports, the monitored port and sniffer port, have to belong to the
same VLAN.
3) The mirrored port shows both incoming as well as outgoing traffic.
4) When port mirror is active, to change the mirrored port, first disable port
mirror and then assign the new port as described above.
5) The N:1 mapping is available on the Magnum 10K family of switches at this
time.

Port Setup
Each port on the GarrettCom Magnum family of switches can be setup specific port
characteristics. The command for setting the port characteristics are:

Syntax device – enter the device configuration mode

134
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax setport port=<port|list|range> [name=<name>] [speed=<10|100>]

[duplex=<half|full>] [auto=<enable|disable>] [flow=<enable|disable>]
[bp=<enable|disable>] [ffi= <enable|disable>] [notify=<all|none|list>]
[status=<enable|disable>] [egress-rate=<rate|none>]
Where

device – sets up the Magnum 6K switch in the device configuration mode

name – assigns a specific name to the port. This name is a designated name for the port
and can be a server name, user name or any other name
speed – specifically sets the speed to be 10 or 100 Mbps. Note – this works only with
10/100 ports – with 10Mbps ports, the option is ignored. No error is shown. See speed
settings section below.
flow – sets up flow control on the port. See Flow Control section below
bp – back pressure – enables back pressure signaling for traffic congestion management
ffi – Enabling this feature causes the transmit fiber to be disabled on detection of loss of
signal on the receive fiber. MAC address is also flushed when the loss of signal is detected.
notify – option all enables all three methods, none disables all three methods. It also can
be a comma separated list of the option strings log, trap, and alarm.
status – disable – disables the port from operation
egress-rate – set the egress rate or unset it using the none keyword

Syntax show port [=<port number>] - displays port information

Syntax show modules - displays modules in different slots

In the example listed below, the ports 11 and 12 are given specific names. Ports 9 and 13 are
active, as shown by the link status. Port 13 is set to 100 Mbps – all other ports are set to 10 Mbps.
All ports are set with auto sensing speed.

Magnum10KT# device

Magnum10KT(device)## setport port=11 name=JohnDoe

Magnum10KT(device)## setport port=12 name=JaneDoe

Magnum10KT(device)## show port

Keys: E = Enable D = Disable

H = Half Duplex F = Full Duplex
M = Multiple VLAN's NA = Not Applicable
LI = Listening LE = Learning
F = Forwarding B = Blocking

Port Name Status Dplx Media Link Trunk Speed Poe Auto Vlan GVRP STP
----------------------------------------------------------------------
5 C1 E H 10Tx DOWN No 10 E E 1 - -
6 C2 E H 10Tx DOWN No 10 E E 1 - -
7 C3 E H 10Tx DOWN No 10 E E 1 - -
8 C4 E H 10Tx DOWN No 10 E E 1 - -
9 D E F 100Tx UP No 100E E 1 - -

135
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

10 D2 E H 10Tx DOWN No 10 E E 1 - -
11 JohnDoe E H 10Tx DOWN No 10 E E 1 - -
12 JaneDoe E H 10Tx DOWN No 10 E E 1 - -
13 E1 E H 10Tx DOWN No 10 No E 1 - -
14 E2 E H 10Tx DOWN No 10 No E 1 - -

Magnum10KT(device)## exit

Magnum10KT# show modules

SLOT DESCRIPTION
---- -----------
C 4 Port TP-MDIX POE Module
D 4 Port TP-MDIX POE Module
E 4 Port TP-MDIX Module
F 4 Port TP-MDIX Module
G 4 Port Fiber100 with IEEE1588
I 2 Port Fiber100 Module
J 2 Port Fiber100 Module

Magnum10KT#
FIGURE80 – Port setup and viewing modules. Note - the timing module is displayed with IEEE 1588 (slot G).

The port’s speed and duplex, data transfer operation settings are summarized below.

Speed Settings
Auto (default) – Senses speed and negotiates with the port at the other end of the link for data
transfer operation (half-duplex or full-duplex). Auto uses the IEEE 802.3u auto negotiation
standard for 100 Base-T networks. If the other device does not comply with the 802.3u standard,
then the port configuration on the switch must be manually set to match the port configuration
on the other devices.

Duplex Settings
Possible port setting combinations for copper ports are:
• 10 HDx: 10 Mbps, Half-Duplex
• 10 FDx: 10 Mbps, Full-Duplex
• 100 HDx: 100 Mbps, Half-Duplex
• 100 FDx: 100 Mbps, Full-Duplex

Possible port settings for 100 FX (fiber) ports are:

• 100 FDx (default): 100 Mbps, Full-Duplex
• 100 HDx: 100 Mbps, Half-Duplex

136
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Possible port settings for 10 FL (fiber) ports are:

• 10 HDx (default): 10 Mbps, Half-Duplex
• 10 FDx: 10 Mbps, Full-Duplex

Gigabit fiber-optic ports (Gigabit-SX and Gigabit-LX):

• 1000 FDx (default): 1000 Mbps (1 Gbps), Full Duplex only
• Auto: The port operates at 1000 FDx and auto-negotiates flow control with the device
connected to the port.

Back Pressure
Back Pressure is for half duplex operations and the controls provided indicates the number of
buffers allowed for incoming traffic before a xon/xoff message is sent.

Disabled (default): The port will not use back pressure based flow control mechanisms.
Enabled: The port uses 802.3 Layer 2 back off algorithms. Back pressure based congestion
control is possible only on half-duplex, 10 Mbps Ethernet ports. Other technologies are not
supported on Magnum 6K family of switches.

Syntax backpressure rxthreshold=<value>

where
rxthreshold value can be from 3 to 30. Default value is 28.

Syntax show backpressure

Backpressure and flowcontrol are to be used in networks in which all devices and
switches can participate in the flow control and back pressure recognition. In most
networks, these techniques are not used, as not all devices can participate in the
flow control methods and notifications. Alternately, QoS and other techniques are
widely used today.

In the example below, the Magnum 6K family of switches are setup with flow control and back
pressure.
Flow Control
Flow control is for full duplex operation and the controls provided indicates the number of
buffers allowed for incoming traffic before a Rxon or Rxoff information is sent. Rxon is sent
when the number of buffers used by the traffic falls below the specified level, default is 4. Rxoff is
sent when the number of buffers used goes above the specified value, default is 6. The
flowcontrol command is used to set the above thresholds. It does not enable or disable flow
control.

Disabled (default): The port will not generate flow control packets or drop received flow
control packets.
Enabled: The port uses 802.3x Link Layer Flow Control, generates flow control packets,
and processes received flow control packets.

137
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

With the port speed set to auto (the default) and flow control set to enabled; the
switch negotiates flow control on the indicated port. If the port speed is not set to
auto, or if flow control is disabled on the port, then flow control is not used.

To set flow control:

Syntax flowcontrol xonlimit=<value> xofflimit=<value>

where
xonlimit can be from 3 to 30, default value is 4
xofflimit from 3 to 127, default value is 6

Syntax show flowcontrol

Magnum10KT# device
Magnum10KT(device)## show flowcontrol
XOnLimit : 4
XOffLimit : 6
Magnum10KT(device)## flowcontrol xonlimit=10 xofflimit=15
XOn Limit set successfully
XOff Limit set successfully
Magnum10KT(device)## show flowcontrol
XOnLimit : 10
XOffLimit : 15
Magnum10KT(device)## show backpressure
Rx Buffer Threshold : 28
Magnum10KT(device)## backpressure rxthreshold=15
Rx Buffer Threshold set successfully
Magnum10KT(device)## show backpressure
Rx Buffer Threshold : 15
Magnum10KT(device)## show port

Keys: E = Enable D = Disable

H = Half Duplex F = Full Duplex
M = Multiple VLAN's NA = Not Applicable
LI = Listening LE = Learning
F = Forwarding B = Blocking
Port Name Status Dplx Media Link Trunk Speed Poe Auto Vlan GVRP STP
----------------------------------------------------------------------
5 C1 E H 10Tx DOWN No 10 E E 1 - -
6 C2 E H 10Tx DOWN No 10 E E 1 - -
7 C3 E H 10Tx DOWN No 10 E E 1 - -
8 C4 E H 10Tx DOWN No 10 E E 1 - -
9 D E F 100Tx UP No 100 E E 1 - -
10 D2 E H 10Tx DOWN No 10 E E 1 - -
11 JohnDoe E H 10Tx DOWN No 10 E E 1 - -
12 JaneDoe E H 10Tx DOWN No 10 E E 1 - -
13 E1 E H 10Tx DOWN No 10 No E 1 - -
14 E2 E H 10Tx DOWN No 10 No E 1 - -

138
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(device)## show port=11

Configuration details of port 11
--------------------------------------------------
Port Name : JohnDoe
Port Link State : DOWN
Port Type : TP Port
Port Admin State : Enable
Port VLAN Memberships : 1
Port Speed : 10Mbps
Port Duplex Mode : half-duplex
Port Auto-negotiation State : Enable
Port STP State : NO STP
Port GVRP State : No GVRP
Port Priority Type : None
Port Security : Enable
Port Flow Control : Disable (Admin Status : Disable)
Port Back Pressure : Disable
Port Events Notify : log,trap,alarm

Magnum10KT(device)## setport port=11 flow=enable bp=enable

Magnum10KT(device)## show port
Keys: E = Enable D = Disable
H = Half Duplex F = Full Duplex
M = Multiple VLAN's NA = Not Applicable
LI = Listening LE = Learning
F = Forwarding B = Blocking
Port Name Status Dplx Media Link Trunk Speed Poe Auto Vlan GVRP STP
----------------------------------------------------------------------
5 C1 E H 10Tx DOWN No 10 E E 1 - -
6 C2 E H 10Tx DOWN No 10 E E 1 - -
7 C3 E H 10Tx DOWN No 10 E E 1 - -
8 C4 E H 10Tx DOWN No 10 E E 1 - -
9 D E F 100Tx UP No 100E E 1 - -
10 D2 E H 10Tx DOWN No 10 E E 1 - -
11 JohnDoe E H 10Tx DOWN No 10 E E 1 - -
12 JaneDoe E H 10Tx DOWN No 10 E E 1 - -
13 E1 E H 10Tx DOWN No 10 No E 1 - -
14 E2 E H 10Tx DOWN No 10 No E 1 - -

Magnum10KT(device)## show port=11

Configuration details of port 11
--------------------------------------------------
Port Name : JohnDoe
Port Link State : DOWN
Port Type : TP Port
Port Admin State : Enable
Port VLAN ID : 1
Port Speed : 10Mbps
Port Duplex Mode : half-duplex
Port Auto-negotiation State : Enable
Port STP State : NO STP
Port GVRP State : No GVRP
Port Priority Type : None
Port Security : Enable

139
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Port Flow Control : Enable (Admin Status : Enable)

Port Back Pressure : Enable
Port Events Notify : log,trap,alarm
Note the flow control and back
Magnum10KT(device)## exit pressure is shown as enabled for the
Magnum10KT# specific port. The global show port
FIGURE81 – Setting up back pressure and flow control on ports. command does not show this detail.
The back pressure and flow control
parameters are global and the same
Notify for all the ports.
Typing the word option all enables all three methods to notify the log, trap or alarm. By typing
the word none disables all three methods. It also can be a comma separated list of the option
strings log, trap, or alarm. This can also be done using the CLI interface. Please refer to the
Magnum MNS-6K CLI User Guide for more information on setting the Notify option manually.
The commands in the CLI for changing Notify are in device – setport.

Broadcast Storms

One of the best features of the Magnum 6K family of switches is its ability to keep
broadcast storms from spreading throughout a network. Network storms or broadcast
storms are characterized by an excessive number of broadcast packets being sent over the
network. These storms can occur if network equipment is configured incorrectly or the
network software is not properly functioning or badly designed programs, including some network
games that are used. Storms can reduce network performance and cause bridges, routers, workstations,
servers and PC's to slow down or even crash.

Preventing Broadcast Storms

The Magnum 6K family of switches are capable of detecting and limiting storms on each port. A
network administrator can also set the maximum rate of broadcast packets (frames) that are
permitted from a particular interface. If the maximum number is exceeded, a storm condition is
declared. Once it is determined that a storm is occurring on an interface, any additional broadcast
packets received on that interface will be dropped until the storm is determined to be over. The
storm is determined to be over when a one-second period elapses with no broadcast packets are
received.

Syntax broadcast-protect <enable|disable> - enable or disable the broadcast storm protection

capabilities (a hidden command supported for backward compatibility in the 10K
switch, and in the 6K switch it is in the rate-limit default)

Syntax rate-limit <enable|disable|default> - enable or disable the rate limit capability

Syntax rate-threshold port=<port|list|range> rate=<frames/sec> - set the rate limit in

frames per second – between 200 to 50,000 frames per second

Syntax rate-limit port=<port|list|range> [type=<broadcast|multicast>]

[status=<enable|disable>] – rate limit the type of traffic on a port

140
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show broadcast-protect – display the broadcast storm protection settings (a hidden
command supported for backward compatibility in the 10K switch, and in the 6K
switch it is in the rate-limit default)

In the example below, the broadcast protection is turned on. The threshold for port 11 is then set to a
lower value of 3500 broadcast frames/second.

Magnum10KT# device
Magnum10KT(device)## show broadcast-protect (A hidden command supported for backward
compatibility in the 10K switch, and in the 6K switch it is in the rate-limit default.)

======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
9 Disabled 19531 0 NO
10 Disabled 19531 0 NO
11 Disabled 19531 0 NO
12 Disabled 19531 0 NO
13 Disabled 19531 0 NO
14 Disabled 19531 0 NO
15 Disabled 19531 0 NO
16 Disabled 19531 0 NO

Magnum10KT(device)## broadcast-protect enable

Broadcast Storm Protection enabled

Magnum10KT(device)## show broadcast-protect (A hidden command supported for backward

compatibility in the 10K switch, and in the 6K switch is in the rate-limit default.)

======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
9 Enabled 19531 0 NO
10 Enabled 19531 0 NO
11 Enabled 19531 0 NO
12 Enabled 19531 0 NO
13 Enabled 19531 0 NO
14 Enabled 19531 0 NO
15 Enabled 19531 0 NO
16 Enabled 19531 0 NO

Magnum10KT(device)## rate-threshold port=11 rate=3500

Broadcast Rate Threshold set
Magnum10KT(device)## show broadcast-protect

======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
9 Enabled 19531 0 NO
10 Enabled 19531 0 NO

141
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

11 Enabled 3500 0 NO
12 Enabled 19531 0 NO
13 Enabled 19531 0 NO
14 Enabled 19531 0 NO
15 Enabled 19531 0 NO
16 Enabled 19531 0 NO

FIGURE82 – Setting up broadcast storm protection. Also shows how the threshold can be lowered for a specific
port.

Port Rate Limiting for Broadcast

Traffic
Please refer to the above section on broadcast storms.

List of Commands In This Chapter

Syntax show port-mirror – display port mirror settings

Syntax port-mirror <enter> - configure port mirror settings

Syntax setport monitor=<number|list|range> sniffer=<sniffer port number> - set port

mirror settings

Syntax prtmr <enable|disable> - enable or disable port mirror settings

Syntax device – configure device and port specific settings

Syntax setport port=<port|list|range> [name=<name>] [speed=<10|100>]

[duplex=<half|fu ll>] [auto=<enable|disable>] [flow=<enable|disable>]
[bp=<enable|disable>] [ffi=<enable|disable>] [notify=<all|none|list>]
[status=<enable|disable>] [egress-rate=<rate|none>] – configure port settings

Syntax show port[=<port number>] - displays port information

Syntax show modules - displays modules in different slots

Syntax flowcontrol xonlimit=<value> xofflimit=<value> - configure flow control buffers

Syntax show flowcontrol – display flow control buffers

Syntax backpressure rxthreshold=<value> - configure backpressure buffers

142
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show backpressure – display backpressure buffers

Syntax rate-limit <enable|disable|default> - enable or disable the rate limit capability

Syntax rate-threshold port=<port|list|range> rate=<frames/sec> - set the rate limit in frames

per second – between 200 to 50,000 frames per second

Syntax rate-limit port=<port|list|range> [type=<broadcast|multicast>]

[status=<enable|disable>] – rate limit the type of traffic on a port
Syntax broadcast-protect <enable|disable> - enable or disable the broadcast storm protection
capabilities (a hidden command supported for backward compatibility in the 10K switch,
and in the 6K switch it is in the rate-limit default)

Syntax show broadcast-protect – display the broadcast storm protection settings (a hidden command
supported for backward compatibility in the 10K switch, and in the 6K switch it is in the
rate-limit default)

143
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

11
11 – VLAN
Create separate network segments (collision domains) across Magnum 6K family of switches…

S hort for virtual LAN (VLAN), a VLAN creates separate collision domains or network segments
that can span multiple Magnum 6K family of switches. A VLAN is a group of ports designated by
the switch as belonging to the same broadcast domain. The IEEE 802.1Q specification establishes
a standard method for inserting VLAN membership information into Ethernet frames.

Why VLANs?

VLAN’s provide the capability of having two or more Ethernet segments that co-
exist on common hardware. The reason for creating multiple segments in Ethernet is
to isolate collision domains. VLANs can isolate groups of users, or divide up traffic
for security, bandwidth management, and more. VLANs are widely used today and are here to
stay. VLANs need not be in one physical location. They can be spread across geography or
topology. VLAN membership information can be propagated across multiple Magnum6K
switches.

FIGURE83 – VLAN as two separate collision domains. The top part of the figure shows two
traditional Ethernet segments.

A group of network users (ports) assigned to a VLAN form a broadcast domain. Packets are
forwarded only between ports that are designated for the same VLAN. Cross-domain broadcast

144
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

traffic in the switch is eliminated and bandwidth is saved by not allowing packets to flood out on
all ports. For many reasons a port may be configured to belong to multiple VLANs.

FIGURE84 – Ports can belong to multiple VLANs. In this figure a simplistic view is presented where
some ports belong to VLANs 1, 2 and other ports belong to VLANs 2, 3. Ports can belong to
VLANs 1, 2 and 3. This is not shown in the figure.

By default, on Magnum 6K family of switches, VLAN support is disabled and all

ports on the switch belong to the default VLAN (Default-VLAN.) This places all
ports on the switch into one physical broadcast domain.

Users familiar with VLANs and plan to deploy GarrettCom switches to

interoperate with Cisco™ switches, should download the Tech Briefs on
how to configure VLANs to interoperate with a Cisco switch. These are
available on the GarrettCom web under Resources and Support  Software
 Technical Briefs.

If VLANs are entirely separate segments or traffic domains, how can the VLANs route traffic or
talk to each other? This can be done using routing technologies; a router or a L3-switch. The
routing function can be done internally to a L3-switch. One advantage of an L3 switch is that the
switch can also support multiple VLANs. The L3 switch can thus route traffic across multiple
VLANs easily and provides a cost effective solution if there are mnay VLANs defined.

MNS-6K-SECURE supports up to 256 VLANs.

145
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE85 – routing between different VLANs is performed using a router such as a Magnum DX
device or a Layer 3 switch.

MNS-6K supports up to 32 VLANs per switch. MNS-6K-SECURE supports up to

256 VLANs per switch.

Creating VLANs
Creating VLANs and to configure VLAN related commands:

Syntax set vlan type=<tag|none> - define the VLANs or set all VLANs to default VLAN

VLAN Configuration:

Syntax vlan - enter the VLAN configuration menus

Adding VLANs:

Syntax add id=<vlan Id> [name=<vlan name>] port=<number|list|range>

[forbid=<number|list|range>] [<mgt|nomgt>]

Disabling Management on VLAN:

Use the <nomgt> option when creating a VLAN as shown in the add id command above.

146
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Starting VLANs:

Syntax start vlan=<name|number|list|range>

Saving the configuration

Syntax save

Editing VLANs:

Syntax edit id=<vlan Id> [name=<vlan name>] port=<number|list|range>

[<mgt|nomgt>]

Displaying the VLAN information:

Syntax show vlan [<id=vlanid>] [port=<number|list|range>]

Magnum10KT#vlan

Magnum10KT(tag-vlan)## add id=2 name=test port=1-10

Magnum10KT(tag -vlan)## start vlan=all

Magnum10KT(tag -vlan)## save

Saving current configuration...

Configuration saved
FIGURE86 – configuring VLANs on Magnum 6K switch.

Using VLANs
When multiple switches are connected on a network, the VLAN information needs to be
propagated on to other switches. In such situations it is best to use tag based VLANs.

The commands for setting VLANs are:

Syntax set-port port=<number|list|range> default id=<number> sets the default VLAN

id (termed PVID in previous versions). Default VLAN id is the VLAN id assigned to the
untagged packets received on that port. For Magnum 6K family of switches, the default VLAN id
is.

Syntax set-port port=<number|list|range> filter status=<enable|disable> enables or

disables the VLAN filtering function. When enabled, the switch will drop the packets coming in

147
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

through a port if the port is not a member of the VLAN. For example, if port 1 is a member of
VLANs 10, 20 and 30, if a packet with VLAN id 40 arrives at port 1 it will be dropped.

Syntax set-port port=<number|list|range> tagging id=<number> status=<tagged|

untagged> defines whether the outgoing packets from a port will be tagged or untagged. This
definition is on a per VLAN basis. For example the command set-port port=1 tagging id=10
status=tagged will instruct the switch to tag all packets going out of port 1 to belong to VLAN 10.

Syntax set-port port=<number|list|range> join id=<number> adds the specified port(s) to the
specified VLAN id. This command works with active or pending VLANs.

Syntax set-port port=<number|list|range> leave id=<number> releases a specific port from a

VLAN. For example if port 1 belongs to VLAN 10, 20, 30, 40 the command set-port port=1
leave id=40 makes port 1 belong to VLAN 10, 20, 30, dropping VLAN 40.

Syntax show-port [port=<port|list|range>] shows all parameters related to tag vlan for the list of
ports. If the port parameter is omitted, it will display all ports.

In the example below, we start with Port VLAN and convert to TAG VLAN. We define ports 14
through 16 to belong to VLANs 10, 20 and 30 and the rest of the ports belong to the default
VLAN – VLAN 1. Filtering is enabled on ports 14-16. The VLAN setup is done before devices
are plugged into ports 14-16 as a result the status of the ports show the port status as down.

1. A word of caution: When TAG VLAN filtering is enabled, there can be

serious connectivity repercussions. The only way to recover from that is
to reload the switch without saving the configuration or by modifying
the configuration from the console (serial) port.
2. There can be either TAG VLAN on MSN-6K or Port VLAN. Both
VLANs cannot co-exist at the same time.
3. There can only be one default VLAN for the switch. The default is set
to VLAN 1 and can be changed to another VLAN. A word of caution:
On changing the default VLAN as well. There can be repercussions on
management as well as multicast and other issues.
4. Tag VLAN support VLAN ids from 1 to 4096. VLAN ids more than
2048 are reserved for specific purposes and it is recommended they not
be used.
5. There are a maximum of 32 VLANs per switch which can be defined
and supported.

148
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# vlan

Magnum10KT(tag-vlan)## show vlan

VLAN ID : 1
Name : Default VLAN
Status : Active

========================
PORT | STATUS
========================
9 | UP
10 | DOWN
11 | DOWN
12 | DOWN
13 | UP
15 | DOWN
16 | DOWN

VLAN ID : 10
Name : engineering
Status : Active

========================
PORT | STATUS
========================
14 | DOWN

VLAN ID : 20
Name : sales
Status : Active

========================
PORT | STATUS
========================
14 | DOWN

VLAN ID : 30
Name : marketing
Status : Active

========================
PORT | STATUS
========================
14 | DOWN If VLANs are already active you may have to stop
VLANs to execute commands such as delete
Magnum10KT(port-vlan)## stop vlan=all VLAN. The command here is used as an example
to show how VLANs can be stopped.
All active VLAN's stopped.

Magnum10KT(port-vlan)## exit

Magnum10KT# show active-vlan

149
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Tag VLAN is currently active.

Magnum10KT# show vlan

VLAN ID : 1
Name : Default VLAN
Status : Active

-----------------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------------
9 | UNTAGGED | UP
10 | UNTAGGED | DOWN
11 | UNTAGGED | DOWN
12 | UNTAGGED | DOWN
13 | UNTAGGED | UP Note – ports 14-16 are down. The
14 | UNTAGGED | DOWN VLAN configuration is preferably
15 | UNTAGGED | DOWN done before devices are plugged in
16 | UNTAGGED | DOWN to avoid connectivity repercussions.

Magnum10KT# vlan

Magnum10KT(tag-vlan)## add id=10 name=mkt port=14-16

Tag based vlan Added Successfully.

Vlan id : 10
Vlan name : mkt The edit command can be used to reset
Ports : 14-16 the names or other values.

Magnum10KT(tag-vlan)## edit id=10 name=engineering port=14-16

Tag based vlan cannot be edited.

ERROR: Invalid vlan id

Magnum10KT(tag-vlan)## add id=20 name=sales port=14-16

Tag based vlan Added Successfully.

Vlan id : 20 Intentionally done to show the effect of
Vlan name : sales adding a duplicate VLAN.
Ports : 14-16

Magnum10KT(tag-vlan)## add id=20 name=marketing port=14-16

ERROR: Duplicate Vlan Id

Magnum10KT(tag-vlan)## add id=30 name=marketing port=14-16

Tag based vlan Added Successfully.

Vlan id : 30
Vlan name : marketing
Ports : 14-16

150
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(tag-vlan)## show vlan

VLAN ID : 1
Name : Default VLAN
Status : Active

-----------------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------------
9 | UNTAGGED | UP
10 | UNTAGGED | DOWN
11 | UNTAGGED | DOWN
12 | UNTAGGED | DOWN
13 | UNTAGGED | UP
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 10
Name : engineering Note the VLANs are not started yet.
Status : Pending
Adding the VLAN does not start by default.
----------------------------------------------------
PORT | MODE | STATUS
----------------------------------------------------
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 20
Name : sales
Status : Pending

----------------------------------------------------
PORT | MODE | STATUS
----------------------------------------------------
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 30
Name : marketing
Status : Pending

----------------------------------------------------
PORT | MODE | STATUS
----------------------------------------------------
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

Magnum10KT(tag-vlan)## start vlan=all

All pending VLAN's started.

151
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(tag-vlan)## set-port port=14-16 filter status=enable

Ingress Filter Enabled

Magnum10KT(tag-vlan)## show vlan

VLAN ID : 1
Name : Default VLAN
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
1 | UNTAGGED | UP
2 | UNTAGGED | DOWN
3 | UNTAGGED | DOWN
4 | UNTAGGED | DOWN
5 | UNTAGGED | DOWN
6 | UNTAGGED | DOWN
7 | UNTAGGED | DOWN
8 | UNTAGGED | DOWN
9 | UNTAGGED | DOWN
10 | UNTAGGED | DOWN
11 | UNTAGGED | DOWN
12 | UNTAGGED | DOWN
13 | UNTAGGED | DOWN
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 10
Name : mkt
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 20
Name : sales
These commands set the ports 14-16 as trunk
Status : Active
ports. Note VLAN 1 – the default VLAN is not
tagged and will have to be tagged to function as
-----------------------------------------------
a trunk default VLAN. To filter out a VLAN from
PORT | MODE | STATUS
the trunk simply omit the VLAN from the set-port
-----------------------------------------------
14 | UNTAGGED | DOWN command shown here.
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 30

152
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Name : marketing
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
14 | UNTAGGED | DOWN
Enable filtering on the ports required. Note
15 | UNTAGGED | DOWN
the MNS-6K software will prompt you to be
16 | UNTAGGED | DOWN
sure that connectivity is not disrupted.

Magnum10KT(tag-vlan)## set-port port=14-16 tagging id=10 status=tagged

Port tagging enabled

Magnum10KT(tag-vlan)## set-port port=14-16 tagging id=20 status=tagged

Port tagging enabled

Magnum10KT(tag-vlan)## set-port port=14-16 tagging id=30 status=tagged

Port tagging enabled

Magnum10KT(tag-vlan)## show vlan

VLAN ID : 1
Name : Default VLAN
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
1 | UNTAGGED | UP
2 | UNTAGGED | DOWN
3 | UNTAGGED | DOWN
4 | UNTAGGED | DOWN
5 | UNTAGGED | DOWN
6 | UNTAGGED | DOWN
7 | UNTAGGED | DOWN
8 | UNTAGGED | DOWN
9 | UNTAGGED | DOWN
10 | UNTAGGED | DOWN
11 | UNTAGGED | DOWN
12 | UNTAGGED | DOWN
13 | UNTAGGED | DOWN
14 | UNTAGGED | DOWN
15 | UNTAGGED | DOWN
16 | UNTAGGED | DOWN

VLAN ID : 10
Name : mkt
Status : Active

-----------------------------------------------

153
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

PORT | MODE | STATUS

-----------------------------------------------
Note ports 14-16 are sending packets out as
14 | TAGGED | DOWN tagged packets on VLANs 10, 20 and 30 only.
15 | TAGGED | DOWN VLAN 1 – the default VLAN is untagged. Ports
16 | TAGGED | DOWN 14-16 also still belong to VLAN 1.
VLAN ID : 20
Name : sales
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
14 | TAGGED | DOWN
15 | TAGGED | DOWN
16 | TAGGED | DOWN

VLAN ID : 30
Name : marketing
Status : Active

-----------------------------------------------
PORT | MODE | STATUS
-----------------------------------------------
14 | TAGGED | DOWN
15 | TAGGED | DOWN
16 | TAGGED | DOWN

Magnum10KT (tag-vlan)## show-port

VLAN Port Status.

Port 1
Default ID :1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

Port 2
Default ID : 1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

<Deleting repeated information for ports 3 through 12>

Port 13
Default ID : 1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

Port 14
Default ID : 1

154
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Filter Status : ENABLED.

VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Pending TAGGED
Vlan: 20 Status: Pending TAGGED
Vlan: 30 Status: Pending TAGGED

Port 15
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Pending TAGGED
Vlan: 20 Status: Pending TAGGED
Vlan: 30 Status: Pending TAGGED

Port 16
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Pending TAGGED
Vlan: 20 Status: Pending TAGGED
Vlan: 30 Status: Pending TAGGED

Magnum10KT(tag-vlan)## vlan enable

VLAN Enabled.

Magnum10KT(tag-vlan)## start vlan=all

All pending VLAN's started.

Magnum10KT(tag-vlan)## show-port

VLAN Port Status.

Port 1
Default ID : 1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

Port 2
Default ID : 1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

<Deleting repeated information for ports 3 through 12.>

155
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Port 13
Default ID : 1
Filter Status : DISABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED

Port 14
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Active TAGGED
Vlan: 20 Status: Active TAGGED
Vlan: 30 Status: Active TAGGED

Port 15
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Active TAGGED
Vlan: 20 Status: Active TAGGED
Vlan: 0 Status: Active TAGGED

Port 16
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Active TAGGED
Vlan: 20 Status: Active TAGGED
Vlan: 30 Status: Active TAGGED

Magnum10KT(tag-vlan)## show-port port=14

VLAN Port Status.

Port 14
Default ID : 1
Filter Status : ENABLED.
VLAN Memberships:
Vlan: 1 Status: Active UNTAGGED
Vlan: 10 Status: Active TAGGED
Vlan: 20 Status: Active TAGGED
Vlan: 30 Status: Active TAGGED

FIGURE87 – VLAN operations

In the above example, the show port command provides a perspective on VLANs that are associated
with different ports, whether the VLANs are active, tagged or untagged. While the above instructions
are illustrations of how the commands are used, it is recommended to download the Tech Briefs on
how to configure VLAN on MNS-6K using Cisco Catalyst® switches or Magnum DX routers. These

156
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Tech Briefs are available on the GarrettCom Inc. web site www.garrettcom.com – under Resources
and Support  Software Support. On that page, look for the drop down menu on Technical
Briefs.

List of Commands In This Chapter

Syntax set vlan type=<tag|none> defines the VLAN type

Syntax vlan <enable|disable> - allow VLAN commands or configure vlan commands

Syntax vlan – enter the subset of VLAN commands

Syntax add id=<vlan Id> [name=<vlan name>] port=<number|list|range>

[forbid=<number|list|range>] [<mgt|nomgt>] - adding VLAN

Syntax start vlan=<name|number|list|range> activate the VLAN configuration

Syntax save save the configuration (including the VLAN configuration)

Syntax edit id=<vlan id> [name=<vlan name>] port=<number|list|range>

[<mgt|nomgt>] - edit existing VLAN name

Syntax show vlan [<id=vlanid>] display specific VLAN information

Syntax set-port port=<number|list|range> default id=<number> sets the default VLAN id.
For Magnum 6K family of switches, the default VLAN id is 1, unless changed using this command

Syntax set-port port=<number|list|range> filter status=<enable|disable> enables or disables

the VLAN filtering function.

Syntax set-port port=<number|list|range> tagging id=<number> status=<tagged|

untagged> defines whether the outgoing packets from a port will be tagged or untagged.

Syntax set-port port=<number|list|range> join id=<number> adds the specified port(s) to the
specified VLAN id

Syntax set-port port=<number|list|range> leave id=<number> releases a specific port from a

VLAN

Syntax show-port [port=<port|list|range>] shows all parameters related to tag vlan for the list of ports.
If the port parameter is omitted, it will display all ports

157
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

12
12 – Spanning Tree Protocol (STP)
Create and manage alternate paths to the network

S panning Tree Protocol was designed to avoid loops in an Ethernet network. An Ethernet
network using switches can have redundant paths, this may cause loops and to prevent the loops
MNS-6K software uses Spanning Tree Protocol. As a manager of the MNS-6K software,
controlling which span the traffic traverses is necessary. It is also necessary to specify the parameters of
STP. STP is available as the IEEE 802.1d protocol and is a standard of the IEEE.

STP Features and Operation

The switch uses the IEEE 802.1d Spanning Tree Protocol (STP). When STP is
enabled, it ensures that only one path at a time is active between any two nodes on
the network. In networks where more than one physical path exists between two
nodes, STP ensures only a single path is active by blocking all redundant paths. Enabling STP is
necessary to avoid loops and duplicate messages. This duplication leads to a broadcast storm or
other erratic behavior that can bring down the network.

As recommended in the IEEE 802.1Q VLAN standard, the Magnum 6K family of switches
uses single-instance STP. This means a single spanning tree is created to make sure there
are no network loops associated with any of the connections to the switch. This works
regardless of whether VLANs are configured on the switch. Thus, these switches do not
distinguish between VLANs when identifying redundant physical links.

The switch automatically senses port identity and type, and automatically defines port cost and
priority for each type. The MNS-6K software allows a manager to adjust the cost, priority, the
mode for each port as well as the global STP parameter values for the switch.

While allowing only one active path through a network at any time, STP retains any redundant
physical path to serve as a backup (blocked) path in case the existing active path fails. Thus, if an
active path fails, STP automatically activates (unblocks) an available backup to serve as the new
active path for as long as the original active path is down.

158
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The table below lists the default values of the STP variables:

Variable or Attribute Default Value

STP capabilities Disabled
reconfiguring general operation priority 32768
Bridge maximum age 20 seconds
Hello time 2 seconds
Forward delay 15 seconds
Reconfiguring per-port STP path cost 0
Priority 32768
Mode Normal
Monitoring of STP Not available
Root Port Not set
FIGURE 88 – STP default values – refer to next section Using STP for more detailed explanation on the
variables.

1. By default, STP is disabled. To use STP, it has to be manually enabled.

2. If you are using tagged VLANs, at least one untagged VLAN must be
available for the BPDU’s to propagate through the network to update STP
status.

3. Whenever changes are made to STP, it is recommended to disable and

enable STP to ensure the changes are effective.

Using STP
The commands used for configuring STP are listed below:

Syntax show stp <config|ports > - regardless of whether STP is enabled or disabled (default) this
command lists the switch’s full STP configuration, including general settings and port settings

159
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : NO
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 32768
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 32768
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO
Magnum10KT#
FIGURE89 – Viewing STP configuration

The variables listed above are:

Spanning Tree Enabled (Global): Indicates whether STP is enabled or disabled globally and if
the values is YES, all ports have STP enabled, otherwise, all ports have STP disabled.

Spanning Tree Enabled (Ports): Indicates which ports have STP enabled. Note in the figure
the ports 9 through 16 are STP enabled, but STP functionality is not enabled. STP will not
perform on these ports.

Bridge Priority: Specifies the switch (bridge) priority value. This value is used along with the
switch MAC address to determine which switch in the network is the root device. Lower values
mean higher priority. Value ranges from 0 to 65535. Default value is 32768.

Bridge Forward Delay: Indicates the time duration the switch will wait from listening to
learning states and from learning to forwarding states. The value ranges from 4 to 30 seconds.
Default value is 15.

Bridge Hello Time: When the switch is the root device, this is the time between messages
being transmitted. The value is from 1 to 10 seconds. Default value is 2 seconds.

Bridge Max Age: This is the maximum time a message with STP information is allowed by the
switch before the switch discards the information and updates the address table again. Value
ranges from 6 to 40 seconds with default value of 20 seconds.

160
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Root Port: Indicates the port number, which is elected as the root port of the switch. A root port
of 0 indicates STP is disabled.

Root Path Cost: A path cost is assigned to individual ports for the switch to determine which
ports are the forwarding points. A higher cost means more loops, a lower cost means fewer loops.
More loops equal more traffic and a tree that takes a long time to converge will result in a slower
system.

Designated Root: Shows the MAC address of the bridge in the network elected or designated as
the root bridge. Normally when STP is not enabled the switch designates itself as the root switch.

Designated Root Priority: Shows the designated root bridge’s priority. Default value is 32768.

Root Bridge Forward Delay: Indicates the designated root bridge’s forward delay. This is the
time the switch waits before it switches from the listening to the forwarding state. The default is
15 seconds. This value can be set between 4-30 seconds.

Root Bridge Hello Time: Indicates the designated root bridge’s hello time. Hello information is
sent out every 2 seconds.

Root Bridge Max Age: Indicates the designated root bridge’s maximum age, after which it
discards the information as being old and receives new updates.

These variables can be changed using the priority, cost, port and timers
commands described later in this chapter.

Magnum10KT# show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------
09 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT#
FIGURE90 – STP Port status information.

161
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The variables shown above are:

Port#: Indicates the port number. Value ranges from 01 to max number of ports in the switch.

Type: Indicates the type of port – TP indicates Twisted Pair.

Priority: STP uses this to determine which ports are used for forwarding. Lower the number
means higher priority. Value ranges from 0 to 255. Default is 128.

Path Cost: This is the assigned port cost value used for the switch to determine the forwarding
points. Values range from 1 to 65535.

State: Indicates the STP state of individual ports. Values can be Listening, Learning, Forwarding,
Blocking and Disabled.

Des. Bridge: This is the port’s designated root bridge.

Des. Port: This is the port’s designated root port.

To enable or disable STP, enter the STP configuration mode and use the stp <enable|disable>
command.

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> - Start (Enable) or stop (Disable) STP
Syntax set stp type=<stp|rstp> - set the spanning tree protocol to be IEEE 802.1d or 802.1w
(Rapid Spanning Tree Protocol)
Syntax show active-stp – Display which version of STP is currently active

Incorrect STP settings can adversely affect network performance. GarrettCom

Inc. recommends starting with the default STP settings. Changing the settings
requires a detailed understanding of STP. For more information on STP, please
refer to the IEEE 802.1d standard.

Magnum10KT# show active-stp

Note it is always a good idea to check which
Current Active Mode: RSTP. mode of STP is active. If the proper mode is
RSTP is Disabled. not active, the configuration command stp
will not be understood. To set the proper
Magnum10KT# stp mode, use the set stp command.

ERROR: Invalid Command

Magnum10KT#set stp type=stp

STP Mode set to STP.

Magnum10KT# stp

162
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(stp)## stp enable

Successfully set the STP status

Magnum10KT(stp)## show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : YES
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 32768
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 32768
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(stp)## show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------
09 TP(10/100) 128 100 Forwarding 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 128 19 Forwarding 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)##
FIGURE91 – Enabling STP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the

port or switch level priority. When the port(s) are specified the priority is associated with ports
and their value is 0-255. If no ports are specified, then the switch (bridge) priority is specified and
its value is 0-65535
Syntax cost port=<number|list|range> value=<0-65535> - cost is specific to a port and the
port(s) have to be specified

163
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax port port=<number|list|range> status=<enable|disable> - specific ports may

not need to participate in STP process. These ports typically would be end-stations. If you are not
sure – let MNS-6K software make the decisions
Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP
Forward Delay, Hello timer and Aging timer values

Priority: Specifies the switch (bridge) priority value. This value is used along with the switch
MAC address to determine which switch in the network is the root device. Lower values mean
higher priority. Value ranges from 0 to 65535. Default value is 32768.

Cost: A path cost is assigned to individual ports for the switch to determine which ports are the
forwarding points. A higher cost means the link is more expensive to use and falls in the passive
mode compared to the link with a lower cost. Value ranges from 0 to 65535. Default value is
32768.

Status: Enables or disables a port from participating in STP discovery. Its best to only allow
trunk ports to participate in STP. End stations need not participate in STP process.

Forward-Delay: Indicates the time duration the switch will wait from listening to learning states
and from learning to forwarding states. The value ranges from 4 to 30 seconds. Default value is 15.

Hello: When the switch is the root device, this is the time between messages being transmitted.
The value is from 1 to 10 seconds. Default value is 2 seconds.

Age: This is the maximum time a message with STP information is allowed by the switch before
the switch discards the information and updates the address table again. Value ranges from 6 to
40 seconds with default value of 20 seconds.

Magnum10KT(stp)## show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : NO
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 32768
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 32768
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20

RSTP CONFIGURATION

164
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(stp)## show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------
09 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)## stp enable

Successfully set the STP status

Magnum10KT(stp)## show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : YES
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 32768
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 32768
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20 Ports which have devices
connected to it now participate
RSTP CONFIGURATION in STP.
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(stp)## show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------09
TP(10/100) 128 100 Forwarding 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a

165
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b

12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 128 19 Forwarding 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)## priority value=15535

Successfully set the bridge priority

Magnum10KT(stp)## show stp config STP is now enabled. Note the

default values for the different
STP CONFIGURATION variables discussed.
-----------------
Spanning Tree Enabled(Global) : YES
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 15535
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 15535
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(stp)## priority port=13 value=20

Successfully set the priority for port 13
Note on Port 13, the priority
Magnum10KT(stp)## show stp ports changed, however the Path Cost
did not until the cost command is
STP Port Configuration issued.
----------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------09
TP(10/100) 128 100 Forwarding 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 20 19 Forwarding80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

166
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(stp)## cost port=13 value=20

Setting cost for STP...Successfully set the path cost for port 13

Magnum10KT(stp)## show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------
09 TP(10/100) 128 100 Forwarding 80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 20 20 Forwarding 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)## port port=9 status=disable

Successfully set the STP status for port 9

Since Port 9 does not participate in
Magnum10KT(stp)## show stp ports STP, it is not listed here. Any
changes made to STP parameters
STP Port Configuration on Port 9 will be ignored.
----------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 20 19 Forwarding 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f
16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)## port port=9 status=enable

Successfully set the STP status for port 9

Magnum10KT(stp)## show stp ports

STP Port Configuration

----------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------
09 TP(10/100) 128 100 Forwarding80:00:00:20:06:25:ed:80 80:09
10 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0a
11 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0b
12 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0c
13 TP(10/100) 20 20 Forwarding 80:00:00:20:06:25:ed:80 80:0d
14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e
15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f

167
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

16 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:10

Magnum10KT(stp)## show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : YES
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 15535
Bridge Forward Delay : 15
Bridge Hello Time : 2
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 15535
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 2
Root Bridge Max Age : 20

RSTP CONFIGURATION
----------------- The age parameter is out of
Rapid STP/STP Enabled(Global) : NO range as per IEEE 802.1d
specifications.
Magnum10KT(stp)## timers forward-delay=20 hello=5 age=40

ERROR: Invalid Values

Max Age <= (2*(Forward-Delay-1)) and Max Age >= (2*(Hello-Time+1))

Magnum10KT(stp)## timers forward-delay=20 hello=5 age=30

Successfully set the bridge time parameters

Magnum10KT(stp)## show stp config

STP CONFIGURATION
-----------------
Spanning Tree Enabled(Global) : YES
Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16
Protocol : Normal STP
Bridge ID : 80:00:00:20:06:25:ed:80
Bridge Priority : 15535
Bridge Forward Delay : 20
Bridge Hello Time : 5
Bridge Max Age : 30
Root Port : 0
Root Path Cost : 0
Designated Root : 80:00:00:20:06:25:ed:80
Designated Root Priority : 15535
Root Bridge Forward Delay : 20
Root Bridge Hello Time : 5
Root Bridge Max Age : 30

168
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(stp)##

FIGURE92 – Configuring STP parameters.

List of Commands In This Chapter

Syntax show stp <config|ports > - regardless of whether STP is enabled or disabled (default) this
command lists the switch’s full STP configuration, including general settings and port settings

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> - Start (Enable) or stop (Disable) STP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or

switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-
255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535

Syntax cost port=<number|list|range> value=<0-65535> - cost is specific to a port and the

port(s) have to be specified

Syntax port port=<number|list|range> status=<enable|disable> - specific ports may not need

to participate in STP process. These ports typically would be end-stations. If you are not sure – let MNS-
6K software make the decisions

Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward

Delay, Hello timer and Aging timer values

169
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

13
13 – Rapid Spanning Tree Protocol (RSTP)
Create and manage alternate paths to the network

R apid Spanning Tree Protocol (RTSP), like STP, was designed to avoid loops in an Ethernet
network. Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) is an evolution of the Spanning
Tree Protocol (STP) (802.1d standard) and provides for faster spanning tree convergence after a
topology change.

RSTP Concepts

The IEEE 802.1d Spanning Tree Protocol (STP) was developed to allow the
construction of robust networks that incorporate redundancy while pruning the
active topology of the network to prevent loops. While STP is effective, it requires
that frame transfer must halt after a link outage. This halt is until all bridges in the network are
sure to be aware of the new topology. Using STP (IEEE 802.1d) recommended values, this
period lasts 30 seconds.

Rapid Spanning Tree Protocol (IEEE 802.1w) is a further evolution of the 802.1d Spanning Tree
Protocol. It replaces the settling period with an active handshake between switches (bridges) that
guarantees topology information to be rapidly propagated through the network. IEEE 802.1D-
2004 proposes a new standard for faster recovery for up to 16 switches. GarrettCom implements
the IEEE 802.1D-2004 and enhancements to cover more than 16 switches for larger networks.
RSTP converges in less than one second to six seconds. RSTP also offers a number of other
significant innovations. These include:
• Topology changes in STP must be passed to the root bridge before they can be propagated
to the network. Topology changes in RSTP can be originated from and acted upon by any
designated switch (bridge), leading to more rapid propagation of address information.
• STP recognizes one state, blocking ports that should not forward any data or information.
RSTP explicitly recognizes two states or blocking roles; alternate and backup port including
them in computations of when to learn and forward and when to block.
• STP relays configuration messages received on the root port going out of its designated
ports. If a STP switch (bridge) fails to receive a message from its neighbor it cannot be sure
where along the path to the root a failure occurred. RSTP switches (bridges) generate their

170
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

own configuration messages, even if they fail to receive one from the root bridge. This
leads to quicker failure detection.
• RSTP offers edge port recognition, allowing ports at the edge of the network to forward
frames immediately after activation while at the same time protecting them against loops.
• An improvement in RSTP allows configuration messages to age more quickly preventing
them from going around in circles in the event of a loop.

RSTP has three states. They are discarding, learning and forwarding.

The discarding state is entered when the port is first taken into service. The port does not learn
addresses in this state and does not participate in frame transfer. The port looks for STP traffic in
order to determine its role in the network. When it is determined that the port will play an active
part in the network, the state will change to learning. The learning state is entered when the port
is preparing to play an active member of the network. The port learns addresses in this state but
does not participate in frame transfer. In a network of RSTP switches (bridges) the time spent in
this state is usually quite short. RSTP switches (bridges) operating in STP compatibility mode will
spend between 6 to 40 seconds in this state. After learning the bridge will place the port in the
forwarding state. While in this state the port both learns addresses and participates in frame
forwarding transfer.

The result of these enhanced states is that the IEEE 802.1d version of Spanning Tree Protocol
(STP) that can take a fairly long time to resolve all the possible paths and to select the most
efficient path through the network. The IEEE 802.1w Rapid reconfiguration of Spanning Tree
Protocol (RSTP) significantly reduces the amount of time it takes to establish the network path.
The result is reduced network downtime and improved network robustness. In addition to faster
network reconfiguration, RSTP also implements greater ranges for port path costs to
accommodate the higher connection speeds that are being implemented.

Proper implementations of RSTP (by switch vendors) are designed to be compatible with IEEE
802.1d STP. GarrettCom recommends that you employ RSTP or STP in your network.

Transition from STP to RSTP

IEEE 802.1w RSTP is designed to be compatible with IEEE 802.1D STP. Even if all the other
devices in your network are using STP, you can enable RSTP on your Magnum 6K family of
switches. The default configuration values of the RSTP available in MNS-6K software will ensure
that your switch will interoperate effectively with the existing STP devices. RSTP automatically
detects when the switch ports are connected to non-RSTP devices using Spanning Tree and
communicates with those devices using 802.1d STP BPDU packets.

Even though RSTP interoperates with STP, RSTP is so much more efficient at establishing the
network path and the network convergence in case of a failure is very fast. For this reason,
GarrettCom recommends that all your network devices be updated to support RSTP. RSTP
offers convergence times typically of less than one second. However, to make best use of RSTP

171
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

and achieve the fastest possible convergence times there are some changes that you should make
to the RSTP default configuration:

1. GarrettCom Inc. provides downloadable software Fault Timing Analyzer

(FTA) for testing how quickly a network recovers from a fault, once the
redundancy feature such as STP or RSTP is configured on the switches
(bridges). This software can be downloaded from the GarrettCom site. This
software is available at http://www.garrettcom.com/ftaform.htm
2. Under some circumstances it is possible for the rapid state transitions employed by RSTP
to result in an increase in the rates of frame duplication and the order in which the frames
are sent and received. In order to allow RSTP switches to support applications and
protocols that may be sensitive to frame duplication and out of sequence frames, RSTP
may have to be explicitly set to be compatible with STP. This explicit setting is called
setting the Force Protocol Version parameter to be STP compatible. This parameter
should be set to all ports on a given switch.
3. As indicated above, one of the benefits of RSTP is the implementation of a larger range of
port path costs which accommodates higher network speeds. New default values have
also been implemented for the path costs associated with the different network speeds.
This could create incompatibility between devices running the older implementations of
STP and a switch running RSTP.
4. If you are using tagged VLANs, at least one untagged VLAN must be available for the
BPDU’s to propagate through the network to update STP status.
5. Whenever changes are made to RSTP, it is recommended to disable and enable RSTP
to ensure the changes are effective.

Configuring RSTP
The commands to setup and configure RSTP on MNS-6K are:

Syntax set stp type=<stp|rstp> - set the switch to support RSTP or change it back to STP. Need to save
and reboot the switch after this command

Syntax rstp – enter the RSTP configuration mode

Syntax rstp <enable|disable> - enable RSTP – by default, this is disabled and has to be manually
activated

Syntax port port=<number|list|range> [status=<enable|disable>]

[migration=<enable>] [edge=<enable|disable>] [p2p=<on|off|auto>]

Example port port=<number|list|range> p2p= off - Set the “point-to-point” value to off on
all ports that are connected to shared LAN segments (i.e. connections to hubs). The default
value is auto. P2P ports would typically be end stations or computers on the network

172
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Example port port=<number|list|range> edge=enable – enable all ports connected to

other hubs, bridges and switches as edge ports

Example port port=<number|list|range> migration=enable – set this for all ports

connected to other devices such as hubs, bridges and switches known to support IEEE 802.1d
STP services, but cannot support RSTP services

p2p - This parameter is used to tell the port if it is connected to another switch, hub or a
bridge device. This parameter should be set to off for all ports that are connected
to a shared device such as a hub. GarrettCom Inc. recommends setting this
parameter to auto so that MNS-6K will automatically set the proper value for the
network.
edge – This parameter is used to tell if the port is connected to an edge device such as a
computer or other such device. Disable this feature for a port connected to
another device such as a switch, bridge or a hub.

Syntax show active-stp – status whether STP or RSTP is running

Syntax show rstp <config|ports> – display the RSTP or STP parameters

Magnum10KT# rstp

Magnum10KT(rstp)## show rstp config

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(rstp)## rstp enable

Successfully set the RSTP status

Magnum10KT(rstp)## show active-stp

Current Active Mode: RSTP.

RSTP is Enabled.

Magnum10KT(rstp)## show rstp config

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : YES
RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16
Protocol : Normal RSTP
Bridge ID : 00:00:00:20:06:25:ed:89
Bridge Priority : 0
Bridge Forward Delay : 15
Bridge Hello Time : 02
Bridge Max Age : 20

173
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Root Port : 0
Root Path Cost : 0
Designated Root : 00:00:00:20:06:25:ed:89
Designated Root Priority : 0
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 02
Root Bridge Max Age : 20
Topology Change count : 0
Time Since topology Chg : 12

FIGURE93 – Enabling RSTP and reviewing the RSTP variables.

The variables listed by the show rstp config command are:

Rapid Spanning Tree Enabled (Global): Indicates whether STP is enabled or disabled globally
or if the value is YES, all ports have STP enabled, otherwise all ports have STP disabled.

Rapid Spanning Tree Enabled Ports: Indicates which ports have RSTP enabled.

Protocol: Indicates type of RSTP protocol active.

Bridge Priority: Specifies the switch (bridge) priority value. This value is used along with the
switch MAC address to determine which switch in the network is the root device. Lower values
mean higher priority. Value ranges from 0 to 65535. Default value is 0.

Bridge Forward Delay: Indicates the time duration the switch will wait from listening to learning
status and from learning to forwarding status. The value ranges from 4 to 30 seconds. Default
value is 15.

Bridge Hello Time: When the switch is the root device, this is the time between messages being
transmitted. The value is from 1 to 10 seconds. Default value is 2 seconds.

Bridge Max Age: This is the maximum time a message with STP information is allowed by the
switch before the switch discards the information and updates the address table again. Value
ranges from 6 to 160 seconds with default value of 20 seconds.

Root Port: Indicates the port number, which is elected as the root port of the switch. A root port
of 0 indicates STP is disabled.

Root Path Cost: A path cost is assigned to individual ports for the switch to determine which
ports are the forwarding points. A higher cost means more loops; a lower cost means fewer loops.
More loops equal more traffic and a tree which takes a long time to converge will result in a
slower system.

Designated Root: Shows the MAC address of the bridge in the network elected or designated as
the root bridge.

Designated Root Priority: Shows the designated root bridge’s priority. Default value is 0.

174
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Root Bridge Forward Delay: Indicates the designated root bridge’s forward delay. This is the
time the switch waits before it switches from the listening to the forwarding state. The default is
15 seconds. This value can be set between 4-30 seconds.

Root Bridge Hello Time: Indicates the designated root bridge’s hello time. Hello information is
sent out every 2 seconds.

Root Bridge Max Age: Indicates the designated root bridge’s maximum age, after which it
discards the information as being old and receives new updates.

Topology Change Count: Since the last reboot, the number of times the topology has changed.
Use this in conjunction with show uptime to find the frequency of the topology changes.

Time Since Topology Change: Number of seconds since the last topology change.

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:8900:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 128 200000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

Magnum10KT(rstp)##
FIGURE94 – Reviewing the RSTP port parameters.

The variables listed by the show stp config command are:

Port: Indicates the port number. Value ranges from 01 to max number of ports in the switch.

Type: Indicates the type of port – TP indicates Twisted Pair.

Priority: STP uses this to determine which ports are used for forwarding. Lower the number
means higher priority. Value ranges from 0 to 255. Default is 128.

Path Cost: This is the assigned port cost value used for the switch to determine the forwarding
points. Values range from 1 to 2000000. Lower the value, lower the cost and hence the preferred
route. The costs for different Ethernet speeds are shown below. The Path cost in STP is
compared to the path cost in RSTP.

175
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Port Type STP Path Cost RSTP Path Cost

10 Mbps 100 2,000,000
100 Mbps 19 200,000
1 Gbps 4 20,000
10 Gbps 2 2,000
FIGURE95 – Path cost as defined in IEEE 802.1d (STP) and 802.1w (RSTP).

State: Indicates the STP state of individual ports. Values can be Listening, Learning, Forwarding,
Blocking and Disabled.

Des. Bridge: This is the port’s designated root bridge.

Des. Port: This is the port’s designated root port.

Another screen capture of the same command, from a larger network with several switches is
shown below:

Magnum10KT# show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des. Bridge Des. Port
----------------------------------------------------------------------------
01 TP(10/100) 128 2000000 Disabled 00:01
02 TP(10/100) 128 2000000 Disabled 00:02
03 TP(10/100) 128 2000000 Disabled 00:03
04 TP(10/100) 128 2000000 Disabled 00:04
05 TP(10/100) 128 2000000 Disabled 00:05
06 TP(10/100) 128 200000 Forwarding 80:00:00:20:06:30:00:01 00:06
07 TP(10/100) 128 200000 Discarding 80:00:00:20:06:2b:0f:e1 00:07
08 TP(10/100) 128 2000000 Disabled 00:08
09 Gigabit 128 20000 Forwarding 80:00:00:20:06:2b:0f:e1 00:09
10 Gigabit 128 20000 Forwarding 80:00:00:20:06:30:00:01 00:0a
Magnum10KT#
FIGURE96 – RSTP information from a network with multiple switches. Note the show stp ports command
can be executed from the manager level prompt or from rstp configuration state as shown in the screen captures
earlier.

In this example, ports 9,10 have a path cost of 20,000 and are the least cost paths. These ports are
connected to other switches and the ports are enabled as forwarding ports. Ports 6, 7 are also
connected to other switches. From the state column, it indicates that port 7 is in a standby state as
that port is discarding all traffic.

176
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

More CLI commands associated with RSTP in the RSTP configuration mode are:

Syntax forceversion <stp|rstp> - set the STP or RSTP compatibility mode

Syntax show forceversion - the current force version

Syntax show-timers – show the values of the timers set for RSTP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or

switch level priority. When a port(s) are specified the priority is associated with ports and their value is
0-255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535

Syntax cost port=<number|list|range> value=<0-65535> - cost is specific to a port and the

port(s) have to be specified

Syntax port port=<number|list|range> status=<enable|disable> - specific ports may not need

to participate in STP process. These ports typically would be end-stations. If you are not sure – let
MNS-6K software make the decisions

Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward

delay, Hello timer and Aging timer values

Priority: Specifies the switch (bridge) priority value. This value is used along with the switch
MAC address to determine which switch in the network is the root device. Lower values mean
higher priority. Value ranges from 0 to 65535. Default value is 32768.

Cost: A path cost is assigned to individual ports for the switch to determine which ports are the
forwarding points. A higher cost means the link is more expensive to use and falls in the passive
mode compared to the link with a lower cost. Value ranges from 0 to 65535. Default value is
32768.

Status: Enables or disables a port from participating in STP discovery. It’s best to only allow
trunk ports to participate in STP. End stations need not participate in STP process.

Forward-Delay: Indicates the time duration the switch will wait from listening to learning states
and from learning to forwarding states. The value ranges from 4 to 30 seconds. Default value is
15.

Hello: When the switch is the root device, this is the time between messages being transmitted.
The value is from 1 to 10 seconds. Default value is 2 seconds.

Age: This is the maximum time a message with STP information is allowed by the switch before
the switch discards the information and updates the address table again. Value ranges from 6 to
160 seconds with default value of 20 seconds. Use a larger number when there are a large number
of nodes. Maximum number of nodes are 160.

177
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# rstp

Magnum10KT(rstp)## show rstp

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : NO

Magnum10KT(rstp)## show active-stp

Check status of STP or RSTP. This
Current Active Mode: RSTP. command shows STP or RSTP is
RSTP is Disabled. disabled.

Magnum10KT(rstp)## rstp enable

Successfully set the RSTP status

Magnum10KT(rstp)## show active-stp

Current Active Mode: RSTP.

RSTP is Enabled.

Magnum10KT(rstp)## show rstp config

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : YES
RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16
Protocol : Normal RSTP
Bridge ID : 00:00:00:20:06:25:ed:89
Bridge Priority : 0
Bridge Forward Delay : 15
Bridge Hello Time : 02
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 00:00:00:20:06:25:ed:89
Designated Root Priority : 0
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 02
Root Bridge Max Age : 20
Topology Change count : 0
Time Since topology Chg : 33

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:89 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a

178
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

11 TP(10/100) 128 2000000 Disabled 00:0b

12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 128 200000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

Magnum10KT(rstp)## forceversion rstp

Error: Force Version already set to Normal RSTP

Magnum10KT(rstp)## forceversion stp

Magnum10KT(rstp)## show forceversion forceversion can be used for

compatibility with STP devices. In this
Force Version : Force to STP only example, the switch is forced to STP.

Magnum10KT(rstp)## show rstp config

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : YES
RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16
Protocol : Force to STP only
Bridge ID : 00:00:00:20:06:25:ed:89
Bridge Priority : 0
Bridge Forward Delay : 15
Bridge Hello Time : 02
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 00:00:00:20:06:25:ed:89
Designated Root Priority : 0
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 02
Root Bridge Max Age : 20
Topology Change count : 0
Time Since topology Chg : 100

Magnum10KT(rstp)## forceversion rstp

Magnum10KT(rstp)## show-forceversion

Force Version : Normal RSTP

Using forceversion the switch is now
operating using RSTP. Note the show stp
Magnum10KT(rstp)## show rstp config config command also indicates the switch
protocol is RSTP.
RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : YES
RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16
Protocol : Normal RSTP
Bridge ID : 00:00:00:20:06:25:ed:89

179
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Bridge Priority : 0
Bridge Forward Delay : 15
Bridge Hello Time : 02
Bridge Max Age : 20
Root Port : 0
Root Path Cost : 0
Designated Root : 00:00:00:20:06:25:ed:89
Designated Root Priority : 0
Root Bridge Forward Delay : 15
Root Bridge Hello Time : 02
Root Bridge Max Age : 20
Topology Change count : 0
Time Since topology Chg : 141

Magnum10KT(rstp)## show timers

Forward Delay Timer : 15 sec

Hello Timer : 2 sec
Max Age : 20 sec

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:89 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 128 200000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

Magnum10KT(rstp)## priority port=13 value=100

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:89 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 100 200000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

180
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(rstp)## cost port=13 value=250000

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:89 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 100 250000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

Magnum10KT(rstp)## port port=9 status=disable

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 NO STP 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 100 250000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

Magnum10KT(rstp)## port port=9 status=enable

Magnum10KT(rstp)## show rstp ports

RSTP Port Configuration

----------------------------------------------------------------------------
Port# Type Priority Path Cost State Des.Bridge Des. Port
----------------------------------------------------------------------------
09 TP(10/100) 128 2000000 Forwarding 00:00:00:20:06:25:ed:89 00:09
10 TP(10/100) 128 2000000 Disabled 00:0a
11 TP(10/100) 128 2000000 Disabled 00:0b
12 TP(10/100) 128 2000000 Disabled 00:0c
13 TP(10/100) 100 250000 Forwarding 00:00:00:20:06:25:ed:89 00:0d
14 TP(10/100) 128 2000000 Disabled 00:0e
15 TP(10/100) 128 2000000 Disabled 00:0f
16 TP(10/100) 128 2000000 Disabled 00:10

181
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(rstp)## timers forward-delay=20 hello=5 age=30

Successfully set the bridge time parameters

Magnum10KT(rstp)## show rstp config

RSTP CONFIGURATION
-----------------
Rapid STP/STP Enabled(Global) : YES
RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16
Protocol : Normal RSTP
Bridge ID : 00:00:00:20:06:25:ed:89
Bridge Priority : 0
Bridge Forward Delay : 20
Bridge Hello Time : 05
Bridge Max Age : 30
Root Port : 0
Root Path Cost : 0
Designated Root : 00:00:00:20:06:25:ed:89
Designated Root Priority : 0
Root Bridge Forward Delay : 20
Root Bridge Hello Time : 05
Root Bridge Max Age : 30
Topology Change count : 0
Time Since topology Chg : 567

Magnum10KT(rstp)## exit

Magnum10KT#
FIGURE97 – Configuring RSTP on MNS-6K.

List of Commands In This Chapter

Syntax set stp type=<stp|rstp> - Set the switch to support RSTP or change it back to STP. Need to save
and reboot the switch after this command

Syntax rstp – enter the RSTP configuration mode

Syntax rstp <enable|disable> - enable RSTP – by default, this is disabled and has to be manually
activated

Syntax port port=<number|list|range> [status=<enable|disable>]

[migration=<enable>] [edge=<enable|disable>] [p2p=<on|off|auto>] - set the
port type for RSTP

182
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Example port port=<number|list|range> p2p= off - Set the “point-to-point” value to off on
all ports that are connected to shared LAN segments (i.e. connections to hubs). The default
value is auto. P2P ports would typically be end stations or computers on the network

Example port port=<number|list|range> edge=enable – enable all ports connected to

other hubs, bridges and switches as edge ports

Example port port=<number|list|range> migration=enable – set this for all ports

connected to other devices such as hubs, bridges and switches known to support IEEE 802.1d
STP services, but cannot support RSTP services

Syntax show active-stp – status whether STP or RSTP is running

Syntax show rstp <config|ports> - display the RSTP or STP parameters

Syntax forceversion <stp|rstp> - set the STP or RSTP compatibility mode

Syntax show-forceversion - the current force version

Syntax show-timers - show the values of the timers set for RSTP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or

switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-
255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535

Syntax cost port=<number|list|range> value=<0-65535> - cost is specific to a port and the port(s)
have to be specified

Syntax port port=<number|list|range> status=<enable|disable> - specific ports may not need to

participate in STP process. These ports typically would be end-stations. If you are not sure – let MNS-6K
software make the decisions

Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward

delay, Hello timer and Aging timer values

183
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

14
14 – S-Ring™ and Link-Loss-Learn™
(LLL)
Speed up recovery from faults in Ethernet networks

S -Ring uses ring topology to provide fast recovery from faults. These are based on
industry standard STP technologies. These technologies have been adapted to ring
recovery applications by GarrettCom Inc. and these rings are called S-Ring. In
addition, LLL enables a switch to rapidly re-learn MAC addresses in order to participate in
S-Ring configurations. One advantage of S-Ring is that the fast recovery works with
managed as well as some non managed switches as well.

In the last two chapters we looked at how RSTP or STP can be used to bring resiliency to
a meshed network. This chapter’s focus is to look at ring topologies and how these
topologies can be used to provide faster recovery times than what STP or RSTP can offer.
Both RSTP and STP are industry standard protocols and can be used with networking
switches from different vendors.

LLL triggers action on the device supporting LLL when a connection is broken or there is
loss of the link signal on a ring port. LLL can be used with S-Ring on managed switches
such as the GarrettCom Magnum 6K family of switches. LLL can also be used on
managed switches such as Magnum 6K family of switches as well as on unmanaged
switches such as ES42 switches. Note that LLL can also be used with non-ring topologies
such as mesh topologies, using RSTP or STP where it does the necessary actions for fault
recovery, as re-learn addresses, in case of a link failure.

S-Ring is a ring technology using the GarrettCom MNS-6K software. In a S-Ring, a switch
is designated as a Ring Manager. Devices in a S-Ring can be managed switches. The
Magnum 6K family of switches or unmanaged switches like the ES42 or even hubs
leverage LLL. S-Ring is a licensed product from GarrettCom Inc. GarrettCom Inc. also
licenses this technology to other companies who are interested in implementing the
resiliency capabilities offered by S-Ring.

184
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

S-Ring and LLL Concepts

S-Ring is built upon networking software standards. The IEEE 802.1d
Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol (RSTP) based
on IEEE 802.1w. The purpose of S-Ring is to define two ports that participate
in the RSTP/STP tree structure in a ring topology as opposed to a meshed topology. S-
Ring running on the Ring Manager switch leverages this capability to recover quickly from
fault situations. The recovery times for S-Ring based networks are within a few hundred
milliseconds. Recovery time for STP devices is in tens of seconds (typically 30-50 seconds
in most networks) or sub second to a few seconds for RSTP networks. The biggest
advantage of S-Ring, besides the fast recovery time, is the defined ring topology which
makes the network manageable. S-Ring can also be an overall lower cost solution as there
are hubs as well as switches which can be used in the ring.

In the Magnum 6K family of switches as well as in other unmanaged switches such as the
ES42, a feature called Link-Loss-Learn™ (LLL) can be activated to immediately flush its
address buffer and relearn the MAC addresses that route packets around the fault. This
procedure, is similar to switch initialization, occurs within milliseconds, resulting in fast ring
recovery. An S-Ring implementation watches for link-loss and for STP/RSTP BPDU
packet failures and responds to whichever occurs first. In most instances the link-loss will
be detected faster than the two-second interval that the BPDU packets are successfully
passed around the ring. Typical ring recovery times using S-Ring software is less than 250
milliseconds, even with 50 or more Magnum 6K family of switches in a ring structure.
Without LLL activation, the Magnum 6K family of switches address buffer aging time (5
minutes default) could be the gating factor in ring recovery time. LLL is used on S-Ring and
helps speed up the ring recovery time.

S-Ring operates from specifically defined port pairs that participate in a ring-topology.
Multiple rings of different pairs on the same switch are also supported; however,
intersecting rings or a ring of rings or overlapping rings are not supported in the current
version. While S-Ring builds upon the foundation of RSTP or STP, S-Ring offers an
additional topology option to network architects. The two ends of a ring must be connected
to two ports in a Magnum 6K Switch that is enabled with the S-Ring software. The end
points of the ring provide an alternate path to reach the switch that has failed. The in-out
pairs of the ports to other devices in the ring have to be enabled with LLL. Some items to
be aware of with S-Ring are as follows:

1. The S-Ring feature is a separately licensed module for the MNS-6K software package.
This module must be enabled by means of a software key.
2. Only one switch is the Ring Manager. That switch has the S-Ring Software
authorized (enabled) for that device. Only one license key is needed per ring and not
per switch.
3. There can be multiple S-Rings on a given Magnum 6K switch. There can be multiple
ring topologies in a network. Each ring has to be a separate ring. Ring of rings or
overlapping rings are not supported at this time
4. S-Ring topologies support one failure in the network. A second failure may create
isolated network islands.

185
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

5. At least one untagged VLAN must be available for the BPDU’s to propagate through
the network to update RSTP/STP status.
6. S-Ring faults can be software signaled to alarm contacts.

Comparing Resiliency Methods

So far we have briefly covered S-Ring with LLL, RSPT and STP. The table below
summarizes some decision criteria on selecting RSPT vs STP vs S-Ring and LLL.

S-Ring with LLL RSTP STP

License A license key is needed. Included in MNS- Included in MNS-
One key per ring 6K 6K
manager switch.
Spanning Tree Works with RSTP or -- --
STP devices
Devices supported Managed or certain Many Many
non managed Magnum
switches. Requires at
least one Magnum 6K
switch as ring manager.
Recovery decision Centralized to ring Typically done Typically done
manager. LLL provides using BPDU. Can using BPDU. Can
triggers to recomputed take time. take time.
topology for ring
members. Also works
with RSTP or STP.
Topology Single ring, multiple Mesh topology – Mesh topology –
rings, no overlapping can have multiple can have multiple
rings or ring of rings. paths paths
Interoperability Works with managed Wide range of Wider range of
6K family of switches products, including products, including
and non managed other vendor other vendor
switches as well as products products
some hubs.
Recovery time Fast Medium – sub Slow – in tens of
second to a few seconds
seconds

186
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

S-Ring with LLL RSTP STP

Resiliency Fast recovery from a Multiple points of Multiple points of
single point of failure. failure – each failure – each
Ring Manager is connected node can connected node can
responsible for decision be in stand-by. be in stand-by.
making.
Software cost Licensed per ring Included in MNS-6K Included in MNS-6K
Hardware cost One Managed 6K per Many choices Many choices
ring. Multiple choices for available, making it available, making it
members of the ring. cost effective. cost effective.
Software Alarm Yes No No
Ring Size 50+ nodes NA NA
Dual-Homing Supports dual-homing to Supports dual-homed Supports dual-homed
members in the ring. device to devices in device to devices in
the network. the network.s

RSTP/STP Operation Without

S-Ring
S-Ring supports non managed switches where LLL capability is supported on that switch. A
ring is a special form of mesh network topology. The two top-of-the-ring ports form an
otherwise-illegal redundant path, and standard RSTP/STP causes one of these two ports to
block incoming packets in order to enable normal Ethernet traffic flow. All ring traffic goes
through the non-blocking port for normal LAN operation. This port is designated
Forwarding Port. Meanwhile, there is a regular flow of status-checking multi-cast packets
called Bridge Protocol Data Units (BPDU) sent out by RSTP/STP that move around the
ring to show that things are functioning normally.

187
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

r a ffic
T
DU
BP Forwarding Blocking
Port Port

FIGURE98 – Normal RSTP/STP operations in a series of switches. Note – this normal status is
designated RING_CLOSED.

This normal status is designated as RING_CLOSED. Operations will continue this way
indefinitely until a fault occurs.

A fault anywhere in the ring will interrupt the flow of standard RSTP/STP status-checking
BPDU packets, and will signal to RSTP/STP that a fault has occurred. According to the
standard RSTP/STP defined sequence, protocol packets are then sent out, gathered up and
analyzed to enable RSTP/STP to calculate how to re-configure the LAN to recover from
the fault. After the standard RSTP/STP reconfiguration time period, typically 20 to 30
seconds, the RSTP/STP analysis concludes that recovery is achieved by changing the
blocking port of the ring port-pair to the forwarding state.

188
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE 99 – A fault in the ring interrupts traffic. The blocking port now becomes forwarding so that
traffic can reach all switches in the network. Note the ES42 switches support LLL and can participate
in S-Ring as an access switch.

When this change is made by RSTP/STP and both of the ring manager switch’s ring ports
are forwarding, the fault is effectively bypassed and there is a path for all LAN traffic to be
handled properly. This abnormal status is designated RING_OPEN, and may continue
indefinitely, until the ring fault is repaired. At that time, RSTP/STP will change one of the
ring control ports to be a blocking port again. This recovery operation may take thirty
seconds to a few minutes, depending on the number of switches and other RSTP/STP
parameters in operation.

RSTP/STP Operation With S-Ring

When the Magnum 6K family of switches is used in the network and the S-Ring feature is
enabled, the result of a ring-fault is the same but the recovery is faster. The S-Ring
capability overrides the normal RSTP/STP analysis for the ring-pair ports of the ring
manager or ring-control switch, providing quick recovery of the ring fault without
conflicting with standard RSTP/STP.

The Magnum 6K family of switches, running MNS-6K software, offer users the choice of
selecting S-Ring when RSTP or STP is configured and in use. For the S-Ring, the user must
select two ports of one 6K switch to operate as a pair in support of each Ethernet ring, and
attach to the two ends of each ring as it comes together at the ring control switch.

189
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Ring 1
Ring 2

FIGURE 100 – More than one S-Ring pair can be selected and more than one S-Ring can be defined per
switch. Note the ES42 switches support LLL and can participate in S-Ring as an access switch.

More than one S-Ring port-pair may be selected per ring control switch. Each port-pair
will have its own separate attached ring, and each port-pair operates on faults
independently. The port-pairs may be of any media type, and the media type does not have
to be the same for the pair. With the Magnum 6K family of switches, a port operating at
any speed 10 MB, 100 MB, or 1 GB may be designated as part of a S-Ring port-pair
ensuring proper Ethernet configuration of the ring elements.

After selecting a port-pair for a ring, the manager or administrator enables S-Ring on the
selected port-pairs via S-Ring software commands. One command enable/disable, turns
S-Ring on and off. Another command adds/deletes port- pairs. Other commands provide
for status reporting on the ring. The MNS-6K software package provides for remote
operation, access security, event logs, and other industry-standard managed network
capabilities suitable for industrial applications requiring redundancy.

When S-Ring is enabled for a port-pair, fault detection and recovery are armed for the
associated ring. The standard RSTP/STP functions are performed by the Magnum 6K
family of switches for other ports in the same manner as they would be without S-Ring
enabled, when operating in the RING_CLOSED state. During this state, S-Ring is also
watching the flow of the BPDU packets that move around the ring between the designated
part-pair.

The extra capability of S-Ring comes into play when a fault occurs. When the flow of
BPDU packets around the ring is interrupted (or when Link-Loss is sensed on one of the
ports of the ring port-pair by S-Ring), S-Ring quickly acts to change the blocking port’s
state to forwarding. No waiting for STP analysis. No checking for other possible events. No
other ports to look at. No 30-second delay before taking action. S-Ring takes immediate
corrective action for quick recovery from the fault in the ring. The ring becomes two strings
topologically, as shown above, and there is a path through the two strings for all normal
LAN traffic to move as needed to maintain LAN operations.

190
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

When the fault is corrected, the re-emergence of the ring structure enables the BPDU
packets to flow again between the ring’s port-pair. This is recognized by S-Ring,
RSTP/STP, and one of the ports in the ring’s port pair is changed to the blocking state.
S-Ring takes the recovery action immediately, not waiting for the 30-second STP analysis.

Rings are simple structures. One port of a pair is forwarding or both. Not complicated; not
much to go wrong.

A Link-loss on one of the Magnum 6K Switch’s ring ports is an alternative trigger for S-
Ring to initiate fault recovery. The Link-loss trigger almost always comes quicker after a
fault (a few milliseconds) then the loss of a BPDU packet which is gated by the standard
STP 2-second hello time interval. So the Link-loss trigger will almost always provide faster
fault detection and faster recovery accordingly.

LLL With S-Ring

The Link-Loss-Learn™ feature, available on Magnum 6K family of switches can
significantly reduce switch address memory decay time, resulting in more rapid
reconfiguration. With Link-Loss-Learn (LLL), Magnum 6K family switches in a ring can
flush their address memory buffer and quickly re-learn where to send packets, enabling
them to participate in a very quick recovery or restoration. Note that a Link-loss on any
Magnum 6K Switch port somewhere in the ring is an alternative trigger for S-Ring to act
for either fault recovery or ring restoration. The interruption or the restoration of the flow
of BPDU packets is one trigger, link-loss is another, and action is taken by S-Ring based on
whichever occurs first. For the ports connected to the ring, it is important to enable LLL
on these ports only for all switches in the ring - except the ring manager.

Ring Learn Features

One of the S-Ring software commands, s-ring learn, causes the scanning of all ports in the
Magnum 6K family of switches for the presence of rings. This command can be a handy
tool in setting up the S-Ring product for correct initial operation. During a ring-learn scan,
if any port receives a BPDU packet that was also originated by the same switch, the source
and destination ports are designated as a ring port-pair and they are automatically added to
the S-Ring port-pair list for that 6K Switch. The user can enable or disable ports pairs that
are on the S-Ring list by CLI commands in order to exercise final control if needed.

Configuring S-Ring
S-Ring is a licensed software feature from GarrettCom Inc. Before using the S-Ring
capabilities; authorize the use of the software with the license key. To obtain the license
key, please contact GarrettCom Inc. Sales for purchasing the S-Ring feature or Technical

191
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Support to obtain the 12 character key. If the S-Ring capability was purchased along with
the switch, the software license code will be included with the switch.

Syntax authorize <module> key=<security key> - activate the S-Ring capabilities. Don’t forget
to use the save command to save the key

In the example below – STP is used to show how S-Ring is setup. S-Ring
will also work with RSTP.

Magnum10KT# authorize s-ring key=abc123456789

S-RING Module Successfully Authorized
Please Save Configuration.
Magnum10KT# save

Saving current configuration

Configuration saved

Saving current event logs

Event logs saved

Magnum10KT# show keys

Module Key Description

------ --- -----------
Secure 1122334455667788 Secure Management Module
s-ring abc123456789 S-RING Module

Magnum10KT# reboot

Proceed on rebooting the switch? [ 'Y' or 'N' ] Y

Do you wish to save current configuration? [ 'Y' or 'N' ] Y

Saving current configuration
Configuration saved

Rebooting now...
FIGURE101 – Activating S-Ring on the switch.

Since S-Ring uses RSTP/STP, STP has to be activated and enabled. Please refer to Chapter
12 - Spanning Tree Protocol (STP) on page 158 for more information. Some of the
commands are repeated here for clarity. Using S-Ring with multiple switches, it is
recommended to do the following:
1) On the switch which is the root node, authorize the use of the S-Ring software.
2) On the switch which is the root node or where the top of the ring ports are
configured, enable STP.
3) On the root node enable S-Ring and add the necessary ports as S-Ring ports.
4) On all other switches (except the root node), disable STP.
5) On all other switches (except the root node), enable LLL.

192
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Ports associated with S-Ring should have the following settings:

• Auto negotiation - disable
• Speed - Fixed
• Same Speed
• Same Duplex
• LLL - enable

The necessary commands are:

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> - Start (Enable) or stop (Disable) STP

Syntax set stp type=<stp|rstp> - set the spanning tree protocol to be IEEE 802.1d or 802.1w
(Spanning Tree Protocol or Rapid Spanning Tree Protocol)

Syntax show active-stp – Display which version of STP is currently active

Syntax show s-ring – show the status of S-Ring status and configuration

Syntax s-ring <enable|disable> - enable or disable S-Ring capabilities

Syntax s-ring learn – start the learning process to discover the ring and the ports which make up the S-
Ring

Syntax s-ring add port=<port1,port2> - define ports which make up the S-Ring ports. Note as
discussed earlier, you can create multiple S-Rings on a switch

Syntax s-ring del port=<port1,port2> - remove the switch from S-Ring topology by eliminating the
end ports on the switch

Magnum10KT(stp)## show s-ring

S-Ring Status:

sRing Status: DISABLED

Port 1 Port 2 Status

Magnum10KT(stp)## s-ring enable

S-RING Enabled.

Magnum10KT(stp)## show s-ring

S-Ring Status:

sRing Status: ENABLED

193
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Port 1 Port 2 Status

Magnum10KT(stp)## s-ring add port=1,7

Ports 1 and 7 Configured for sRing Operation

Magnum10KT# show s-ring

Magnum Ring Status:

sRing Status: ENABLED

Port 1 Port 2 Status

1 7 CLOSED

FIGURE 102 – S-Ring configuration commands for root switch.

If the BPDU stream is broken, or it finds the Link-Loss-Learn signal, the

system will immediately force STP to put both ports in forwarding mode.
Should that happen, the ring status will be displayed as Open.

If the ring sees BPDUs not belonging to itself on any of the ports, it will
set the ring to the Unknown state, and stop all ring activity on that ring.

The ring activity has several timers and safeguards to prevent erroneous operation. Ring
faults are not expected to happen in quick successions. If the ring system sees a sequence of
changes in the duration of a less than a second each, it will temporarily ignore the signals
and leave STP to reconfigure the ring network using the normal IEEE 802.1d algorithms.

With S-Ring it is also critical to setup and configure Link-Loss-Learn as the S-ring can
recover from fault situations a lot faster. For configuring LLL, use the commands listed
below. LLL has to be setup on other switches in the ring for the in-out ports on the
switch.

Syntax lll <enable|disable> - enable or disable LLL on the switch

If STP is enabled, Link Loss Learn will not work even though it was enabled.
LLL is not enabled on the root node.

Syntax lll add port=<port|list|range> - enable LLL on the list of specified ports

Syntax lll del port=<port|list|range> - disable LLL on the list of specified ports

Syntax show lll – display the status of LLL

194
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# stp

Magnum10KT(stp)## lll enable

Link-Loss-Learn Enabled.

Magnum10KT(stp)## lll add port=1,2,3

Added Ports: 1,2,3

Magnum10KT(stp)##show lll
Link-Loss-Learn Status:

LLL Status: ENABLED

LLL Enabled on Ports: 1,2,3

Magnum10KT(stp)## lll del port=2,3

Deleted Ports: 2,3

Magnum10KT(stp)## lll disable

Link-Loss-Learn Disabled.

FIGURE103 – Link Loss Learn (LLL) setup. Setup LLL on ports connected to other switches
participating in S-Ring.

List of Commands In This Chapter

Syntax authorize <module> key=<security key> - activate the S-Ring capabilities. Don’t forget
to use the “save” command to save the key

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> – Start (Enable) or stop (Disable) STP

Syntax set stp type=<stp|rstp> – set the spanning tree protocol to be IEEE 802.1d or 802.1w
(Spanning Tree Protocol or Rapid Spanning Tree Protocol)

Syntax show active-stp – Display which version of STP is currently active

Syntax show s-ring – show the status of S-Ring status and configuration

Syntax s-ring <enable|disable> – enable or disable S-Ring capabilities

Syntax s-ring learn – start the learning process to discover the ring and the ports which make up the S-
Ring

Syntax s-ring add port=<port1,port2> – define ports which make up the S-ring ports. Note as
discussed earlier, you can create multiple S-Rings on a switch

195
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax s-ring del port=<port1,port2> – remove the switch from S-Ring topology by eliminating
the end ports on the switch

Syntax lll <enable|disable> – enable or disable LLL on the switch

Syntax lll add port=<port|list|range> – enable LLL on the list of specified ports

Syntax lll del port=<port|list|range> – disable LLL on the list of specified ports

Syntax show lll – display the status of LLL

Syntax rstp – STP Configuration mode

Syntax rstp <enable|disable> – Start (Enable) or stop (Disable) STP

Syntax set stp type=<stp|rstp> – set the spanning tree protocol to be IEEE 802.1d or 802.1w
(Rapid Spanning Tree Protocol)

Syntax show active-stp – Display which version of STP is currently active

196
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

15
15 – Dual-Homing
Fault tolerance options for edge devices

esigning and implementing high-availability Ethernet LAN topologies in networks can

D be challenging. Traditionally, the choices for redundancy for edge of the network
devices were too limited, too expensive, and too complicated to be considered in most
networks. Redundancy at the edge of the network is greatly simplified by the using
dual-homing.

Dual-Homing Concepts

In Ethernet LANs, dual-homing is a network topology that adds reliability by

allowing a device to be connected to the network by way of two independent
connection points (points of attachment). One connection point is the
operating connection, and the other is a standby or back-up connection that is activated in
the event of a failure of the operating connection. A dual-homing switch (such as ESD42)
offers two attachments into the network or two independent media paths and two upstream
switch connections. In the case of the Magnum 6K family of switches, any two ports can be
defined as dual-home ports to provide this level of redundancy. Loss of the Link signal on
the operating port connected upstream indicates a fault in that path, and traffic is quickly
moved to the standby connection to accomplish a fault recovery.

197
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

= Active link
= Standby Link

FIGURE104 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of a
connectivity break – the connection switches to the standby path or standby link.

In those situations where the end device is a PoE device (for example, a video surveillance
camera, as shown above) a Magnum 6K switch with MNS-6K can provide PoE to the end
devices as well as other advantages such as IGMP, managed configuration and more. To
provide the managed reliability to the end devices, dual-homing can be used with MNS-6K
devices.

PoE

= Active link
= Standby Link
FIGURE105 – Dual-homing using Magnum 6K family of switches. Note the end device (video surveillance
camera) can be powered using PoE options on Magnum 6K family of switches. In case of a connectivity
break, the connection switches to the standby path or standby link.

Because it takes advantage of Ethernet standards, the dual-homing redundancy features of

the ESD42 and those for MNS-6K work with any brands or models of Ethernet switches
upstream. With MNS-6K, the user has to define the set of ports which make up the dual-
home ports.

198
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

= Active link
PoE = Standby Link

FIGURE106 – Using S-Ring and dual-homing, it is possible to build networks resilient not only to a single
link failure but also for one device failing on the network.

The following points should be remembered for setting up dual-homing

• Configure dual-homing before connecting the Ethernet
connectors (cables) in the switch6.
• Only one set of dual-homing ports can be defined per switch.
• Port types (copper vs fiber) as well as speeds can be mixed and matched
– both ports need not be identical.
• By default dual-homing is turned off – you have to enable it after the
ports are defined.
• Dual-homing ports can span different modules in a switch.

6 If dual homing is not configured there is a potential a loop can be created and either STP or RSTP will setup the port in
the active stand-by mode. Dual-homing may not work if one of the dual-homed port is in active standby. To avoid that
situation, it is recommended to configure dual-homing first.

199
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Dual-Homing Modes
There are two modes in which the dual-homing works. The first one is where the ports are
equivalent and if one port fails, the other one takes over, however, if the first failed port
recovers, the active port does not switch back.

The second mode of operation is primary-secondary mode. In this mode of operation, the
primary port is explicitly defined and the secondary port is explicitly defined. In the primary-
secondary mode of operation, if the primary fails, the secondary takes over. When the
primary recovers, the secondary switches back from an active state to passive state and the
primary port is now the active port.

The primary-secondary mode has to be explicitly setup. The primary-secondary mode of

operation is only possible on managed switches such as the Magnum 6K family of switches.

The primary-secondary mode of operation allows the network manager to determine on

which path the packets will flow (as a default).

Configuring Dual-Homing
The following commands are used for configuring dual-homing:

Syntax dualhome – enter the dual-homing configuration sub-system

Syntax dualhome <enable|disable> – enable or disable dual-homing

Syntax dualhome add port1=<port#> port2=<port#> – dual-homing setup similar to that of

unmanaged switches such as ES42

OR

Syntax dualhome add primary=<port#> secondary=<port#> – dual-homing setup as

primary-secondary mode

Syntax dualhome del – Delete the dual-homing setup

Syntax show dualhome – Display dual-homing status

The following set of commands show how dual-homing is setup. In the example below both
modes of dual-homing operation is setup.

200
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# dualhome ?
dualhome : Configures Dual homing

Usage
dualhome <enter>

Magnum10KT# show dualhome

Dual Homing Status : DISABLED

Magnum10KT# dualhome

Magnum10KT(dualhome)## dualhome add port1=10 port2=11

Dual Homing Ports configured

Magnum10KT(dualhome)## dualhome enable

Dual Homing Enabled.

Magnum10KT(dualhome)## show dualhome

Dual Homing Status : ENABLED

Dual Homing Ports : 10 11
Dual Homing Active On Port : 10

Magnum10KT(dualhome)## dualhome del

Dual Homing Ports Deleted and Dual Homing Disabled.

Magnum10KT(dualhome)## show dualhome

Dual Homing Status : DISABLED

Magnum10KT(dualhome)## dualhome add primary=10 secondary=11

Dual Homing Ports configured

Magnum10KT(dualhome)## show dualhome

Dual Homing Status : DISABLED

Dual Homing Ports : Primary: 10, Secondary: 11

Magnum10KT(dualhome)## dualhome enable

Dual Homing Enabled.

Magnum10KT(dualhome)## show dualhome

Dual Homing Status : ENABLED

Dual Homing Ports : Primary: 10, Secondary: 11
Dual Homing Active On Port : 10

Magnum10KT(dualhome)## exit

Magnum10KT#
FIGURE 107 – configuring dual-homing

201
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax dualhome – enter the dual-homing configuration sub-system

Syntax dualhome <enable|disable> – enable or disable dual-homing

Syntax dualhome add port1=<port#> port2=<port#> – dual-homing setup similar to that of

unmanaged switches such as ES42

OR

Syntax dualhome add primary=<port#> secondary=<port#> – dual-homing setup as

primary-secondary mode

Syntax dualhome del – Delete the dual-homing setup

Syntax show dualhome – Display dual-homing status

202
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

16
16 – Link Aggregation Control Protocol
(LACP)
Increase Network throughput and reliability

L ink Aggregation Control Protocol (LACP) is part of an IEEE specification (IEEE

802.3ad) that allows several physical ports to be grouped or bundled together to form a
single logical channel. This increases the throughput across two devices and provides
improved reliability.

LACP Concepts

The IEEE802.3ad standard provides for the formation of a single Layer 2 link
from two or more standard Ethernet links using the Link Aggregation Control
Protocol (LACP). LACP provides a robust means of assuring that both ends
of the link are up and agree to be members of the aggregation before the link member is
activated. LACP trunking is a method of combining physical network links into a single
logical link for increased bandwidth. With LACP the effective bandwidth of a trunk and
network availability is increased. Two or more Fast Ethernet connections are combined as
one logical trunk in order to increase the bandwidth and to create resilient and redundant
links. By taking multiple LAN connections and treating them as a unified, aggregated link,
Link Aggregation provides the following important benefits:

• Higher link availability – in case a link fails, the other links continue to operate.
• Increased link capacity – the effective throughput is increased.
• Better port utilization – allows unused ports to be used as trunk ports allowing
better throughput and availability.
• Interoperability – being a standard allows LACP to work across different hardware
platforms where LACP is supported.

Failure of any one physical link will not impact the logical link defined using LACP. The
loss of a link within an aggregation reduces the available capacity, but the connection is
maintained and the data flow is not interrupted.

The performance is improved because the capacity of an aggregated link is higher than each
individual link alone. 10 Mbps or 10/100 Mbps or 100 Mbps ports can be grouped together
to form one logical link.

203
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Instead of adding new hardware to increase speed on a trunk – one can now use LACP to
incrementally increase the throughput in the network, preventing or deferring hardware
upgrades. Some known issues with LACP on the Magnum 6K family of switches are:

• LACP will not work on Half Duplex ports.

• All trunk ports must be on the same module. Trunk ports cannot be
spread out across different modules.
• All trunk ports must have the same speed setting. If the speed is
different, LACP shows an error indicating speed mismatch.
• Many switches do not forward the LACPDUs by default. So, it is
possible to hook up multiple ports to these switches and create an Ethernet loop. (In
many cases this is prevented by Spanning Tree running on these switches).
• All ports in a trunk group should be members of the same VLAN. Each port can be a
member of multiple VLANs, but each port should have at least one VLAN that is
common to both the port groups.
• The LACPDU packets are sent out every 30 seconds. It is possible that in configuring
LACP, a loop can be created until LACP notification is completed. It is recommended
to configure LACP first and then physically connect the ports to avoid this potential
issue.
• Port Security will not work with the ports configured for LACP.
• IGMP will work with the primary LACP port only. All IGMP traffic is sent via a
primary port. If needed, this port can be mirrored for traffic analysis.

LACP Configuration
For LACP to work on the Magnum 6K family of switches, only one trunk per module can
be created. Some valid connections are shown in the picture below.

Switch 1 Switch 1

Switch 2 Switch 2

FIGURE108 – Some valid LACP configurations.

204
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Should trunks be created so as to span multiple ports, a trunk mismatch error message is
printed on the console. An example of an incorrect configuration is shown below:

Switch 1

Switch 2

FIGURE109 – an incorrect LACP connection scheme for Magnum 6K family of switches. All LACP
trunk ports must be on the same module and cannot span different modules.

Another example is highlighted below where some ports belong to VLAN 10 (shown in red)
and other ports belong to VLAN 20 (shown in blue). If the port groups do not have a
common VLAN between them, LACP does not form a connection.

Switch 1
VLAN 10
VLAN 20
Switch 2

FIGURE110 – In this figure, even though the connections are from one module to another, this is still not a
valid configuration (for LACP using 4 ports) as the trunk group belongs to two different VLANs.

On each switch, the set of ports can belong to same VLANs as shown in the figure below.
While the ports belong to the same VLANs, there is no common VLAN between the
switches and hence the LACPDU cannot be transmitted. This configuration will not work in
the LACP mode.

205
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

VLAN 10 Switch 1

VLAN 20 Switch 2

FIGURE111 - In the figure above, there is no common VLAN between the two sets of ports, so packets
from one VLAN to another cannot be forwarded. There should be at least one VLAN common between
the two switches and the LACP port groups.

VLAN 1,10 Switch 1

VLAN 1,20 Switch 2

FIGURE112 – This configuration is similar to the previous configuration, except there is a common
VLAN (VLAN 1) between the two sets of LACP ports. This is a valid configuration.

206
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Switch 1

Switch 2

Switch 3

FIGURE113 – In the architecture above, using RSTP and LACP allows multiple switches to be configured
together in a meshed redundant link architecture. First define the RSTP configuration on the switches. Then
define the LACP ports. Then finally connect the ports together to form the meshed redundant link topology as
shown above.

Using the Magnum edge switch with dual-homing allows the edge devices to
have link level redundancy that brings the fault tolerance from the network to
the edge.

207
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Switch 1

Switch 2

Switch 3
T
LK/
AC

T
LK/
AC
A
F

Dual-Homed
R
10 OR
OR

PW
100

1 0/
100

6
1

5
3
P O RT

6
Edge Switch
P O RT
D

4
3

2
Ma g
nu m
1
H a E 42
r d
e n
Edg Se d
e
12 VDC 1 AM P

Sw
itc h 100
10/
100
10/

FIGURE114 – LACP, along with RSTP/STP brings redundancy to the network core or backbone. Using
this reliable core with a dual-homed edge switch brings reliability and redundancy to the edge of the network.

It is recommended not to use LACP with S-Ring at this time.

Since S-Ring and LACP use the same BPDUs called LACPDUs, the architecture shown
below is not supported in this release.

208
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

S-Ring 1

S-Ring 2

FIGURE115 – This architecture is not recommended.

LACP can be used for creating a reliable network between two facilities connected via a
wireless bridge. As shown in the figure below, four trunk ports are connected to four
wireless bridge pairs. This increases the effective throughput of the wireless connections and
also increases the reliability. If one of the bridges were to stop functioning, the other three
will continue to operate, providing a very reliable infrastructure.

209
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Facility 1

A A

A A

A A
A
A

Facility 2
FIGURE116 – Creating a reliable infrastructure using wireless bridges (between two facilities) and LACP.
A indicates a Wi-Fi wireless Bridge or other wireless Bridges.

The list of commands to configure, edit and manage LACP on the Magnum 6K family of
switches are the following:

Syntax lacp - enable the LACP configuration module within CLI

Syntax lacp <enable | disable> - enable or disable LACP7

Syntax add port=<number|list|range> [priority=<0-65535>] – add the specified list of ports

to form the logical LACP trunk. Default value for priority is 32768. The lower the value assigned
to priority, the higher the priority. The port with the highest priority is the primary port.

Syntax del port=<number|list|range> - delete specified ports from the LACP membership

Syntax edit port=<number|list|range> [priority=<priority>] - edit the membership of the

ports specified. The priority can be from 0 – 65535

Syntax show lacp – displays the status and other relevant LACP information

7Before enabling, please ensure that the correct ports are configured. If network connectivity is lost due to a port being
configured as a LACP port, you will need to physically access the switch via the console to correct this error.

210
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Some other definitions are worth noting for a primary port. Primary port is the port over
which the specific traffic like Multicast (IGMP), unknown Unicast and broadcast traffic is
transmitted. As shown by the add port command, the port with the lowest priority value has
the highest priority and is designated as the primary port. If traffic analysis is required, it is
recommended to mirror the primary port and physically disconnect the other ports if all
traffic needs to be captured.

If multiple ports have the same priority, the first port physically connected becomes the
primary port. In case the ports are already connected, the port with the lowest port count
becomes the primary port and if ports 4, 5, 6 are designated as the LACP group, port 4
would become the primary port.

If the primary port fails, the next available secondary port is designated as the primary port.
So in the example above, if port 4 fails, port 5 will be designated as the primary port.

Magnum10KT# show lacp

LACP is Disabled. Enable LACP before
ports can be added to
Magnum10KT# lacp the trunk group.

Magnum10KT(lacp)## add port=14,15,16

Error : LACP is disabled.

Magnum10KT(lacp)## lacp enable

LACP Enabled.
Magnum10KT(lacp)## add port=13-16

Port(s) added successfully.

Magnum10KT(lacp)## show lacp

Orphan Ports:

Port Priority Trunk

=====================
13 32768 Link Down
14 32768 Link Down
15 32768 Link Down Indicates no LACP BPDU can
16 32768 Peer Not a Trunk be received from this port.
This port was in use and was
Magnum10KT(lacp)## del port=16 an error to add this. The next
few steps deletes this port and
Port(s) deleted successfully. adds the proper port. See
other messages below.
Magnum10KT(lacp)## show lacp

Orphan Ports:

Port Priority Trunk

211
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

=====================
13 32768 Link Down
14 32768 Link Down
15 32768 Link Down

Magnum10KT(lacp)## add port=12

Port(s) added successfully.

Magnum10KT(lacp)## show lacp

Orphan Ports:

Port Priority Trunk

=====================
12 32768 Link Down
13 32768 Link Down
14 32768 Link Down
15 32768 Link Down

Magnum10KT(lacp)## exit

Magnum10KT# show lacp

Orphan Ports:

Port Priority Trunk

=====================
12 32768 Link Down
13 32768 Link Down
14 32768 Link Down
15 32768 Link Down

Magnum10KT#
FIGURE117 – Configuring LACP.

The error messages received when a trunk port is not configured properly are as follows:

Link Down Link is down or the cable is not connected

Half Duplex Half Duplex ports cannot participate in LACP
Loop Detected Indicates the other side does not have LACP configured. Without
LACP configured on both switches, the network will create an
Ethernet loop.
Peer Not a Trunk When no LACPDU was received or cannot be received, from the
peer. This maybe due to the port is already in use or is shutdown or
not available.
Speed Mismatch All ports in a trunk should have the same speed. If one port’s speed
does not match the other ports, this specific port cannot join the port
group.

212
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Trunk Mismatch The other switch sent a BPDU which did not match the trunk
information associated with this port. This happens when the port is
connected to a different switch, or a different module in the Magnum
6K switch.

The output of the LACP command in the network shown below:

Switch 1

Switch 2

Switch 3

FIGURE118 – The network for the show lacp command listed below:

In the figure shown above, Switch 1 has ports 11 and 15 forming the first trunk, connecting to
Switch 3. Switch 1 also has ports 17 and 23 forming the second trunk on Switch 2. The show
lacp command was executed on Switch 1.

Magnum 6K(lacp)## show lacp

Unique ID of trunk
Trunk Id : 1
Trunk Status : Trunk Active
Primary Port : 11 MAC address of Switch 3
Trunk Partner : 00:20:06:25:11:40

Member Ports:

Port Priority Trunk

===================== Ports belonging to this trunk
11 32768 Primary Port
15 32768 Member Port

Trunk Id : 2
Trunk Status : Trunk Active
Primary Port : 17

213
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Trunk Partner : 00:20:06:25:72:90

Member Ports:

Port Priority Trunk

=====================
17 32768 Primary Port
23 32768 Member Port

FIGURE119 – LACP information over a network.

List of Commands In This Chapter

Syntax lacp - enable the LACP configuration module within CLI

Syntax lacp <enable | disable> - enable or disable LACP

Syntax add port=<number|list|range> [priority=<0-65535>] – add the specified list of ports

to form the logical LACP trunk. Default value for priority is 32768. The lower the value assigned
to priority, the higher the priority. The port with the highest priority is the primary port (over which
certain types of traffic like IGMP is transmitted)

Syntax del port=<number|list|range> - delete specified ports from the LACP membership

Syntax edit port=<number|list|range> [priority=<priority>] - edit the membership of the

ports specified. The priority can be from 0 – 65535

Syntax show lacp – displays the status and other relevant LACP information

214
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

17
17 – Quality of Service
Prioritize traffic in a network

uality of Service (QoS) refers to the capability of a network to provide different priorities
Q to different types of traffic. Not all traffic in the network has the same priority. Being able
to differentiate different types of traffic and allowing this traffic to accelerate through the
network improves the overall performance of the network and provides the necessary quality of
service demanded by different users and devices. The primary goal of QoS is to provide priority
including dedicated bandwidth.

QoS Concepts

The Magnum 6K family of switches supports QoS as specified in the IEEE 802.1p
and IEEE 802.1q standards. QoS is important in network environments where there
are time-critical applications, such as voice transmission or video conferencing, that
can be adversely effected by packet transfer delays or other latency in a network.

Most switches today implement buffers to queue incoming packets as well as outgoing packets. In
a queue mechanism, normally the packet that comes in first leaves first (FIFO) and all the packets
are serviced accordingly. Imagine, if each packet had a priority assigned to it. If a packet with a
higher priority than other packets were to arrive in a queue, the packet would be given a
precedence and moved to the head of the queue and would go out as soon as possible. The
packet is thus preempted from the queue and this method is called preemptive queuing.

Preemptive queuing makes sense if there are several levels of priorities, normally more than two.
If there are too many levels, then the system has to spend a lot of time managing the preemptive
nature of queuing. IEEE 802.1p defines and uses eight levels of priorities. The eight levels of
priority are enumerated 0 to 7, with 0 the lowest priority and 7 the highest.

To make the preemptive queuing possible, most switches implement at least two queue buffers.
The Magnum 6K family of switches has two priority queues, 1 (low) and 0 (high). When tagged
packets enter a switch port, the switch responds by placing the packet into one of the two queues,
and depending on the precedence levels the queue could be rearranged to meet the QoS
requirements.

215
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

QoS refers to the level of preferential treatment a packet receives when it is being sent through a
network. QoS allows time sensitive packets such as voice and video, to be given priority over
time insensitive packets such as data. Differentiated Services (DiffServ or DS) are a set of
technologies defined by the IETF (Internet Engineering Task Force) to provide quality of service
for traffic on IP networks.

DiffServ and QoS

DiffServ is designed for use at the edge of an Enterprise where corporate traffic enters the service
provider environment. DiffServ is a layer-3 protocol and requires no specific layer-2 capability,
allowing it to be used in the LAN, MAN, and WAN. DiffServ works by tagging each packet (at
the originating device or an intermediate switch) for the requested level of service it requires
across the network.

IP Header

Protocol
DMAC SMAC ToS Data FCS
Type

Diffserv Code Points (DSCP) Unused

FIGURE120 – ToS and DSCP

DiffServ inserts a 6-bit DiffServ Code Point (DSCP) in the Type of Service (ToS) field of the IP
header, as shown in the picture above. Information in the DSCP allows nodes to determine the
Per Hop Behavior (PHB), which is an observable forwarding behavior for each packet. PHBs are
defined according to:
• Resources required; bandwidth or buffer size
• Priority; based on application or business requirements
• Traffic characteristics; delay, jitter, or packet loss

Nodes implement PHBs through buffer management and packet scheduling mechanisms. This
hop-by-hop allocation of resources is the basis by which DiffServ provides quality of service for
different types of communications traffic.

216
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

IP Precedence
IP Precedence utilizes the three precedence bits in the IPv4 header's Type of Service (ToS) field
to specify class of service for each packet. You can partition traffic in up to eight classes of
service using IP precedence. The queuing technologies throughout the network can then use this
signal to provide the appropriate expedited handling.

Data +FCS

ToS byte

3 bits

IP precedence

FIGURE121 - IP Precedence ToS Field in an IP Packet Header.

The 3 most significant bits correlating to binary settings 32, 64, and 128 of the Type of Service
(ToS) field in the IP header constitute the bits used for IP precedence. These bits are used to
provide a priority from 0 to 7 for the IP packet.

Because only 3 bits of the ToS byte are used for IP precedence, you need to differentiate these
bits from the rest of the ToS byte.

The Magnum 6K family of switches has the capability to provide QoS at Layer 2. At Layer 2, the
frame uses Type of Service (ToS) as specified in IEEE 802.1p . ToS uses 3 bits, just like IP
precedence, and maps well from Layer 2 to Layer 3, and vice versa.

The switches have the capability to differentiate frames based on ToS settings. With two queues
present; high or low priority queues or buffers in Magnum 6K family of switches, frames can be
placed in either queue and serviced via the weight set on all ports. This placement of queues,
added to the weight set plus the particular tag setting on a packet allows each queue to have
different service levels.

Magnum QoS implementations provide mapping of ToS or IP precedence, to Class of Service

(CoS). A CoS setting in an Ethernet Frame is mapped to the ToS byte of the IP packet, and vice
versa. A ToS level of 1 equals a CoS level of 1. This provides end-to-end priority for the traffic
flow when Magnum 6K family of switches are deployed in the network.

217
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Not all packets received on a port have high priority. IGMP and BPDU packets have high
priority by default.

The Magnum 6K family of switches has the capability to set the priorities based on three
different functions. They are:

Port QoS: Assigns a high priority to all packets received on a port, regardless of the type of
packet.

TAG QoS: If a packet contains a tag, the port on which the packet was received then looks to see
at which level that tag value is set. Regardless of the tag value, if there is a tag, that packet is
automatically assigned high priority, sent to the high priority queue.

ToS QoS: (Layer 3) When a port is set to ToS QoS, the most significant 6-bits of the IPv4 packet
(which has 64 bits) are used. If the 6 bits are set to ToS QoS for the specific port number the
packet went to, that packet is assigned high priority by that port.

Configuring QoS (MNS-6K ver 4.1.x)

Magnum 6K family of switches support three types of QoS - Port based, Tag based and ToS
based.

The commands listed below are for MNS-6K version 4.1. The commands
for QoS have changed for MNS-6K version 4.2. This section is included for
historical reasons.

QoS is disabled by default on the switch. QoS needs to be enabled and

configured. For changing Tags, VLANs need to be configured and enabled as
well.

Syntax qos – enter the QoS configuration mode

Syntax setqos type=<port|tag|tos|none> [port=<port|list|range>]

[priority=<high|low>] [tos=<0-63|list|range>][tag=<0-7|list|range>] - depending
on the type of QOS, the corresponding field has to be set. For example, for QOS type tag, the tag levels
have to be set, and for QOS type ToS, the ToS levels have to be set. If the priority field is not set, it then
defaults to low priority. ToS has 64 levels and the valid values are 0-63 and a tagged packet has 8 levels
and the valid values are 0-7.

218
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Setting type to none will clear the QoS settings.

Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight
is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7.

A weight is a number calculated from the IP precedence setting for a packet. This
weight is used in an algorithm to determine when the packet will be serviced

Syntax show-portweight - display the weight settings on a port

As mentioned previously, the switch is capable of detecting higher-priority packets marked with
precedence by the IP forwarder and can schedule them faster, providing superior response time
for this traffic. The IP Precedence field has values between 0 (the default) and 7. As the
precedence value increases, the algorithm allocates more bandwidth to that traffic to make sure
that it is served more quickly when congestion occurs. Magnum 6K family of switches can assign
a weight to each flow, which determines the transmit order for queued packets. In this scheme,
lower weights (set on all ports) are provided more service. IP precedence serves as a divisor to
this weighting factor. For instance, traffic with an IP precedence field value of 7 gets a lower
weight than traffic with an IP Precedence field value of 3, and thus has priority in the transmit
order.

Once the port weight is set, the hardware will interpret the weight setting for all ports as outlined
below; assuming the queues are sufficiently filled, if there are no packets, for example, in the high
priority queue, packets are serviced on a first come first served (FCFS) basis from the low priority
queue.

Setting Hardware traffic queue behavior

0 No priority – traffic is sent alternately from each queue and packets are queued
alternately in each queue.
1 Two packets are sent from the high priority queue and one packet from low
priority queue.
2 Four packets are sent from the high priority queue and one packet from low
priority queue.
3 Six packets are sent from the high priority queue and one packet from low
priority queue.
4 Eight packets are sent from the high priority queue and one packet from low
priority queue.
5 Ten packets are sent from the high priority queue and one packet from low
priority queue.
6 Twelve packets are sent from the high priority queue and one packet from low
priority queue.
7 All packets are sent from the high priority queue and none are sent from low
priority queue.
FIGURE122 – Port weight settings and the meaning of the setting.

219
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS

settings

Sometimes it is necessary to change the priority of the packets going out of a switch. For
example, when a packet is received untagged and has to be transmitted with an addition of the
802.1p priority tag, the tag can be assigned depending on the untag value set. For example if the
untag command is set to port=1 tag=2 priority=low, untagged packets received on that port will
be tagged with a priority low upon transmit.

Syntax set-untag port=<port|list|range> priority=<high|low> tag=<0-7> - The 802.1p

user priority assigned to untagged received packets to be transmitted as tagged from the priority queue.

Magnum10KT# show port

Keys: E = Enable D = Disable

H = Half Duplex F = Full Duplex
M = Multiple VLAN's NA = Not Applicable
LI = Listening LE = Learning
F = Forwarding B = Blocking

Port Name Status Dplx Media Link Trunk Speed Poe Auto Vlan GVRP STP
----------------------------------------------------------------------
5 C1 E H 10Tx DOWN No 10 E E 1 - -
6 C2 E H 10Tx DOWN No 10 E E 1 - -
7 C3 E H 10Tx DOWN No 10 E E 1 - -
8 C4 E H 10Tx DOWN No 10 E E 1 - -
9 D1 E F 100Tx UP No 100 E E 1 - -
10 D2 E H 10Tx DOWN No 10 E E 1 - -
11 D3 E H 10Tx DOWN No 10 E E 1 - -
12 D4 E H 10Tx DOWN No 10 E E 1 - -
13 E1 E H 10Tx DOWN No 10 No E 1 - -
14 E2 E H 10Tx DOWN No 10 No E 1 - -

Magnum10KT#qos

Magnum10KT(qos)## setqos type=port port=10 priority=high

Successfully set QOS.

Magnum10KT(qos)## setqos type=port port=6 priority=high

Successfully set QOS.

Magnum10KT(qos)## show qos

========================================
PORT | QOS | STATUS
========================================
1 | None | UP
2 | None | DOWN
3 | None | DOWN
5 | None | DOWN
6 | Port | DOWN

220
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

7 | None | DOWN
9 | None | DOWN
10 | Port | DOWN
11 | None | DOWN
13 | None | DOWN
14 | None | DOWN
15 | None | DOWN

Magnum10KT(qos)## show qos type=port

================================
PORT | PRIORITY | STATUS
================================
1 | None | UP
2 | None | DOWN
3 | None | DOWN
5 | None | DOWN
6 | HIGH | DOWN
7 | None | DOWN
9 | None | DOWN
10 | HIGH | DOWN
11 | None | DOWN
13 | None | DOWN
14 | None | DOWN
15 | None | DOWN

Magnum10KT(qos)## setqos port=11 priority=high type=tag tag=6

Successfully set QOS.

Magnum10KT(qos)## show qos All traffic on port 11 is sent to the

high priority queue and the QoS tag
======================================== is set to 6.
PORT | QOS | STATUS
========================================
1 | None | UP
2 | None | DOWN
3 | None | DOWN
5 | None | DOWN
6 | Port | DOWN
7 | None | DOWN
9 | None | DOWN
10 | Port | DOWN
11 | Tag | DOWN
13 | None | DOWN
14 | None | DOWN
15 | None | DOWN

Magnum10KT(qos)## show qos type=tag

========================================
PORT | Pri for VPT | STATUS
| 76543210 |
========================================
1 | -------- | UP

221
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

2 | -------- | DOWN
3 | -------- | DOWN
5 | -------- | DOWN
6 | -------- | DOWN
7 | -------- | DOWN
9 | -------- | DOWN
10 | -------- | DOWN
11 | LHLLLLLL | DOWN
13 | -------- | DOWN
14 | -------- | DOWN
15 | -------- | DOWN

Magnum10KT(qos)## setqos port=13 priority=high type=tag tag=5

Successfully set QOS.

Magnum10KT(qos)## show qos type=tag

============================================
PORT | Pri for VPT | STATUS
| 76543210 |
============================================
1 | -------- | UP
2 | -------- | DOWN
3 | -------- | DOWN
5 | -------- | DOWN
6 | -------- | DOWN
7 | -------- | DOWN
9 | -------- | DOWN
10 | -------- | DOWN
11 | LHLLLLLL | DOWN
13 | LLMLLLLL | DOWN
14 | -------- | DOWN
15 | -------- | DOWN
The queue behavior is set so that for
Magnum10KT(qos)## show portweight 8 high priority packets, 1 low priority
packet is sent out.
Port priority Weight set to 1 High : 1 Low.

Magnum10KT(qos)## set-weight weight=4

Magnum10KT(qos)## show portweight

Port priority Weight set to 8 High : 1 Low.

Magnum10KT(qos)## show qos

========================================
PORT | QOS | STATUS
========================================
1 | None | UP
2 | None | DOWN

222
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

3 | None | DOWN
5 | None | DOWN
6 | Port | DOWN
7 | None | DOWN
9 | None | DOWN
10 | Port | DOWN
11 | Tag | DOWN
13 | Tag | DOWN
14 | None | DOWN
15 | None | DOWN

FIGURE123 – QoS configuration and setup.

Configuring QoS (MNS-6K ver 4.2.x)

Magnum 6K family of switches support three types of QoS - Port based, Tag based and ToS
based.

The commands listed below are for MNS-6K version 4.2.x. A few of the
commands for QoS have changed for MNS-6K version 4.2.x.

QoS is disabled by default on the switch. QoS needs to be enabled and

configured. For changing Tags, VLANs need to be configured and enabled as
well.

Syntax qos – enter the QoS configuration mode

Syntax map priority=<high|normal|medium|low> [tos=<0-63|list|range>]

[tag=<0-7|list|range>] - depending on the type of QOS, the priorities and Type of Service has
to be mapped using this command. For example, for the priority "high" the Type of service can be set
to 24 and 48. The tag can be set to 3.

Syntax set-port
port=<port|list|range>[tag=<enable|disable>][tos=<enable|disable >]
[default=<0-7> - this command is used to specifically set the QoS settings of a specific port or port
group of a list of ports. The packet exiting (egress) will be assigned these settings specified by this
command.

Syntax show-portweight - display the weight settings on a port

223
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight
is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7.

A weight is a number calculated from the IP precedence setting for a packet. This weight is used
in an algorithm to determine when the packet will be serviced.

As mentioned previously, the switch is capable of detecting higher-priority packets marked with
precedence by the IP forwarder and can schedule them faster, providing superior response time
for this traffic. The IP Precedence field has values between 0 (the default) and 7. As the
precedence value increases, the algorithm allocates more bandwidth to that traffic to make sure
that it is served more quickly when congestion occurs. Magnum 6K family of switches can assign
a weight to each flow, which determines the transmit order for queued packets. In this scheme,
lower weights (set on all ports) are provided more service. IP precedence serves as a divisor to
this weighting factor. For instance, traffic with an IP precedence field value of 7 gets a lower
weight than traffic with an IP Precedence field value of 3, and thus has priority in the transmit
order.

Once the port weight is set, the hardware will interpret the weight setting for all ports as outlined
below, assuming the queues are sufficiently filled; if there are no packets, for example, in the high
priority queue, packets are serviced on a first come first served (FCFS) basis from the low priority
queue.

Setting Hardware traffic queue behavior

0 No priority – traffic is sent alternately from each queue and packets are queued
alternately in each queue.
1 Two packets are sent from the high priority queue and one packet from low
priority queue.
2 Four packets are sent from the high priority queue and one packet from low
priority queue.
3 Six packets are sent from the high priority queue and one packet from low
priority queue.
4 Eight packets are sent from the high priority queue and one packet from low
priority queue.
5 Ten packets are sent from the high priority queue and one packet from low
priority queue.
6 Twelve packets are sent from the high priority queue and one packet from low
priority queue.
7 All packets are sent from the high priority queue and none are sent from low
priority queue.
FIGURE124 – Port weight settings and the meaning of the setting.

Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS settings

Sometimes it is necessary to change the priority of the packets going out of a switch. For
example, when a packet is received untagged and has to be transmitted with an addition of the
802.1p priority tag, the tag can be assigned depending on the untag value set. For example if the

224
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

untag command is set to port=1 tag=2 priority=low, untagged packets received on that port will
be tagged with a priority low upon transmit.

Syntax set-untag port=<port|list|range> priority=<high|normal|medium|low> tag=<0-

7> - The 802.1p user priority assigned to untagged received packets to be transmitted as tagged from the priority
queue.

Magnum10KT(qos)## show port

Keys: E = Enable D = Disable

H = Half Duplex F = Full Duplex
M = Multiple VLAN's NA = Not Applicable
LI = Listening LE = Learning
F = Forwarding B = Blocking

Port Name Status Dplx Media Link Trunk Speed Poe Auto Vlan GVRP STP
----------------------------------------------------------------------
5 C1 E H 10Tx DOWN No 10 E E 1 - -
6 C2 E H 10Tx DOWN No 10 E E 1 - -
7 C3 E H 10Tx DOWN No 10 E E 1 - -
8 C4 E H 10Tx DOWN No 10 E E 1 - -
9 D1 E F 100Tx UP No 100 E E 1 - -
10 D2 E H 10Tx DOWN No 10 E E 1 - -
11 D3 E H 10Tx DOWN No 10 E E 1 - -
12 D4 E H 10Tx DOWN No 10 E E 1 - -
13 E1 E H 10Tx DOWN No 10 No E 1 - -
14 E2 E H 10Tx DOWN No 10 No E 1 - -

Magnum10KT(qos)## map priority=high tos=24,48 tag=3

All traffic with high priority
is assigned a ToS of 24,
Priority Mappings Configured.
49 and tag of 3.
Magnum10KT(qos)## set-port port=10 tag=enable tos=enable

Tag QOS is Enabled.

TOS QOS is Enabled.

Magnum10KT(qos)## show-portweight

Port priority Weight set to 8 High :4 Nor: 2 Med : 1 Low.

Magnum10KT(qos)## show qos

TAG Priority Map:

Low: 0-2,4-7
Medium: None Tag of 3 is assigned a
Normal: None high priority as per the
High: 3 map command earlier.

TOS Priority Map:

Low: 0-23,25-47,49-63
Medium: None ToS of 24, 48 is assigned
Normal: None high priority as per the
High: 24,48 map command earlier.

225
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

========================================
PORT | DEFAULT | TAG | TOS
=======================================
5 | None | Disable | Disable
6 | None | Disable | Disable
7 | None | Disable | Disable
8 | None | Disable | Disable
9 | None | Disable | Disable Port 10 has the tag and
10 | None | Enable | Enable ToS set as per set-port
11 | None | Disable | Disable command earlier.

Magnum10KT(qos)## show qos type=tag

===============================
PORT | Pri for VPT | STATUS
| 76543210 |
==============================
5 | -------- | DOWN
6 | -------- | DOWN
7 | -------- | DOWN
8 | -------- | DOWN
Port 10 status is down as
9 | -------- | DOWN
there is nothing lugged in
10 | LLLLHLLL | DOWN
port 10. Note that the tag
11 | -------- | DOWN
of 3 is assigned a H or
High priority.
Magnum10KT(qos)##

FIGURE125 – QoS configuration and setup.

List of Commands In This Chapter

Syntax qos – enter the QoS configuration mode

Syntax setqos type=<port|tag|tos|none> [port=<port|list|range>]

[priority=<high|low>] [tos=<0-63|list|range>][tag=<0-7|list|range>] - depending
on the type of QOS, the corresponding field has to be set. For example, for QOS type tag, the tag levels
have to be set, and for QOS type ToS, the ToS levels have to be set. If the priority field is not set, it then
defaults to low priority. ToS has 64 levels and the valid values are 0-63 and a tagged packet has 8 levels
and the valid values are 0-7.

Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set,
all the ports will be the same weight across the switch. The valid value for weight is 0-7.

Syntax show-portweight - display the weight settings on a port

Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS settings

226
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax set-untag port=<port|list|range> priority=<high|low> tag=<0-7> - The 802.1p user

priority assigned to untagged received packets to be transmitted as tagged from the priority queue.

Syntax map priority=<high|normal|medium|low> [tos=<0-63|list|range>] [tag=<0-

7|list|range>] - depending on the type of QOS, the priorities and Type of Service has to be mapped
using this command. For example, for the priority "high" the Type of service can be set to 24 and 48.
The tag can be set to 3.

Syntax set-port port=<port|list|range>[tag=<enable|disable>][tos=<enable|disable >]

[default=<0-7> - this command is used to specifically set the QoS settings of a specific port or port
group of a list of ports. The packet exiting (egress) will be assigned these settings specified by this command.

227
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

18
18 – IGMP
Multicast traffic on a network

I nternet Group Management Protocol (IGMP) is defined in RFC 1112 as the standard for IP
multicasting in the Internet. It is used to establish host memberships in particular multicast
groups on a single network. The mechanisms of the protocol allows a host to inform its local
router, using Host Membership Reports that it wants to receive messages addressed to a specific
multicast group. All hosts conforming to Level 2 of the IP multicasting specification require
IGMP.

IGMP Concepts8

The Magnum 6K family of switches supports IGMP L2 standards as defined by

RFC 1112. IGMP is disabled by default and needs to be enabled on the Magnum 6K
family of switches. IP multicasting is defined as the transmission of an IP datagram
to a host group, a set of zeros or more hosts identified by a single IP destination address. A
multicast datagram is delivered to all members of its destination host group with the same best-
efforts reliability as regular unicast IP datagram, the datagram is not guaranteed to arrive at all
members of the destination group or in the same order relative to other datagrams.

The membership of a host group is dynamic; that is, hosts may join and leave groups at any time.
There is no restriction on the location or number of members in a host group, but membership in
a group may be restricted to only those hosts possessing a private access key. A host may be a
member of more than one group at a time. A host need not be a member of a group to send
datagrams to it.

A host group may be permanent or transient. A permanent group has a well-known,

administratively assigned IP address. It is the address and not the membership of the group that is
permanent; at any time a permanent group may have any number of members, even zero. A
transient group on the other hand is assigned an address dynamically when the group is created, at
the request of a host. A transient group ceases to exist, and its address becomes eligible for
reassignment, when its membership drops to zero.

The creation of transient groups and the maintenance of group membership information is the
responsibility of multicast agents, entities that reside in internet gateways or other special-purpose

8 Most of the concepts are extracted from RFC 1112 and it is recommended that RFC 1112 be read and understood carefully if

IGMP is used or planned for the network.

228
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

hosts. There is at least one multicast agent directly attached to every IP network or sub-network
that supports IP multicasting. A host requests the creation of new groups, and joins or leaves
existing groups, by exchanging messages with a neighboring agent.

The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol
(IP) suite. IP manages multicast traffic by using switches, multicast routers, and hosts that support
IGMP. A set of hosts, routers, and/or switches that send or receive multicast data streams to or
from the same source(s) is termed a multicast group, and all devices in the group use the same
multicast group address. The multicast group running version 2 of IGMP uses three fundamental
types of messages to communicate:

• Query: A message sent from the querier (multicast router or switch) asking for a response from each
host belonging to the multicast group. If a multicast router supporting IGMP is not present, then the
switch must assume this function in order to elicit group membership information from the hosts on
the network. (If you need to disable the querier feature, you can do so through the CLI, using the
IGMP configuration MIB.

• Report: A message sent by a host to the querier to indicate that the host wants to be or is a member
of a given group indicated in the report message.

• Leave Group: A message sent by a host to the querier to indicate that the host has ceased to be a
member of a specific multicast group. Thus, IGMP identifies members of a multicast group (within
a subnet) and allows IGMP-configured hosts (and routers) to join or leave multicast groups.

When IGMP is enabled on the Magnum 6K family of switches, it examines the IGMP packets it
receives:
• To learn which of its ports are linked to IGMP hosts and multicast routers/queriers belonging
to any multicast group.

• To become a querier if a multicast router/querier is not discovered on the network.

Once the switch learns the port location of the hosts belonging to any particular multicast group, it
can direct group traffic to only those ports, resulting in bandwidth savings on ports where group
members do not reside. The following example illustrates this operation.

The figure below shows a network running IGMP:

229
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE126 – IGMP concepts – advantages of using IGMP.

• PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. The routers
operate as queriers.
• Switch 1 ignores IGMP traffic and does not distinguish between IP multicast group members
and non-members. Thus, it is sending large amounts of unwanted multicast traffic out the ports
to PCs 2 and 3.
• Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving
multicast data from the video server (PC X). Switch 2 then sends the multicast data only to the
port for PC 4, thus avoiding unwanted multicast traffic on the ports for PCs 5 and 6.

The next Figure below shows a network running IP multicasting using IGMP without a multicast
router. In this case, the IGMP-configured switch runs as a querier. PCs 2, 5, and 6 are members of
the same IP multicast group. IGMP is configured on switches 3 and 4. Either of these switches can
operate as a querier because a multicast router is not present on the network. If an IGMP switch
does not detect a querier, it automatically assumes this role, assuming the querier feature is enabled,
the default within IGMP.

230
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE127 – IGMP concepts: Isolating multicast traffic in a network.

• In the above figure, the multicast group traffic does not go to switch 1 and beyond. This is
because either the port on switch 3 that connects to switch 1 has been configured as
blocked or there are no hosts connected to switch 1 or switch 2 that belong to the multicast
group.
• For PC 1 to becomes a member of the same multicast group without flooding IP multicast
traffic on all ports of switches 1 and 2. IGMP must be configured on both switches 1 and
2, and the port on switch 3 that connects to switch 1 must be unblocked.

IP Multicast Filters: IP multicast addresses occur in the range from 224.0.0.0 through
239.255.255.255 which corresponds to the Ethernet multicast address range of 01005e-000000
through 01005e-7fffff in hexadecimal.

Reserved Addresses Excluded from IP Multicast (IGMP) Filtering: Traffic to IP multicast

groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses
in this range are well known or reserved addresses. Thus, if IP Multicast is enabled and there is an
IP multicast group within the reserved address range, traffic to that group will be flooded instead
of filtered by the switch.

IGMP Support: Magnum 6K family of switches support IGMP version 1 and version 2. The
switch can act either as a querier or a nonquerier. The querier router periodically sends general
query messages to solicit group membership information. Hosts on the network that are members
of a multicast group send report messages. When a host leaves a group, it sends a leave group

231
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

message. The difference between version 1 and version 2 is that version 1 does not have a Leave
mechanism for the host. Magnum 6K family of switches do pruning when there is a leave message
or a time expires on a port, we prune the multicast group membership on that port. IGMPv3
improves over IGMPv2 mainly by adding the ability to listen to multicast originating from a set of
source IP addresses. MNS-6K supports version 1, version 2 and version 3.

1. The Magnum 6K family of switches can snoop up to 256 Multicast groups. It

can be enabled within a port VLAN, tagged VLAN, or no VLAN.
2. IGMP is disabled as a default.

A switch, with IGMP snooping has the behavior similar to a regular switch (default IGMP
behavior) or it forwards the multicast stream (packets) to all the ports.

If a device on any of the ports sends a join report or invokes the IGMP Pruning action, the
behavior changes. A multicast group is formed in the switch, and the stream is sent only to those
ports that actually want to join the stream.

The default behavior of multicasting streams to all ports could create problems when there are a
number of multicast streams that enter the switch though a number of different ports. Each stream
goes to all other ports and creates congestion in the switch.

The mcast command, described below controls this default behavior. The default setting is enable.
If it is set to disable, the default behavior is modified so that the stream is not transmitted or
multicast to any of the ports until a device joins the stream from that port.

IGMP-L2
IGMP requires a Layer 3 device in the network. What happens if your network has only Layer 2
devices? Can the Layer 2 devices take advantage of the IGMP technology and reduce the overall
traffic in the network, without requiring the presence of a Layer 3 device in the network? Using
GarrettCom IGMP-L2 (patent pending technology), it is possible to do that.

The benefits of IGMP are clear. The traditional ways of building an IGMP network calls for the
IGMP querier to reside on a Layer 3 network device - typically a router or a Layer 3 switch. The
end devices (encoders or transmitters) reside on a Layer 2 device and the encoder sends a
query/join request to join the specific multicast group. The Magnum 6K family of switches, with
the IGMP-L2 enabled, can propagate the query request and also make sure that the multicast traffic
only goes to the ports requesting the traffic. The Magnum 6K family of switches, using IGMP-L2,
can perform the similar tasks a Layer 3 device performs for IGMP.

For a Layer 2 IGMP environment, all Magnum 6K family of switches have to be enabled in the
IGMP-L2. This is done using the CLI command set igmp mode=l2 that will be described later.

232
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

In a Layer 2 network, without IGMP-L2, there is no querier nor is there any capability for the
devices to use IGMP snooping to join a multicast group. The traffic picture from a multicast device
would look as shown below:

R1 R2

T1

T2
R3 R4

R6 R5

FIGURE128 - In a Layer 2 network, an IGMP multicast traffic goes to all the nodes. In the figure, T1, a
surveillance camera, using multicast, will send the traffic to all the nodes - R1 through R6 - irrespective of whether
they want to view the surveillance traffic or not. The traffic is compounded when additional cameras are added to the
network. The end result is that users R1 through R6 see the network as heavily loaded and simple day to day
operations may appear sluggish.

233
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

With IGMP-L2 enabled on all Magnum 6K family of switches, this situation as shown above is
prevented. This is explained in the figure below:

R1 R2

L2 Mode


T1  L2 Mode
L2 Mode

L2 Mode
T2
R3 R4

R6 R5

FIGURE129 – Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can minimize multicast
traffic as shown above. Each switch has the IGMPL2 turned on. Each switch can exchange the IGMP query
message and respond properly. R4 wants to view surveillance traffic from T1. As shown by (1), a join request is sent
by R4. Once the join report information is exchanged, only R4 receives the video surveillance traffic, as shown by (2).
No other device on the network gets the video surveillance traffic unless they issue a join request as well.

Since the query and the join information is exchanged between the neighboring switches, the
topology does not matter. The design issue to consider is the timing difference between a topology
recovery and IGMP refresh (recovery). GarrettCom Magnum 6K family of switches, connected in
an S-Ring topology recovers very rapidly (sub-second recovery). The IGMP requests for updates
are sent out every few seconds depending on the network and the devices on the network. The
recovery of the network from a fault situation is much faster than the age out and join request from
IGMP. Thus when the Magnum 6K switch network self heals, it is possible that the video may
freeze till the (IGMP) device reissues a join request again.

234
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

A few additional facts about IGMP L2:

• GarrettCom Magnum 6K family of switches configured for IGMP-L2 can perform the join
aggregation required by IGMP.
• Multicast forwarding is done based on MAC addresses, so datagram to IP addresses
224.1.2.3 and 239.129.2.3 can be forwarded on the same port groups. It is not possible to
do forwarding based on IP addresses as the Magnum 6K family of switches operate at
Layer-2.
• Magnum 6K family of switches, configured for IGMP L2 are aware of IP address range
224.0.0.x as well as MAC address range 01:00:5e:00:00:xx aware as required by RFC 4541.
• The Magnum 6K family of switches, configured for IGMP L2 support forwarding to ports
on which multicast routers are attached in addition to the ports where IGMP joins have
been received. Thus IGMP L2 and IGMP L3 networks can co-exist.
• The Magnum 6K family of switches, configured for IGMP L2 are aware of topology
changes, so new queries can be sent or tables updated to ensure robustness.

Configuring IGMP
Syntax igmp – IGMP configuration mode

Syntax igmp <enable| disable> - enable or disable IGMP on the switch

Syntax show igmp – IGMP operation status

Syntax mcast <enable | disable> - enable or disable unknown multicast streams. The default is enabled

Syntax mode= <normal|l2> - set the IGMP mode. Normal is when a L3 device is in the network and is the
IGMP root. The IGMP-L2 is used when there is no L3 device in the network

Syntax group add ip=<group ip> port=<number|list|range> vlan=<vlanid> - add ports to a

specific IGMP broadcast
group del ip=<group ip> - delete ports from a specific IGMP broadcast group

Magnum10KT# igmp

Magnum10KT(igmp)## igmp enable

IGMP is enabled

Magnum10KT(igmp)## show igmp

235
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Enabled
Querier Interval : 125
Querier Response Interval : 10
Multicasting unknown streams : Enabled

Magnum10KT(igmp)## mcast disable

MCAST is disabled

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Enabled
Querier Interval : 125
Querier Response Interval : 10
Multicasting unknown streams : Disabled

Magnum10KT(igmp)## igmp disable

IGMP is disabled

Magnum10KT(igmp)## show igmp

IGMP State : Disabled

ImmediateLeave : Disabled
Querier : Disabled
Querier Interval : 125
Querier Response Interval : 10
Multicasting unknown streams : Disabled

Magnum10KT(igmp)##
FIGURE130 – Enabling IGMP and query the status of IGMP.

The output of show igmp provides useful information. The following information is provided:

IGMP state shows if IGMP is turned on Enable or off Disable.

Immediate Leave provides a mechanism for a particular host that wants to leave a multicast
group. It disables the port (where the leave message is received) with the ability to transmit
multicast traffic.

236
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Querier shows where the switch is acting as a querier or non-querier. In the example above
the switch is the querier.

Querier Interval shows the time period in seconds where the switch sends general host-query
messages.

Querier Response Interval specifies maximum amount of time in seconds that can elapse
between when the querier sends a host-query message and when it receives a response from a
host.

Syntax show group – shows the multicast groups

Magnum10KT(igmp)## show-group

GroupIp PortNo Timer LeavePending

-------------------------------------------------------
224.1.0.1 9 155 0
224.0.1.40 9 155 0

Magnum10KT(igmp)##
FIGURE131 – Displaying IGMP groups.

The output of the show-group command displays:

Group IP column shows the multicast groups.

Port No shows the port where the multicast group is being detected.

Timer shows the amount of time left in seconds before the group port will be deleted, or will
not be able to route multicast traffic if the switch does not receive a membership report.

Leave Pending column shows the number of leave messages received from this port.

Every port can be individually set to three different IGMP modes: Auto, Block and Forward.

• Auto lets IGMP control whether the port should or should not participate in sending
multicast traffic.
• Block manually configures the port to always block multicast traffic.
• Forward manually configures the port to always forward multicast traffic.

To set the port characteristics, use the set-port in the IGMP configuration command mode.

Syntax set-port port=< port|list|range> mode=<auto|forward|block> - set the port

characteristics. Block drops the unregistered multicasts. Forward forwards unregistered multicasts

237
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show-port – display the port characteristics for IGMP

Syntax show-router – displays detected IGMP-enabled router ports

Syntax set-leave <enable|disable> - enables or disables the switch to immediately process a host sending
a leave message rather that wait for the timer to expire

Syntax set-querier <enable|disable> - enables or disables a switch as IGMP querier

Syntax set-qi interval=<value> - The IGMP querier router periodically sends general host-query
messages. These messages are sent to ask for group membership information. This is sent to the all-
system multicast group address, 224.0.0.1. The default value is 125 seconds. The valid range can be
from 60 to 127 seconds.

Syntax set-qri interval=<value> - The query response interval is the maximum amount of time that can
elapse between when the querier router sends a host-query message and when it receives a response from
a host. The Default value is 10 seconds. The Range can be from 2 to 270 seconds. Restrictions apply
to the maximum value because of an internal calculation that is dependent on the value of the Query
Interval.

Magnum10KT# igmp

Magnum10KT(igmp)## set-port port=10-12 mode=forward

Port mode is set.

Magnum10KT(igmp)## set-port port=14-16 mode=block

Port mode is set.

Magnum10KT(igmp)## show-port

--------------------------------
Port | Mode
-------------------------------
09 Auto
10 Forwarding
11 Forwarding
12 Forwarding
13 Auto
14 Blocking
15 Blocking
16 Blocking

Magnum10KT(igmp)## igmp enable

IGMP is enabled

238
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(igmp)## show-router

RouterIp PortNo Timer

------------------------------------
10.21.1.250 9 25

Magnum10KT(igmp)## set-leave enable

IGMP immediate leave status is enabled

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Enabled
Querier : Enabled
Querier Interval : 125
Querier Response Interval : 10

Magnum10KT(igmp)## set-leave disable

IGMP immediate leave status is disabled

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Enabled
Querier Interval : 125
Querier Response Interval : 10

Magnum10KT(igmp)## set-querier enable

IGMP querier status is enabled

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Enabled
Querier Interval : 125
Querier Response Interval : 10

Magnum10KT(igmp)## set-querier disable

IGMP querier status is disabled

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Disabled
Querier Interval : 125
Querier Response Interval : 10

239
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(igmp)## set-qi interval=127

Query interval successfully set

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Disabled
Querier Interval : 127
Querier Response Interval : 10

Magnum10KT(igmp)## set-qri interval=11

Query response interval successfully set

Magnum10KT(igmp)## show igmp

IGMP State : Enabled

ImmediateLeave : Disabled
Querier : Disabled
Querier Interval : 125
Querier Response Interval : 11
FIGURE132 – Configuring IGMP.

Once IGMP is set, groups of broadcasts can be defined using the group command.

Magnum10KT(igmp)## group add ip=239.0.1.10 port=10-12

Static Group Added

Magnum10KT(igmp)## group add ip=239.0.10.10 port=10-15

Static Group Added

Magnum10KT(igmp)## show group

GroupIp PortNo Timer Vlanid LeavePending

---------------------------------------------------------------
0.0.0.0 1 155 1 0
239.0.1.10 10 STATIC 0 0
239.0.1.10 11 STATIC 0 0
239.0.1.10 12 STATIC 0 0
239.0.10.10 10 STATIC 0 0
239.0.10.10 11 STATIC 0 0
239.0.10.10 12 STATIC 0 0
239.0.10.10 13 STATIC 0 0
239.0.10.10 14 STATIC 0 0
239.0.10.10 15 STATIC 0 0

240
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(igmp)## group del ip=239.0.10.10

Group Deleted

Magnum10KT(igmp)## show-group

GroupIp PortNo Timer Vlanid LeavePending

---------------------------------------------------------------
0.0.0.0 1 155 1 0
239.0.1.10 10 STATIC 0 0
239.0.1.10 11 STATIC 0 0
239.0.1.10 12 STATIC 0 0

Magnum10KT(igmp)##

FIGURE133 – Adding broadcast groups using the group command.

For setting IGMP L2 mode, make sure the set of commands listed below are executed on all the
Magnum switches participating in the L2. The command to use is:

Syntax mode <normal | L2> - As discussed earlier, set the IGMP to use IGMP-L2 or normal IGMP. Note
the L in L2 is in lower case and is shown in upper case for clarity.

Magnum10KT# igmp

Magnum10KT(igmp)## mode L2

IGMP set to L2 Mode.

Magnum10KT(igmp)## show igmp

IGMP State : Disabled
ImmediateLeave : Disabled
Querier : L2 Mode
Querier Interval : 125
Querier Response Interval : 10
Multicasting unknown streams : Disabled

Magnum10KT(igmp)## mode normal

IGMP set to Normal Mode.

Magnum10KT(igmp)## exit
Magnum10KT#

FIGURE134 – Setting IGMP-L2.

241
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax igmp – IGMP configuration mode

Syntax igmp <enable|disable> - enable or disable IGMP on the switch

Syntax show igmp – IGMP operation status

Syntax mcast <enable | disable> - enable or disable unknown multicast streams. The default is enabled

Syntax set igmp mode=<normal|l2> - set the IGMP mode. Normal is when a L3 device is in the network
and is the IGMP root. The IGMP-L2 is used when there is no L3 device in the network

Syntax group add ip=<group ip> port=<number|list|range> vlan=<vlanid> - add ports to a

specific IGMP broadcast
group del ip=<group ip> - delete ports from a specific IGMP broadcast group

Syntax show-group – shows the multicast groups

Syntax set-port port=< port|list|range> mode=<auto|forward|block> - set the port

characteristics. Block drops the unregistered multicasts. Forward forwards unregistered multicasts

Syntax show-port – display the port characteristics for IGMP

Syntax show-router – displays detected IGMP-enabled router ports

Syntax set-leave <enable|disable> - enables or disables the switch to immediately process a host sending a
leave message rather that wait for the timer to expire

Syntax set-querier <enable|disable> - enables or disables a switch as IGMP querier

Syntax set-qi interval=<value> - The IGMP querier router periodically sends general host-query messages.
These messages are sent to ask for group membership information. This is sent to the all-system multicast
group address, 224.0.0.1. The default value is 125 seconds. The valid range can be from 60 to 127
seconds.

Syntax set-qri interval=<value> - The query response interval is the maximum amount of time that can
elapse between when the querier router sends a host-query message and when it receives a response from a
host. The Default value is 10 seconds. The Range can be from 2 to 270 seconds. Restrictions apply to the
maximum value because of an internal calculation that is dependent on the value of the Query Interval

Syntax mode <normal | L2> - Set the IGMP to use IGMP-L2 or normal IGMP. Note – the “L” in “L2” is in
lower case and is shown in upper case for clarity

242
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

19
19 – GVRP
Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP)

G eneric Attribute Registration Protocol (GARP) and VLAN registration over GARP is
called GVRP. GVRP is defined in the IEEE 802.1q and GARP in the IEEE 802.1p
standards. In order to utilize the capabilities of GVRP, GarrettCom Inc. strongly
recommends that the user is familiar with the concepts and capabilities of IEEE 802.1q.

GVRP Concepts

GVRP makes it easy to propagate VLAN information across multiple switches.
Without GVRP, a network administrator has to go to each individual switch and
enable the necessary VLAN information or block specific VLAN’s so that the
network integrity is maintained. With GVRP this process can be automated.

It is critical that all switches share a common VLAN. This VLAN typically is the default VLAN
(VID=1) on most switches and other devices. GVRP uses GVRP Bridge Protocol Data Units
(GVRP BPDUs) to advertise static VLANs. We refer to GVRP BPDU as an advertisement.

GVRP enables the Magnum 6K family of switches to dynamically create 802.1q-compliant VLANs
on links with other devices running GVRP. This enables the switch to automatically create VLAN
links between GVRP-aware devices. A GVRP link can include intermediate devices that are not
GVRP-aware. This operation reduces the chances for errors in VLAN configuration by
automatically providing VLAN ID (VID) consistency across the network. GVRP can thus be used
to propagate VLANs to other GVRP-aware devices instead of manually having to set up VLANs
across the network. After the switch creates a dynamic VLAN, GVRP can also be used to
dynamically enable port membership in static VLANs configured on a switch.

There must be one common VLAN that is, one common VID connecting all of the
GVRP-aware devices in the network to carry GVRP packets. GarrettCom Inc.
recommends the default VLAN (DEFAULT_VLAN; VID = 1), which is
automatically enabled and configured as untagged on every port of the Magnum 6K
family of switches. That is, on ports used as GVRP links, leave the default VLAN set to untagged
and configure other static VLANs on the ports as either Tagged or Forbid. Forbid is discussed
later in this chapter.

243
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

GVRP Operations
A GVRP-enabled port with a Tagged or Untagged static VLAN sends advertisements (BPDUs, or
Bridge Protocol Data Units) advertising the VLAN identification (VID). Another GVRP-aware
port receiving the advertisements over a link can dynamically join the advertised VLAN. All
dynamic VLANs operate as Tagged VLANs. Also, a GVRP-enabled port can forward an
advertisement for a VLAN it learned about from other ports on the same switch. However, the
forwarding port will not itself join that VLAN until an advertisement for that VLAN is received on
that specific port.

Switch 1 Switch 2 Switch 3 Static VLAN

GVRP On GVRP On GVRP On configured end
device (NIC or
switch) with
2 3 5 GVRP on
1 4 6

FIGURE135 – GVRP operation – see description below.

Switch 1 with static VLANs (VID= 1, 2, & 3). Port 2 is a member of VIDs 1, 2, & 3.
1. Port 2 advertises VIDs 1, 2, & 3.
2. On Switch 2 - Port 1 receives advertisement of VIDs 1, 2, & 3 and becomes a member of
VIDs 1, 2, & 3.
3. As discussed above, a GVRP enabled port can forward advertisement for a VLAN it
learned about. So port 3 advertises VIDs 1, 2, & 3, but port 3 is not a member of VIDs 1,
2, & 3 at this point, nor will it join the VLAN until and advertisement is received.
4. On Switch 3, port 4 receives advertisement of VIDs 1, 2, & 3 and becomes a member of
VIDs 1, 2, & 3.
5. Port 5 advertises VIDs 1, 2,& 3, but port 5 is not a member of VIDs 1, 2, & 3 at this point.
6. Port 6 on the end device is statically configured to be a member of VID 3. Port 6 advertises
VID 3.
7. Port 5 receives advertisement.
8. Port 4 advertises VID 3.
9. Port 3 receives advertisement of VID 3 and becomes a member of VID 3. (Still not a
member of VIDs 1 & 2 as it did not receive any advertisements for VID 1 or 2.)
10. Port 1 advertises VID 3 and becomes a member of VID 3. (Port 1 is still not a member of
VIDs 1 & 2.)
11. Port 2 receives advertisement of VID 3. (Port 2 was already statically configured for VIDs
1, 2, & 3.)

If a static VLAN is configured on at least one port of a switch, and that port has
established a link with another device, then all other ports of that switch will send
advertisements for that VLAN.

244
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

In the figure below, tagged VLAN ports on switch A and switch C advertises VLANs 22 and 33 to
ports on other GVRP-enabled switches that can dynamically join the VLANs. A port can learn of a
dynamic VLAN through devices that are not aware of GVRP (Switch “B”.)

Switch C Switch C
1 5 GVRP On Port 5 dynamically joined VLAN 22
Switch A Ports 11, 12 belong to Tagged VLAN 33
GVRP On Tagged
VLAN 22
Tagged 11
2 Switch E
VLAN 22 Tagged 12 GVRP On
VLAN 33 Dynamic
VLAN 33

Switch D
GVRP On Dynamic
Switch B Dynamic 3 VLAN 22
No GVRP 7
VLAN 33
Tagged Switch E
Dynamic 6
VLAN 22 Port 2 dynamically joined VLAN 33
VLAN 22 Ports 7 dynamically joined VLAN 33

Switch D
Port 3 dynamically joined VLAN 33
Ports 6 dynamically joined VLAN 33

FIGURE136 – VLAN Assignment in GVRP enabled switches. Non GVRP enabled switches can impact
VLAN settings on other GVRP enabled switches.

An unknown VLAN is a VLAN that the switch learns of by GVRP. For example, suppose that
port 1 on switch A is connected to port 5 on switch C. Because switch A has VLAN 22 statically
configured, while switch C does not have this VLAN statically configured, VLAN 22 is handled as
an Unknown VLAN on port 5 in switch C. Conversely, if VLAN 22 was statically configured on
switch C, but port 5 was not a member, port 5 would become a member when advertisements for
VLAN 22 were received from switch A. GVRP provides a per-port join-request option which can
be configured.
VLANs must be disabled in GVRP-unaware devices to allow tagged packets to pass through. A
GVRP-aware port receiving advertisements has these options:

• If there is no static VLAN with the advertised VID on the receiving port, then dynamically
create a VLAN with the same VID as in the advertisement, and allow that VLAN’s traffic.

245
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

• If the switch already has a static VLAN with the same VID as in the advertisement, and the
port is configured to learn for that VLAN, then the port will dynamically join the VLAN
and allow that VLAN’s traffic.
• Ignore the advertisement for that VID and drop all GVRP traffic with that VID.
• Don’t participate in that VLAN.

A port belonging to a tagged or untagged static VLAN has these configurable

options:
• Send VLAN advertisements, and also receive advertisements for VLANs
on other ports and dynamically join those VLANs.
• Send VLAN advertisements, but ignore advertisements received from other
ports.
• Avoid GVRP participation by not sending advertisements and dropping any
advertisements received from other devices.

Unknown Operations
VLAN Mode
Learn Enables the port to dynamically join any VLAN for which it receives and
advertisement, and allows the port to forward the advertisement it receives.
Block Prevents the port from dynamically joining a VLAN that is not statically
configured on the switch. The port will still forward advertisements that were
received by the switch on other ports. Block should typically be used on ports
in insecure networks where there is exposure to attack, such as ports where
intruders can connect to.
Disable Causes the port to ignore and drop all the advertisements it receives from any
source.
FIGURE137 – Port settings for GVRP operations.

The CLI command show-vlan shows a switch’s current GVRP configuration, including the
unknown VLANs.

Magnum10KT# gvrp

Magnum10KT(gvrp)## show-vlan

========================================================
VLAN ID | NAME | VLAN STATUS
=======================================================
1 | Default VLAN | Static Active
2 | Blue | Static Active
10 | dyn10 | Dynamic Active

Magnum10KT(gvrp)##
FIGURE138 – Command to check for dynamically assigned VLANs.

246
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Note that port 10 must be enabled and configured to learn for it to be assigned to the dynamic
VLAN. To send advertisements, one or more tagged or untagged static VLANs must be
configured on one, or more switches with GVRP enabled. MNS-6K allows a dynamic VLAN to be
converted to a static VLAN. The command to use is:

Syntax static vlan=<VID> - convert a dynamic VLAN to a static VLAN

Note show vlan type=tag will display VID in case the VID is not known.

Magnum10KT# gvrp

Magnum10KT(gvrp)## show-vlan

=======================================================
VLAN ID | NAME | VLAN STATUS
=======================================================
1 | Default VLAN | Static Active
2 | Blue | Static Active
10 | dyn10 | Dynamic Active

Magnum10KT(gvrp)## static vlan=10

Magnum10KT(gvrp)## show-vlan

=========================================================VLAN 10 is converted to
VLAN ID | NAME | VLAN STATUS a static VLAN
=======================================================
1 | Default VLAN | Static Active
2 | Blue | Static Active
10 | dyn10 | Static Active

FIGURE139 – Converting a dynamic VLAN to a static VLAN.

247
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Per Port Per-Port Static VLAN Options

“unknown
VLAN” (GVRP) Tagged or Untagged Auto Forbid
configuration
Learn Generate advertisements. Receive Does not allow the
Forward advertisements advertisements and port to become a
for other VLANs. dynamically join any member of this
Receive advertisements advertised VLAN that VLAN.
and dynamically join any has the same VID as
advertised VLAN. the static VLAN.
Block Generate advertisements. Receive Does not allow the
Forward advertisements advertisements and VLAN on this port.
received from other ports dynamically join any
to other VLANs. advertised VLAN that
Does not dynamically join has the same VID.
any advertised VLAN.
Disable Ignore GVRP and drops Ignore GVRP and Does not allow the
all GVRP advertisements. drops all GVRP VLAN on this port.
advertisements.
FIGURE140 – GVRP options.

As the above table indicates a port that has a tagged or untagged static VLAN has the option to
both generate advertisements and dynamically join other VLANs.

The unknown VLAN parameters are configured on a per interface basis using the
CLI. The tagged, untagged, Auto, and Forbid options are configured in the VLAN
context. Since dynamic VLANs operate as tagged VLANs, and it is possible that a
tagged port on one device may not communicate with an untagged port on another
device, GarrettCom Inc. recommends that you use Tagged VLANs for the static
VLANs.

A dynamic VLAN continues to exist on a port for as long as the port continues to receive
advertisements of that VLAN from another device connected to that port or until you:
• Convert the VLAN to a static VLAN
• Reconfigure the port to Block or Disable
• Disable GVRP
• Reboot the switch

The time-to-live for dynamic VLANs is 10 seconds. That is, if a port has not received an
advertisement for an existing dynamic VLAN during the last 10 seconds, the port removes itself
from that dynamic VLAN.

248
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Configuring GVRP
The commands used for configuring GVRP are:

Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum
number of VLANs and the current Primary VLAN

Syntax gvrp <enable|disable> - enable or disable GVRP

Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch

Syntax set-ports port=<port|list|range> state=<learn|block|disable> - set the state of the

port to learn, block or disable for GVRP. Note the default state is disable

Syntax static vlan=<VID> - convert a dynamic VLAN to a static VLAN

Syntax set-forbid vlan=<tag vlanid> forbid=<port-number|list|range> - sets the forbid

GVRP capability on the ports specified

Syntax show-forbid – display the ports with GVRP forbid capabilities

Magnum10KT# gvrp

Magnum10KT(gvrp)#show gvrp

GVRP Status : Enabled

Magnum10KT(gvrp)##gvrp disable

GVRP is now disabled

Magnum10KT(gvrp)##gvrp enable

GVRP enabled

Magnum10KT(gvrp)## show-vlan

================================================
VLAN ID | NAME | VLAN STATUS
===============================================
1 | Default VLAN | Static Active
2 | Blue | Static Active
10 | dyn10 | Dynamic Active

Magnum10KT(gvrp)## static vlan=10

Magnum10KT(gvrp)## show-vlan

249
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

===============================================
VLAN ID | NAME | VLAN STATUS
===============================================
1 | Default VLAN | Static Active
2 | Blue | Static Active
10 | dyn10 | Static Active

Magnum10KT(gvrp)## set-forbid vlan=2 forbid=11-15

Magnum10KT(gvrp)## show-forbid

============================================
VLAN ID | FORBIDDEN PORTS
============================================
1 | None
2 | 11, 12, 13, 14, 15
FIGURE141 – GVRP configuration example.

GVRP Operations Notes

A dynamic VLAN must be converted to a static VLAN before it can have an IP address.

After converting a dynamic VLAN to a static VLAN use the save command to save the changes
made – on a reboot the changes can be lost without the save command.

Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-
aware. This is because a hub or a switch that is not GVRP-aware will flood the GVRP (multicast)
advertisement packets out all ports.

GVRP assigns dynamic VLANs as tagged VLANs. To configure the VLAN as untagged, first
convert the tagged VLAN to a static VLAN.

Rebooting a switch with a dynamic VLAN deletes that VLAN. However, the dynamic VLAN re-
appears after the reboot if GVRP is enabled and the switch again receives advertisements for that
VLAN through a port configured to add dynamic VLANs.

By receiving advertisements from other devices running GVRP, the switch learns of static VLANs
from those devices and dynamically (automatically) creates tagged VLANs on the links to the
advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices.

A GVRP-enabled switch does not advertise any GVRP-learned VLANs out of the port(s) on
which it originally learned of those VLANs.

250
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number
of VLANs and the current Primary VLAN

Syntax gvrp <enable|disable> - enable or disable GVRP

Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch

Syntax set-ports port=<port|list|range> state=<learn|block|disable> - set the state of the port

to learn, block or disable for GVRP. Note the default state is disable

Syntax static vlan=<VID> - convert a dynamic VLAN to a static VLAN

Syntax set-forbid vlan=<tag vlanid> forbid=<port-number|list|range> - sets the forbid GVRP

capability on the ports specified

Syntax show-forbid – display the ports with GVRP forbid capabilities

251
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

20
20 – LLDP
Discovering your network . . .

L ink Layer Discovery Protocol or LLDP is a network standard as defined by IEEE

802.1AB. This standard provides a vendor-neutral method by which devices which follow
this standard can advertise their identity, their capabilities, their neighbors, their operating
conditions etc. on a Local Area Network (LAN). Since LLDP is a Layer 2 protocol, provisions
must be made to send these packets across a routed network.

LLDP Concepts

LLDP is defined by the IEEE 802.1AB standard. The standard is also called the
IEEE Station and Media Access Control Connectivity and Discovery standard.
This standard provides a vendor independent method to collect information from
different devices on a network and view that data via a network management station. It is also
possible to modify the configuration of some devices using LLDP. LLDP is a Layer 2 protocol
and uses an Ethernet Frame to propagate information across a network. These frames are sent at
regular intervals, usually set by the system administrator. If the system administrator does not set
this value, the value may vary from manufacturer to manufacturer. Like most discovery protocols,
network administrators have to be careful not to inundate their networks with these packets, and
yet send packets frequent enough that any changes can be observed in a timely fashion. A good
rule of thumb is to keep the polling time to be half to a tenth of the Network Management
Station (NMS) polling interval.

Information gathered with LLDP is stored in the device as a Management Information Database
(MIB) and can be queried with the Simple Network Management Protocol (SNMP) as specified in
RFC 2922. SNMP has evolved over the years (since 1988) using the RFC process. Several RFC’s
today define the SNMP standards. The most common standards for SNMP are SNMP v1 (the
original version of SNMP); SNMP v2 and more recently SNMP v3. The next chapter covers more
details on SNMP.

The topology of an LLDP-enabled network can be discovered by traversing the network and
polling each host's MIB for information. Information that may be retrieved include:
• System name and description
• Port name and description
• VLAN name

252
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

• IP management address
• System capabilities (switching, routing, etc.)
• MAC/PHY information
• MDI power
• Link aggregation

Not all devices participate in LLDP. With MNS-6K, LLDP can be enabled or disabled.
Advertisements are sent by LLDP enabled devices to their neighbors identifying themselves and
their capabilities.

LLDP Frames information is sent by devices from each of their interfaces at a fixed interval, in
the form of an Ethernet frame. Each frame contains one Link Layer Discovery Protocol Data
Unit (LLDPDU). Each LLDPDU is a sequence of Type-Length-Value (TLV) structures.

The Ethernet frame used in LLDP has its destination MAC address typically set to a special
multicast address that 802.1D-compliant bridges do not forward9. Other multicast and unicast
destination addresses are permitted. The EtherType field is set to 0x88cc.

Each LLDP frame starts with the following mandatory TLVs: Chassis ID, Port ID, and Time-to-
Live. The mandatory TLVs are followed by any number of optional TLVs. The frame ends with a
special TLV, named end of LLDPDU in which both the type and length fields are 0.

Accordingly, an Ethernet frame containing an LLDPDU has the following structure:

9 IEEE 802.1AB-2009 suggests three such addresses, 01:80:c2:00:00:0e, 01:80:c2:00:00:03 and 01:80:c2:00:00:00

253
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Preamble Destination MAC Source MAC EtherType Chassis ID TLV

IEEE 802.3 01:80:c2:00:00:0e, Originating 0x88CC Type = 1
defined 01:80:c2:00:00:03 station MAC
or address
01:80:c2:00:00:00
Port ID TLV Time to live TLV Optional TLVs End of LLDPDU Frame Check
TLV Sequence
Type = 1 Type = 1 Zero or more Type=0, IEEE 802.3
complete TLVs Length=0 defined
FIGURE142 – LLDP Frame

Each TLV field is defined as follows:

Type Length Value

7 bits 9 bits 0-510 octets
FIGURE143 – TLV field description

Vendor specific TLVs have a TLV type of 127. The value of the venfor specific TLV starts with a 24
bit unique identifier and one byte organizationally specific subtype followed by data. This type of TLV
is called Organizationally Specific TLV by IEEE 802.1AB This is shown below:

Type Length Organizationally Organizationally Organizationally

Specific TLV Defined Subtype Defined Information
String
7 bits - set 9 bits 24 bits 8 bits 0 to 507 octets
to 127

FIGURE144 – Organizationally specific TLV

MNS-6K conforms to these packet formats as shown below. The commands to configure and use
LLDP are shown below.

Configuring LLDP
The commands used for configuring LLDP are:

Syntax lldp <enable|disable> - enables or disables LLDP

Syntax set-port port=<number|list|range> status=<disable|tx|rx|txrx> notify =

<enable| disable> manaddr=<enable|disable> tlvmap=<portdesc,sysname,sysdesc,
syscap|none> - set the LLDP information propagation capabilities of the port.
In this command Port=number signifies the port number or range of port numbers.

254
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Status defines the function which will be atributed to the port. The status can be disable the
LLDP function for the specific port(s), enable LLDP in the transmit or receive or transmit-
receive mode.
Manaddr enables the MAC address discovery.
Tlvmap defines which of the MIB information will be propageted. The MIB information allowed
are Port Description, System Name, System Description, System Capabilities and None or no
information is sent.

Syntax show-remote - displays remote or neighboring LLDP information

Syntax show lldp - displays LLDP settings

Syntax timers [txint=<sec>] [txhold=<multiplier>] [reinit=<sec>] [txdly=<sec>]

[notify=<sec>] - set TLV timers

Magnum 10KT# lldp

Magnum 10KT(lldp)## show lldp

LLDP State : Disabled

LLDP Transmit Interval : 30
LLDP Transmit Hold : 4
LLDP Reinit Delay : 2
LLDP Transmit Delay : 2
LLDP Notify Interval : 5
Port Status Man. Addr Notify TLV Types Enabled
-----------------------------------------------------------
5 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
6 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
7 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
8 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
9 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
10 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
11 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
12 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
13 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
14 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap

Magnum 10KT(lldp)## lldp enable

LLDP is enabled

Magnum 10KT(lldp)## show lldp

LLDP State : Enabled

LLDP Transmit Interval : 30
LLDP Transmit Hold : 4
LLDP Reinit Delay : 2
LLDP Transmit Delay : 2

255
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

LLDP Notify Interval : 5

Port Status Man. Addr Notify TLV Types Enabled
--------------------------------------------------------------------------
5 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
6 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
7 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
8 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
9 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
10 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
11 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
12 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
13 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
14 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap

Magnum 10KT(lldp)## show-remote

LLDP Remote Information:

Port 5: No Remote Information Found

Port 6: No Remote Information Found
Port 7:
Neighbor 1:
Chassis ID : MAC Addr. - 00 80 63 d7 f3 00
Port ID : MAC Addr. - 00 80 63 d7 f3 08
Time To Live : 120 seconds
Port Desc. : Module: 1 Port: 1 - 1 Gbit
System Name : Magnum 12KX
System Desc. : Magnum 12KX Gigabit Switch - SW: L3-07.0.03-B31G
System Cap. : Bridge/Switch (enabled)Router (disabled)
Management Addr.: IPv4 - 192.168.5.10 (ifIndex - 57)
Organizationally Specific: 00 80 c2 04 0a 00 27 42 42 03 00 00 02 00
Organizationally Specific: 00 12 0f 01 03 6c 03 00
Organizationally Specific: 00 12 0f 03 01 00 00 00
Organizationally Specific: 00 80 c2 01 00
Organizationally Specific: 00 80 c2 02 03 00
Organizationally Specific: 00 80 c2 03 00 01 07 44 65 66 61 75 6c
Organizationally Specific: 00 12 0f 04 05

Port 8 : No Remote Information Found

Port 9 : No Remote Information Found
Port 10 : No Remote Information Found
Port 11 : No Remote Information Found
Port 12 : No Remote Information Found
Port 13 : No Remote Information Found
Port 14 : No Remote Information Found

Magnum 10KT(lldp)## set-port port=12 status=disable

Port mode is set to Disabled.

Magnum 10KT(lldp)## show lldp

LLDP State : Enabled

256
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

LLDP Transmit Interval : 30

LLDP Transmit Hold : 4
LLDP Reinit Delay : 2
LLDP Transmit Delay : 2
LLDP Notify Interval : 5
Port Status Man. Addr Notify TLV Types Enabled
-------------------------------------------------------------------------
5 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
6 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
7 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
8 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
9 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
10 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
11 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
12 DISABLED Enabled Disabled PortDesc,SysName,SysDesc,SysCap
13 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
14 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap

Magnum 10KT(lldp)## set-port port=12 status=rx notify=enable manaddr=disable

tlvmap=none

Port mode is set to RX Only.

Magnum 10KT(lldp)## show lldp

LLDP State : Enabled

LLDP Transmit Interval : 30
LLDP Transmit Hold : 4
LLDP Reinit Delay : 2
LLDP Transmit Delay : 2
LLDP Notify Interval : 5
Port Status Man. Addr Notify TLV Types Enabled
-------------------------------------------------------------------------
5 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
6 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
7 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
8 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
9 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
10 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
11 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
12 RX ONLY Disabled Enabled None
13 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap
14 TX and RX Enabled Disabled PortDesc,SysName,SysDesc,SysCap

Magnum 10KT(lldp)## exit

Magnum 10KT#

FIGURE145 – Commands for configuring LLDP

257
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax lldp <enable|disable> - enables or disables LLDP

Syntax set-port port=<number|list|range> status=<disable|tx|rx|txrx> notify =

<enable| disable> manaddr=<enable|disable> tlvmap=<portdesc,sysname,sysdesc,
syscap|none> - set the LLDP information propagation capabilities of the port.
In this command Port=number signifies the port number or range of port numbers.
Status defines the function which will be atributed to the port. The status can be disable the
LLDP function for the specific port(s), enable LLDP in the transmit or receive or transmit-
receive mode.
Manaddr enables the MAC address discovery
Tlvmap defines which of the MIB information will be propageted. The MIB information allowed
are Port Description, System Name, System Description, System Capabilities and None or no
information is sent.

Syntax show-remote - displays remote or neighboring LLDP information

Syntax show lldp - displays LLDP settings

Syntax timers [txint=<sec>] [txhold=<multiplier>] [reinit=<sec>] [txdly=<sec>]

[notify=<sec>] - set TLV timers

258
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

21
21 – SNMP
Managing your network using SNMP

S imple Network Management Protocol (SNMP) enables management of the network.

There are many software packages which provide a graphical interface and a graphical
view of the network and its devices. The graphical interface and view would not be
possible without SNMP. SNMP is thus the building block for network management.

SNMP Concepts

SNMP provides the protocol to extract the necessary information from a
networked device and display the information. The information is defined and
stored in a Management Information Base (MIB). MIB is the database of the
network management information.

SNMP has evolved over the years (since 1988) using the RFC process. Several RFC’s today
define the SNMP standards. The most common standards for SNMP are SNMP v1 (the original
version of SNMP); SNMP v2 and more recently SNMP v3.

SNMP is a poll based mechanism. SNMP manager polls the managed device for information
and display the information retrieved in text or graphical manner. Some definitions related to
SNMP are:

Community string: A text string used to authenticate messages between a management

station and a SNMP v1/v2c engine.

Simple Network Management Protocol (SNMP): A network management protocol that

provides a means to monitor and control network devices, and to manage configurations,
statistics collection, performance, and security.

Simple Network Management Protocol Version 2c (SNMPv2c): The second version of

SNMP, it supports centralized and distributed network management strategies, and includes
improvements in the Structure of Management Information (SMI), protocol operations,
management architecture, and security.

Simple Network Management Protocol Version 3 (SNMPv3): The third version of

SNMP, the enhancements made to secure access, different levels of access and security.

259
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

SNMP engine: A copy of SNMP that can either reside on the local or remote device.

SNMP group: A collection of SNMP users that belong to a common SNMP list that defines
an access policy, in which object identification numbers (OIDs) are both read-accessible and
write-accessible. Users belonging to a particular SNMP group inherit all of these attributes
defined by the group.

SNMP user: A person for which an SNMP management operation is performed. The user is
the person on a remote SNMP engine who receives the information.

SNMP view: A mapping between SNMP objects and the access rights available for those
objects. An object can have different access rights in each view. Access rights indicate
whether the object is accessible by either a community string or a user.

Write view: A view name (not to exceed 64 characters) for each group that defines the list of
object identifiers (OIDs) that are able to be created or modified by users of the group.

Authentication: The process of ensuring message integrity and protection against message
replays. It includes both data integrity and data origin authentication.

Authoritative SNMP engine: One of the SNMP copies involved in network

communication designated to be the allowed SNMP engine which protects against message
replay, delay, and redirection. The security keys used for authenticating and encrypting
SNMPv3 packets are generated as a function of the authoritative SNMP engine's engine ID
and user passwords. When an SNMP message expects a response (for example, get exact, get
next, set request), the receiver of these messages is authoritative. When an SNMP message
does not expect a response, the sender is authoritative.

Data integrity: A condition or state of data that a message packet has not been altered or
destroyed in an unauthorized manner.

Data origin authentication: The ability to verify the identity of a user on whose behalf the
message is supposedly sent. This ability protects users against both message capture and
replay by a different SNMP engine, and against packets received or sent to a particular user
that an incorrect password or security level has been used.

Encryption: A method of hiding data from an unauthorized user by scrambling the contents
of an SNMP packet.

Group: A set of users belonging to a particular security model. A group defines the access
rights for all the users belonging to it. Access rights define what SNMP objects can be read,
written to, or created. In addition, the group defines what notifications a user is allowed to
receive.

Notification host: An SNMP entity that notifications (traps and informs) are to be sent.

260
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Notify view: A view name (not to exceed 64 characters) for each group that defines the list
of notifications that can be sent to each user in the group.

Privacy: An encrypted state of the contents of an SNMP packet where they are prevented
from being disclosed on a network. Encryption is performed with an algorithm called CBC-
DES (DES-56.)

Read view: A view name (not to exceed 64 characters) for each group that defines the list of
object identifiers (OIDs) that are accessible for reading by users belonging to the group.

Security level: A type of security algorithm performed on each SNMP packet. The three
levels are: noauth, auth, and priv. noauth authenticates a packet by a string match of the
user name. auth authenticates a packet by using either the HMAC MD5 algorithms. priv
authenticates a packet by using either the HMAC MD5 algorithms and encrypts the packet
using the CBC-DES (DES-56) algorithm.

Security model: The security strategy used by the SNMP agent. Currently, MNS-6K
supports three security models: SNMPv1, SNMPv2c, and SNMPv3.

Traps
The traps supported by MNS-6K are as follows:

SNMP Traps: Warm Start, Cold Start, Link Up, Link Down, Authentication Failure

RMON Traps: Rising Alarm, Falling Alarm for RMON groups 1, 2, 3, and 9 (Statistics,
Events, Alarms, and History)

Enterprise Traps: Intruder, S-Ring and LLL

Standards
There are several RFC’s defining SNMP. MNS-6K supports the following RFC’s and standards:

SNMPv1 standards
• Security via configuration of SNMP communities
• Event reporting via SNMP
• Managing the switch with an SNMP network management tool Supported Standard

MIBs include

261
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

• SNMP MIB-II (RFC 1213)

• Bridge MIB (RFC 1493) (ifGeneralGroup, ifRcvAddressGroup, ifStackGroup)
• RMON MIB (RFC 1757)
• RMON: groups 1, 2, 3, and 9 (Statistics, Events, Alarms, and History)
• Version 1 traps (Warm Start, Cold Start, Link Up, Link Down, Authentication Failure,
Rising Alarm, Falling Alarm)
• RFC 1901-1908 – SNMPv2
• RFC 1901, Introduction to Community-Based SNMPv2. SNMPv2 Working Group
• RFC 1902, Structure of Management Information for Version 2 of the Simple Network
Management Protocol (SNMPv2). SNMPv2 Working Group
• RFC 1903, Textual Conventions for Version 2 of the Simple Network Management
Protocol (SNMPv2). SNMPv2 Working Group
• RFC 1904, Conformance Statements for Version 2 of the Simple Network Management
Protocol (SNMPv2). SNMPv2 Working Group
• RFC 1905, Protocol Operations for Version 2 of the Simple Network Management
Protocol (SNMPv2). SNMPv2 Working Group
• RFC 1906, Transport Mappings for Version 2 of the Simple Network Management
Protocol (SNMPv2)
• RFC 1907, Management Information Base for Version 2 of the Simple Network
Management Protocol (SNMPv2). SNMPv2 Working Group
• RFC 1908, Coexistence between Version 1 and Version 2 of the Internet-standard
Network Management Framework. SNMPv2 Working Group
• RFC 2271-2275 – SNMPv3
• RFC 2104, Keyed Hashing for Message Authentication
• RFC 2271, An Architecture for Describing SNMP Management Frameworks
• RFC 2272, Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP)
• RFC 2273, SNMPv3 Applications
• RFC 2274, User-Based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)
• RFC 2275, View-Based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)

Configuring SNMP
There are several commands and variables that can be set for configuring SNMP. They are listed
below. The basic SNMP v1 parameters can be set by referring to the section Chapter 2 – Setting
IP Parameters on page 52. Most commands here refer to SNMP v3 commands and how the
variables for SNMP v3 can be configured.

Syntax snmp – enter the SNMP Configuration mode

Syntax set snmp type=<v1|all> - define the version of SNMP to use – the option all supports all versions
(v1, v2 and v3) – v1 restricts SNMP to v1 only. By default – SNMP v1only is enabled

262
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show active-snmp – shows the version of SNMP currently in use

Syntax community [write=<write community>] [read=<read community>] [trap=<trap

community>] – set the necessary community strings

Syntax authtraps <enable|disable> - enables or disables authentication traps generation

Syntax traps <add|delete> type=<Snmp|Rmon|Snmp,Rmon|Enterprise|

Snmp,Enterprise |Rmon,Enterprise|All> ip=<ipaddress> - add v1 traps as well as
define the trap receiver

Syntax show snmp – displays the SNMP configuration information

Syntax mgrip <add|delete> ip=<IPaddress> - adds or deletes a management station, specified by the
IP address, which can query SNMP variables from the switch. This is done to protect the switch from
being polled by unauthorized managers. Valid for SNMP v1. Maximum of 5 stations allowed

Syntax setvar [sysname|syscontact|syslocation]=<string> sets the system name, contact and

location. All parameters are optional but a user must supply at least one parameter

Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set
snmp” command which follows

Syntax quickcfg - quick setup for snmpv3 configuration. It automatically configures a default VACM (view-
based access control model). This allows any manager station to access the Magnum 6K switch either via
SNMP v1, v2c or v3. The community name is “public”. This command is only intended for first time
users and values can be changed by administrators who want more strict access

Syntax engineid string=<string> - Every agent has to have an engineID (name) to be able to respond to
SNMPv3 messages. The default engine ID value is “6K_v3Engine”. This command allows the user to
change the engine ID

Syntax show-authtrap - displays the current value of authentication trap status.

Syntax deftrap community=<string> - defines the default community string to be used when sending
traps. When user does not specify the trap community name when setting a trap station using the “trap”
command, the default trap community name is used

Syntax show-deftrap - displays the current value of default trap

Syntax trap <add|delete> id=<id> [type=<v1|v2|inform>] [host=<host-ip>]

[community=<string>] [port=<1-65534>] - define the trap and inform manager stations.
The station can receive v1, v2 traps and/or inform notifications. An inform notification is an
acknowledgments that a trap has been received. A user can add up to 5 stations.

263
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show-trap [id=<id#>]- shows the configured trap stations in tabular format - id is optional and is
the number corresponding to the trap entry number in the table

Syntax com2sec <add|delete> id=<id> [secname=<name>]

[source=<source>][community=<community>] - a part of the View based Access
control model (VACM) as defined in RFC 2275. This specifies the mapping from a source/community
pair to a security name. On MNS-6K, up to 10 entries can be specified

Syntax group <add|delete> id=<id> [groupname=<name>]

[model=<v1|v2c|usm>] [com2secid=<com2sec-id>] - a part of the View based Access
control model (VACM) as defined in RFC 2275. This command defines the mapping from sec model
or a sec name to a group. A sec model is one of v1, v2c, or usm. On MNS-6K, up to 10 entries can be
specified

Syntax show-group [id=<id>] - display all or specific group entries - id is optional and is the number
corresponding to the group entry number in the table

Syntax view <add|delete> id=<id> [viewname=<name>] [type=<included|excluded>]

[subtree=<oid>] [mask=<hex-string>] - a part of the View based Access control model
(VACM) as defined in RFC 2275. This command defines a manager or group or manager stations
what it can access inside the MIB object tree. On MNS-6K, up to 10 entries can be specified

Syntax show-view [id=<id>] - display all or specific view entries - id is optional and is the number
corresponding to the view entry number in the table

Syntax user <add|delete> id=<id> [username=<name>]

[usertype=<readonly|readwrite>] [authpass=<pass-phrase>]
[privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>] for
quickly adding or deleting v3 USM based security, this command adds user entries. MNS-6K allows
up to 5 users to be added. Right now, the MNS-6K agent only support noauth and auth-md5 for v3
authentication and auth-des for priv authentication

Syntax show-user [id=<id>] - display all or specific view entries - id is optional and is the number
corresponding to the view entry number in the table

Magnum10KT# set snmp type=v1

Magnum10KT# show active-snmp

6K SNMP Agent supports v1 only.

Magnum10KT# show snmp

SNMP CONFIGURATION INFORMATION

------------------------------
SNMP Get Community Name : public
SNMP Set Community Name : private

264
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

SNMP Trap Community Name : public

AuthenTrapsEnableFlag : disabled
SNMP Access Status : enabled

SNMP MANAGERS INFO

------------------

SNMP TRAP STATIONS INFO

-----------------------

Magnum10KT# snmp

Magnum10KT(snmp)## community write=private read=public

SNMP Read community name successfully set

SNMP Write community name successfully set

Magnum10KT(snmp)## show snmp

SNMP CONFIGURATION INFORMATION

------------------------------
SNMP Get Community Name : public
SNMP Set Community Name : private
SNMP Trap Community Name : public
AuthenTrapsEnableFlag : enabled
SNMP Access Status : enabled

SNMP MANAGERS INFO

------------------

SNMP TRAP STATIONS INFO

-----------------------

Magnum10KT(snmp)## mgrip add ip=192.168.1.111

Use this command for SNMP v1
Manager IP Address added successfully managers. Without this command
SNMP v1 managers will not be
Magnum10KT(snmp)## mgrip add ip=192.168.1.222 able to manage the switches. Not
needed for SNMP v3. Note
Manager IP Address added successfully maximum of 5 stations allowed.

Magnum10KT(snmp)# show snmp

SNMP CONFIGURATION INFORMATION

------------------------------
SNMP Get Community Name : public
Managers added are displayed
SNMP Set Community Name : private
under the SNMP information by
SNMP Trap Community Name : public
AuthenTrapsEnableFlag : disabled using the show snmp command.
SNMP Access Status : enabled

SNMP MANAGERS INFO

265
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

------------------
IP Address = 192.168.1.111
IP Address = 192.168.1.222

SNMP TRAP STATIONS INFO

-----------------------

Magnum10KT(snmp)## traps add type=Snmp,Rmon ip=192.168.1.2

Successfully Added.

Magnum10KT(snmp)## show snmp

SNMP CONFIGURATION INFORMATION

------------------------------
SNMP Get Community Name : public
SNMP Set Community Name : private
SNMP Trap Community Name : public Managers added are displayed
AuthenTrapsEnableFlag : enabled under the SNMP information by
SNMP Access Status : enabled using the show snmp command.
SNMP MANAGERS INFO
------------------
IP Address = 192.168.1.111
IP Address = 192.168.1.222

SNMP TRAP STATIONS INFO

-----------------------
IP Address = 192.168.1.2 Trap Type = SNMP,RMON

Magnum10KT(snmp)# exit

Magnum10KT# show snmp

SNMP CONFIGURATION INFORMATION

------------------------------
SNMP Get Community Name : public
SNMP Set Community Name : private
SNMP Trap Community Name : public
AuthenTrapsEnableFlag : enabled
SNMP Access Status : enabled

SNMP MANAGERS INFO

------------------
IP Address = 192.168.1.111
IP Address = 192.168.1.222

SNMP TRAP STATIONS INFO

-----------------------
IP Address = 192.168.1.2 Trap Type = SNMP,Enterprise

Magnum10KT# set snmp type=all

266
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

SNMP version support is set to "v1, v2c and v3"

Magnum10KT# show active-snmp

6K SNMP Agent supports all (v1/v2c/v3) versions.

Magnum10KT# show snmp

SNMP v3 Configuration Information

=================================
System Name : Magnum10KT
System Location : Fremont, CA
System Contact : [email protected]
Authentication Trap : Disabled
Default Trap Comm. : public
V3 Engine ID : 6K_v3Engine

Magnum10KT# snmpv3 Switch over to SNMPv3 from

this point forward
Magnum10KT(snmpv3)## setvar sysname=my_m6k syscontact=admin syslocation=lab

Magnum10KT(snmpv3)## quickcfg
Max limit of system
This will enable default VACM. variables is 15 characters

Do you wish to proceed? [ 'Y' or 'N' ] Y

Quick configuration done, default VACM enabled

Magnum10KT(snmpv3)## engineid string=Magnum6K

Engine ID is set successfully

Magnum10KT(snmpv3)## authtrap enable

Authentication trap status is set successfully

Magnum10KT(snmpv3)## show-authtrap

Authentication Trap Status: Enabled

Magnum10KT(snmpv3)## deftrap community=mysecret

Default trap community is set successfully

Magnum10KT(snmpv3)## show-deftrap

Default Trap Community : public

Magnum10KT(snmpv3)## trap add id=1 type=v1 host=10.21.1.100

267
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Entry is added successfully

Magnum10KT(snmpv3)## show-trap

ID Trap Type Host IP Community Port

===========================================================
1 v1 10.21.1.100 -- --
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --

Magnum10KT(snmpv3)## show-trap id=1

Trap ID : 1
Trap Type : v1
Host IP : 10.21.1.100
Community : --
Auth. Type : --

Magnum10KT(snmpv3)## com2sec add id=1 secname=public source=default

community=public

Entry is added successfully

Magnum10KT(snmpv3)## com2sec add id=2

ERROR: "secname" parameter is required for "add" directive

Magnum10KT(snmpv3)## com2sec add id=2 secname=BCM

Entry is added successfully

Magnum10KT(snmpv3)## show-com2sec

ID Sec. Name Source Community

============================================
1 public default public
2 BCM default public
3 -- -- --
4 -- -- --
5 -- -- --
6 -- -- --
7 -- -- --
8 -- -- --
9 -- -- --
10 -- -- --

Magnum10KT(snmpv3)## show-com2sec id=2

Com2Sec ID : 2
Security Name : BCM

268
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Source : default
Community : public

Magnum10KT(snmpv3)## group add id=1 groupname=v1 model=v1 com2secid=1

Entry is added successfully

Magnum10KT(snmpv3)## show-group

ID Group Name Sec. Model Com2Sec ID

====================================================
1 v1 v1 1
2 public v2c 1
3 public usm 1
4 -- -- --
5 -- -- --
6 -- -- --
7 -- -- --
8 -- -- --
9 -- -- --
10 -- -- --

Magnum10KT(snmpv3)## show-group id=1

Group ID : 1
Group Name : v1
Model : v1
Com2Sec ID : 1

Magnum10KT(snmpv3)## view add id=1 viewname=all type=included subtree=.1

Entry is added successfully

Magnum10KT(snmpv3)## show-view

ID View Name Type Subtree Mask

===================================================
1 all included .1 ff
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --
6 -- -- -- --
7 -- -- -- --
8 -- -- -- --
9 -- -- -- --
10 -- -- -- --

Magnum10KT(snmpv3)## show-view id=1

View ID : 1
View Name : all

269
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Type : included
Subtree : .1
Mask : ff

Magnum10KT(snmpv3)## access add id=1 accessname=v1 model=v1 level=noauth read=1

writ
e=none notify=none

Entry is added successfully

Magnum10KT(snmpv3)## show-access

ID View Name Model Level R/View W/View N/View Context

Prefix

==================================================================================
1 v1 v1 noauth 1 none none ""
exact
2 -- -- -- -- -- -- -- --
3 -- -- -- -- -- -- -- --
4 -- -- -- -- -- -- -- --
5 -- -- -- -- -- -- -- --
6 -- -- -- -- -- -- -- --
7 -- -- -- -- -- -- -- --
8 -- -- -- -- -- -- -- --
9 -- -- -- -- -- -- -- --
10 -- -- -- -- -- -- -- --

Magnum10KT(snmpv3)## show-access id=1

Access ID : 1
Access Name : v1
Sec. Model : v1
Sec. Level : noauth
Read View ID : 1
Write View ID : none
Notify View ID : none
Context : ""
Prefix : exact

Magnum10KT(snmpv3)## user add id=1 username=jsmith usertype=readwrite

authpass=something

Entry is added successfully

Magnum10KT(snmpv3)## show-user

ID User Name UType AuthPass PrivPass AType Level Subtree

===============================================================================
1 jsmith RW something MD5 auth
2 -- -- -- -- -- -- --
3 -- -- -- -- -- -- --
4 -- -- -- -- -- -- --
5 -- -- -- -- -- -- --

270
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(snmpv3)## show-user id=2

ERROR: Entry is not active

Magnum10KT(snmpv3)## show-user id=1

User ID : 1
User Name : jsmith
User Type : read-write
Auth. Pass : something
Priv. Pass :
Auth. Type : MD5
Auth. Level : auth
Subtree :

Magnum10KT(snmpv3)## exit

Magnum10KT# show snmp

SNMPv3 Configuration Information

================================

System Name : Magnum10KT

System Location : Fremont, CA
System Contact : [email protected]
Authentication Trap : Enabled
Default Trap Comm. : public
V3 Engine ID : 6K_v3Engine

Magnum10KT#

FIGURE146 – Configuring SNMP – most of the command here are SNMP v3 commands.

Configuring RMON
The switch supports RMON (Remote Monitoring) on all connected network segments. This
allows for troubleshooting and optimizing your network. The Magnum 6K family of switches
provides hardware-based RMON counters. The switch manager or a network management
system can poll these counters periodically to collect the statistics in a format that complies with
the RMON MIB definition.

The following RMON groups are supported:

• Ethernet Statistics Group: Maintains utilization and error statistics for the switch port
being monitored.
• History Group: Gathers and stores periodic statistical samples from previous Statistics
Group.

271
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

• Alarm Group: Allows a network administrator to define alarm thresholds for any MIB
variable.
• Log and Event Group: Allows a network administrator to define actions based on
alarms. SNMP Traps are generated when RMON Alarms are triggered.

The following RMON communities, when defined, enable the specific RMON groups as shown
above.

Syntax rmon – enter the RMON configuration mode to setup RMON groups and communities

Syntax history def-owner=<string> def-comm=<string> - define the RMON history group and
the community string associated with the group

Syntax statistics def-owner=<string> def-comm=<string>- define the RMON statistics group

and the community string associated with the group

Syntax alarm def-owner=<string> def-comm=<string> - define the RMON alarm group and the
community string associated with the group

Syntax event def-owner=<string> def-comm=<string> - define the RMON event group and the
community string associated with the group

Syntax show rmon <stats|hist|event|alarm> - list the specific RMON data as defined by the group
type

Magnum10KT# rmon

Magnum10KT(rmon)## event def-owner=test def-comm=somestring

RMON Event Default Owner is set

RMON Event Default Community is set

Magnum10KT(rmon)## show rmon event

RMON Event Default Owner : test

RMON Event Default Community : somestring

Magnum10KT(rmon)## exit

Magnum10KT#
FIGURE147 – Configuring RMON groups.

272
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

HiVision
All GarrettCom devices can be discovered and managed via the Belden (Hirschmann) HiVision
network management software.

List of Commands In This Chapter

Syntax snmp – enter the SNMP Configuration mode

Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the set
snmp command which follows

Syntax show active-snmp – shows the version of SNMP currently in use

Syntax community [write=<write community>] [read=<read community>] [trap=<trap

community>] – set the necessary community strings

Syntax authtraps <enable|disable> - enables or disables authentication traps generation

Syntax traps <add|delete> type=<Snmp|Rmon|Snmp,Rmon|Enterprise|

Snmp,Enterprise |Rmon,Enterprise|All> ip=<ipaddress> - add v1 traps as well as
define the trap receiver

Syntax mgrip <add|delete> ip=<IPaddress> - adds or deletes a management station, specified by the
IP address, which can query SNMP variables from the switch. This is done to protect the switch from
being polled by unauthorized managers. Valid for SNMP v. Maximum of five stations allowed.

Syntax set snmp type=<v1|all> - define the version of SNMP to use – the option all supports all versions
(v1, v2 and v3) – v1 restricts SNMP to v1 only. By default – SNMP v1only is enabled

Syntax show snmp – displays the SNMP configuration information

Syntax setvar [sysname|syscontact|syslocation]=<string> sets the system name, contact and

location. All parameters are optional but a user must supply at least one parameter.

Syntax quickcfg - quick setup for snmpv3 configuration. It automatically configures a default VACM (view-
based access control model). This allows any manager station to access the Magnum 6K switch either via
SNMP v1, v2c or v3. The community name is “public”. This command is only intended for first time
users and values can be changed by administrators who want more strict access.

273
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax engineid string=<string> - Every agent has to have an engineID (name) to be able to respond to
SNMPv3 messages. The default engine ID value is “6K_v3Engine”. This command allows the user to
change the engine ID.

Syntax authtrap <enable|disable> - enables or disables authentication traps generation

Syntax show-authtrap - displays the current value of authentication trap status.

Syntax deftrap community=<string> - defines the default community string to be used when sending
traps. When user does not specify the trap community name when setting a trap station using the trap
command, the default trap community name is used.

Syntax show-deftrap - displays the current value of default trap

Syntax trap <add|delete> id=<id> [type=<v1|v2|inform>] [host=<host-ip>]

[community=<string>] [port=<1-65534>] - define the trap and inform manager stations.
The station can receive v1, v2 traps and/or inform notifications. An inform notification is an
acknowledgments that a trap has been received. A user can add up to 5 stations.

Syntax show-trap [id=<id#>]- shows the configured trap stations in tabular format - id is optional and is
the number corresponding to the trap entry number in the table

Syntax com2sec <add|delete> id=<id> [secname=<name>] [source=<source>]

[community=<community>] - a part of the View based Access control model (VACM) as
defined in RFC 2275. This specifies the mapping from a source/community pair to a security name. On
MNS-6K, up to 10 entries can be specified.

Syntax group <add|delete> id=<id> [groupname=<name>]

[model=<v1|v2c|usm>] [com2secid=<com2sec-id>] - a part of the View based Access
control model (VACM) as defined in RFC 2275. This command defines the mapping from sec model
or a sec name to a group. A sec model is one of v1, v2c, or usm. On MNS-6K, up to 10 entries can be
specified.

Syntax show-group [id=<id>] - display all or specific group entries - id is optional and is the number
corresponding to the group entry number in the table.

Syntax view <add|delete> id=<id> [viewname=<name>] [type=<included|excluded>]

[subtree=<oid>] [mask=<hex-string>] - a part of the View based Access control model
(VACM) as defined in RFC 2275. This command defines a manager or group or manager stations
what it can access inside the MIB object tree. On MNS-6K, up to 10 entries can be specified.

Syntax show-view [id=<id>] - display all or specific view entries - id is optional and is the number
corresponding to the view entry number in the table.

Syntax user <add|delete> id=<id> [username=<name>]

[usertype=<readonly|readwrite>] [authpass=<pass-phrase>]

274
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

[privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>] for

quickly adding or deleting v3 USM based security, this command adds user entries. MNS-6K allows
up to 5 users to be added. Right now, the MNS-6K agent only support noauth and auth-md5 for v3
authentication and auth-des for priv authentication.

Syntax show-user [id=<id>] - display all or specific view entries - id is optional and is the number
corresponding to the view entry number in the table.

Syntax rmon – enter the RMON configuration mode to setup RMON groups and communities.

Syntax history def-owner=<string> def-comm=<string> - define the RMON history group and
the community string associated with the group.

Syntax statistics def-owner=<string> def-comm=<string>- define the RMON statistics group

and the community string associated with the group.

Syntax alarm def-owner=<string> def-comm=<string> - define the RMON alarm group and the
community string associated with the group.

Syntax event def-owner=<string> def-comm=<string> - define the RMON event group and the
community string associated with the group.

Syntax show rmon <stats|hist|event|alarm> - list the specific RMON data as defined by the group
type.

275
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

22
22 – MODBUS
Connecting Industrial Devices

here are several features built into the Magnum 6K family of switches which help with the
T overall productivity and manageability of the switch. These items are examined individually in
this chapter.

MODBUS Overview
MODBUS is an application layer messaging protocol, positioned at level 7 of the OSI model, which
provides client/server communication between devices connected on different types of buses or
networks. PLC controllers can communicate with each other and with other devices over a variety of
networks. The common language used by most PLC controllers is the MODBUS protocol. This
MODBUS protocol defines a message structure that controllers will recognize and use, regardless of
the type of networks over which they communicate. It describes the process a controller uses to
request access to another device, how it will respond to requests from the other devices, and how
errors will be detected and reported. It establishes a common format for the layout and contents of
message fields. MODBUS is a request/reply protocol and offers services specified by function codes.
MODBUS function codes are elements of MODBUS request/reply PDUs. The MODBUS protocol
thus operates at the layer 7 of the OSI 7 layer stack. Additional information on MODBUS can be
found at www.modbus.org and other related sites.

MODBUS is an application layer messaging protocol for client/server communication between

devices connected on different types of buses or networks.
It is currently implemented using:
• TCP/IP over Ethernet. This implementation is found on Magnum 6K Switches
• Asynchronous serial transmission over a variety of media (wire : EIA/TIA-232-E, EIA-422,
EIA/TIA-485-A; fiber, radio, etc.) This implementation is found on the Magnum DX routers
on the serial interfaces

276
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

MODBUS Applications

MODBUS on TCP

TCP

IP

Other MODBUS+ / Master / Slave Ethernet II /

Other HDLC Physical Layer EIA / TIA-232 Ethernet Physical
EIA / TIA-485 Layer

FIGURE148 - MODBUS Communications stack.

The MODBUS protocol allows communications on all different types of devices. An example of that,
using the Magnum Product family is shown below:

PL
I/O

Magnum DX
Routers

Magnum 6K
Switches

PL

H
FIGURE149 - Interconnecting different MODBUS devices.

Architecturally, the above can be simplified as RFC 1122 - Requirements for Internet Hosts --
Communication Layers - defines how MODBUS packets can be carried over a TCP/IP transport and

277
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

how PLC controllers and devices can communicate over a TCP/IP network. To facilitate this
communications, the Magnum 6K family of switches allows MODBUS connectivity.

Device HMI I/O

Ethernet -
Magnum 6K
Family of Switches

MODBUS

Magnum DX Magnum DX
M Family Family
O M
D MODBUS on RS232 MODBUS on RS485
O
B Device
D
U or PLC
B
S or I/O
U
Device S
or PLC
or I/O
Device Device
or PLC or PLC
or I/O or I/O

FIGURE150 - MODBUS networks can be built using Magnum family of products, including Magnum 6K family of
switches and Magnum DX routers.

As per this RFC, the MODBUS communications take place on TCP port 502. Please ensure the
network security devices do not block port 502. If port 502 is blocked, which is the normal case with
many firewalls and other security devices, the communications between two MODBUS devices over a
TCP/IP network will not succeed. If the PLC devices using MODBUS are on the same LAN
segment, and a firewall is not traversed, then this is not an issue.

Configuring MODBUS
To facilitate the MODBUS communications, the CLI commands are:

Syntax modbus <enable|disable> - enable or disable the MODBUS protocol

Syntax modbus port=<port#|default> - change the default MODBUS TCP port number or reset it to
default TCP port 502

278
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax modbus device=<device|default> - change the MODBUS default device type or reset it to default
value of 5

Syntax show modbus - display the MODBUS settings

As an example, the commands would be:

Magnum10KT# show modbus

Access to Modbus disabled

Modbus is Using Port :502
Modbus is Using Device :5

Magnum10KT# access

Magnum10KT(access)## modbus enable

Enabling Access to Modbus

Magnum10KT(access)## show modbus

Access to Modbus enabled

Modbus is Using Port :502
Modbus is Using Device :5

Magnum10KT(access)## modbus port=602

Modbus Port is set

Magnum10KT(access)## show modbus

Access to Modbus enabled

Modbus is Using Port :602
Modbus is Using Device :5

Magnum10KT(access)## modbus port=default

Modbus Port Set to Default

Magnum10KT(access)## show modbus

Access to Modbus enabled

Modbus is Using Port :502
Modbus is Using Device :5
FIGURE 151 – Configuring MODBUS.

279
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

MODBUS Memory Map

Please refer to Appendix 6 on page 415 for the MODBUS Memory Map. This memory map can be used by
HMI applications to query the Magnum 6K family of switches for information using the MODBUS
protocol.

List of Commands In This Chapter

Syntax modbus <enable|disable> - enable or disable the MODBUS protocol

Syntax modbus port=<port#|default> - change the default MODBUS TCP port number or reset it to
default TCP port 502

Syntax modbus device=<device|default> - change the MODBUS default device type or reset it to default
value of 5

Syntax show modbus - display the MODBUS settings

280
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

23
23 – PTP (IEEE 1588)
Improving time synchronization accuracy

T ime can be synchronized using SNTP or other protocols. The timing accuracy attained by these
protocols is not accurate enough for substations. Substations deal with multiple sources of power such
as those from solar farms, off-shore wind turbines, wind turbine farms, geothermal sources etc.

Precision Time Protocol

The Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout
the network. On a LAN it achieves clock accuracy in the sub-microsecond range, making
it suitable for measurement and control of systems.

IEEE 1588 Overview

In an earlier Chapter, we looked at time synchronization using SNTP. While SNTP is sufficient for
security activities such as SYSLOG, intrusion detection, and others, the accuracy of timing
synchronization using SNTP is not sufficient for Smart Grid Applications. For example, a 41
nanosecond difference amounts to one degree offset between two sources of power. The offset causes
an increase in virtual power, which ultimately translates to revenues which are lost as wasted energy.
This is especially critical today with different power sources. Power sources vary. Power can be
generated using coal, natural gas, or other fossil fuels. Power can also be generated from natural
occurring energy sources such as the sun, wind, tides, geo-thermals etc. These power sources are
generally termed as renewable sources or green energy as they typically do not emit CO2. However,
these renewable sources are not as consistent as fossil fuel.

The Precision Time Protocol (PTP) is a high-precision time protocol for synchronization used in
measurement and control systems which reside on a local area network. Using PTP, accuracy in the
sub-microsecond range may be achieved with low-cost implementations. PTP was originally defined in
the IEEE 1588-2002 standard, officially entitled Standard for a Precision Clock Synchronization Protocol for
Networked Measurement and Control Systems. In 2008 a revised standard, IEEE 1588-2008, was released.
This new version, also known as PTP Version 2, improves accuracy, precision, and robustness but
Version 2 is not backwards compatible with the original 2002 version Version 1. IEEE 1588 is
designed to fill a niche not well served by either of the two dominant protocols: NTP and GPS. IEEE

281
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

1588 is designed for local systems requiring accuracies beyond those attainable using NTP. It is also
designed for applications that cannot bear the cost of a GPS receiver at each node, or when GPS
signals are inaccessible.

Architecture: The IEEE 1588 standards describe hierarchical master-slave architecture for clock
distribution. Under this architecture, a time distribution system consists of one or more
communication mediums (network segments), and one or more clocks.

The ordinary clock is a device with a single network connection and is either the source of (master)
or destination for (slave) synchronization reference.

The boundary clock has multiple network connections and can accurately bridge synchronization
from one network segment to another.

A synchronization master is elected for each of the network segments in the system. The root
timing reference is called the grandmaster. The grandmaster transmits synchronization information
to the clocks residing on its network segment. The boundary clocks with a presence on that segment
then relay accurate time to the other segments to which they are connected.

A simplified PTP system frequently consists of ordinary clocks connected to a single network. No
boundary clocks are used. A grandmaster is elected and all other clocks synchronize directly to it.

IEEE 1588-2008 introduces a clock associated with network equipment used to convey PTP
messages. The transparent clock modifies PTP messages as they pass through the device. Timestamps
in the messages are corrected for time spent traversing the network equipment. This scheme improves
distribution accuracy by compensating for delivery variability across the network.

Some salient features of IEEE 1588 protocol can be summarized as:

• International standard
• Timing synchronization can be implemented over packet based networks e.g. Ethernet
• High accuracy – sub microsecond synchronization
• Simple – can be implemented in hardware or software
• Minimal overhead – network, processor, management
• Protocol – can be implemented on different networks

The Magnum 10KT switch implements the PTP protocol. The examples below show how the 10KT
switch can be used for setting up a network with PTP:

282
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE 152 – Using the Magnum 10KT as a boundary clock along with a grandmaster clock from Symmetricom. The
SCADA device acts as an ordinary clock as it has one source and adjusts its time from the PTP packets.

283
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

FIGURE 153 – The Magnum 10KT switch can be setup as a Boundary Clock (BC) or Transparent Clock (TC) depending
on the devices being connected and the hierarchy. If it gets too complicated, the MNS-6K auto function can be used.

IEEE 1588 is implemented as a message-based protocol. For example, event messages such as sync, delay-
request, follow up, and delay response are used by ordinary clocks and boundary clocks to synchronize
timing information. Similarly event messages are used by transparent clocks to measure and compensate for
delays.

General messages are used for non-critical timing functions. For example, signaling messages are used for
non-critical information and Announce messages are used to develop a clock hierarchy. Management
messages are used to configure and manage PTP.

All PTP messages are sent using multicast messaging. IEEE 1588-2008 introduces an option for devices to
negotiate unicast transmission on a port-by-port basis. PTP messages may use the Internet Protocol (IP) for
transport. The original specification used only IPv4 transports, but this has been extended to IPv6. Over IP,
messages use the User Datagram Protocol (UDP). Datagrams are transmitted using IP multicast addressing,
for which multicast group addresses are defined for IPv4 and IPv6. Event messages are sent to port number
319. General messages use port number 320. Replies to Management messages are always returned to the
unicast address of the originator. Encapsulation is also defined for bare IEEE 802.3 Ethernet, DeviceNet,
ControlNet and PROFIBUS. PTP uses Ethertype 0x88F7 and an Ethernet multicast destination address of
01-1B-19-00-00-00 for all but peer delay messages. Peer delay messages are sent to 01-80-C2-00-00-0E.

MNS-6K uses the defined MAC addresses in IEEE 1588v2 protocol to designate an IEEE 1588v2 timing
on L2 and UDP packets. They are 01-1B-19-00-00-00 and 01-80-C2-00-00-0E as discussed above.

Configuring PTP
The commands used to configure PTP are as follows:
Syntax ptp - enter the PTP sub group of commands

Syntax ptp <enable|disable> - enable or disable the ptp capabilities

284
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax announce interval=<1|2|4|8|16> – shows the intervals of the ptp configuration

Syntax power-profile [<enable|disable>] [vlan=<none|0-4095>] [prio=<0..7>] [gmid=<3-

254>] – shows the power-profile of the ptp configurations

Stntax sync interval=<250|500|1000|2000|4000|8000|16000> - set the sync interval (in milliseconds)

Syntax setptp [clock=<auto|tc|bc>] [priority1=<0-255>] [priority2=<0-255>]

[domain=<0..127] [sync=<enable|disable>] [delay=<e2e|p2p>]- set the behavior of the clock as a
boundary clock or transparent clock. Priority 1 and Priority 2 are used by network administrators to deterministically
set which clock becomes the master clock in case there is a resolution conflict or "tie"

The master clock algorithm is such that there could be several master clocks in a network. Even
though the occurrence could be rare, there is a finite probability that such an event could happen. In
situations like this, the combination of Priority 1 and Priority 2 are used to determine which clock
becomes the master. For example, if there are two switches in the network with the settings as follows:
Switch1 Priority1 = 1 Priority 2 = 200
Switch2 Priority1 = 5 Priority 2 = 5

Switch 1 will become the master as Priority 1 is a lower value. In situations where priority 1 values are
the same, Priority 2 values are used.
Default values for Priority 1 and Priority 2 are 128.

Syntax setport port=<port|list|range> [mode=<auto|mac|udp>] [<enable|disable>] - define

the ports where PTP packets are examined for time synchronization

Syntax show modules - show the modules in the system. If there is a IEEE 1588 module present it will display
that

Syntax show-port=show the ports and the modes

Syntax show ptp - show the status of PTP (enabled or disabled)

285
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

A sequence of commands for configuring PTP are shown below.

Magnum10KT# ptp

Magnum10KT(ptp)## sync interval=4000

Sync Interval Set.

Magnum10KT(ptp)## setptp clock=auto

Clock Type Set

Magnum10KT(ptp)## ptp enable

PTP is enabled.

Magnum10KT(ptp)## show ptp

PTP CONFIGURATION
-----------------
PTP Status : ENABLED
Ports Currently Enabled : 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
21,22,23,24,29,32,33,36
PTP Sync Interval : 4 Sec
CLOCK Configuration : AUTO
CLOCK Operating Mode : Master
Delay Measurement Mechanism : End-to-End
Priority1 : 128
Priority2 : 128

Magnum 10KT(ptp)## announce

announce interval=<1|2|4|8|16>

Magnum10KT(ptp)## show modules

SLOT DESCRIPTION
---- -----------
C 4 Port TP-MDIX Module
D 4 Port TP-MDIX Module
E 4 Port TP-MDIX Module
F 4 Port TP-MDIX Module
G 4 Port Fiber100 with IEEE1588
I 2 Port Fiber100 Module
J 2 Port Fiber100 Module

286
 M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum 10KT(ptp)## power-profile

power-profile [<enable|disable>] [vlan=<none|0-4095>] [prio=<0..7>]

[gmid=<3-254>]

Magnum10KT(ptp)## setport port=5-36 disable

Magnum10KT(ptp)## setport port=17-20 enable

Magnum 10KT(ptp)## show-port

--------------------
Port | Mode AUTO-MAC – The setting is
-------------------- AUTO, and the port is operating in
01 AUTO-MAC MAC mode.
02 AUTO-MAC
03 AUTO-MAC
04 AUTO-MAC
05 AUTO-MAC
06 AUTO-MAC
07 AUTO-MAC
08 AUTO-MAC
09 AUTO-MAC
10 AUTO-MAC
11 AUTO-MAC
12 AUTO-MAC
13 AUTO-MAC
14 AUTO-MAC
15 AUTO-MAC
16 AUTO-MAC
--more—

Magnum10KT(ptp)## show ptp

PTP CONFIGURATION
-----------------
PTP Status : ENABLED
Ports Currently Enabled : 17,18,19,20
PTP Sync Interval : 4 Sec
CLOCK Configuration : AUTO
CLOCK Operating Mode : Master
Delay Measurement Mechanism : End-to-End
Priority1 : 128
Priority2 : 128

Magnum10KT(ptp)## exit

Magnum10KT#

FIGURE 154 – Configuration and setup of PTP commands. Note the show modules command displays which module has
the hardware enable PTP support. The example step though disabling PTP on all ports except the ports on module "G".

287
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax ptp - enter the PTP sub group of commands

Syntax ptp <enable|disable> - enable or disable the ptp capabilities

Syntax announce interval=<1|2|4|8|16> - shows the intervals of the ptp configuration

Syntax power-profile [<enable|disable>] [vlan=<none|0-4095>] [prio=<0..7>] [gmid=<3-

254>] - show the power-profile of the ptp configurations

Stntax sync interval=<250|500|1000|2000|4000|8000|16000> - set the sync interval (in milliseconds)

Syntax setptp [clock=<auto|tc|bc>] [priority1=<0-255>] [priority2=<0-255>]

[domain=<0..127] [sync=<enable|disable>] [delay=<e2e|p2p>]- set the behavior of the clock as a
boundary clock or transparent clock. Priority 1 and Priority 2 are used by network administrators to deterministically
set which clock becomes the master clock in case there is a resolution conflict or "tie"

Syntax setport port=<port|list|range> [mode=<auto|mac|udp>] [<enable|disable>] - define

the ports where PTP packets are examined for time synchronization

Syntax show-port=shows the ports and the modes

Syntax show ptp - shows the status of PTP (enabled or disabled)

Syntax show modules - shows the modules in the system. If there is an IEEE 1588 module present it will display
that

288
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

24
24 – GMRP
Improving distribution of data packets

T heRegistration
primary goal of the GARP Multicast Registration Protocol (GMRP) i.e. a Generic Attribute
Protocol (GARP) application that describes the distribution of data packets with a
Multicast address as the destination address on Layer 2. GMRP provides a constrained multicast
flooding facility similar to IGMP snooping. GMRP and GARP are industry-standard protocols
defined by the IEEE 802.1P.

GMRP Overview
GMRP provides a mechanism that allows bridges and end stations to dynamically register group
membership information with the MAC bridges attached to the same LAN segment and for that
information to be disseminated across all bridges in the Bridged LAN that supports extended filtering
services. The operation of GMRP relies upon the services provided by the GARP.

GMRP software components run on both the switch and on the host. On the host, GMRP is typically
used with IGMP: the host GMRP software spawns Layer 2 GMRP versions of the host's Layer 3
IGMP control packets. The switch receives both the Layer 2 GMRP and the Layer 3 IGMP traffic
from the host. The switch uses the received GMRP traffic to constrain multicasts at Layer 2 in the
host's VLAN. In all cases, you can use IGMP snooping to constrain multicasts at Layer 2 without the
need to install or configure software on hosts. When a host wants to join an IP multicast group, it
sends an IGMP join message, which spawns a GMRP join message. Upon receipt of the GMRP join
message, the switch adds the port through which the join message was received to the appropriate
multicast group. The switch propagates the GMRP join message to all other hosts in the VLAN, one
is typically the multicast source. When the source is multicasting to the group, the switch forwards the
multicast only to the ports from which it received join messages for the group. The switch sends
periodic GMRP queries. If a host wants to remain in a multicast group, it responds to the query. In
this case, the switch does nothing. If a host does not want to remain in the multicast group, it can
either send a leave message or not respond to the periodic queries from the switch. If the switch
receives a leave message or receives no response from the host for the duration of the leaveall timer,
the switch removes the host from the multicast group.

289
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

For a switch, registration involves entering the Multicast address in the filter table. When a Multicast
address is entered in the filter table, the switch sends this information in a GMRP packet to all the
ports. Thus the connected switches know that they have to forward this Multicast address to this
switch. The GMRP enables packets with a Multicast address in the destination address field to be sent
to the ports entered. The other ports are not affected by these packets. Data packets with unregistered
Multicast addresses are sent to all ports by the switch.

If GMRP is disabled:
• The Magnum Switch does not generate any GMRP packets; it does not evaluate any GMRP
packets received, and sends (floods) received data packets to all ports.

FIGURE 155 - The Magnum Switch shows all received GMRP packets, regardless of the GMRP mode.

Configuring GMRP
The commands used to configure GMRP are as follows:

Syntax gmrp - enter the gmrp sub group of commands

Syntax gmrp <enable|disable> - enable or disable the gmrp capabilities

Syntax set-port port=<port|list|range> status=<enable|disable>

default=<all|reg|auto|block> - set port to change port status

Syntax show-ports [port=<port|list|range>] - display the current GMRP ports status

Stntax show-group – display Multicast Group

A sequence of commands for configuring GMRP are shown below:

290
 M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT#gmrp
Magnum10KT(gmrp)##enable

GMRP enabled.
Magnum10KT(gmrp)##set-port

Show set-port, status and mode

.
Magnum10KT(gmrp)##show-ports

Show ports and status.

Port Status
--------------------
1 AUTO
2 AUTO
3 AUTO
4 AUTO
5 AUTO
6 AUTO
7 AUTO
8 AUTO
9 AUTO
10 AUTO
11 AUTO
12 AUTO
13 AUTO
14 AUTO
15 AUTO
16 AUTO--more—
Magnum10KT(gmrp)##show-group

Group MAC VID Ports

------------------------------
7c:68:03:a6:38:60 512 1,3
38:a0:03:00:54:a5 53694 1,4-6,8-22,24-25,27
00:00:60:63:30:00 31843 1-12,14-15,17
43:a6:7c:92:43:a6 31923 1-3,5-8,10-15,18-20,22-36
7c:a8:02:a6:7c:68 934 1-2,4-5,7
7c:80:00:26:38:a0 2048 1-5,8-10,12-26,28-29,31
d1:be:3c:60:00:00 24675 2-16,18-19,21
00:00:7c:71:43:a6 31890 1-7,9-12,14-19,22-24,26-40
7c:63:28:2e:7c:a8 678 1-6,8-9,11
7c:b3:43:a6:7c:80 38 1-2,4-9,12-14,16-30,32-33,35
03:a6:38:60:0e:00 20096 1
0f:00:54:a5:d1:be 15456 2-4,6-20,22-23,25
00:00:00:00:00:00 31857 1-8,10,13-26,29-47
60:63:30:00:7c:63 10286 1-10,12-13,15
7c:92:43:a6:7c:b3 17318 1,3-6,8-13,16-18,20-34,36-37
02:a6:7c:68:03:a6 14432 2-3,5
00:26:38:a0:14:00 21669 1-3,6-8,10-24,26-27,29
3c:60:00:00:60:63 12288 1-14,16-17,19

FIGURE 156 – Configuration and setup of GMRP commands.

291
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax gmrp - enter the gmrp sub group of commands

Syntax gmrp <enable|disable> - enable or disable the gmrp capabilities

Syntax set-port port=<port|list|range> status=<enable|disable>

default=<all|reg|auto|block> - set port to change port status

Syntax show-ports [port=<port|list|range>] - display the current GMRP ports status

Stntax show-group – display Multicast Group

292
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

25
25 – Static Multicast Group
Static Multicast traffic on a network

T here are two types of MAC addresses, dynamic and static. Static multicast addresses are a subset
of static MAC addresses. The Static Multicast Address feature allows you to add static multicast
addresses to the MAC address table. You can then assign the static MAC address to a port or ports
that are called Group Members. Each port has a maximum limit of 256 static multicast addresses.

Static Multicast Group Overview

The MNS-6K Secure Web Management (SWM) software supports multicasting control by the
IGMP and GMRP protocols. These protocols provide for control of multicasts by adding groups of
ports to multicast addresses in the switching table. This happens dynamically, from the requests by the
hosts participating in the protocol. IGMP supports the formation of static multicast groups, but that is
limited to the IP Multicasts. The need for controlling multicasts based on the MAC address,
independent of the dynamic protocol is raised and the present module services that need.

In some network environments that are confined to one LAN, such as an industrial application with a
server, a switch and many controllers, there may be various multicast streams that need to be
distributed to some network nodes, but not others. If the data sent in these streams are time-sensitive
and cannot be delayed because of the configuration time associated with the Internet Group
Management Protocol (IGMP) Snooping feature, then static multicast addresses may be the
solution.
Dynamic MAC addresses are addresses that the switch learns automatically by examining the source
MAC addresses of the frames received by the ports. This type of MAC address is not stored
indefinitely in the MAC address table. The switch deletes a dynamic MAC address from the table if it
does not receive any frames from the node after a specified period of time. The switch assumes that
the node is no longer active and that its MAC address can be purged from the table. This prevents the
MAC address table from becoming filled with addresses of nodes that are no longer active.

The MAC address table can also store a static MAC address which is a MAC address of an end node
that you assign to a switch port manually. A static MAC address remains in the table indefinitely and is
never deleted by the switch, even when the end node is inactive. You can only delete a static MAC
address by manually configuring the switch.

293
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

There are two reasons to enter static MAC addresses. You may want to enter end nodes the switch
does not learn in its normal dynamic learning process. Or, you want a MAC address to remain
permanently in the table, even when the end node is inactive.

If a multicast address and its associated ports of the switch are predefined within the network design
and they will not change over time, then they can be manually entered as static entries into the MAC
address table. This allows the multicast stream to be forwarded immediately to those predefined ports
entered in the MAC table without any configuration delays or loss of data.
Note: Static Multicast is only available with the 6KL, 6KM, 10KG and 10KT family of switches.

Configuring Static Multicast Group

A sequence of commands for configuring a Static Multicast Group are shown below:

Magnum10KT#multicast
Magnum10KT(multicast)##multicast enable

Static Multicast Groups Enabled.

Magnum10KT(multicast)##show-multicast

Layer 2 Multicasting Groups : Disbled

Multicasting Unknown Streams : Enabled
No Static Groups Defined
Magnum 10KT(multicast)##
Magnum10KT(multicast)##group

Usage
group add mac=<mac> port=<number|list|range> vlan=<vlanid>
group edit mac=<mac> port=<number|list|range> vlan=<vlanid>
group del mac=<mac>

Groups: igmp

Magnum10KT(multicast)##

FIGURE 157 – Configuration to enable/disable multicast and setup of multicast group commands.

294
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

List of Commands In This Chapter

Syntax multicast – enter the multicast group of commands

Syntax multicast <enable|disable> – enable or disable the multicast group capabilities

Syntax show-multicast – displays the Static Groups Defined

Syntax group – displays a multicast group, and to add, edit or delete a multicast group

295
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter

26
26 – Miscellaneous Commands
Improving productivity and manageability

T here are several features built into the Magnum 6K family of switches which help with the
overall productivity and manageability of the switch. These items are examined individually in
this chapter.

Alarms, Traps, Alerts . . .

In an earlier Chapter, we looked at SNMP, RMON and SNMP Traps. SNMP Traps, though very
useful, have a drawback. SNMP uses UDP, which is an unreliable transport protocol. While the
probability of losing a SNMP or UDP packet is small, it could happen. A lost trap cannot be
recovered and a critical event may go unnoticed. To ensure that a critical event is not lost, MNS-6K
logs that event in an event log. With MNS-6K-Secure, the event can also be logged to a Syslog server.
When a log is made about a critical event, a hardware alarm can also change state on the switch,
depending which alarm is being monitored.

For example, if the network administrator is keen on monitoring authentication failure alarms, they
typically do so by looking at Syslog server logs or SNMP traps or emails sent from the switch
indicating the same. Syslog, SNMP as well as mail SMTP all use unreliable transport mechanisms. If
this event needs to be monitored, an external relay can be turned on and off when this event occurs.
This is done using Alarms.

Once the alarm occurs, the alarm flag stays up indicating the alarm occurred. The system
administrator or the network administrator can reset the flag to normal, thus acknowledging that the
event was noticed and reset.

The reset can be done through SNMP, CLI or SWM.

296
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Alarm Relays
In a wiring closet, it would be helpful if there was a visual indication for faults on components on the
network. Normally, these would be performed by LED’s. While the Magnum 6K family of switches
has the necessary LED’s to provide the information needed, it also has a provision for tripping or
activating an external relay to electrically trigger any circuit desired. These could be an indicator light, a
flashing strobe light, an audible alarm or any other such devices.

The Magnum 6K family of switches has a software (optional) controlled relay contact that can be used
to report alarm conditions. The relay is held closed (connection) in normal circumstances and will go
to the open position during alarm conditions.

Two types of alarm signals are defined in the alarm system.

• Sustained
• Momentary

The Sustained mode is used to report a continuing error condition. The Momentary mode is used to
report a single event.

297
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

The following pre-defined events are currently supported on the MNS-6K and the relay that can be
triggered by software:

Event ID Event Description Signal Type

1 S-RING OPEN SUSTAINED

2 Cold Start MOMENTARY

3 Warm Start MOMENTARY

4 Link Up MOMENTARY

5 Link Down MOMENTARY

6 Authentication Failure MOMENTARY

7 RMON Rising Alarm10 MOMENTARY

8 RMON Falling Alarm MOMENTARY

9 Intruder Alarm MOMENTARY

10 Link Loss Learn Triggered MOMENTARY

11 Broadcast Storm Detected MOMENTARY

12 STP/RSTP Reconfigured MOMENTARY

FIGURE 158 – Predefined conditions for the relay

The S-Ring open position generates a sustained relay contact close. The relay will stay closed during
the period the S-Ring is in an Open position. The relay will revert to a closed position when the S-
Ring goes to a Closed position. This information is covered in more details in Chapter 14 - S-Ring
and Link-Loss-Learn section on page 184 of this manual.

To customize these capabilities, the MNS-6K provides additional software capabilities and commands
for configuring the behavior. They are:

Syntax alarm – enter the alarm configuration mode

Syntax add event=<event-id|list|range|all> – enables alarm action in response to the specified event ID

10 The RMON settings are when the RMON thresholds are crossed and hence indicated as RMON rising or falling – indicating the
threshold has been crossed . While there is no specific command to view and change the specific RMON variables, the RMON
discussion is in Chapter 16. Best way to set RMON values will be via using the web interface or a Management system such as Castle
Rock’s SNMPc™

298
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax period time=<1..10> – sets the duration of relay action for the momentary type signal. This may be needed
to adjust to the behavior of the circuit or relay. Default is 3 seconds. Time is in seconds

Syntax del event=<event-id|list|range|all> – disables alarm action in response to the specified event ID

Syntax alarm <enable|disable|reset> [event=<all|number|list>] – globally enables or disables the

alarm action. This command also resets the alarm. "alarm reset" without an event number will reset all alarms

Syntax show alarm – displays the current status of Alarm system

Magnum10KT# alarm

Magnum10KT(alarm)## add event=2

Alarm Event(s) Added: 2

Magnum10KT(alarm)## add event=1-5

Event 2 is Already Enabled.
Alarm Event(s) Added: 1, 3, 4, 5

Magnum10KT(alarm)## add event=6,8

Alarm Event(s) Added: 6, 8

Magnum10KT(alarm)## add event=all

Event 1 is Already Enabled.
Event 2 is Already Enabled.
Event 3 is Already Enabled.
Event 4 is Already Enabled.
Event 5 is Already Enabled.
Event 6 is Already Enabled.
Event 8 is Already Enabled.
Alarm Event(s) Added: 7, 9, 10, 11, 12

Magnum10KT(alarm)## del event=2

Alarm Event(s) Deleted: 2

Magnum10KT(alarm)## period time=5

Relay closure Time Set.

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------

Alarm Status: DISABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN SUSTAINED RESET

2 Cold Start NOT ENABLED RESET
3 Warm Start MOMENTARY RESET
4 Link Up MOMENTARY RESET

299
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

5 Link Down MOMENTARY RESET

6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm MOMENTARY RESET
8 RMON Falling Alarm MOMENTARY RESET
9 Intruder Alarm MOMENTARY RESET
10 Link Loss Learn Triggered MOMENTARY RESET
11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

Magnum10KT(alarm)## add event=2

Alarm Event(s) Added: 2

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------

Alarm Status: DISABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN SUSTAINED RESET

2 Cold Start MOMENTARY RESET
3 Warm Start MOMENTARY RESET
4 Link Up MOMENTARY RESET
5 Link Down MOMENTARY RESET
6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm MOMENTARY RESET
8 RMON Falling Alarm MOMENTARY RESET
9 Intruder Alarm MOMENTARY RESET
10 Link Loss Learn Triggered MOMENTARY RESET
11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

Magnum10KT(alarm)## alarm enable

Alarm system Enabled

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------------------

Alarm Status: ENABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN SUSTAINED RESET

2 Cold Start MOMENTARY RESET
3 Warm Start MOMENTARY RESET
4 Link Up MOMENTARY RESET
5 Link Down MOMENTARY RESET
6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm MOMENTARY RESET

300
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

8 RMON Falling Alarm MOMENTARY RESET

9 Intruder Alarm MOMENTARY RESET
10 Link Loss Learn Triggered MOMENTARY RESET
11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

Magnum10KT(alarm)## alarm disable

Alarm system Disabled

Magnum10KT(alarm)## del event=1,3,5,7

Alarm Event(s) Deleted: 1, 3, 5, 7

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------------------

Alarm Status: ENABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN NOT ENABLED RESET

2 Cold Start MOMENTARY RESET
3 Warm Start NOT ENABLED RESET
4 Link Up MOMENTARY RESET
5 Link Down NOT ENABLED RESET
6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm NOT ENABLED RESET
8 RMON Falling Alarm MOMENTARY RESET
9 Intruder Alarm MOMENTARY RESET
10 Link Loss Learn Triggered MOMENTARY RESET
11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

<At this stage a cable is plugged and unplugged to trigger a Link Up and a Link Down Alarm.>

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------

Alarm Status: ENABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN NOT ENABLED RESET

2 Cold Start MOMENTARY RESET
3 Warm Start NOT ENABLED RESET
4 Link Up MOMENTARY SET
5 Link Down NOT ENABLED SET
6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm NOT ENABLED RESET
8 RMON Falling Alarm MOMENTARY RESET
9 Intruder Alarm MOMENTARY RESET

301
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

10 Link Loss Learn Triggered MOMENTARY RESET

11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

Magnum10KT(alarm)## alarm reset event=4,5

Event 4 is Reset.
Event 5 is Reset.

Magnum10KT(alarm)## show alarm

Alarm Events Configuration

--------------------------

Alarm Status: ENABLED

Relay Closure Time Period: 5 Seconds

EventId Description Mode FlagStatus

1 S-RING OPEN NOT ENABLED RESET

2 Cold Start MOMENTARY RESET
3 Warm Start NOT ENABLED RESET
4 Link Up MOMENTARY RESET
5 Link Down NOT ENABLED RESET
6 Authentication Failure MOMENTARY RESET
7 RMON Raising Alarm NOT ENABLED RESET
8 RMON Falling Alarm MOMENTARY RESET
9 Intruder Alarm MOMENTARY RESET
10 Link Loss Learn Triggered MOMENTARY RESET
11 Broadcast Storm Detected MOMENTARY RESET
12 STP/RSTP Reconfigured MOMENTARY RESET

Magnum10KT(alarm)## exit

Magnum10KT#

FIGURE 159 – Setting up the external electrical relay and alerts

Email
SMTP (RFC 821) is a TCP/IP protocol used in sending email. However, since it is limited in its ability
to queue messages at the receiving end, it’s usually used with one of two other protocols, POP3 or
Internet Message Access Protocol (IMAP) that lets the user save messages in a server mailbox and
download them as needed from the server. In other words, users typically use a program that uses
SMTP for sending emails and either POP3 or IMAP for receiving messages that have been arrived
from the outside world. While SMTP (and its related protocols such as POP3, IMAP etc.) are useful
transports for sending and receiving emails, it is extremely beneficial for a network administrator to
receive emails in case of faults and alerts. The Magnum 6K family of switches can be setup to send an
email alert when a trap is generated.

302
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

If this capability is used, please ensure that SPAM filters and other filters are not set to
delete these emails.

GarrettCom Inc. recommends that a rule be setup on the mail server so that all emails indicating
SNMP faults are automatically stored in a folder or redirected to the necessary administrators.

The SNMP alerts can be configured using MNS-6K for the following:

• Send email alert according to the configuration rules when a specific event category happens.
• Send email alert according to the configuration rules when a specific trap SNMP trap category
happens.
• Provide configuration and customization commands for users to specify SMTP server to
connect to, TCP ports, user recipients and filters.

The SMTP alerts provide the following capabilities:

• SMTP alerts can be enabled or disabled globally.

• User can define a global default SMTP server identified by its IP address, TCP port and retry
count.
• User can add up to five SMTP alert recipients. Each recipient is identified by an ID and email
address. The email address needs to be a valid address and can be an alias setup for
distribution to a larger audience.
• Filters are provided for each recipient to allow only certain categories of traps and events be
sent by email.
• Each recipient can has its own SMTP server and TCP port number, if this is not defined on a
certain recipient, the default SMTP server and TCP port number is used.

Email SMTP commands:

Syntax smtp – configure the SNMP alerts to be sent via email

Syntax show smtp <config|recipients> - config – displays the current SMTP global settings and
recipients displays the currently configured recipients of email alerts

Syntax add id=<1-5> email=<email-addr> [traps=<all|none|S|R|E>]

[events=<all|none|I|A|C|F|D>] [ip=<ip-addr>] [port=<1-65535>]

id – [mandatory] the recipient ID - range from 1 to 5. MNS-6K allows a maximum of 5

recipients.

email – [mandatory] email address of the recipient.

traps – [optional] this is the trap filter. If value is all, all traps of any type will be sent to this
recipient. If value is none, no traps are sent to this recipient. Value can also be a
combination of S (SNMP), R (RMON) and E (ENTERPRISE). For example, trap=SR
means that SNMP and RMON traps will be sent via email to the recipient. If this
option is not defined, the recipient will have a default value of all.

303
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

events – [optional] this is the event filter. Value can be all - all event severity types will be sent
to recipient, none - no event will be sent to recipient or a combination of I
(informational), A (activity), C (critical), F (fatal) and D (debug). With event=ACF
implies that events of severity types activity, critical and fatal will be sent to recipients
by email. If this option is not defined, a value of all is taken.

ip – [optional] SMTP server IP address. This is the SMTP server to connect to for this
particular user. If this option is not defined, the global/default SMTP server is used.

port – [optional] TCP port of the SMTP server. If this is not defined, the global default TCP
port is used.

Syntax delete id=<1-5> – delete the specific id specified. The deleted id no longer receives the traps via email. The id
is added using the add command.

Syntax sendmail server=<ip-addr> to=<email-addr> from=<email-addr>

subject=<string> body=<string> – customize (and also to send a test email to check SMTP settings)
the email sent out by specifying the email subject field, server address, to field and the body of the text. See
example fo the body of the text message later in this chapter.

server – [mandatory] SMTP server IP v4 address.

to – [mandatory] the recipient email address.

from – [mandatory] the sender email address.

subject – [mandatory] email subject or title.

body – [mandatory] email body.

Syntax server ip=<ip-addr> [port=<1-65535>] [retry=<0-3>] – configure the global SMTP server
settings.

ip – [mandatory] SMTP server IP address.

port – [mandatory] TCP port to be used for SMTP communications – default is 25.

retry – [optional] specifies how many times to retry if an error occurs when sending email.
Range from 0 to 3. Default is 0.

Syntax smtp <enable|disable> - enables or disables SMTP to send SNMP alerts by email.

304
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# smtp

Magnum10KT(smtp)## show smtp config

SMTP Global Configuration

=========================
Status : Disabled
SMTP Server IP : 67.109.247.195 Note there are two recipients;
SMTP Server Port : 25 multiple recipients can be added –
Retry Count : 3 they have to be comma separated
and there should be no spaces
Magnum10KT(smtp)## show smtp recipients between each name.

ID E-mail Address SMTP Server Port Traps Events

===============================================================
1 rk@gci,[email protected] 67.109.247.195 25 All All
2 -- -- -- -- --
3 -- -- -- -- --
4 -- -- -- -- --
5 -- -- -- -- --

Magnum10KT(smtp)## add id=2 [email protected] traps=S events=CF

Recipient successfully added Jsmith will only receive Critical or Fatal

SNMP traps.
Magnum10KT(smtp)## show smtp recipients

ID E-mail Address SMTP Server Port Traps Events

====================================================================
1 rk@gci,[email protected] 67.109.247.195 25 All All
2 [email protected] 67.109.247.195 25 S CF
3 -- -- -- -- --
4 -- -- -- -- --
5 -- -- -- -- --

Magnum10KT(smtp)## delete id=2

Recipient successfully deleted

Magnum10KT(smtp)## show smtp recipients

ID E-mail Address SMTP Server Port Traps Events

====================================================================
1 rk@gci,[email protected] 67.109.247.195 25 All All
2 -- -- -- -- --
3 -- -- -- -- --
4 -- -- -- -- --
5 -- -- -- -- --

Magnum10KT(smtp)## add id=2 [email protected] traps=S events=CF

ip=192.168.10.13 Jsmith will receive Critical and Fatal SNMP
traps on a different SMTP server than the
Recipient successfully added other users. You may want to do that if you
expect a higher traffic load and don’t want
to throttle a SMTP server.

305
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT(smtp)## show smtp recipients

ID E-mail Address SMTP Server Port Traps Events

====================================================================
1 rk@gci,[email protected] 67.109.247.195 25 All All
2 [email protected] 192.168.10.13 25 S CF
3 -- -- -- -- --
4 -- -- -- -- --
5 -- -- -- -- --

Magnum10KT(smtp)## sendmail server=10.21.1.2 [email protected]

[email protected] subject=test body=hello

Magnum10KT(smtp)## smtp enable A test email is sent to Jack to test email

connectivity. This email will not work if
SMTP Alert is enabled. SMTP is disabled. The sendmail
command after SMTP is enabled will
work.
Magnum10KT(smtp)## sendmail server=10.21.1.2 [email protected]
[email protected] subject=test body=hello

Magnum10KT(smtp)## show smtp config

SMTP Global Configuration

==========================
Status : Enabled
SMTP Server IP : 67.109.247.195
SMTP Server Port : 25
Retry Count : 3

Magnum10KT(smtp)## smtp disable

SMTP Alert is disabled.

Magnum10KT(smtp)## show smtp config

SMTP Global Configuration

============================
Status : Disabled
SMTP Server IP : 67.109.247.195
SMTP Server Port : 25
Retry Count : 3

Magnum10KT(smtp)## exit

Magnum10KT#
FIGURE 160 – setting SMTP to receive SNMP trap information via email.

306
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Email alerts can be forwarded to be received by other devices such as cell phones, pagers
and others. Most interfaces to SMTP are already provided by the cell phone service provider
or the paging service provider.

Serial Connectivity
When using the serial connectivity with applications such as Hyper Terminal, it may be necessary to
optimize the character delays so that the FIFO buffer used in the GarrettCom Magnum 6K family of
switches is not overrun. The important parameters to set for any serial connectivity software is to set
the line delay to be 500 milliseconds and the character delay to be 50 milliseconds. For example, using
Hyper Terminal this can be set under File  Properties and when the Properties screen is open,
click on the ASCII Setup button and in the Line Delay entry box enter in 500 and in the Character
Delay entry box enter in 50 as shown below:

FIGURE 161 – Optimizing serial connection (shown for HyperTerminal on Windows). The highlighted fields are
the ones to change as described.

Note this is needed if you plan to cut and paste between a serial window and another file. This allows
the buffer management of the serial port on the Magnum 6K family of switches.

For a more detailed explanation on which console cable to use, please visit the GarrettCom web site,
Resources and Support menu, click on Hardware and then click on the URL for Console Cable.

307
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Banner Message
The ability to change the banner message is available in MNS-6K-Secure.

It is recommended to change the login message or the banner to a different one so as to

deter unauthorized access. Some users may inadvertently connect to the switch. It would
be fair to warn them that they have accessed a secure device and it is only appropriate to
terminate the connection. Responsible users will follow the directive, much like a No
Trespassing sign posted outside of the security fences.

MOTD stands for Message of the Day, a term used by system administrators to show the status of the
system or inform the users of uses or abuses on the system.

To change the banner message, the following commands are used:

Syntax set motd – after the command is typed, MNS allows you to enter the Banner message

Syntax show motd – displays the current message set

Copyright (c) 2001-2005 GarrettCom, Inc All rights reserved.

RESTRICTED RIGHTS
-----------------
Use, duplication or disclosure is subject to U.S. Government restrictions
as set forth in Sub-division (b)(3)(ii) of the rights in Technical Data and
Computer Software clause at 52.227-7013.

GarrettCom Inc.
47823 Westinghouse Drive
Fremont, CA 94539
USA

www.garrettcom.com

MNS-6K version 14.4

Login : manager
Password : *******

Magnum10KT# show motd

Motd is default

Magnum10KT# set motd

Enter MOTD. Finish by Empty Line, Cancel by Ctrl-C:

This is a secure device. Unauthorized access is prohibited.
Please disconnect if you are an unauthorized user. Thanks.

308
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

MOTD Updated. It will be displayed at next login.

Magnum10KT# show motd

Motd :

This is a secure device. Unauthorized access is prohibited.

Please disconnect if you are an unauthorized user. Thanks.

Magnum10KT# logout

Logging out from the current session...[ 'Y' or 'N'] Y

Connection to host lost.

<After the session is terminated, a new session is opened up using telnet to display the effects of changing
the MOTD on the switch>

C:> telnet switch

Copyright (c) 2001-2012 GarrettCom, Inc All rights reserved.

This is a secure device. Unauthorized access is prohibited.

Please disconnect if you are an unauthorized user. Thanks.

Magnum-6K Version 14.4

Login :

FIGURE 162 – setting up a banner message

MOTD message is part of the system group – a command such as kill config save=system
will not erase the MOTD message. It is recommended to create a blank message in that
situation.

Dual Power Supply

For switches with dual power supply, you can query the status of the two power supplies as shown
below. For those devices which have dual power supplies, the show power command can be used.

Syntax show power – show the status of the power supplies

Note this command is available on the Magnum 10K only at this time.

309
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show power

Power Supply 1 Good.
Power Supply 2 Good.

Magnum10KT# show power

Power Supply 1 Failed.
Power Supply 2 Good.

Magnum10KT#
FIGURE 163 – Query dual power supply status. Note the switch here is different as the model supports dual power
supplies. Also, in the example above, one power connection was unplugged to show the failure.

Fans and Temperature

Magnum 10K has fans as well as an internal temperature sensor for sensing the internal temperature of the
switch. The commands to display that are

Syntax show fans – display the status of the fans

Syntax show temp – display the internal ambient temperature

Note these commands are available on Magnum 10KT and 10KG device only at this
time.

Magnum10KT# show fans

Fan.No STATUS
---------------------------
PS Fan1 ON
PS Fan2 ON
Chassis Fan1 ON
Chassis Fan2 ON

Magnum10KT# show temp

Temperature is 31.5 Deg. C (89 Deg. F)

FIGURE 164 – Display the status of fans and internal ambient temperature.

310
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Power over Ethernet (PoE)

Many GarrettCom switches support PoE. PoE implementations follow the IEEE 802.3af standards.

PoE devices, such as Magnum switches with PoE, can be thought of as Power Sourcing Equipment (PSE).
The switch is also called an end-span. An intermediate device between a non-PoE device and a PoE device
is called a mid-span. A PoE injector is a mid-span device. These devices; the PoE capable switch as well as
the injector are the sources of power to other PoE capable devices or PoE powered device (PD), such as
Access Points, Voice over IP phones, video surveillance cameras and more. Many PD's also have an
external power connector for external power if a PoE connection is not available.

The maximum power allowed for IEEE 802.3af devices is 15.4 Watts. Some PD's find that the power
available is not sufficient and also require an external power source along with the PoE power. In other
situations, some PD's downgrade their functionality if PoE power only is available. For example, most
Access Points with 802.11 a/b/g/n radios will only provide 802.11 b/g capability if PoE power only is
available, but will provide all the functionality if an external power supply is available.

Two modes are specified in the standard for powering the devices. These are modes A and B. Mode A
delivers power on the data pairs of 100BASE-TX or 10BASE-T connection (pins 1,2,3,6). Mode B delivers
power on the spare pairs. PoE can also be used on 1000BASE-T or Gigabit Ethernet where there are no
spare pairs since Gigabit connections use all eight wires in the RJ-45 connector.

Mode A has two alternate configurations (MDI and MDI-X), using the same pairs but with different
polarities. In mode A, pins 1 and 2 form one side of the 48 V DC, and pins 3 and 6 form the other side.
These are the same two pairs used for data transmission in 10BASE-T and 100BASE-TX, allowing the
provision of both power and data over only two pairs in such networks. The free polarity allows PoE to
work with crossover cables, patch cables and auto-MDIX capabilities found in Magnum switches.

In mode B, pins 4–5 form one side of the DC supply and pins 7–8 provide the return; these are the spare
pairs in 10BASE-T and 100BASE-TX. Mode B, therefore, requires a 4-pair (8 wire) cable. The PSE (i.e. the
Magnum Switch) and not the powered device (PD), decides whether power mode A or B will be used. PD's
that implement only Mode A or Mode B are not following the standard. A PD indicates that it is compliant
with the standard by placing a 25 K ohm resistor between the powered pairs. If the PSE determines that the
resistance is too high (open circuit) or too low (short circuit) no power is applied. This protects the devices
which do not support PoE. To stay powered, the PD must continuously use 5-10 mA of current for at least
60 ms with no more than 400 ms since the last use or else it will be unpowered by PSE.

311
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Note PoE commands are available on the Magnum 10KT, Magnum 6KL and Magnum
6KM only at this time.

PDs can also demand different power levels. These are specified in the IEEE 802.3af as Class levels. The
Classes are as follows:

Class Use Current Power range Description

(mA) (Watt)

0 Default implementation 0-4 0.44 to 12.94 No classification is implemented.

This is the default on may devices.

1 Optional 9-12 0.44 to 3.84 Very low powered devices such as

LED lights etc.

2 Optional 17-20 3.84 to 6.49 Commonly found on devices such

as AP's, VoIP phones, many video
surveillance cameras etc.

3 Optional 26-30 6.49 to 12.95 Mid power devices such as AP's,

high end video surveillance cameras
etc.

4 Not allowed for IEEE 36-44 12.95 to High power devices such as PTZ
802.3af devices. Valid 25.50 video surveillance cameras, AP's
only for IEEE 802.3at with multiple radios etc.
devices

PoE can also be auto-configured by LLDP.

Not all managed devices support the commands shown below to manage PoE. Please
make sure to check the datasheet or the capabilities of the device to ensure these commands
are supported.

For all switches which support PoE commands, all commands apply to a module and
not a port. For the Magnum 10K series of switches the command is on a per port basis.
For example on a 6KM, if module 1 has four PoE ports on it, enabling or disabling port
1 will enable or disable all four ports. See example below.

The commands to configure PoE for MNS-6K are as listed below:

312
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax poe port=<port|list|range> status=<enable|disable> - Enables/disables PoE on the ports

Syntax poereset port=<port|list|range> timer=<2..10> - Reset timer on PoE ports. The timer is in
seconds.
Syntax show-poe – Display PoE status for all the ports

Note the example below uses a 6KM switch:

Magnum 6KM # device

Magnum 6KM (device)## ?

Backpressure broadcast-protect flowcontrol

poe poereset rate-threshold
setage setport show-poe

Contextless Commands:

! ? clear
enable exit help
save show whoami
reboot

access alarm auth

device dualhome dhcpserver
gvrp igmp port-mirror
lacp port-security qos
rmon rstp smtp
snmp sntp sntpserver
syslog tftpserver user
vlan

Magnum 6KM (device)## show-poe

PortNo PortName Status

====================================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE
5 C1 ENABLE
6 C2 ENABLE
7 C3 ENABLE
8 C4 ENABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## poe ?

Enables or Disables the POE device.
Usage
poe port=<port|list|range> status=<enable|disable>
Groups: device,port

313
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum 6KM (device)## poe port=4-8 status=disable

ERROR : Port 4 is not a POE port
POE is disabled

Magnum 6KM (device)## show-poe

PortNo PortName Status

============================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE
5 C1 DISABLE
6 C2 DISABLE
7 C3 DISABLE
8 C4 DISABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE Note if Port 4 was a PoE port, then
the command would have disabled all
Magnum 6KM (device)## poe port=4-8 status=enable the ports on the module. Be careful on
the ports numbers being used.
ERROR : Port 4 is not a POE port

POE is enabled

Magnum 6KM (device)## show-poe

PortNo PortName Status

============================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE
5 C1 ENABLE
6 C2 ENABLE
7 C3 ENABLE
8 C4 ENABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## poe port=5 status=disable

POE is disabled

Magnum 6KM (device)## show-poe

PortNo PortName Status
============================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE

314
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

5 C1 DISABLE
6 C2 DISABLE
7 C3 DISABLE
8 C4 DISABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## poe port=5 status=enable

POE is enabled

Magnum 6KM (device)## show-poe

PortNo PortName Status

============================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE
5 C1 ENABLE Note if one port is enabled,
6 C2 ENABLE all ports on the module are
7 C3 ENABLE enabled as well.
8 C4 ENABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## poereset ?

Resets the POE interface by powering down and then on

Usage
poereset port=<port|list|range> timer=<2..10>
Groups: device,port

Magnum 6KM (device)## poereset port=1 timer=2

POE is reset

Magnum 6KM (device)## show-poe

PortNo PortName Status

============================
1 A1 NO POE
2 A2 NO POE
PoE reset command does not show
3 B1 NO POE
the effects of power going up or down.
4 B2 NO POE
5 C1 ENABLE
6 C2 ENABLE
7 C3 ENABLE
8 C4 ENABLE
9 D1 ENABLE

315
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## poereset port=5 timer=10

POE is reset

Magnum 6KM (device)## show-poe

PortNo PortName Status
============================
1 A1 NO POE
2 A2 NO POE
3 B1 NO POE
4 B2 NO POE If the timer is made long
5 C1 DISABLE enough, the sequence of
6 C2 DISABLE disable to enable can be seen.
7 C3 DISABLE
8 C4 DISABLE
9 D1 ENABLE
10 D2 ENABLE
11 D3 ENABLE
12 D4 ENABLE

Magnum 6KM (device)## exit

Magnum 6KM #
FIGURE 165 – PoE commands on 6KM switch highlighting the fact that a PoE command for a port is valid for a
whole module

The example below shows how the commands on a 10KT is not applicable to a module but to a port level.

Magnum 10KT# device

Magnum 10KT(device)## show-poe

PortNo PortName Status Class

==================================================
5 C1 ENABLE NOT POWERED
6 C2 ENABLE NOT POWERED
7 C3 ENABLE NOT POWERED
8 C4 ENABLE NOT POWERED
9 D1 ENABLE NOT POWERED
10 D2 ENABLE NOT POWERED
11 D3 ENABLE NOT POWERED
12 D4 ENABLE NOT POWERED
13 E1 NO POE -
14 E2 NO POE -

316
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

15 E3 NO POE -
16 E4 NO POE -

Magnum 10KT(device)## poe ?

Enables or Disables the POE device.
Usage
poe port=<port|list|range> status=<enable|disable>
Groups: device,port

Magnum 10KT(device)## poe port=10-13 status=disable

ERROR : Port 13 is not a POE

Magnum 10KT(device)## show-poe

PortNo PortName Status Class

==================================================
5 C1 ENABLE NOT POWERED
6 C2 ENABLE NOT POWERED
7 C3 ENABLE NOT POWERED
8 C4 ENABLE NOT POWERED
9 D1 ENABLE NOT POWERED
10 D2 ENABLE NOT POWERED
11 D3 ENABLE NOT POWERED
12 D4 ENABLE NOT POWERED
13 E1 NO POE -
Note due to the error
14 E2 NO POE -above, the ports are not
15 E3 NO POE -disabled.
16 E4 NO POE -
Magnum 10KT(device)## poe port=10-12 status=disable
POE is disabled

Magnum 10KT(device)## show-poe

PortNo PortName Status Class

==================================================
5 C1 ENABLE NOT POWERED
6 C2 ENABLE NOT POWERED
7 C3 ENABLE NOT POWERED
8 C4 ENABLE NOT POWERED
9 D1 ENABLE NOT POWEREDSong
10 D2 DISABLE NOT POWERED
11 D3 DISABLE NOT POWERED
12 D4 DISABLE NOT POWERED
13 E1 NO POE -
14 E2 NO POE -
15 E3 NO POE -
16 E4 NO POE -

317
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum 10KT(device)## poe port=10-12 status=enable

Magnum 10KT(device)## poereset ?

Resets the POE interface by powering down and then on

Usage
poereset port=<port|list|range> timer=<2..10>

Groups: device,port

Magnum 10KT(device)## poereset port=12 timer=10

POE is reset

<At this stage a VoIP phone is plugged in to port 12. For 10 seconds of the command there is no power. After the
timer times out, the power on the port is activated. When the show-poe command is executed, the power class is
displayed as shown below:>

Magnum 10KT(device)## show-poe

PortNo PortName Status Class

==================================================
5 C1 ENABLE NOT POWERED
6 C2 ENABLE NOT POWERED
7 C3 ENABLE NOT POWERED
8 C4 ENABLE NOT POWERED
9 D1 ENABLE NOT POWERED
10 D2 DISABLE Class 3
11 D3 DISABLE NOT POWERED
12 D4 DISABLE NOT POWERED
13 E1 NO POE -
14 E2 NO POE -
15 E3 NO POE -
16 E4 NO POE -
Magnum 10KT(device)## exit

Magnum 10KT#

FIGURE 166 – PoE commands on the Magnum 10KT switch.

Scheduled Reboot
Once the MNS-6K software has been updated, it is necessary to reboot the switch. This may not be
possible in certain situations, as the network may adversely impact operations. MNS-6K allows the
network administrator to schedule a reboot at a specified time, date as well as reminders associated
with the reboot. The commands to schedule a reboot are listed below:

Syntax reboot-scheduler <enable|disable> – enable or disable reboot scheduler

318
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show reboot-scheduler – display reboot scheduler settings

Syntax set reboot-date year=<2001-2035> month=<1-12> day=<1-31> –set the reboot year, month and
day

Syntax set reboot-time hour=<0-23> min=<0-59> sec=<0-59> – set the reboot time (24 hour clock)

Syntax set reboot-frequency freq=<once|daily|weekly|monthly> – set the reboot frequency i.e. how
often should the reboot occur – once, daily, weekly or monthly

Syntax set reboot-reminder rmdr=<1-99 minutes> – set a reminder for users connected. The reminder is
sent out as a broadcast message to users connected

Magnum 10KT# show date

System Date : Sunday 04-09-2012 (in mm-dd-yyyy format)

Magnum 10KT# show time

Time : 12:34:49 P.M

Magnum 10KT# set reboot-date year=2012 month=04 day=09

Reboot Date set successfully at 2012-4-9 (YYYY-MM-DD)

Magnum 10KT# set reboot-time hour=13 min=0 sec=0

Reboot Time set successfully at 20:40:0 (HH:MM:SS)

Magnum 10KT# set reboot-frequency freq=once

Reboot frequency set to once.

Magnum 10KT# set reboot-reminder rmdr=3

success in setting reboot reminder.

Magnum 10KT# # reboot-scheduler enable

Reboot Scheduler enabled

Magnum 10KT# show reboot-scheduler

Reboot Scheduler: Enabled

Reboot Date: 2012-4-9 (YYYY-MM-DD)
Reboot Time: 13:0:0 (HH:MM:SS)
Current Date: 2012-4-9 (YYYY-MM-DD)
Current Time: 12:53:48 (HH:MM:SS)
Time to Reboot: 372 Sec.
Reboot Status: Scheduled
Reboot Frequency: Once
Reboot Reminder: 3 Min.

Magnum 10KT#

319
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

This System is Scheduled to Reboot within 180 seconds.

Do you want to cancel?(Y/N): ........... N
Scheduled Reboot is NOT Cancelled. System will reboot as scheduled.

System is rebooting in 1 sec.!!!

Saving configuration.
Rebooting NOW!!!

<system reboots>
<After reboot, the show reboot-scheduler shows the scheduler is still enabled
and displays the schedule.>

Magnum 10KT# show reboot-scheduler

Reboot Scheduler: Enabled

Reboot Date: 2012-4-9 (YYYY-MM-DD)
Reboot Time: 13:0:0 (HH:MM:SS)
Current Date: 2012-4-9 (YYYY-MM-DD)
Current Time: 13:1:29 (HH:MM:SS)
Reboot Status: Expired
Reboot Frequency: Once
Reboot Reminder: 3 Min.

Magnum 10KT# show uptime

System UpTime : 0 Days 0 Hours 2 Mins 18 Secs

FIGURE 167 – Scheduled reboot commands.

Miscellaneous Commands
Some of the commands listed below may be useful in repeating several commands over and over
again. They are:

Syntax !! – repeat the last command

Syntax !<n> – repeat the n command (as indicated by a show history)

Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only those
commands executed are shown

If the user logs out or if the switch times out, the history is erased. The history count
restarts when the user logs in again.

320
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax <Up-arrow> – every time the key is pressed, the last command is printed on the screen but not executed. This
allows for editing errors made in typing.

Syntax <Down-arrow> – opposite of Up-arrow key.

Syntax show version – displays the version of MNS-6K being used.

Syntax set history size=<1..100> – set the history commands to remember stack depth to be one command or up
to a maximum of 100 commands.

Magnum10KT# show version

MNS-6K-Secure Ver: 14.4 May 27 2012 12:03:47 Build ID 1333024938

Magnum10KT# show setup

Version : Magnum 10KT build 14.4 May 27 2012

12:03:47 Build ID 1333024938
MAC Address : 00:20:06:25:ed:80
IP Address : 67.109.247.197
Subnet Mask : 255.255.255.224
Gateway Address : 67.109.247.193
CLI Mode : Manager
System Name : Magnum 10KT
System Description : 25 Port Modular Ethernet Switch
System Contact : [email protected]
System Location : HQ, Fremont, CA
System ObjectId : 1.3.6.1.4.1.553.12.13
System Seriial No. : 43576812
Original Factory Config Code : 10KT-8TP

Magnum10KT# show serial

Baud Rate : 38400

Data : 8
Parity : No Parity
Stop : 1
Flow Control : None

Magnum10KT# set history ?

set history : Set History Size

Usage
set history size=<1-100>

Groups: All.

Magnum10KT# set history size=100

History Size is Set

Magnum10KT# show history

321
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

1 : show version
2 : show setup
3 : show serial
4 : show history

Magnum10KT# !1
<show version>
MNS-6K-Secure Ver: 14.4 May 27 2012 12:03:47 Build ID 1333024938

FIGURE 168 – History commands.

Prompt
Setting a meaningful host prompt can be useful when a network administrator is managing multiple
switches and has multiple telnet or console sessions open at the same time. To facilitate this, MNS-6K
allows administrators to define custom prompts. The command to set a prompt is:

Syntax set prompt <prompt string>

The length of the prompt is limited to 60 characters.

There are predefined variables which can be used to set the prompt. These are:

$n : System Name
$c : System Contact
$l : System Location
$i : System IP
$m : System MAC
$v : Version
$$ : $ Character
$r : New Line
$b : Space

A few examples on how the system prompt can be setup is shown below:

Magnum10KT# snmp
Magnum10KT(snmp)## setvar sysname=Core
System variable(s) set successfully
Magnum10KT(snmp)## exit
Magnum10KT# set prompt $n
Core# set prompt $n$b$i
Core 192.168.5.5# set prompt $n$b$i$b
Core 192.168.5.5 # snmp
Core 192.168.5.5 (snmp)## setvar sysname=Magnum10KT
System variable(s) set successfully
Core 192.168.5.5 (snmp)## exit
Core 192.168.5.5 # set prompt $b$b$i$b

322
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

192.168.5.5 # set prompt $n$b$i$b

Magnum10KT 192.168.5.5 #
Magnum10KT 192.168.5.5 #
Magnum10KT 192.168.5.5 #
Magnum10KT 192.168.5.5 # set prompt Some$bthing$i
Some thing192.168.5.5# set prompt Some$bthing$b$i
Some thing 192.168.5.5#
FIGURE 169 – Setting custom prompts

Ping
Ping command can be used from MNS-6K to test connectivity to other devices as well as checking to
see if the IP address is setup correctly. The command is:

Syntax ping <ipaddress> [count=<1-999>] [timeout=<1-256>] – use the ping command to test
connectivity

Magnum10KT# ping 67.109.247.202

67.109.247.202 is alive, count 1, time = 40ms

Magnum10KT# ping 67.109.247.202 count=3

67.109.247.202 is alive, count 1, time = 20ms

67.109.247.202 is alive, count 2, time = 20ms
67.109.247.202 is alive, count 3, time = 40ms

Magnum10KT#

FIGURE 170 – Using the ping command.

Many devices do not respond to ping or block ping commands. Make sure that the
target device does respond or the network does allow the ping packets to propagate
through.

FTP Modes
The File Transfer Protocol (FTP) is supported on MNS. MNS supports normal FTP as well as
passive FTP. Passive FTP is used by many companies today to work with firewall policies and other
security policies set by companies. The commands for setting the type of FTP are:

Syntax set ftp mode=<normal|passive> - set the ftp mode of operation.

323
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show ftp - display the current ftp operation mode.

FTP uses a set of separate ports for the data stream and command stream. This causes problems in
security conscious companies who prefer that the client initiate the file transfer as well as the stream
for the commands. To accommodate that, FTP added the capability called Passive FTP in which the
client initiating the connection initiates both the data and command connection request. Most
companies prefer Passive FTP and MNS provides means to operate in those environments.

Magnum10KT# set ftp mode=passive

FTP Set to Passive Mode

Magnum10KT# show ftp

Current FTP Mode: PASSIVE

Magnum10KT#
FIGURE 171 - Setting the FTP mode.

MNS-6K-Secure supports secure FTP or SFTP.

System Events
All events occurring on the Magnum 6K family of switches are logged. The events can be as shown
below:

Code Description
0 Emergency (or Fatal): system is unusable – called fatal in show log
command
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition – called note in show log
command
6 Informational: informational messages
7 Debug: debug-level messages

A few points to note about logs:

• By default, the logging is limited to the first six levels.
• The event log is now automatically saved to flash, so rebooting will not loose them. Note
since the event logs are written on the flash, once the flash memory is full, the logs stop

324
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

writing. It is important to erase the log periodically or use syslog capability to download the
logs to a syslog server. (Syslog is available on MNS-6K-Secure only.)
• The event log now includes more information, because of the additional flexibility built into
the log engine. For example, it now logs the IP address and user name of a remote user login.
• The log size parameter is now redefined as the max size of the log that is saved to flash. More
events might appear in the log as they happen, but the whole list will be trimmed to the
specified max size when a save command is issued, or the system rebooted.

These logs are in compliance with the definitions of RFC 3164, though not all the nuances of the
syslog are implemented as specified by the RFC.

The show log command displays the log information and the clear log command clears the log
entries.

The system events can be sent to a Syslog server using the Syslog capabilities in MNS-6K-
Secure switch. GarrettCom recommends that this capability should be used to centralize the
logs.

Magnum10KT# show log

S DATE TIME Log Description

-- ---- ---- ---------------
I 03-02-2005 5:14:43 P.M SYSMGR:System Subnet Mask changed
I 01-01-2001 12:00:00 A.M SYSMGR:successfully registered with DB Manager
I 01-01-2001 12:00:00 A.M SYSMGR:successfully read from DB
A 01-01-2001 12:00:00 A.M VLAN:Vlan type set to Port VLAN
I 01-01-2001 12:00:00 A.M SYSMGR:system was reset by user using CLI command
I 01-01-2001 12:00:00 A.M SNTP:Date/Time set to 01-01-2001 12:00AM
I 01-01-2001 12:00:00 A.M SNTP:Client started
I 03-03-2005 4:32:48 A.M SNTP:Date and Time updated from SNTP server
I 03-03-2005 9:31:59 A.M TELNET:Telnet Session Started
I 03-03-2005 9:32:04 A.M CLI:manager console login
A 03-03-2005 9:32:11 A.M IGMP:IGMP Snooping is enabled
A 03-03-2005 9:35:40 A.M IGMP:IGMP Snooping is disabled
A 03-03-2005 9:41:46 A.M IGMP:IGMP Snooping is enabled

Magnum10KT#
FIGURE 172 – Event log shown on the screen.

Event logs can be exported to a FTP or a TFTP server on the network for further analysis or for
other uses. To facilitate the export of the event log, the CLI command is exportlog as shown below:

Syntax exportlog mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]

[doctype=<raw|html>] – facilitates the export of the event log information as a text file or as an
HTML file.

Where
mode=<serial|tftp|ftp> - is the mode of transfer.
<ipaddress> - is the IP address of the FTP or TFTP server.

325
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

file=<name> - is the file name – please make sure the proper file extension is used e.g html for
an html file.
doctype=<raw|html> - indicates the log is saved as a text file (raw) or as an HTML file.

Magnum10KT# exportlog
Usage
exportlog mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]
[doctype=<raw|html>]
Magnum10KT# exportlog mode=tftp 192.168.5.2 file=eventlog doctype=html
Do you wish to export the event logs? [ 'Y' or 'N'] Y
Successfully uploaded the event log file.
Magnum10KT# exportlog mode=tftp 192.168.5.2 file=eventlog.txt doctype=raw
Do you wish to export the event logs? [ 'Y' or 'N'] Y
Successfully uploaded the event log file.
Magnum10KT#
FIGURE173 – Using exportlog to export the event log information.

In the table below, the following acronyms are used for Severity:
E=Emergency; A=Alert; C=Critical; F=Fail or Error conditions; W=Warning; N=Notice;
I=Informational and D=Debug

For the alerts, the events per subsystem functions are listed below. The table is sorted by the
subsystem function first and then by the severity level.

326
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Subsystem Description Severity

BRIDGE Unable to delete MAC address from FDB D
BRIDGE Unable to insert MAC address to FDB D
BRIDGE Bridge init failed for ethx F
BRIDGE Bridge enable for ethx failed F
BRIDGE Bridge MIB init is done I
CLI Manager login at console I
CLI Operator login at console I
CLI Manager password changed I
CLI Operator password changed I
DEVICE Port x enabled A
DEVICE Port x disabled A
DEVICE Port X link down A
DEVICE Port X link up A
DEVICE Ethernet counters init failure C
DEVICE Unable to access ethernet counters C
DEVICE Failed to read saved system logs D
DEVICE Ethernet DMA init failure F
DEVICE Ethernet hardware error F
DEVICE Ethernet interrupt init failure F
DEVICE Unable to allocate ethernet memory F
DEVICE System started I
DEVICE Network Stack not yet configured I
DEVICE IP address a.b.c.d configured I
DEVICE subnetmask a.b.c.d configured I
DEVICE Default gateway a.b.c.d configured I
DEVICE Switch rebooted by user I
DEVICE No saved system logs I
DEVICE Timezone set to x I
DEVICE Country set to x (no DST) I
DEVICE Country set to x (DST valid) I
DEVICE Time set to x : y : z (HH:MM:SS) tz = a I
DEVICE Date set to x : y : z (HH:MM:YYYY) I
PRTMR Enabled by user monitor = x , sniffer = y I
PRTMR Disabled by user I
PS INTRUDER a:b:c:d:e:f @ port X , port disabled A
PS INTRUDER a:b:c:d:e:f @ port X , port disabled A
PS Port security enabled A
PS port security disabled A
PS Resetting MAC a:b:c:d:e:f at port X failed C
PS Unable to delete learnt MACs in hardware D

327
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Subsystem Description Severity

RMON Alarm : internal error , unable to get memory F
RMON Alarm : internal error, unable to get memory for alarm entry F

RMON History : internal error, unable to get memory for history control F
entry
RMON History : internal error, unable to get memory for history data F
entry
RMON History : internal error, unable to get memory F
RMON Event : unable to get memory for event entry F
RMON Alarm : unable to get memory for RMON logs F
RMON rising alarm trap sent to a.b.c.d by alarm entry X I
RMON falling alarm trap sent to a.b.c.d by alarm entry X I
RMON RMON init is done I
RMON history : control entry X is set to valid I
RMON history : control entry X is set to invalid I
RMON Event : entry X is set to valid I
RMON Event : entry X is set to invalid I
RMON Alarm : entry X is set to valid I
RMON Alarm : entry X is set to invalid I
SNMP Snmp.snmpEnableAuthenTraps is set to enabled A
SNMP Snmp.snmpEnableAuthenTraps is set to disabled A
SNMP System.sysName configured A
SNMP System.sysLocation configured A
SNMP System.sysContact configured A
SNMP Port X link up trap sent to a.b.c.d A
SNMP Port X Link down trap sent to a.b.c.d A
SNMP Configuring IP address in trap receivers list failed D
SNMP read community string changed I
SNMP write community string changed I
SNMP trap community string changed I
SNMP authentication failure trap sent to a.b.c.d I
SNMP Trap receiver a.b.c.d added I
SNMP Trap receiver a.b.c.d deleted I
SNMP Coldstart trap sent to a.b.c.d I
SNMP Warmstart trap sent to a.b.c.d I
SNTP client started I
SNTP client stopped….disabled by user I
SNTP client stopped….server not configured I
SNTP Request timed out I
SNTP Retrying.. I
SNTP Time synchronized through SNTP I

328
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Subsystem Description Severity

TCP/IP Duplicate IP a.b.c.d sent from MAC address XXXXXX C
TCP/IP Unable to allocate memory for an ICMP packet C
TCP/IP IP packet from a.b.c.d , with checksum error dropped D
TCP/IP Bad IP fragments from a.b.c.d dropped D
TCP/IP UDP checksum error in the received packet a.b.c.d D
TCP/IP TCP checksum error in the received packet a.b.c.d D
TCP/IP ICMP checksum error in the received packet D
TCP/IP Failed to initialize the interface x F
TCP/IP IP packet of version X is dropped I
VLAN Type set to port I
VLAN Type set to mac I
VLAN Type set to tag I
VLAN Type set to none I
VLAN Pvlan: port based vlan started I
VLAN Pvlan: default vlan is modified I
VLAN Tvlan: Tag based vlan started I
VLAN pvlan:vlan X enabled I
VLAN pvlan:vlan X disabled I
VLAN pvlan:vlan X deleted I
VLAN pvlan:port based VLAN started I
VLAN pvlan:port based VLAN stopped I
VLAN pvlan:default vlan is modified I
VLAN tvlan:vlan X deleted I
VLAN tvlan:vlan X enabled I
VLAN tvlan:vlan X disabled I
VLAN tvlan:tag based VLAN stopped I
VLAN tvlan:tag based VLAN started I
FIGURE 174 – Listing of severity - sorted by subsystem and severity

Please refer to the related chapters in this manual to find more information. For example, the VLAN
subsystem, refer to Chapter 11 – VLAN on page 144.

MAC Address Table

Syntax show address-table – displays the MAC addresses associated with ports – shows the MAC addresses on
the ports and displays to which port the packet with the specified MAC addresses will be switched to

Sometimes it is useful to see which port a specific packet will be switched to by examining the internal
MAC address table. The show address-table command displays the internal switching table.

329
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Magnum10KT# show address-table

Sl# MAC Address Port

---------------------------------------
1 01:00:5e:00:00:fb 0
2 00:0c:f1:b9:d1:dc 3
3 33:33:00:00:00:02 0
4 01:00:0c:cc:cc:cc 0
5 01:00:5e:00:00:16 0
6 00:07:50:ef:31:40 3
7 00:e0:81:52:85:96 3
8 01:40:96:ff:ff:ff 0
9 01:40:96:ff:ff:00 0
10 00:40:96:33:51:81 3

Magnum10KT#
FIGURE 175 – Display of the internal switching decision table.

Where Sl# is the sequential listing form the memory and is just a sequence of the data as it appears in
the memory. Port is the port number where the MAC address is assigned to. For example, if the
packet with MAC address 00:0c:F1:B9:D1:DC (#2 above) appears with this MAC address in the DST
field, the packet will be sent to port number 3. Also notice that there are other MAC addresses
associated with port #3, indicating that the port has a hub or a switch connected to it.

List of Commands In This Chapter

Syntax alarm – enter the alarm configuration mode

Syntax add event=<event-id|list|range|all> - enables alarm action in response to the specified event ID

Syntax period time=<1..10> - sets the duration of relay action for the momentary type signal. This may be needed
to adjust to the behavior of the circuit or relay. Default is 3 seconds. Time is in seconds

Syntax del event=<event-id|list|range|all> - disables alarm action in response to the specified event ID

Syntax alarm <enable|disable|reset> [event=<all|number|list>] - globally enables or disables the

alarm action. This command also resets the alarm. "alarm reset" without an event number will reset all alarms

Syntax show alarm - displays the current status of Alarm system

Syntax set motd – after the command is typed, MNS allows you to enter the Banner message

Syntax show motd – displays the current message set

Syntax smtp – configure the SNMP alerts to be sent via email

Syntax show smtp <config|recipients> - config – displays the current SMTP global settings and
recipients displays the currently configured recipients of email alerts

330
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax add id=<1-5> email=<email-addr> [traps=<all|none|S|R|E>]

[events=<all|none|I|A|C|F|D>] [ip=<ip-addr>] [port=<1-65535>]

id – [mandatory] the recipient ID - range from 1 to 5. MNS-6K allows a maximum of 5

recipients

email – [mandatory] email address of the recipient

traps – [optional] this is the trap filter. If value is “all”, all traps of any type will be sent to this
recipient. If value is none, no traps are sent to this recipient. Value can also be a
combination of ‘S’ (SNMP), ‘R’ (RMON) and ‘E’ (ENTERPRISE). For example,
trap=SR means that SNMP and RMON traps will be sent via email to the recipient. If
this option is not defined, the recipient will have a default value of “all”

events – [optional] this is the event filter. Value can be “all” - all event severity types will be
sent to recipient, “none” - no event will be sent to recipient or a combination of ‘I’
(informational), ‘A’ (activity), ‘C’ (critical), ‘F’ (fatal) and ‘D’ (debug). With
“event=ACF” implies that events of severity types activity, critical and fatal will be sent
to recipients by email. If this option is not defined, a value of “all” is taken

ip – [optional] SMTP server IP address. This is the SMTP server to connect to for this
particular user. If this option is not defined, the global/default SMTP server is used

port – [optional] TCP port of the SMTP server. If this is not defined, the global default TCP
port is used

Syntax delete id=<1-5> - delete the specific id specified. The deleted id no longer receives the traps via email. The id
is added using the “add” command

Syntax sendmail server=<ip-addr> to=<email-addr> from=<email-addr>

subject=<string> body=<string> - customize (and also to send a test email to check SMTP settings)
the email sent out by specifying the email subject field, server address, to field and the body of the text. See
example fo the body of the text message later in this chapter

server – [mandatory] SMTP server IP v4 address.

to – [mandatory] the recipient email address

from – [mandatory] the sender email address.

subject – [mandatory] email subject or title

body – [mandatory] email body

Syntax server ip=<ip-addr> [port=<1-65535>] [retry=<0-3>] – configure the global SMTP server
settings

331
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

ip – [mandatory] SMTP server IP address

port – [mandatory] TCP port to be used for SMTP communications – default is 25

retry – [optional] specifies how many times to retry if an error occurs when sending email.
Range from 0 to 3. Default is 0.

Syntax smtp <enable|disable> - enables or disables SMTP to send SNMP alerts by email

Syntax exportlog mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]

[doctype=<raw|html>] – facilitates the export of the event log information as a text file or as an
HTML file

Syntax show power – show the status of the power supplies

Syntax show fans – display the status of the fans

Syntax show temp – display the internal ambient temperature

Syntax poe port=<port|list|range> status=<enable|disable> - Enables/disables PoE on the ports

Syntax poereset port=<port|list|range> timer=<2..10> - Reset timer on PoE ports. The timer is in
seconds.

Syntax show-poe – Display PoE status for all the ports

Syntax reboot-scheduler <enable|disable> – enable or disable reboot scheduler

Syntax show reboot-scheduler – display reboot scheduler settings

Syntax set reboot-date year=<2001-2035> month=<1-12> day=<1-31> – set the reboot year, month
and day

Syntax set reboot-time hour=<0-23> min=<0-59> sec=<0-59> – set the reboot time (24 hour clock)

Syntax set reboot-frequency freq=<once|daily|weekly|monthly> – set the reboot frequency i.e. how
often should the reboot occur – once, daily, weekly or monthly

Syntax set reboot-reminder rmdr=<1-99 minutes> – set a reminder for users connected. The reminder is sent out
as a broadcast message to users connected

Syntax !! – repeat the last command

Syntax !<n> – repeat the n th command (as indicated by a show history)

Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only those
commands executed are shown

332
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax <Up-arrow> – every time the key is pressed, the last command is printed on the screen but not executed. This
allows for editing errors made in typing

Syntax <Down-arrow> – opposite of Up-arrow key

Syntax show version – displays the version of MNS-6K being used

Syntax set ftp mode=<normal|passive> – set the FTP mode of operation

Syntax show ftp – display the current FTP operation mode

Syntax ping <ipaddress> [count=<1-999>] [timeout=<1-256>] – use the ping command to test
connectivity

Syntax set prompt <prompt string> – set the prompt for switch. The prompt has predefined variables. These are
$n : System Name; $c : System Contact; $l : System Location; $i : System IP; $m : System MAC; $v :
Version; $$ : $ Character; $r : New Line; $b : Space

333
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

APPENDIX

1
Appendix 1 - Command Listing by Chapter
A rich environment – this Appendix provides a reference to the commands by chapter

Chapter 2 – Getting Started

Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>] [dgw=<gateway>] – to set IP address
on the switch

Syntax save – save changes made to the configuration

Syntax reboot – restart the switch – same effect as physically turning off the power

Syntax show setup – show setup parameters

Syntax show config – show setup parameters configured

Syntax enable <user-name> – changing the privilege level

Syntax add user=<name> level=<number> – adding a user

Syntax delete user=<name> – deleting a user

Syntax passwd user=<name> – changing a password for a user

Syntax chlevel user=<name> level=<number> – changing the user privilege level

Syntax useraccess user=<name> service=<telnet|web> <enable|disable> – defines the services

available to the user to access the device for modifying the configuration

Syntax useraccess user=<name> group=<list> type=<read|write> <enable|disable> – set read or

write access for the command group

Syntax useraccess groups – displays the current groups

Syntax help <command string> – help for a specific command

334
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax command <Enter> – options for a command

Syntax <TAB> – listing all commands available at the privilege level

Syntax <command string> <TAB> – options for a command

Syntax <first character of the command> <TAB> – listing commands starting with the character

Syntax logout – logout from the CLI session

Syntax authorize secure key=<16character license key> – Upgrade MNS-6K to MNS-6K-Secure

Chapter 3 – IP Address and System

Information
Syntax set bootmode type=<dhcp|bootp|manual|auto> [bootimg=<enable|disable>]
[bootcfg=[<enable|disable>] – assign the boot mode for the switch
Where
<dhcp|bootp|manual|auto> – where
dhcp – look only for DHCP servers on the network for the IP address. Disable bootp or other
modes
bootp – look only for bootp servers on the network. Disable dhcp or other mode
manual – do not set the IP address automatically
auto – the switch will first look for a DHCP server. If a DHCP server is not found, it will then
look for a BootP server. If that server is not found, the switch will check to see if the switch
had a pre-configured IP address. If it did, the switch would be assigned that IP address. If
the switch did not have a pre-configured IP address, it would inspect if the IP address
192.168.1.2 with a netmask of 255.255.255.0 is free. If the IP address is free, MNS-6K will
assign the switch that IP address. If the address is not free, MNS-6K will poll the network
for DHCP server then BootP server then check if the IP address 192.68.1.2 is freed up
bootimg=<enable|disable> – valid with type=bootp only. This option allows the switch to
load the image file from the BootP server. This is useful when a new switch is put on a
network and the IT policies are set to load only a specific MNS-6Kimage which is supported
and tested by IT personnel.
bootcfg=<enable|disable> – valid with type=bootp only. This option allows the switch to
load the configuration file from the BootP server. This is useful when a new switch is put on
a network and the specific configurations are loaded from a centralized BootP server
Syntax telnet <enable|disable> – enables or disables telnet sessions
Sysntax
Syntax telnet <ipaddress> [port=<port number>] – telnet from the switch

335
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax ssh <enable|disable|keygen> – enable or disable the server. Also can be used for generating the key
used by ssh

Syntax ssh port=<port|default> – select a different port number for SSH communication

Syntax show ssh – display the ssh settings

Syntax set dns [server=<ip>] [domain=<domain name>] <enable|disable|clear> – specify a

DNS server to look up domain names. The sever IP can be a IPV6 address as well as an IPV4 address

Syntax show dns – display the DNS settings

Syntax set serial [baud=<rate>] [data=<5|6|7|8>] [parity=<none|odd|even>]

[stop=<1|1.5|2>] [flowctrl=<none|xonxoff>] – sets serial port parameters

Syntax snmp – enter the snmp configuration mode

Syntax setvar [sysname|syscontact|syslocation]=<string> – sets the system name, contact and location
information

Syntax set timezone GMT=[+ or -] hour=<0-14> min=<0-59> – sets the timezone

Syntax set date year=<2001-2035> month=<1-12> day=<1-31>

[format=<mmddyyyy|ddmmyyyy|yyyymmdd>] – sets the date and the format in which the date is
displayed

Syntax set time hour=<0-23> min=<0-59> sec=<0-59> – sets the time (as well as the timezone)

Syntax set timeformat format=<12|24> – sets the display time in the 12/24 hour mode

Syntax set daylight country=< country name> – sets the daylight saving time

Syntax setsntp server = <ipaddress> timeout = <1-10> retry = <1-3> – setup the SNTP server

Syntax sync [hour=<0-24>] [min=<0-59>] – setup the frequency at which the SNTP server is queried

Syntax sntp [enable|disable] – enables or disables the SNTP services

Syntax saveconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – saves the configuration on

the network using tftp, ftp or serial protocols

Syntax loadconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – loads the previously saved

configuration from the network using TFTP, FTP or serial protocols

336
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax kill config [save=module_name] – resets the system configuration. The module_name option does not reset the
specific module parameters. The modules are system, event, port, bridge, stp, ps, mirror, sntp, vlan, gvrp and snmp

Syntax show session – display telnet sessions active on the switch

Syntax kill session id=<session> – kill a specific telnet session

Syntax set ftp mode=<normal|passive> – set the FTP mode of operation

Syntax show ftp – display the current FTP operation mode

Syntax ftp <get|put|list|del> [type=<app|config|oldconf|script|hosts|log|cert>]
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>]
[pass=<password>] – upload and download information using ftp command

Where
<get|put|list|del> – different FTP operations
[type=<app|config|oldconf|script|hosts|log|cert>] – optional type field. This is useful
to specify whether a log file or host file is uploaded or downloaded. This can also perform the
task of exporting a configuration file or uploading a new image to the switch.
Note cert allows a new certificate to be loaded to the switch. The default certificate is a self signed
certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>]
[pass=<password>] – parameters associated with ftp server for proper communications
with the server

Syntax stftp<get|put| list|del > [type=<app|config|oldconf|script|hosts|log|cert>]

[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – upload and download information
using sftp command

Where
<get|put| list|del > - different sftp operations – get a file from the server or put the
information on the server or list files on the server or delete files from the server
[type=<app|config|oldconf|script|hosts|log|cert>] – optional type field. This is useful
to specify whether a log file or host file is uploaded or downloaded. This can also perform the
task of exporting a configuration file or uploading a new image to the switch.
Note cert allows a new certificate to be loaded to the switch. The default certificate is a self signed
certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – parameters associated with
tftp server for proper communications with the server
Syntax tftp <get|put> [type=<app|config|oldconf|script|hosts|log|cert>]
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – upload and download information
using tftp command

Where
<get|put> - different TFTP operations – get a file from the server or put the information on
the server

337
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

[type=<app|config|oldconf|script|hosts|log>] – optional type field. This is useful to

specify whether a log file or host file is uploaded or downloaded. This can also perform the
task of exporting a configuration file or uploading a new image to the switch.
Note - cert allows a new certificate to be loaded to the switch. The default certificate is
a self signed certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>] [file=<filename>] – parameters associated with
the TFTP server for proper communications with the server

Syntax xmodem <get|put> [type=<app|config|oldconf|script|hosts|log|cert>] – upload and

download information using xmodem command and console connection

Where
<get|put> - different xmodem file transfer operations – get a file from the server or put the
information on the server
[type=<app|config|oldconf|script|hosts|log|cert>] – optional type field. This is useful
to specify whether a log file or host file is uploaded or downloaded. This can also perform the
task of exporting a configuration file or uploading a new image to the switch.

Note cert allows a new certificate to be loaded to the switch. The default certificate is a self signed
certificate from GarrettCom Inc.

Syntax host <add|edit|del> name=<host-name> [ip=<ipaddress>] [user=<user>]

[pass=<password>] – create a host entry for accessing host. This is equivalent to creating a host table on
many systems. Maximum of 10 such entries are allowed

Syntax show host – displays the host table entries

Syntax climode <script|console|show > – set the interactive CLI mode on (console) or off (script). To see the
mode – use the show option

Syntax more <enable|disable|show > – enable or disable the scrolling of lines one page at a time
Syntax configure access – sets the access parameters (e.g. disable telnet session)

Syntax show ipconfig – shows IP parameters set

Syntax show console – reviews console settings

Syntax show serial – reviews serial settings

Syntax show setup – reviews system parameters

Syntax show sysconfig – reviews settable system parameters

Syntax show time – shows the system time

Syntax show timezone – shows the system timezone

338
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show date – shows the system date

Syntax show uptime – shows the amount of time the switch has been operational

Syntax tftpsrv <start|stop> – start and stop TFTP server services

Syntax show config [module=<module-name>] [run|saved|script] – displays the configuration

Syntax set secrets <hide|show> – sets the system parameter to display or hide the passwords

Syntax show secrets – display the secrets setting

Syntax kill config [save=module-name] – resets the system configuration. The module-name option does not
reset the specific module parameters. The modules are listed below

Chapter 4 – IPv6
Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>] [dgw=<gateway>] [add|del] –
configure and IPv6 address. The add/delete option can be used to add or delete IPv4/IPv6 addresses

Syntax show ipconfig – display the IP configuration information – including IPv6 address

Syntax ping6 <IPv6 address> – pings an IPv6 station

Syntax show ipv6 – displays the IPv6 information

Syntax ftp <IPv6 address> – FTP to an IPv6 station

Syntax telnet <IPv6 address> – telnet to an IPv6 station

Chapter 5 – DHCP Server

Syntax dhcpsrv <start|stop> – start or stop the DHCP server. By default, the server is off

Syntax config startip=<start ip> endip=<endip> mask=<mask> [dns=< dns1, dns2,..dns10>]

[gateway=<gateway>] [leasetime=<lease time(1..10 hours)>] – configure the DHCP lease
request parameters such as starting IP address, ending IP address, DNS server parameters, default gateway IP
address and lease time

Syntax addlease ip=<ip> mac=<mac> [leasetime=<lease time (1..10)>] – add a specific host with a
specific IP address

339
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax reserve-ip ip=<ip> [mac=<mac>] – reserve a specific IP address for a device

Syntax clear-reserveip ip=<ip> - clear the reverse IP assigned

Syntax config dhcpserverip=<DHCP server IP> <add|del> port=<port|list|range> - configure the

DHCP server IP and add/delete DHCP services on specified ports on the switch

Syntax dhcprly <start|stop> – start/stop the DHCP relay services

Syntax show dhcprly <config|status> – display the DHCP relay services information

Syntax show dhcpsrv <config|status|leases> – display the DHCP server configuration, leases as well as
status

Chapter 6 – SNTP Server

Syntax sntpserver – enter the SNTP Server configuration mode

Syntax sntpsrv <start|stop> – Start or stop the SNTP Services

Syntax show sntpsrv – display the status of SNTP server

Chapter 7 – Access Considerations

Syntax set password – set or change password

Syntax configure port-security – sets the port authorization based on MAC addresses

Syntax port-security – configure port security settings

Syntax allow mac=<address|list|range> port=<num|list|range> – specify a specific MAC address or

MAC address list

Syntax learn port=<number-list> <enable|disable> – learn MAC addresses connected to the Magnum 6K
switch

Syntax show port-security – display port security settings

Syntax action port=<num|list|range> <none|disable|drop> – action to perform in case of breach of port

security

340
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax signal port=<num|list|range> <none|log|trap|logandtrap> – port to monitor and signal to

send in case of breach of port security

Syntax ps <enable|disable> – enable or disable port security

Syntax remove mac=<all|address|list|range> port=<num|list|range> – remove a MAC address

entry

Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – display the log

Syntax clear log [fatal|alert|crit|error|warn|note|info|debug] – clear the log

Syntax set logsize size=<1-1000> – set the number of line to be collected in the log before the oldest record is re-
written

Syntax syslog – syslog context commands

Syntax server add host=<host|ip> [port=<port>] [event=<all|none|default|list>] – add a syslog

server. Maximum of five servers can be defined

Syntax server edit id=<id> [host=<host|ip>] [port=<port>] [event=<all|none|default|list>]

– edit the server setup as well as which syslog messages the server should receive

Syntax server del id=<id> – delete a Syslog server

Syntax server <enable|disable> id=<id> – enable or disable the log messages being sent to a syslog server

Syntax syslog <enable|enable> – enable (or disable) the syslog messages

Syntax access – setup access configuration parameters

Syntax allow ip=<ipaddress> mask=<netmask> service=<name|list> – allow specific IP address or

range of addresses as a trusted host(s)

Syntax deny ip=<ipaddress> mask=<netmask> service=<name|list> – deny specific IP address or

range of IP addresses

Syntax remove ip=<ipaddress> mask=<netmask> – delete a specific IP address from the access or trusted
host list

Syntax removeall – remove all IP addresses of trusted hosts

Syntax show ip-access – display all trusted hosts

341
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal
|arp|portstats|addr] – clear command to clear various aspects of the MNS-6K information – most notably
clear addr – clears the addresses learnt or clear log to clear the logs (and the type of logs)

Chapter 8 – Access Using RADIUS

Syntax auth configuration mode to configure the 802.1x parameters

Syntax show auth <config|ports> show the 802.1x configuration or port status

Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] define the RADIUS server – use
UDP socket number if the RADIUS authentication is on port other than 1812

Syntax auth <enable|disable> enables or disables the 802.1x authenticator function on MNS-6K switch

Syntax setport port=<num|list|range> [status=<enable|disable>]

[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] setting the port
characteristic for an 802.1x network

Syntax backend port=<num|list|range> supptimeout=<1-240>] [servertimeout=<1-240>]

[maxreq=<1-10>] configure parameters for EAP over RADIUS

port – [mandatory] – port(s) to be configured

supptimeout – [optional] This is the timeout in seconds the authenticator waits for the
supplicant to respond back. Default value is 30 seconds. Values can range from 1 to 240
seconds.
servertimeout – [optional] This is the timeout in seconds the authenticator waits for the
backend RADIUS server to respond back. The default value is 30 seconds. Values can range
from 1 to 240 seconds.
maxreq – [optional] The maximum number of times the authenticator will retransmit an EAP
Request packet to the Supplicant before it times out the authentication session. Its default value
is 2. It can be set to any integer value from 1 to 10.

Syntax portaccess port=<num|list|range> [quiet=<0-65535>] [maxreauth=<0-10>]

[transmit=<1-65535>] set port access parameters for authenticating PCs or supplicants

port – [mandatory] – ports to be configured

quiet – [optional] This is the quiet period, the amount of time, in seconds, the supplicant is held
after an authentication failure before the authenticator retries the supplicant for connection. The
default value is 60 seconds. Values can range from 0 to 65535 seconds.
maxreauth – [optional] The number of re-authentication attempts that are permitted before the
port becomes unauthorized. Default value is 2. Values are integers and can range from 0 to 10.

342
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

transmit – [optional] This is the transmit period, this is the time in seconds the authenticator
waits to transmit another request for identification from the supplicant. Default value is 30.
Values can be from 1 to 65535 seconds.

Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] set values

on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or PC

port – [mandatory] – ports to be configured

status – [optional] This enables/disables re-authentication
period – [optional] this is the re-authentication period in seconds. This is the time the
authenticator waits before a re-authentication process will be done again to the supplicant.
Default value is 3600 seconds (1 hour). Values can range from 10 to 86400 seconds.

Syntax show-stats port=<num> displays 802.1x related statistics

Syntax trigger-reauth port=<num|list|range> manually initiate a re-authentication of supplicant

Syntax userauth <enable|disable> – enable or disable user access to MNS-6K-SECURE by authenticating the
user against the RADIUS server.

Chapter 9 – Access Using TACACS+

Syntax show tacplus <status|servers> – show status of TACACS or servers configured as TACACS+ servers

Syntax tacplus <enable|disable> [ order=<tac,local | local,tac>] – enable or disable TACACS

authentication, specifying the order in which the server or local database is looked up where “tac,local” implies,
first the TACAS+ server, then local logins on the device

Syntax tacserver <add|delete> id=<num> [ip=<ip-addr>] [port=<tcp-port>]

[encrypt=<enable|disable>] [key=<string>] [mgrlevel=<level>] [oprlevel=<level>] –
adds a list of up to five TACACS+ servers where
<add|delete> – [mandatory] adds or delete a TACACS+ server.
id=<num> – [mandatory] the order in which the TACACS+ servers should be polled for
authenticaton
[ip=<ip-addr>] – [mandatory for add] the IP address of the TACACS+ server
[port=<tcp-port>] – [optional for add] TCP port number on which the server is listening
[encrypt=<enable|disable>] – [optional for add] enable or disable packet encryption
[key=<string>] – [optional for add, mandatory with encrypt] when encryption is enabled, the
secret shared key string must be supplied
[mgrlevel=<level>] and [oprlevel=<level>] – [optional] specifies the manager and operator
level as defined on the TACACS+ server for the respective level of login

343
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 10 – Port Setup and

Mirroring
Syntax show port-mirror – display port mirror settings

Syntax port-mirror <enter> – configure port mirror settings

Syntax setport monitor=<number|list|range> sniffer=<sniffer port number> – set port mirror

settings

Syntax prtmr <enable|disable> – enable or disable port mirror settings

Syntax device – configure device and port specific settings

Syntax setport port=<port|list|range> [name=<name>] [speed=<10|100>]

[duplex=<half|full>] [auto=<enable|disable>] [flow=<enable|disable>]
[bp=<enable|disable>] [ffi=<enable|disable>] [notify=<all|none|list>]
[status=<enable|disable>] [egress-rate=<rate|none>] – configure port settings

Syntax show port[=<port number>] – displays port information

Syntax show modules – displays modules in different slots

Syntax flowcontrol xonlimit=<value> xofflimit=<value> – configure flow control buffers

Syntax show flowcontrol – display flow control buffers

Syntax backpressure rxthreshold=<value> – configure backpressure buffers

Syntax show backpressure – display backpressure buffers

Syntax broadcast-protect <enable|disable|default> – enable or disable the broadcast storm protection

capabilities

Syntax rate-limit <enable|disable|default> – enable or disable the rate limit capability

Syntax broadcast-protect <enable|disable> – enable or disable the broadcast storm protection capabilities (a
hidden command supported for backward compatibility in the 10K switch, and in the 6K switch
it is in the rate-limit default)

Syntax show broadcast-protect – display the broadcast storm protection settings (a hidden command
supported for backward compatibility

344
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 11 - VLAN
Syntax set vlan type=<tag|none> defines the VLAN type

Syntax vlan <enable|disable> – allow VLAN commands or configure vlan commands

Syntax vlan – enter the subset of VLAN commands

Syntax add id=<vlan Id> [name=<vlan name>] port=<number|list|range>

[forbid=<number|list|range>] [<mgt|nomgt>] - adding VLAN

Syntax start vlan=<name|number|list|range> activate the VLAN configuration

Syntax save save the configuration (including the VLAN configuration)

Syntax edit id=<vlan id> [name=<vlan name>] port=<number|list|range> [<mgt|nomgt>] –

edit existing VLAN name

Syntax show vlan [<id=vlanid>] display specific VLAN information

Syntax set-port port=<number|list|range> default id=<number> sets the default VLAN id. For
Magnum 6K family of switches, the default VLAN id is 1, unless changed using this command

Syntax set-port port=<number|list|range> filter status=<enable|disable> enables or disables the

VLAN filtering function.

Syntax set-port port=<number|list|range> tagging id=<number> status=<tagged| untagged>

defines whether the outgoing packets from a port will be tagged or untagged.

Syntax set-port port=<number|list|range> join id=<number> adds the specified port(s) to the specified
VLAN id

Syntax set-port port=<number|list|range> leave id=<number> releases a specific port from a VLAN

Syntax show port [port=<port|list|range>] shows all parameters related to tag vlan for the list of ports. If the
port parameter is omitted, it will display all ports

Chapter 12 – Spanning Tree Protocol

(STP)
Syntax show stp <config|ports > – regardless of whether STP is enabled or disabled (default) this command lists
the switch’s full STP configuration, including general settings and port settings

345
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> – Start (Enable) or stop (Disable) STP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> – specifies the port or switch level
priority. When a port(s) are specified the priority is associated with ports and their value is 0-255. If no ports are
specified, then the switch (bridge) priority is specified and its value is 0-65535

Syntax cost port=<number|list|range> value=<0-65535> – cost is specific to a port and the port(s) have to
be specified

Syntax port port=<number|list|range> status=<enable|disable> – specific ports may not need to

participate in STP process. These ports typically would be end-stations. If you are not sure – let MNS-6K
software make the decisions

Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> – change the STP Forward Delay,
Hello timer and Aging timer values

Chapter 13 – Rapid Spanning Tree

Protocol
Syntax set stp type=<stp|rstp> – Set the switch to support RSTP or change it back to STP. Need to save and
reboot the switch after this command

Syntax rstp – enter the RSTP configuration mode

Syntax rstp <enable|disable> – enable RSTP – by default, this is disabled and has to be manually activated

Syntax port port=<number|list|range> [status=<enable|disable>] [migration=<enable>]

[edge=<enable|disable>] [p2p=<on|off|auto>] – set the port type for RSTP

Example port port=<number|list|range> p2p= off – Set the “point-to-point” value to off on all
ports that are connected to shared LAN segments (i.e. connections to hubs). The default value is
auto. P2P ports would typically be end stations or computers on the network

Example port port=<number|list|range> edge=enable – enable all ports connected to other hubs,
bridges and switches as edge ports

Example port port=<number|list|range> migration=enable – set this for all ports connected to
other devices such as hubs, bridges and switches known to support IEEE 802.1d STP services, but
cannot support RSTP services

Syntax show active-stp – status whether STP or RSTP is running

346
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show rstp <config|ports> – display the RSTP or STP parameters

Syntax forceversion <stp|rstp> – set the STP or RSTP compatibility mode

Syntax show-forceversion – the current forced version

Syntax show-timers – show the values of the timers set for RSTP

Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> – specifies the port or switch

level priority. When a port(s) are specified the priority is associated with ports and their value is 0-255. If no
ports are specified, then the switch (bridge) priority is specified and its value is 0-65535

Syntax cost port=<number|list|range> value=<0-65535> – cost is specific to a port and the port(s) have to
be specified

Syntax port port=<number|list|range> status=<enable|disable> – specific ports may not need to

participate in STP process. These ports typically would be end-stations. If you are not sure – let MNS-6K
software make the decisions

Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> – change the STP Forward delay,
Hello timer and Aging timer values

Chapter 14 – S-Ring and Link-Loss-Learn

Syntax authorize <module> key=<security key> – activate the S-Ring capabilities. Don’t forget to use the
save command to save the key

Syntax stp – STP Configuration mode

Syntax stp <enable|disable> – Start (Enable) or stop (Disable) STP

Syntax set stp type=<stp|rstp> – set the spanning tree protocol to be IEEE 802.1d or 802.1w (Spanning Tree
Protocol or Rapid Spanning Tree Protocol)

Syntax show active-stp – Display which version of STP is currently active

Syntax show s-ring – show the status of S-ring status and configuration

Syntax s-ring <enable|disable> – enable or disable S-ring capabilities

Syntax s-ring learn – start the learning process to discover the ring and the ports which make up the S-ring

Syntax s-ring add port=<port1,port2> – define ports which make up the S-ring ports. Note as discussed earlier,
you can create multiple s-rings on a switch

347
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax s-ring del port=<port1,port2> – remove the switch from S-ring topology by eliminating the end ports on the
switch

Syntax lll <enable|disable> – enable or disable LLL on the switch

Syntax lll add port=<port|list|range> – enable LLL on the list of specified ports

Syntax lll del port=<port|list|range> – disable LLL on the list of specified ports

Syntax show lll – display the status of LLL

Syntax rstp – STP Configuration mode

Syntax rstp <enable|disable> –Start (Enable) or stop (Disable) STP

Syntax set stp type=<stp|rstp> – set the spanning tree protocol to be IEEE 802.1d or 802.1w (Rapid Spanning
Tree Protocol)

Syntax show active-stp – Display which version of STP is currently active

Chapter 15 – Dual-Homing
Syntax dualhome – enter the dual-homing configuration sub-system

Syntax dualhome <enable|disable> – enable or disable dual-homing

Syntax dualhome add port1=<port#> port2=<port#> – dual-homing setup similar to that of unmanaged
switches such as ES42

OR

Syntax dualhome add primary=<port#> secondary=<port#> – dual-homing setup as primary-secondary

mode

Syntax dualhome del – Delete the dual-homing setup

Syntax show dualhome – Display dual-homing status

348
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 16 – Link Aggregation Control

Protocol (LACP)
Syntax lacp – enable the LACP configuration module within CLI

Syntax lacp <enable | disable> – enable or disable LACP

Syntax add port=<number|list|range> [priority=<0-65535>] – add the specified list of ports to form the
logical LACP trunk. Default value for priority is 32768. The lower the value assigned to priority, the higher the
priority. The port with the highest priority is the primary port (over which certain types of traffic like IGMP is
transmitted)

Syntax del port=<number|list|range> – delete specified ports from the LACP membership

Syntax editport=<number|list|range> [priority=<priority>] – edit the membership of the ports specified.

The priority can be from 0 – 65535

Syntax show lacp – displays the status and other relevant LACP information

Chapter 17 – Quality of Service

Syntax qos – enter the QoS configuration mode

Syntax setqos type=<port|tag|tos|none> [port=<port|list|range>] [priority=<high|low>]

[tos=<0-63|list|range>][tag=<0-7|list|range>] – depending on the type of QOS, the
corresponding field has to be set. For example, for QOS type tag, the tag levels have to be set, and for QOS type
ToS, the ToS levels have to be set. If the priority field is not set, it then defaults to low priority. ToS has 64 levels
and the valid values are 0-63 and a tagged packet has 8 levels and the valid values are 0-7.

Syntax set-weight weight=<0-7> – sets the port priority weight for All the ports. Once the weight is set, all the
ports will be the same weight across the switch. The valid value for weight is 0-7

Syntax show-portweight – display the weight settings on a port

Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS settings

Syntax set-untag port=<port|list|range> priority=<high|low> tag=<0-7> – The 802.1p user

priority assigned to untagged received packets to be transmitted as tagged from the priority queue

Syntax map priority=<high|normal|medium|low> [tos=<0-63|list|range>] [tag=<0-

7|list|range>] – depending on the type of QOS, the priorities and Type of Service has to be mapped using

349
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

this command. For example, for the priority "high" the Type of service can be set to 24 and 48. The tag can be
set to 3.

Syntax set-port port=<port|list|range>[tag=<enable|disable>][tos=<enable|disable >]

[default=<0-7> – this command is used to specifically set the QoS settings of a specific port or port group of a
list of ports. The packet exiting (egress) will be assigned these settings specified by this command.

Chapter 18 - IGMP
Syntax igmp – IGMP configuration mode

Syntax igmp <enable/disable> – enable or disable IGMP on the switch

Syntax show igmp – IGMP operation status

Syntax mcast <enable | disable> – enable or disable unknown multicast streams. The default is enabled

Syntax set igmp mode= <normal|l2> – set the IGMP mode. Normal is when a L3 device is in the network and
is the IGMP root. The IGMP-L2 is used when there is no L3 device in the network

Syntax group add ip=<group ip> port=<number|list|range> vlan=<vlanid> – add ports to a specific
IGMP broadcast
group del ip=<group ip> – delete ports from a specific IGMP broadcast group

Syntax show-group – shows the multicast groups

Syntax set-port port=< port|list|range> mode=<auto|forward|block> – set the port characteristics.

Block drops the unregistered multicasts. Forward forwards unregistered multicasts

Syntax show-port – display the port characteristics for IGMP

Syntax show-router – displays detected IGMP-enabled router ports

Syntax set-leave <enable|disable> – enables or disables the switch to immediately process a host sending a leave
message rather that wait for the timer to expire

Syntax set-querier <enable|disable> – enables or disables a switch as IGMP querier

Syntax set-qi interval=<value> – The IGMP querier router periodically sends general host-query messages. These
messages are sent to ask for group membership information. This is sent to the all-system multicast group address,
224.0.0.1. The default value is 125 seconds. The valid range can be from 60 to 127 seconds.

Syntax set-qri interval=<value> – The query response interval is the maximum amount of time that can elapse
between when the querier router sends a host-query message and when it receives a response from a host. The

350
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Default value is 10 seconds. The Range can be from 2 to 270 seconds. Restrictions apply to the maximum value
because of an internal calculation that is dependent on the value of the Query Interval

Syntax mode=<l2|normal> – Toggle the IGMP mode from L2 to nnormal or IGMP-L2

Chapter 19 - GVRP
Syntax show gvrp – shows whether GVRP is disabled, along with the current settings for the maximum number of
VLANs and the current Primary VLAN

Syntax gvrp <enable|disable> – enable or disable GVRP

Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch

Syntax set-ports port=<port|list|range> state=<learn|block|disable> – set the state of the port to

learn, block or disable for GVRP. Note the default state is disable

Syntax static vlan=<VID> – convert a dynamic VLAN to a static VLAN

Syntax set-forbid vlan=<tag vlanid> forbid=<port-number|list|range> – sets the forbid GVRP

capability on the ports specified

Syntax show-forbid – display the ports with GVRP forbid capabilities

Chapter 20 – LLDP
Syntax lldp <enable|disable> – enables or disables LLDP

Syntax set-port port=<number|list|range> status=<disable|tx|rx|txrx> notify = <enable|

disable> manaddr=<enable|disable> tlvmap=<portdesc,sysname,sysdesc, syscap|none> – set
the LLDP information propagation capabilities of the port. In this command
Port=number signifies the port number or range of port numbers.
Status defines the function which will be atributed to the port. The status can be disable the LLDP function for the specific
port(s), enable LLDP in the transmit or receive or transmit-receive mode.
Manaddr enables the MAC address discovery
Tlvmap defines which of the MIB information will be propageted. The MIB information allowed are Port Description,
System Name, System Description, System Capabilities and None or no information is sent.

Syntax show-remote - displays remote or neighboring LLDP information

Syntax show lldp - displays LLDP settings

351
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax timers [txint=<sec>] [txhold=<multiplier>] [reinit=<sec>] [txdly=<sec>]

[notify=<sec>] - set TLV timers

Chapter 21 – SNMP
Syntax snmp – enter the SNMP Configuration mode

Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp”
command which follows

Syntax set snmp type=<v1|all> - define the version of SNMP to use – the option all supports all versions (v1, v2
and v3) – v1 restricts SNMP to v1 only. By default – SNMP v1only is enabled

Syntax show active-snmp – shows the version of SNMP currently in use

Syntax community [write=<write community>] [read=<read community>] [trap=<trap

community>] – sets the necessary community strings

Syntax authtraps <enable|disable> – enables or disables authentication traps generation

Syntax traps <add|delete> type=<Snmp|Rmon|Snmp,Rmon|Enterprise| Snmp,Enterprise

|Rmon,Enterprise|All> ip=<ipaddress> – add v1 traps as well as define the trap receiver

Syntax show snmp – displays the SNMP configuration information

Syntax mgrip <add|delete> ip=<IPaddress> – adds or deletes a management station, specified by the IP
address, which can query SNMP variables from the switch. This is done to protect the switch from being polled by
unauthorized managers. Maximum of five stations allowed.

Syntax setvar [sysname|syscontact|syslocation]=<string> sets the system name, contact and location. All
parameters are optional but a user must supply at least one parameter

Syntax quickcfg – quick setup for snmpv3 configuration. It automatically configures a default VACM (view-based
access control model). This allows any manager station to access the Magnum 6K switch either via SNMP v1,
v2c or v3. The community name is “public”. This command is only intended for first time users and values can be
changed by administrators who want more strict access

Syntax engineid string=<string> – Every agent has to have an engineID (name) to be able to respond to
SNMPv3 messages. The default engine ID value is “6K_v3Engine”. This command allows the user to change
the engine ID

Syntax authtrap <enable|disable> – enables or disables authentication traps generation

352
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show-authtrap – displays the current value of authentication trap status.

Syntax deftrap community=<string> – defines the default community string to be used when sending traps. When
user does not specify the trap community name when setting a trap station using the “trap” command, the default
trap community name is used

Syntax show-deftrap – displays the current value of default trap

Syntax trap <add|delete> id=<id> [type=<v1|v2|inform>] [host=<host-ip>]

[community=<string>] [port=<1-65534>] – define the trap and inform manager stations. The station
can receive v1, v2 traps and/or inform notifications. An inform notification is an acknowledgments that a trap
has been received. A user can add up to 5 stations.

Syntax show-trap [id=<id#>] – shows the configured trap stations in tabular format - id is optional and is the
number corresponding to the trap entry number in the table

Syntax com2sec <add|delete> id=<id> [secname=<name>] [source=<source>]

[community=<community>] – a part of the View based Access control model (VACM) as defined in
RFC 2275. This specifies the mapping from a source/community pair to a security name. On MNS-6K, up to
10 entries can be specified

Syntax group <add|delete> id=<id> [groupname=<name>]

[model=<v1|v2c|usm>] [com2secid=<com2sec-id>] – a part of the View based Access control
model (VACM) as defined in RFC 2275. This command defines the mapping from sec model or a sec name to a
group. A sec model is one of v1, v2c, or usm. On MNS-6K, up to 10 entries can be specified

Syntax show-group [id=<id>] – displays all or specific group entries - id is optional and is the number
corresponding to the group entry number in the table

Syntax view <add|delete> id=<id> [viewname=<name>] [type=<included|excluded>]

[subtree=<oid>] [mask=<hex-string>] – a part of the View based Access control model (VACM)
as defined in RFC 2275. This command defines a manager or group or manager stations what it can access
inside the MIB object tree. On MNS-6K, up to 10 entries can be specified

Syntax show-view [id=<id>] – displays all or specific view entries - id is optional and is the number corresponding
to the view entry number in the table

Syntax user <add|delete> id=<id> [username=<name>]

[usertype=<readonly|readwrite>] [authpass=<pass-phrase>]
[privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>] – for quickly
adding or deleting v3 USM based security, this command adds user entries. MNS-6K allows up to 5 users to be
added. Right now, the MNS-6K agent only support noauth and auth-md5 for v3 authentication and auth-des for
priv authentication

353
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax show-user [id=<id>] – displays all or specific view entries - id is optional and is the number corresponding to
the view entry number in the table

Syntax rmon – enter the RMON configuration mode to setup RMON groups and communities

Syntax history def-owner=<string> def-comm=<string> – define the RMON history group and the
community string associated with the group

Syntax statistics def-owner=<string> def-comm=<string> – define the RMON statistics group and the
community string associated with the group

Syntax alarm def-owner=<string> def-comm=<string> – define the RMON alarm group and the
community string associated with the group

Syntax event def-owner=<string> def-comm=<string> – define the RMON event group and the
community string associated with the group

Syntax show rmon <stats|hist|event|alarm> – list the specific RMON data as defined by the group type

354
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 22 – MODBUS
Syntax modbus <enable|disable> – enable or disable the MODBUS protocol

Syntax modbus port=<port#|default> – change the default MODBUS TCP port number or reset it to default
TCP port 502

Syntax modbus device=<device|default> – change the MODBUS default device type or reset it to default value
of 5

Syntax show modbus – display the MODBUS settings

Chapter 23 – PTP (IEEE 1588)

Syntax ptp – enter the PTP sub group of commands

Syntax ptp <enable|disable> – enable or disable the ptp capabilities

Syntax announce interval=<1|2|4|8|16> – shows the intervals of the ptp configuration

Syntax power-profile= [<enable|disable>] [vlan=<none|0-4095>] [prio=<0..7>] [gmid=<3-

254>] – shows the power-profile of the ptp configurations

Stntax sync interval=<250|500|1000|2000|4000|8000|16000> – set the sync interval (in milliseconds)

Syntax setptp [clock=<auto|tc|bc>] [priority1=<0-255>] [priority2=<0-255>]

[domain=<0..127] [sync=<enable|disable>] [delay=<e2e|p2p>] – set the behavior of the clock as a
boundary clock or transparent clock. Priority 1 and Priority 2 are used by network administrators to deterministically set
which clock becomes the master clock in case there is a resolution conflict or "tie"

Syntax setport port=<port|list|range> [mode=<auto|mac|udp>] [<enable|disable>] – define

the ports where PTP packets are examined for time synchronization

Syntax show-port=shows the ports and the modes

Syntax show ptp – shows the status of PTP (enabled or disabled)

Syntax show modules – shows the modules in the system. If there is an IEEE 1588 module present it will display
that

355
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Chapter 24 – GMRP
Syntax gmrp – enter the gmrp sub group of commands

Syntax gmrp <enable|disable> – enable or disable the gmrp capabilities

Syntax set-port port=<port|list|range> status=<enable|disable>

default=<all|reg|auto|block> – set port to change port status

Syntax show-ports [port=<port|list|range>] – display the current GMRP ports status

Stntax show-group – display Multicast Group

Chapter 25 – Static Multicast Group

Syntax multicast – enter the multicast group of commands

Syntax multicast <enable|disable> – enable or disable the multicast group capabilities

Syntax show-multicast – displays the Static Groups Defined

Syntax group – displays a multicast group, and to add, edit or delete a multicast group

Chapter 26 – Miscellaneous Commands

Syntax alarm – enter the alarm configuration mode

Syntax add event=<event-id|list|range|all> – enables alarm action in response to the specified event ID

Syntax period time=<1..10> – sets the duration of relay action for the momentary type signal. This may be needed to
adjust to the behavior of the circuit or relay. Default is 3 seconds. Time is in seconds

Syntax del event=<event-id|list|range|all> – disables alarm action in response to the specified event ID

Syntax alarm <enable|disable|reset> [event=<all|number|list>] – globally enables or disables the

alarm action. This command also resets the alarm. alarm reset without an event number will reset all alarms

Syntax show alarm – displays the current status of Alarm system

356
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax set motd – after the command is typed, MNS allows you to enter the Banner message

Syntax show motd – displays the current message set

Syntax smtp – configure the SNMP alerts to be sent via email

Syntax show smtp <config|recipients> – config – displays the current SMTP global settings and
recipients displays the currently configured recipients of email alerts

Syntax rate-limit port=<port|list|range> [type=<broadcast|multicast|xcast|all>]

[status=<enable|disable>] – set port, list, range and type - enable or disable the rate limit port capability

Syntax rate-limit src-filter=<enable|disable> – enable or disable the rate limit of the src-filter

Syntax rate-threshold port=<port|list|range> rate=<frames/sec> – set the rate limit in frames per
second - between 200 to 50,000 frames per second

Syntax show cpu-usage – shows percentage of current, past seconds, past 10 seconds of the CPU Load

Syntax show cpu-usage thread – shows cpu usage of each thread

Syntax add id=<1-5> email=<email-addr> [traps=<all|none|S|R|E>]

[events=<all|none|I|A|C|F|D>] [ip=<ip-addr>] [port=<1-65535>]

id – [mandatory] the recipient ID - range from 1 to 5. MNS-6K allows a maximum of 5

recipients

email – [mandatory] email address of the recipient

traps – [optional] this is the trap filter. If value is all, all traps of any type will be sent to this
recipient. If value is none, no traps are sent to this recipient. Value can also be a
combination of S (SNMP), R (RMON) and E (ENTERPRISE). For example, trap=SR
means that SNMP and RMON traps will be sent via email to the recipient. If this option
is not defined, the recipient will have a default value of all.

events – [optional] this is the event filter. Value can be all - all event severity types will be sent
to recipient, none - no event will be sent to recipient or a combination of I
(informational), A (activity), C (critical), F (fatal) and D (debug). With event=ACF
implies that events of severity types activity, critical and fatal will be sent to recipients by
email. If this option is not defined, a value of all is taken.

ip – [optional] SMTP server IP address. This is the SMTP server to connect to for this particular
user. If this option is not defined, the global/default SMTP server is used.

port – [optional] TCP port of the SMTP server. If this is not defined, the global default TCP
port is used.

357
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax delete id=<1-5> – delete the specific id specified. The deleted id no longer receives the traps via email. The id is
added using the add command.

Syntax sendmail server=<ip-addr> to=<email-addr> from=<email-addr>

subject=<string> body=<string> – customize (and also to send a test email to check SMTP settings)
the email sent out by specifying the email subject field, server address, to field and the body of the text. See example
fo the body of the text message later in this chapter.

server – [mandatory] SMTP server IP v4 address.

to – [mandatory] the recipient email address

from – [mandatory] the sender email address.

subject – [mandatory] email subject or title

body – [mandatory] email body

Syntax server ip=<ip-addr> [port=<1-65535>] [retry=<0-3>] – configure the global SMTP server settings

ip – [mandatory] SMTP server IP address

port – [mandatory] TCP port to be used for SMTP communications – default is 25

retry – [optional] specifies how many times to retry if an error occurs when sending email.
Range from 0 to 3. Default is 0.

Syntax smtp <enable|disable> – enables or disables SMTP to send SNMP alerts by email

Syntax exportlog mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]

[doctype=<raw|html>] – facilitates the export of the event log information as a text file or as an HTML
file

Syntax show power – show the status of the power supplies

Syntax show fans – display the status of the fans

Syntax show temp – display the internal ambient temperature

Syntax poe port=<port|list|range> status=<enable|disable> – Enables/disables PoE on the ports

Syntax poereset port=<port|list|range> timer=<2..10> – Reset timer on PoE ports. The timer is in
seconds.

Syntax show-poe – Display PoE status for all the ports

358
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Syntax reboot-scheduler <enable|disable> – enable or disable reboot scheduler

Syntax show reboot-scheduler – display reboot scheduler settings

Syntax set reboot-date year=<2001-2035> month=<1-12> day=<1-31> – set the reboot year, month and
day

Syntax set reboot-time hour=<0-23> min=<0-59> sec=<0-59> – set the reboot time (24 hour clock)

Syntax set reboot-frequency freq=<once|daily|weekly|monthly> – set the reboot frequency i.e. how
often should the reboot occur – once, daily, weekly or monthly

Syntax set reboot-reminder rmdr=<1-99 minutes> – set a reminder for users connected. The reminder is sent out as
a broadcast message to users connected

Syntax !! – repeat the last command

Syntax !<n> – repeat the n th command (as indicated by a show history)

Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only those
commands executed are shown

Syntax <Up-arrow> – every time the key is pressed, the last command is printed on the screen but not executed. This
allows for editing errors made in typing

Syntax <Down-arrow> – opposite of Up-arrow key

Syntax set ftp mode=<normal|passive> – set the FTP mode of operation

Syntax show ftp – display the current FTP operation mode

Syntax show version – displays the version of MNS-6K being used

Syntax ping <ipaddress> [count=<1-999>] [timeout=<1-256>] – use the ping command to test
connectivity

Syntax set prompt <prompt string> – set the prompt for switch. The prompt has predefined variables. These are
$n : System Name; $c : System Contact; $l : System Location; $i : System IP; $m : System MAC; $v :
Version; $$ : $ Character; $r : New Line; $b : Space

359
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

APPENDIX

2
Appendix 2 - Commands Sorted
Alphabetically
Command Description
!! repeat the last command
!<n> repeat the “n”th command (as indicated
by a show history)
<command string> <TAB> options for a command
<Down-arrow> opposite of Up-arrow key
<first character of the command> listing commands starting with the
<TAB> character
<TAB> listing all commands available at the
privilege level
<Up-arrow> every time the key is pressed, the last
command is printed on the screen but not
executed. This allows for editing errors
made in typing
access setup access configuration parameters
action port=<num|list|range> action to perform in case of breach of
<none|disable|drop> port security
add event=<event-id|list|range|all> enables alarm action in response to the
specified event ID
add id=<1-5> email=<email-addr> setup email id for receiving SNMP trap
[traps=<all|none|S|R|E>] information by email
[events=<all|none|I|A|C|F|D>]
[ip=<ip-addr>] [port=<1-65535>]
add id=<vlan Id> [name=<vlan name>] adding VLAN
port=<number|list|range>
[forbid=<number|list|range>]
[<mgt|nomgt>]
add user=<name> level=<number> adding a user

360
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
add port=<number|list|range> add the specified list of ports to form the
[priority=<0-65535>] logical LACP trunk. Default value for
priority is 32768. The lower the value
assigned to priority, the higher the
priority. The port with the highest priority
is the primary port (over which certain
types of traffic like IGMP is transmitted).
Requires the lacp command (module).

addlease ip=<ip> mac=<mac> add a specific host with a specific IP

[leasetime=<lease time (1..10)>] address
alarm enter the alarm configuration mode
alarm <enable|disable|reset> globally enables or disables the alarm
[event=<all|number|list>] - action. This command also resets the
alarm. "alarm reset" without an event
number will reset all alarms
alarm def-owner=<string> def- define the RMON alarm group and the
comm=<string> community string associated with the
group
allow ip=<ipaddress> allow specific IP address or range of
mask=<netmask> service=<name|list> addresses as a trusted host(s)
allow mac=<address|list|range> specify a specific MAC address or MAC
port=<num|list|range> address list
announce=announce shows the intervals of the ptp
interval=<1|2|4|8|16> configuration
auth configuration mode to configure the
802.1x parameters
auth <enable|disable> enables or disables the 802.1x
authenticator function on MNS-6K
switch
authorize <module> key=<security activate the S-Ring or MNS-6K-SECURE
key> capabilities. Don’t forget to use the
“save” command to save the key
authserver [ip=<ip-addr>] define the RADIUS server
[udp=<num>] [secret=<string>]
authtraps <enable|disable> enables or disables authentication traps
generation
backend port=<num|list|range> configure parameters for EAP over
supptimeout=<1-240>] RADIUS
[servertimeout=<1-240>] [maxreq=<1-
10>]
backpressure rxthreshold=<value> configure backpressure buffers

361
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
broadcast-protect <enable|disable> protect switch from broadcast storms
chlevel user=<name> level=<number> changing the user privilege level
clear <history|log [1..5 |informational clear command to clear various aspects of
|activity |critical |fatal |debug] the MNS-6K information – most notably
|terminal |arp|portstats|addr] “clear addr” – clears the addresses learnt
or “clear log” to clear the logs (and the
type of logs)
clear log [fatal |alert| crit|error| warn| clear logs or specific type of logs
note|info|debug]
clear-reserveip ip=<ip> clear the reverse IP assigned
climode <script|console|show> set the interactive CLI mode on (console)
or off (script). To see the mode – use the
show option
com2sec <add|delete> id=<id> a part of the View based Access control
[secname=<name>] [source=<source>] model (VACM) as defined in RFC 2275.
[community=<community>] This specifies the mapping from a
source/community pair to a security
name. On MNS-6K, up to 10 entries can
be specified
command <Enter> options for a command
community [write=<write community>] set the necessary community strings
[read=<read community>] [trap=<trap
community>]
config startip=<start ip> configure the DHCP lease request
endip=<endip> mask=<mask> [dns=< parameters such as starting IP address,
dns1, dns2,..dns10>] ending IP address, DNS server
[gateway=<gateway>] parameters, default gateway IP address
[leasetime=<lease time(1..10 hours)>] and lease time. Requires dhcpserver tobe
active.
config dhcpserverip=<DHCP server IP> configure the DHCP server IP and
<add|del> port=<port|list|range> add/delete DHCP services on specified
ports on the switch. Requires dhcprelay
command to be active.

configure access sets the access parameters e.g. disable

telnet session
cost port=<number|list|range> cost is specific to a port and the port(s)
value=<0-65535> have to be specified
configure port-security sets the port authorization based on MAC
addresses
configure vlan type=port enter the VLAN configuration commands
cost port=<number|list|range> cost is specific to a port and the port(s)
value=<0-65535> have to be specified

362
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
deftrap community=<string> defines the default community string to
be used when sending traps. When user
does not specify the trap community
name when setting a trap station using the
“trap” command, the default trap
community name is used
del event=<event-id|list|range|all> disables alarm action in response to the
specified event ID
del port=<number|list|range> delete specified ports from the LACP
membership. Requires the lacp module.
delete id=<1-5> delete the specific id specified. The
deleted id no longer receives the traps via
email. The id is added using the “add”
command
delete user=<name> deleting a user
deny ip=<ipaddress> deny specific IP address or range of IP
mask=<netmask> service=<name|list> addresses
device configure device and port specific settings
dhcpsrv <start|stop> start or stop the DHCP server. By
default, the server is off
dhcprly <start|stop> start/stop the DHCP relay services
dualhome enter the dual-homing configuration
subsystem
dualhome <enable|disable> enable or disable dual-homing
dualhome add port1=<port#> dual-homing setup similar to that of
port2=<port#> unmanaged switches such as ES42
OR
dualhome add primary=<port#> dual-homing setup as primary-secondary
secondary=<port#> mode
dualhome del delete the dual-homing setup
edit id=<vlan id> [name=<vlan name>] edit existing VLAN name
port=<number|list|range>
[<mgt|nomgt>]
edit port=<number|list|range> edit the membership of the ports
[priority=<priority>] specified for LACP ports. The priority
can be from 0 – 6553. Requires LACP
module.

363
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
enable <user-name> changing the privilege level
engineid string=<string> every agent has to have an engineID
(name) to be able to respond to SNMPv3
messages. The default engine ID value is
“6K_v3Engine”. This command allows
the user to change the engine ID
event def-owner=<string> def- define the RMON event group and the
comm=<string> community string associated with the
group
exportlog mode=<serial|tftp|ftp> facilitates the export of the event log
[<ipaddress>] [file=<name>] information as a text file or as an HTML
[doctype=<raw|html>] file

flowcontrol xonlimit=<value> configure flow control buffers

xofflimit=<value>
forceversion <stp|rstp> set the STP or RSTP compatibility mode
ftp <get|put|list|del> upload and download information using
[type=<app|config|oldconf|script|host ftp command. The IP address can be a
s|log|cert>] [host=<hostname>] IPv4 address or an IPv6 address
[ip=<ipaddress>] [file=<filename>]
[user=<user>] [pass=<password>] –

where
<get|put|list|del> - different FTP
operations
[type=<app|config|oldconf|script|ho
sts|log|cert>] – optional type field. This
is useful to specify whether a log file or
host file is uploaded or downloaded. This
can also perform the task of exporting a
configuration file or uploading a new
image to the switch. Note - cert allows a
new certificate to be loaded to the switch.
The default certificate is a self signed
certificate from GarrettCom Inc.

[host=<hostname>] [ip=<ipaddress>]
[file=<filename>] [user=<user>]
[pass=<password>] – parameters
associated with FTP server for proper
communications with the server

364
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
gmrp enter the gmrp sub group of commands
gmrp <enable|disable> enable or disable the gmrp capabilities
group <add|delete> id=<id> a part of the View based Access control
[groupname=<name>] model (VACM) as defined in RFC 2275.
[model=<v1|v2c|usm>] This command defines the mapping from
[com2secid=<com2sec-id>] sec model or a sec name to a group. A sec
model is one of v1, v2c, or usm. On
MNS-6K, up to 10 entries can be
specified
group add ip=<group ip> add ports to a specific IGMP broadcast.
port=<number|list|range> This commands is part of the IGMP
vlan=<vlanid> commands

group del ip=<group ip>

delete ports from a specific IGMP
broadcast group
gvrp <enable|disable> enable or disable GVRP
host <add|edit|del> name=<host- create a host entry for accessing host.
name> [ip=<ipaddress>] [user=<user>] This is equivalent to creating a host table
[pass=<password>] on many systems. Maximum of 10 such
entries are allowed
help <command string> help for a specific command
history def-owner=<string> def- define the RMON history group and the
comm=<string> community string associated with the
group
igmp IGMP configuration mode
igmp <enable/disable> enable or disable IGMP on the switch
ipconfig [ip=<ip-address>] to set IP address on the switch
[mask=<subnet-mask>]
[dgw=<gateway>]
kill config [save=system] resets the system configuration. The
module_name option does not reset the
specific module parameters. The modules
are system, event, port, bridge, stp, ps,
mirror, sntp, vlan, gvrp and snmp
kill session id=<session> terminate a telnet session. See also “show
session”
lacp enable the LACP configuration module
within CLI
lacp <enable | disable> enable or disable LACP
lldp <enable|disable> enables or disables LLDP
lll <enable|disable> enable or disable LLL on the switch

365
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
gmrp enter the gmrp sub group of commands
lll add port=<port|list|range> enable LLL on the list of specified ports
lll del port=<port|list|range> disable LLL on the list of specified ports
loadconf mode=<serial|tftp|ftp> loading the previously saved
[<ipaddress>] [file=<name>] configuration from the network using
tftp, ftp or serial protocols
logout logout from the CLI session
map priority=<high|normal|medium depending on the type of QOS, the
|low> [tos=<0-63|list|range>] priorities and Type of Service has to be
[tag=<0-7|list|range>] mapped using this command. For
example, for the priority "high" the Type
of service can be set to 24 and 48. The tag
can be set to 3
mcast <enable | disable> enable or disable unknown multicast
streams. The default is enabled
mgrip <add|delete> ip=<IPaddress> adds or deletes a management station,
specified by the IP address, which can
query SNMP variables from the switch.
This is done to protect the switch from
being polled by unauthorized managers.
Applicable for SNM v1 only. Maximum
of five stations allowed.
modbus <enable|disable> enable or disable the MODBUS protocol
modbus port=<port#|default> change the default MODBUS TCP port
number or reset it to default TCP port
502
modbus device=<device|default> change the MODBUS default device type
or reset it to default value of 5
mode <l2|normal> set the IGMP mode to be IGMP-L2
mode or normal IGMP mode
more <enable|disable|show> enable or disable the scrolling of lines one
page at a time
multicast enter the multicast group of commands
multicast <enable|disable> enable or disable the multicast group
capabilities
group displays a multicast group, and to add,
edit or delete a multicast group
show-multicast displays the Static Groups Defined

passwd user=<name> changing a password for a user

period time=<1..10> sets the duration of relay action for the
momentary type signal. This may be
needed to adjust to the behavior of the

366
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
gmrp enter the gmrp sub group of commands
circuit or relay. Default is 3 seconds. Time
is in seconds

ping <ipaddress> [count=<1-999>] use the ping command to test

[timeout=<1-256>] connectivity
ping6 <ipv6-address> ping an IPv6 station
poe port=<port|list|range> enables/disables PoE on the ports
status=<enable|disable>
poereset port=<port|list|range> reset timer on PoE ports. The timer is in
timer=<2..10> seconds.
port port=<number|list|range> set the port type for RSTP
[status=<enable|disable>]
[migration=<enable>]
[edge=<enable|disable>]
[p2p=<on|off|auto>]

port port=<number|list|range> specific ports may not need to participate

status=<enable|disable> in STP process. These ports typically
would be end-stations. If you are not sure
- let MNS-6K software make the
decisions
portaccess port=<num|list|range> set port access parameters for
[quiet=<0-65535>] [maxreauth=<0-10>] authenticating PCs or supplicants
[transmit=<1-65535>]

port-mirror <enter> configure port mirror settings

port-security configure port security settings
power-profile= [<enable|disable>] enable or disable, vlan, prio and gmid
[vlan=<none|0-4095>] [prio=<0..7>] capabilities
[gmid=<3-254>]

priority [port=<number|list|range>] specifies the port or switch level priority.

value=<0-255 | 0-65535> When a port(s) are specified the priority is
associated with ports and their value is 0-
255. If no ports are specified, then the
switch (bridge) priority is specified and its
value is 0-65535
priority [port=<number|list|range>] specifies the port or switch level priority.
value=<0-255 | 0-65535> When a port(s) are specified the priority is
associated with ports and their value is 0-
255. If no ports are specified, then the

367
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

switch (bridge) priority is specified and its

value is 0-65535

prtmr <enable|disable> enable or disable port mirror settings

ps <enable|disable> enable or disable port security
ptp enter the PTP sub group of commands
ptp <enable|disable> enable or disable the ptp capabilities
qos enter the QoS configuration mode
quickcfg quick setup for snmpv3 configuration. It
automatically configures a default VACM
(view-based access control model). This
allows any manager station to access the
Magnum 6K switch either via SNMP v1,
v2c or v3. The community name is
“public”. This command is only intended
for first time users and values can be
changed by administrators who want
more strict access
rate-limit <enable|disable|default> enable or disable the rate limit capability

rate-threshold port=<port|list|range> set the rate limit in frames per second –

rate=<frames/sec> between 200 to 50,000 frames per second

rate-limit port=<port|list|range> rate limit the type of traffic on a port

[type=<broadcast|multicast>]
[status=<enable|disable>]

reauth port=<num|list|range> set values on how the authenticator

[status=<enable|disable>] [period=<10- (Magnum 6K switch) does the re-
86400>] authentication with the supplicant or PC
reboot restart the switch same effect as physically
turning off the power
reboot-scheduler <enable|disable> enable or disable reboot scheduler

remove ip=<ipaddress> mask= delete a specific IP address from the

<netmask> access or trusted host list
remove mac=<all|address|list|range> remove a MAC address entry
port=<num|list|range>
removeall remove all IP addresses of trusted hosts
reserve-ip ip=<ip> [mac=<mac>] reserve a specific IP address for a device

368
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

rmon enter the RMON configuration mode to

setup RMON groups and communities
rstp enter the RSTP configuration mode
rstp <enable|disable> enable RSTP – by default, this is disabled
and has to be manually activated
save save changes made to the configuration
saveconf mode=<serial|tftp|ftp> saving the configuration on the network
[<ipaddress>] [file=<name>] using tftp, ftp or serial protocols
sendmail server=<ip-addr> to=<email- customize (and also to send a test email
addr> from=<email-addr> to check SMTP settings) the email sent
subject=<string> body=<string> out by specifying the email subject field,
server address, to field and the body of
the text. See example fo the body of the
text message later in this chapter
server ip=<ip-addr> [port=<1-65535>] configure the global SMTP server settings
[retry=<0-3>]
server add host=<host|ip> add a syslog server. Maximum of five
[port=<port>] servers can be defined. Note use the
[event=<all|none|default|list>] “syslog” command to use this command
server edit id=<id> [host=<host|ip>] edit the server setup as well as which
[port=<port>] syslog messages the server should receive.
[event=<all|none|default|list>] Note use the “syslog” command to use
this command
server del id=<id> delete a Syslog server. Note use the
“syslog” command to use this command
server <enable|disable> id=<id> enable or disable the log messages being
sent to a syslog server. Note use the
“syslog” command to use this command
set bootmode assign the boot mode for the switch
type=<dhcp|bootp|manual|auto>
[bootimg=<enable|disable>]
[bootcfg=[<enable|disable>]
set date year=<2001-2035> month=<1- sets the date and the format in which the
12> day=<1-31> date is displayed
[format=<mmddyyyy|ddmmyyyy|yyyy
mmdd>]
set daylight country=< country name> set the daylight saving time
set dns [server=<ip>] [domain=<domain specify a DNS server to look up domain
name>] <enable|disable|clear> names. The sever IP can be a IPV6
address as well as an IPV4 address
set ftp mode=<normal|passive> set the ftp mode of operation
set history size=<1..100> set the history stack size – i.e. the number of

369
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

commands to remember
set hw rev=4 display the hardware revision number
set igmp mode= <normal|l2> set the IGMP mode. Normal is when a
L3 device is in the network and is the
IGMP root. The IGMP-L2 is used when
there is no L3 device in the network
set logsize size=<1-1000> set the log buffer size
set module id display module id update
set motd after the command is typed, MNS allows
you to enter the Banner message
set password set or change password
set prompt <prompt string> set the prompt for switch. The prompt
has predefined variables. These are $n :
System Name; $c : System Contact; $l :
System Location; $i : System IP; $m :
System MAC; $v : Version; $$ : $
Character; $r : New Line; $b : Space
set reboot-date year=<2001-2035> month set the reboot year, month and day
=<1-12> day=<1-31>
set reboot-frequency freq=<once|daily set the reboot frequency i.e. how often
|weekly|monthly> should the reboot occur – once, daily,
weekly or monthly
set reboot-reminder rmdr=<1-99 set a reminder for users connected. The
minutes> reminder is sent out as a broadcast
message to users connected
set reboot-time hour=<0-23> min=<0- set the reboot time (24 hour clock)
59> sec=<0-59>
set secrets <hide|show> sets the system parameter to display or
hide the passwords
set snmp type=<v1|all> define the version of SNMP to use – the
option all supports all versions (v1, v2
and v3) – v1 restricts SNMP to v1 only.
By default – SNMP v1only is enabled

set serial [baud=<rate>] set serial port parameters

[data=<5|6|7|8>]
[parity=<none|odd|even>]
[stop=<1|1.5|2>]
[flowctrl=<none|xonxoff>]
set stp type=<stp|rstp> set the switch to support RSTP or change
it back to STP. Need to save and reboot
the switch after this command

370
 M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

set serial [baud=<rate>] set serial port parameters

[data=<5|6|7|8>]
[parity=<none|odd|even>]
[stop=<1|1.5|2>]
[flowctrl=<none|xonxoff>]
set time hour=<0-23> min=<0-59> sets the time
sec=<0-59>
set timeformat format=<12|24> set the display time in the 12/24 hour
mode
set daylight country=< country set the DST setting by using rules for the
name|none> country
Syntax set daylight country=name [sthr=<0..23> specify the daylight saving time specifying
stmin=<0..59> stdate=<1..31> the country name, start month/day/time
stmon=<Jan..Dec> stday=<Sun..Sat> and end month/day/time
endhr=[0..23> endmin=<0..59>
enddate=<1..31> endmon=<Jan..Dec>
endday=<Sun..Sat>]
set vlan type=<tag|none> defines the VLAN type
set-forbid vlan=<tag vlanid> sets the forbid GVRP capability on the
forbid=<port-number|list|range> ports specified
set-leave <enable|disable> enables or disables the switch to
immediately process a host sending a
leave message rather that wait for the
timer to expire
setport monitor=<number|list|range> set port mirror settings
sniffer=<sniffer port number>
set-port port=< port|list|range> set the port characteristics for IGMP.
mode=<auto|forward|block> Block drops the unregistered multicasts.
Forward forwards unregistered multicasts
set-port port=<number|list|range> sets the default VLAN id. For Magnum
defaultid=<number> 6K family of switches, the default VLAN
id is 1, unless changed using this
command
set-port port=<number|list|range> enables or disables the VLAN filtering
filter status=<enable|disable> function.
set-port port=<number|list|range> join adds the specified port(s) to the specified
id=<number> VLAN id
set-port port=<number|list|range> releases a specific port from a VLAN
leave id=<number>
set-port port=<port|list|range> this command is used to specifically set
[tag=<enable|disable>][tos=<enable the QoS settings of a specific port or port
|disable>] [default=<0-7>] group of a list of ports. The packet exiting
(egress) will be assigned these settings
specified by this command.

371
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

set serial [baud=<rate>] set serial port parameters

[data=<5|6|7|8>]
[parity=<none|odd|even>]
[stop=<1|1.5|2>]
[flowctrl=<none|xonxoff>]
set-port port=<number|list|range> (Note - this command is the same as
tagging id=<number> status=<tagged| above - used with MNS-6K version
untagged> 4.1.x only) defines whether the outgoing
packets from a port will be tagged or
untagged.
set-port port=<number|list|range> set the LLDP information propagation
status=<disable|tx|rx|txrx> notify = capabilities of the port. In this command
<enable| disable> manaddr=<enable Port=number signifies the port number
|disable> tlvmap=<portdesc,sysname, or range of port numbers.
sysdesc, syscap|none> Status defines the function which will be
atributed to the port. The status can be
disable the LLDP function for the
specific port(s), enable LLDP in the
transmit or receive or transmit-receive
mode.
Manaddr enables the MAC address
discovery
Tlvmap defines which of the MIB
information will be propageted. The MIB
information allowed are Port Description,
System Name, System Description,
System Capabilities and "None" or no
information is sent.

setport port=<num|list|range> setting the port characteristic for an

[status=<enable|disable>] 802.1x network
[control=<auto|forceauth|forceunauth>
] [initialize=<assert|deassert>]
setport port=<port#|list|range> configure port settings
[name=<name>] [speed=<10|100>]
[duplex=<half|full>]
[auto=<enable|disable>]
[flow=<enable|disable>]
[bp=<enable|disable>]
[ffi=<enable|disable>]
[notify=<all|none|list>]
[status=<enable|disable>] [egress-
rate=<rate|none>]

372
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

setport port=<port|list|range> define the ports where PTP packets are

<enable|disable> examined for time synchronization
set-ports port=<port|list|range> set the state of the port to learn, block or
state=<learn|block|disable> disable for GVRP. Note the default state
is disable
setptp [clock=<auto|tc|bc>] set the behavior of the clock as a
[priority1=<0-255>] [priority2=<0-255>] boundary clock or transparent clock.
Priority 1 and Priority 2 are used by
network administrators to
deterministically set which clock becomes
the master clock in case there is a
resolution conflict or "tie"
set prompt <prompt string> set the prompt string

The length of the prompt is limited to 60

characters. The predefined variables are
$n : System Name
$c : System Contact
$l : System Location
$i : System IP
$m : System MAC
$v : Version
$$ : $ Character
$r : New Line
$b : Space

373
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
set-qi interval=<value> the IGMP querier router periodically
sends general host-query messages. These
messages are sent to ask for group
membership information. This is sent to
the all-system multicast group address,
224.0.0.1. The default value is 125
seconds. The valid range can be from 60
to 127 seconds.
set qos type=<port|tag|tos|none> depending on the type of QOS, the
port=<port|list|range> corresponding field has to be set. For
[priority=<high|low>] [tos=<0- example, for QOS type tag, the tag levels
63|list|range>][tag=<0-7|list|range>] have to be set, and for QOS type ToS,
the ToS levels have to be set. If the
priority field is not set, it then defaults to
low priority. ToS has 64 levels and the
valid values are 0-63 and a tagged packet
has 8 levels and the valid values are 0-7.
set-qri interval=<value> the query response interval is the
maximum amount of time that can elapse
between when the querier router sends a
host-query message and when it receives a
response from a host. The Default value
is 10 seconds. The Range can be from 2
to 270 seconds. Restrictions apply to the
maximum value because of an internal
calculation that is dependent on the value
of the Query Interval.
set-querier <enable|disable> enables or disables a switch as IGMP
querier
setsntp server = <ipaddress> timeout = setup the SNTP server
<1-10> retry = <1-3>

set-untag port=<port|list|range> the 802.1p user priority assigned to

priority=<high|low> tag=<0-7> untagged received packets to be
transmitted as tagged from the priority
queue
setvar set the system name, contact and location
[sysname|syscontact|syslocation]=<stri information
ng>
setvar sets the system name, contact and
[sysname|syscontact|syslocation]=<stri location. All parameters are optional but a
ng> user must supply at least one parameter

374
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

set-weight weight=<0-7> sets the port priority weight for All the
ports. Once the weight is set, all the
ports will be the same weight across the
switch. The valid value for weight is 0-7
stftp<get|put| list|del > upload and download information using
[type=<app|config|oldconf|script|host sftp command
s|log|cert>] [host=<hostname>]
[ip=<ipaddress>] [file=<filename>]
Where
<get|put| list|del > - different sftp
operations – get a file from the server or put
the information on the server or list files on
the server or delete files from the server
[type=<app|config|oldconf|script|ho
sts|log|cert>] – optional type field. This
is useful to specify whether a log file or
host file is uploaded or downloaded. This
can also perform the task of exporting a
configuration file or uploading a new
image to the switch. Note - cert allows a
new certificate to be loaded to the switch.
The default certificate is a self signed
certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>]
[file=<filename>] – parameters
associated with tftp server for proper
communications with the server

show address-table displays which mac address is associated

with which port for packet switching
show active-stp status whether STP or RSTP is running
show active-snmp display the version of SNMP currently in
use
show alarm displays the current status of Alarm
system
show auth <config|ports> Show the 802.1x configuration or port
status
show backpressure display backpressure buffers
show config [module=<module-name>] displays the configuration
[run|saved|script]
show console displays the console settings
show date displays the date
show dhcpsrv <config|status|leases> display the DHCP server configuration,
leases as well as status

375
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

show dhcprly <config|status> display the DHCP relay services

information
show dns display the DNS settings
show dualhome display dual-homing status
show fans display the status of the fans
show flowcontrol display flow control buffers
show ftp display the current ftp operation mode
show-group display Multicast Group
show gvrp shows whether GVRP is disabled, along
with the current settings for the
maximum number of VLANs and the
current Primary VLAN
show history Show the last 25 commands executed – if
less than 25 commands are executed, only
those commands executed are shown
show host display the hosts table entries
show hwrev display hardware revision number

show igmp IGMP operation status

show ip-access display all trusted hosts
show ipconfig shows the IP parameters set in the switch
show lacp displays the status and other relevant
LACP information
show lldp displays the status of LLDP
show lll display the status of LLL
show log display logs and specific types of logs
[fatal|alert|crit|error|warn|note|info|d
ebug]
show modbus display the status of modbus
show modules displays modules in different slots. If
there is a IEEE 1588 module present it
will display that.
show motd displays the current message set
show port[=<Port number>] display port settings
show port-mirror display port mirror settings
show port-security display port security settings
show power Show the status of the power supplies
show ptp Show the status of PTP (enabled or
disabled)
show qos [type=<port|tag|tos>] displays the QoS settings

376
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

[port=<port|list|range>]
show reboot-scheduler display reboot scheduler settings

show rmon <stats|hist|event|alarm> list the specific RMON data as defined by

the group type
show secrets display the status of secrets - i.e. hide the
passwords or display password in config
files saved
show serial displays the serial port settings

show session display the current telnet sessions. See

also “kill session”
show setup displays the system parameters setup on
the system
show smtp <config|recipients> config – displays the current SMTP global
settings and recipients displays the
currently configured recipients of email
alerts

377
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
show snmp displays the SNMP configuration
information
show sntpsrv display the status of SNTP server

show ssh display ssh setting. For displaying the

telnet setting use show console
show s-ring show the status of S-Ring
show stp <config|ports > regardless of whether STP is enabled or
disabled (default) this command lists the
switch’s full STP configuration, including
general settings and port settings
show stp <config|ports> display the RSTP or STP parameters
show sysconfig displays the settable system parameters
show syslog display the syslog settings
show sysname display the name of the system (Magnum
10KT)
show tacplus <status|servers> show status of TACACS or servers
configured as TACACS+ servers
show temp display the internal ambient temperature
show time displays the system time
show timezone displays the timezone information
show uptime displays the amount the time elapsed
since the last reboot or power failure
show version displays the version of MNS-6K being
used
show vlan type=<port|tag> display specific VLAN information
[<id=vlanid>]
show-authtrap displays the current value of
authentication trap status
show-deftrap displays the current value of default trap
show-forbid display the ports with GVRP forbid
capabilities
show-forceversion the current forced version
show-group shows the multicast groups
show-group [id=<id>] display all or specific group entries - id is
optional and is the number corresponding
to the group entry number in the table

show-poe display PoE status for all the ports

show-port display the port characteristics for IGMP

378
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

show-port= show ports and modes

show port [port=<port|list|range>] shows all parameters related to tag vlan
for the list of ports. If the port parameter
is omitted, it will display all ports
show-portweight display the weight settings on a port
show-remote displays remote or neighboring LLDP
information
show-router displays detected IGMP-enabled router
ports
show-stats port=<num> displays 802.1x related statistics
show-timers show the values of the timers set for
RSTP
show-trap [id=<id#>] shows the configured trap stations in
tabular format - id is optional and is the
number corresponding to the trap entry
number in the table
show-user [id=<id>] display all or specific view entries - id is
optional and is the number corresponding
to the view entry number in the table
show-view [id=<id>] display all or specific view entries - id is
optional and is the number corresponding
to the view entry number in the table
show-vlan list all the VLANs (including dynamic
VLANs) on the switch
signal port=<num|list|range> port to monitor and signal to send in case
<none|log|trap|logandtrap> of breach of port security
smtp configure the SNMP alerts to be sent via
email
smtp <enable|disable> enables or disables SMTP to send SNMP
alerts by email

379
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
snmp enter the SNMP Configuration mode
snmpv3 enter the SNMP V3 configuration mode
– note enable SNMP V3 by using the
“set snmp” command which follows
sntp [enable|disable] enable or disable the SNTP services
sntpserver enter the SNTP Server configuration
mode
sntpsrv <start|stop> start or stop the SNTP Services
ssh <enable|disable|keygen> enable or disable the server. Also can be
used for generating the key
ssh port=<port|default> select a different port number for SSH
communication
s-ring <enable/disable> enable or disable S-ring capabilities
s-ring add port=<port1,port2> define ports which make up the s-ring
ports. Note as discussed earlier, you can
create multiple s-rings on a switch
s-ring del port=<port1,port2> remove the switch from S-ring topology
by eliminating the end ports on the switch
s-ring learn start the learning process to discover the
ring and the ports which make up the s-
ring
sync interval = <250|500|1000|2000| set the sync interval (in milliseconds)
4000|8000|16000>
s-ring learn start the learning process to discover the
ring and the ports which make up the s-
ring
start vlan=<name|number|list|range> activate the VLAN configuration
static vlan=<VID> convert a dynamic VLAN to a static
VLAN
statistics def-owner=<string> def- define the RMON statistics group and the
comm=<string> community string associated with the
group
stp STP Configuration mode
stp <enable|disable> start (Enable) or stop (Disable) STP
sync [hour=<0-24>] [min=<0-59>] setup the frequency at which the SNTP
server is queried
syslog syslog context commands
syslog <enable|enable> enable (or disable) the syslog messages
tacplus <enable|disable> [ enable or disable TACACS
order=<tac,local | local,tac>] authentication, specifying the order in

380
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

which the server or local database is

looked up where “tac,local” implies, first
the TACAS+ server, then local logins
on the device
tacserver <add|delete> id=<num> adds a list of up to five TACACS+
[ip=<ip-addr>] [port=<tcp- servers where
port>] <add|delete> – [mandatory] adds or
[encrypt=<enable|disable>] delete a TACACS+ server.
[key=<string>] id=<num> – [mandatory] the order in
[mgrlevel=<level>] which the TACACS+ servers should be
[oprlevel=<level>] polled for authenticaton
[ip=<ip-addr>] – [mandatory for add]
the IP address of the TACACS+ server
[port=<tcp-port>] – [optional for add]
TCP port number on which the server is
listening
[encrypt=<enable|disable>] –
[optional for add] enable or disable packet
encryption
[key=<string>] – [optional for add,
mandatory with encrypt] when encryption
is enabled, the secret shared key string
must be supplied
[mgrlevel=<level>] and
[oprlevel=<level>] – [optional] specifies
the manager and operator level as defined
on the TACACS+ server for the
respective level of login
telnet <enable|disable> enable or disable telnet sessions

telnet <ipaddress> [port=<port telnet from the switch. The IP address

number>] can be an IPv4 address or an IPv6
address
timers forward-delay=<4-30> hello=<1- change the STP Forward Delay, Hello
10> age=<6-160> timer and Aging timer values
timers [txint=<5..32768>] set TLV timers for LLDP
[txhold=<2..10>] [reinit=<1..10>]
[txdly=<1..txint*4>] [notify=<5..3600>]

tftp <get|put> upload and download information using

[type=<app|config|script|hosts|log|ce tftp command
rt>] [host=<hostname>]
[ip=<ipaddress>] [file=<filename>]

where
<get|put> - different tftp operations – get

381
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

a file from the server or put the information

on the server
[type=<app|config|oldconf|script|ho
sts|log>] – optional type field. This is
useful to specify whether a log file or host
file is uploaded or downloaded. This can
also perform the task of exporting a
configuration file or uploading a new
image to the switch. Note - cert allows a
new certificate to be loaded to the switch.
The default certificate is a self signed
certificate from GarrettCom Inc.
[host=<hostname>] [ip=<ipaddress>]
[file=<filename>] – parameters
associated with tftp server for proper
communications with the server

tftpsrv <start|stop> start and stop tftp server services

traps <add|delete> add SNMP v1 traps as well as define the

type=<Snmp|Rmon|Snmp,Rmon| trap receiver
Enterprise| Snmp,Enterprise
|Rmon,Enterprise|All> ip=<ipaddress>

trap <add|delete> id=<id> define the trap and inform manager

[type=<v1|v2|inform>] [host=<host- stations. The station can receive v1, v2
ip>] [community=<string>] [port=<1- traps and/or inform notifications. An
65534>] inform notification is an
acknowledgments that a trap has been
received. A user can add up to 5 stations.
trigger-reauth port=<num|list|range> manually initiate a re-authentication of
supplicant
for quickly adding or deleting v3 USM
based security, this command adds user
entries. MNS-6K allows up to 5 users to
be added. Right now, the MNS-6K agent
only support noauth and auth-md5 for v3
authentication and auth-des for priv
authentication
useraccess user=<name> defines the services available to the user
service=<telnet|web|acl> to access the device for modifying the
<enable|disable> configuration

382
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

useraccess user=<name> group=<list> set read or write access for the command
type=<read|write> <enable|disable> group
useraccess groups displays the current groups
view <add|delete> id=<id> a part of the View based Access control
[viewname=<name>] model (VACM) as defined in RFC 2275.
[type=<included|excluded>] This command defines a manager or
[subtree=<oid>] [mask=<hex-string>] group or manager stations what it can
access inside the MIB object tree. On
MNS-6K, up to 10 entries can be
specified
userauth <enable|disable> enable or disable user access to MNS-6K-
SECURE by authenticating the user
against the RADIUS server

383
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

Command Description
vlan <enable | disable> configure VLAN commands
vlan enter the VLAN command set
vlan type=port enter the VLAN configuration commands
xmodem <get|put> upload and download information using
[type=<app|config|oldconf|script|host xmodem command and console
s|log|cert>] connection

where
<get|put> - different xmodem file transfer
operations – get a file from the server or put
the information on the server
[type=<app|config|oldconf|script|ho
sts|log|cert>] – optional type field. This
is useful to specify whether a log file or
host file is uploaded or downloaded. This
can also perform the task of exporting a
configuration. Note - cert allows a new
certificate to be loaded to the switch. The
default certificate is a self signed certificate
from GarrettCom Inc.

384
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

APPENDIX

3
Appendix 3 - Daylight Savings
No time like the present. . .

Daylight Savings Time

Magnum6K Switches provide a way to automatically adjust the system clock for Daylight Savings
Time (DST) changes. In addition to the value "none" (no time changes), there are fifteen pre-
defined settings, a few examples are:
• Alaska
• Canada and Continental US
• Middle Europe and Portugal
• Southern Hemisphere
• Western Europe

The pre-defined settings follow these rules:

Alaska
th
• Begin DST at 2am the first Sunday on or after April 24
th
• End DST at 2am the first Sunday on or after October 25
Canada and Continental US
st
• Begin DST at 2am the first Sunday on or after April 1
th
• End DST at 2am the first Sunday on or after October 25
Middle Europe and Portugal
th
• Begin DST at 2am the first Sunday on or after March 25
th
• End DST at 2am the first Sunday on or after September 24
Southern Hemisphere
th
• Begin DST at 2am the first Sunday on or after October 25
st
• End DST at 2am the first Sunday on or after March 1
Western Europe:
rd
• Begin DST at 2am the first Sunday on or after March 23
rd
• End DST at 2am the first Sunday on or after October 23

385
D A Y L I G H T S A V I N G S T I M E

Daylight saving time is defined for the following countries

Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq, Italy,
London, Namibia, Portugal, Russia, Spain, Sweden, Switzerland, Syria, USA

Note as of Release 3.7, the new daylight saving times dates enforced as of 2007, for the time
zones and states in US, have been implemented in MNS-6K.

386
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

APPENDIX

4
Appendix 4 – Browser Certificates
You shouldn't overestimate the I.Q. of crooks — NYT: Stuart A. Baker, General Counsel for the NSA

There is no security on this earth. Only opportunity. – Douglas MacArthur

Certificates
Certificates are means for authenticating the validity of sites, servers or other devices user
can connect to for services. These include web servers, print servers, data services and more.
Normally, users encounter the certificates when they sign on to web services.

One of the common methods of compromising the security is to create phishing sites.
Phishing sites look like the real web site and extract information from a valid user which
them compromises the security of the user typically impersonating the individual to access
information or money or other services faking their identity. This is commonly used to
compromise security.

Many devices as well as web sites, today use secure methods to communicate via the web.
Once secure web communications are required, the browsers look at the certificate and
match the URL information to the certificate information. If the information does not
match, the browser flags the site as a compromised site.

Certificates allow a user accessing a web site to authenticate whether they are in fact on the
proper web site. To do that, there are Certificate Authorities who validate the authenticity of
the site and can issue a public certificate. This process usually costs money and time in
validation etc.

Many devices use self signed certificates. Self signed certificates allow a vendor to insert in a
signature to identify their device and other parameters. Many times, the user accessing the
device will find that the device they are accessing and the self signed certificate do not
match. The browser will typically catch that and will warn a user about accessing the site.
The rest of the sections below will describe how to use the browsers with GarrettCom self
signed certificates.

387
B R O W S E R C E R T I F I C A T E S

Using Mozilla Firefox

Mozilla Firefox ensures that the user validate the certificate before it allows the user to
proceed to the site when the URL address does not match the information in the self signed
certificate.

FIGURE 176 – On finding a mismatch between the certificate and the accesses site, Mozilla Firefox pops
the window. Note – the site was accessed using the IP address. Typically, sites accessed by their IP address
will trigger this mismatch.

Make sure you click on the URL as shown in the figure above.

388
B R O W S E R C E R T I F I C A T E S

FIGURE 177 – Mozilla Firefox tries to warn the user again about the dangers of sites with improper
certificates.

Click the Add Exception button.

389
B R O W S E R C E R T I F I C A T E S

FIGURE 178 – Firefox forces you to get the certificate before it lets you access the site.

Notice the browser points out other valid secure sites. Since the GarrettCom MNS-6K is a
self signed authenticated site, it is a good idea to proceed with this step and click on Get
Certificate as shown above.

390
B R O W S E R C E R T I F I C A T E S

FIGURE 179 – Here, you can view the certificate, permanently make an exception and confirm the
exception. The locations to do those are identified in this figure.

The self signed certificate from GarrettCom is shown in the next figure.

391
B R O W S E R C E R T I F I C A T E S

FIGURE 180 – Self signed certificate from GarrettCom Inc. for the MNS-6K family.

Once accepted, the user does not need to go through these steps again.

Using Internet Explorer

Internet Explorer provides a warning when the certificates do not match. There is no
mechanism to create a permanent exception using IE 7.

When the exception is pointed out by Internet Explorer, click on Continue as shown below.

392
B R O W S E R C E R T I F I C A T E S

FIGURE 181 – Using Internet Explorer.

Using Other Browsers

There are many other browsers such as Opera, Safari which are also widely used. There are
similar mechanisms built into these browsers to inspect the certificate and create an
exception. Please refer to their respective documentation for help.

393
M A G N U M 6 K F A M I L Y O F S W I T C H E S , M N S - 6 K C L I U S E R G U I D E

APPENDIX

5
Appendix 5 – Updating MNS-6K
Software
Keep up to date. . .

The steps required to update the MNS-6K software on your Magnum switch are listed on the
next page.

394
U P D A T I N G M N S - 6 K – S T E P 1

Step

1
Step 1 - Getting Started

Decide which version to use…

T his document describes how to upgrade the MNS-6K software on a Magnum 6K

switch. The methods described for updating the MNS-6K software are either locally at
the console port on the Magnum 6K switch or remotely over the network using FTP
or TFTP. This step involves getting ready with the necessary software and hardware tools as
well as deciding on which MNS-6K software version to update to.

Depending on the update process (update through the serial/console port or

remotely through the network), it would be best if the necessary tools listed
below are available, tested and working before you start.

For serial port updates directly through the serial/console port

7) A female-female null modem cable.
8) Serial port – if your PC does not have a serial port, you may want to invest in a
USB to serial converter. This is again available from LANstore or from
GarrettCom. Alternately a USB to serial cable can also be used. This cable is
available also available from LAN store or GarrettCom Inc.
9) A PC (or a workstation/computer) with a terminal emulation program such as
HyperTerminal (included with Windows) or Teraterm-pro or other equivalent
software. Make sure that the software supports Xmodem protocol
10) Enough disk space to store and retrieve the configuration files as well as copy
software files from GarrettCom. We recommend that at least 15MB of disk
space is available for this purpose
11) Manager level account name and password of the switch being upgraded
12) Connection to the Internet. Make sure the connection does not block the FTP
file transfers
For remote updates over the network:

395
U P D A T I N G M N S - 6 K – S T E P 1

1) A PC (or a workstation/computer) with a FTP as well as TFTP server software.

This software is widely available as a free download on the Internet. If you need
assistance in finding one, contact GarrettCom Technical Support at:
(510) 438-9071, email – [email protected].
2) Enough disk space to store and retrieve the configuration files as well as copy
software files from GarrettCom. We recommend at least 15 MB of disk space for
this purpose
3) Connection to the Internet. Make sure the connection does not block FTP file
transfers
4) IP address of the switch that is being upgraded. Along with that, the manager
level account name and password is also needed
5) Connection to the GarrettCom Magnum 6K switch. Make sure the Intranet over
where the software update will occur does not block FTP or TFTP traffic.

Selecting The Proper Version

The first step is to ensure that you have the proper version of the MNS-6K software. To
access the proper software, you will require access to the GarrettCom web site (and FTP
site) through a network which does not block the FTP file transfers. If your site blocks FTP
file transfer traffic, please contact your system administrator to figure out how to access the
GarrettCom site to download the necessary software.
First determine the version of the software on your switch. To do that, use the command
show version after connecting to the switch and logging in as manager, with the proper
password. If the password is lost or forgotten, please contact GarrettCom Inc., Technical
Support at (510) 438-9071, or email [email protected].
The table below lists the current MNS-6K version number and software version upgrade
path for the MNS-6K.
TABLE 1 – Software upgrade matrix .

Existing software version Upgrade Path What to do

Version 1.0 to Version 2.5 Contact GarrettCom customer support to upgrade the
software
Version 2.5.x or higher Latest Version of MNS- Download latest version of
6K MNS-6K from
ftp://ftp.garrettcom.com/
following the steps listed below

Downloading The MNS-6K Software

To download the MNS-6K software, follow these simple steps:

1) Access GarrettCom’s FTP site through any standard browser ftp://ftp.garrettcom.com

396
U P D A T I N G M N S - 6 K – S T E P 1

a) Note: Make sure the browser has the enable the ftp view option checked. For
Internet Explorer it can be enabled by using the menu Tools Internet options 
Advanced. If you are running a personal firewall or other firewall software, please
ensure that FTP protocol is allowed on the computer or the network.
b) If the site uses another socket number for FTP connections, use the socket number
at the end of the URL. For example, if the network administrator has setup a firewall
to use socket number 1684, the URL would be as follows:
ftp://ftp.garrettcom.com:1684
c) Note: You can use any other FTP program available on the Internet, including the
ftp command available on most operating systems instead of the browser for
downloading the software.

Remember the file name and the directory where the MNS-6K software
is stored. This will be needed later for the upgrade whether the MNS-6K
software is updated via the serial port or over the network.

Note the common error is to use ftp://www.garrettcom.com – this URL will not work.
It will give you an error. Please use ftp://ftp.garrettcom.com See the next Figure below.

2) Once the connection is established, use the user login as m6kuser and the password as
m6kuser. If you have previously established a different login/password for the
GarrettCom site, that login name and password can be used as well.

397
U P D A T I N G M N S - 6 K – S T E P 1

FIGURE 182 – Accessing the GarrettCom site for downloading.

Note if the browser does not support the login prompt, you can type in the user name
and password on the URL as follows:

ftp://m6kuser:[email protected]

3) After a successful login, select the proper folder for downloading the proper MNS-6K
software.

398
U P D A T I N G M N S - 6 K – S T E P 1

FIGURE 183 – Select the Software folder to get the latest version of MNS-6K.

4) Navigate to the folder MNS-6K. There are other folders with additional software, MIBs
as well as additional useful information for the Magnum-6K switches which you may
want to use later. From the MNS-6K folder download the latest Release Notes as well
as the files labeled Relx.x.bin, where x.x would be the release number. The release
numbers increase with new releases, so the higher the number, the more recent the
release is. The Release Notes provide additional information on the latest features and
functionality plus any other additional information not covered in the manuals.

FIGURE 184 – Navigate to the MNS-6K folder to download the latest MNS-6K software and the Release
Notes.

399
U P D A T I N G M N S - 6 K – S T E P 1

FIGURE 185 – Navigate to the proper version of the switch. For 6KL models select the 6KL folder. For all other
models, select the 6K folder.

5) Copy the necessary files by using the copy command. This can be done by using the
right click (or for left handed mouse – the left click) button and then selecting the copy
command. Note Linux or other operating system users, use the appropriate copy
command.
a) If you are using another FTP program, use that programs copy command. Ensure to
download the Rel.x.x.bin file in the binary mode, especially if you are using a
command line ftp command, or the MNS-6K image may be corrupted.

FIGURE 186 – Use the copy command to copy the files to the proper location.

400
U P D A T I N G M N S - 6 K – S T E P 1

6) Make sure you remember where the files are stored as these files will be needed for the
next step.

Refer to the section on Appendix 5 - Updating MNS-6K Software on page 394 in this
manual.

Next Steps
1) Access the GarrettCom Magnum 6K switch. The access can be over the console port
using the null modem cable or through the network using telnet. This is described in
Step 2 on the next page.
2) Save the existing configuration either through the serial port or through the network –
depending on the access method. This is also described in Step 2 on the next page.
3) Load the updated MNS-6K software and reboot the switch. This is described in Step 3
on page 408.
4) Optional Step: Reload the saved configuration. This is described in Step 4 on page 412.

401
U P D A T I N G S O F T W A R E – S T E P 2

Step

2
Step 2 - Preparing To Load The
Software
Backup your existing configuration…

O nce the MNS-6K software is downloaded from the GarrettCom site, it is strongly
recommended that the existing configuration of the switch is preserved before the MNS-6K
software upgrade is performed. This section will show you how to save the existing configuration
and prepare you for loading the configuration.

Accessing The Switch

The MNS-6K CLI User Guide explains how the switch can be accessed. For clarity, this section
simplifies the details and describes some of the commands you can use for accessing the switch.

The Magnum 6K switch can be accessed via the serial port or through the network using Telnet.
For using telnet, make sure the switch is configured with the proper IP address, netmask and
default gateway information. If needed, refer to Chapter 2 – Getting Started on page 26 of this
User Guide on how to set IP address and related parameters on the Magnum 6K switch.

Make sure the Manager level login name and password associated with that switch is also known.
Without the proper access (login name and password) the switch cannot be upgraded.

Serial Connection
Connect the serial port on the switch to the serial port on the computer using the serial cable
listed in Step 1 on page 395. The settings for the HyperTerminal software emulating a
VT100 are shown in the Figure below. Ensure the serial parameters are set as shown or:
bps = 38400, data bits=8, parity=none, stop bits=1, flow control=none.

402
U P D A T I N G S O F T W A R E – S T E P 2

FIGURE 187 – HyperTerminal screen showing the serial settings. Note other operating systems may not have the
Hyper Terminal command. Please use an appropriate terminal emulation software for that operating system.

Network Access
Prerequisites: A PC or workstation/computer with telnet software and the IP address of the
Magnum 6K switch or the DNS name associated with the switch to be upgraded. Access the
Magnum 6K switch by using the telnet command. For example, if the switch has the IP address
192.168.10.11 the command is shown in the Figure below.

C:> telnet 192.168.10.11

Trying ….. connected…

FIGURE 188 – Using telnet command to connect to a Magnum 6K switch with IP address 192.168.10.11.

If the telnet command does not work check for network connectivity using
the ping command. Ensure that a personal firewall or other firewall
settings are not affecting the ping or telnet commands. If telnet services
fail11 then the alternative is to locate the Magnum 6K switch and update the
MNS-6K software through the serial port following the serial update
process described in this manual.

Saving The Configuration

Before saving the configuration, ensure that one of the three capabilities listed below are available.

11 Telnet services can fail due to a number of reasons. Check with your system and/or network administrator for additional

help.

403
U P D A T I N G S O F T W A R E – S T E P 2

1) Serial file transfer capability such as X-modem or equivalent

2) TFTP server
3) FTP server
As a good practice, GarrettCom recommends that you should have all these capabilities available
on your local computer if you plan to upgrade additional switches as well as switches in the future.

The command used for saving the existing configuration of the Magnum 6K switch is saveconf.

Syntax saveconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]

[user=<username>] [pass=<password>]

Where the [ipaddress] is the IP Address of the server running the TFTP services or the FTP
services. The field is needed if either the TFTP or FTP is the mode chosen.

File=<name> is needed for saving the configuration.

If mode=<tftp|ftp> is used, be aware that most FTP and TFTP services, as

a default, do not over-write files. If the file transfer fails, check to see if the
file name already exists or use a different file name with the saveconf
command. Also make sure the FTP or TFTP/SFTP services are running
before the saveconf command is used on the switch.

Serial Connection
To save the configuration using the serial connection, use the saveconf command as shown
below. In this example, we will show the saveconf interaction using the Hyper-Terminal
software available on most Windows systems.

Magnum10KT# saveconf mode=serial file=6kconfig-10.11

Do you wish to upload the configuration? [ 'Y' or 'N'] Y

<Use XMODEM to download the configuration file.>
FIGURE 189 – Example of saveconf command using serial interface.

At this point, switch to the VT100 emulation software (e.g. HyperTerminal on Windows
platform) and invoke the Xmodem file to receive. The Figure below shows the Xmodem
process for HyperTerminal application.

404
U P D A T I N G S O F T W A R E – S T E P 2

FIGURE 190 – Invoke the Receive file to start the Xmodem transfer program. In the figure above the
Windows based HyperTerminal screen is shown.

Once the Receive file is invoked, as shown in the Figure above, and follow the dialog to
save the file in the proper directory with the proper name shown in the Figure below.

FIGURE 191 – Make sure to select the Xmodem protocol and the proper directory where the configuration is saved.
Click on the Receive button to start the file transfer.

Once the file transfer is started, the Xmodem status window is shown, see below:

405
U P D A T I N G S O F T W A R E – S T E P 2

FIGURE 192 – Status window for Xmodem using HyperTerminal using Windows.

When the file transfer is completed, the window shown above exits and the completion
message is displayed shown in the Figure below.

Successfully uploaded the configuration

Magnum10KT#

FIGURE193 – Message which shows the completion of the file transfer from the saveconf command.

Network Access
Prerequisites: A PC or workstation/computer with Telnet software and a PC or
workstation/computer with FTP or TFTP server software. For simplicity, the two PCs or
workstations/computers can be one and the same.

To save using TFTP or FTP first ensure that you have the FTP or TFTP server set up and the
switch can ping the TFTP or the FTP server. For ftp services, make sure the server can support
anonymous login or make sure the login password information is available.

For saving the configuration, use the same saveconf command listed above. In the example
below, assume the IP address of the TFTP or FTP server is 192.168.10.99 and is connected to the
switch with proper network connectivity and the switch can ping the TFTP or FTP server as well.

Example using TFTP:

Magnum10KT# saveconf mode=tftp 192.168.10.99 file=6kconfig-10.11

Do you wish to upload the configuration? [ 'Y' or 'N'] Y

OR

Magnum10KT# ftp put type=script ip=192.168.10.99 file=6kconfig-10.11

406
U P D A T I N G S O F T W A R E – S T E P 2

Login :
Password :
Do you want to export script file? [ 'Y' or 'N'] Y

OR
Magnum10KT# tftp put type=script ip=192.168.10.99 file=6kconfig-10.11

Do you want to export script file? [ 'Y' or 'N'] Y

Building Script File...
Uploading Script File...please wait

FIGURE 194 – Example of saving the scripts or the configuration file usign the saveconf or the ftp / tftp
commands.

This will save the file 6kconfig-10.11 to the specified IP address 192.168.10.99 in the default
TFTP folder.

Using FTP would be the same except replace mode=tftp with mode=ftp

It is recommended to save the configuration using the scripts command. This

ensures compatibility across MNS-6K versions.

It is recommended to use the ftp or tftp command to save the scripts file.

In some situations such as routed networks, TFTP or FTP services may be blocked. Check
for network connectivity using the ping command. If the connectivity is OK, contact your
system or network administrator to unblock the FTP or TFTP packets. If that is not
possible, the alternative is to locate the Magnum 6K switch and update the MNS-6K
software through the serial port as described in Step 2 on page 402.

Next Steps
1) Upload the updated MNS-6K software and reboot the switch. This is described in
Step 3 on the next page.
2) Optional step: Reload the saved configuration. This is described in Step 4 on
page 412.

407
U P D A T I N G S O F T W A R E – S T E P 3

Step

3
Step 3 - Loading The MNS-6K
Software
Load the new version of the MNS-6K image…

A t this stage, the Magnum MNS-6K software has been downloaded from the GarrettCom
site, and the configuration saved. The Magnum-6K switch is now ready to upload the new
MNS-6K software image.

Before Loading The MNS-6K Software

It will be necessary for the Magnum 6K switch to be reset or re-booted after the new MNS-6K
software is loaded. Since this may cause a network outage, software upgrades should be
performed when it is tolerable for the outage and the appropriate users are informed of this
outage.

Alternately, if the S-Ring technology is used, the outage will not be noticeable and the switch will
be re-inserted in the S-Ring after the upgrade is performed. It is however a good practice to
inform the affected people of a possible outage.

Accessing The Switch

Continue to use the access method defined in Steps 1 on page 395 and Step 2 on page 402.

The command used for the upgrade is:

Syntax upgrade mode=<serial|tftp|ftp> [<ipaddress>] [file=<Name>]

[user=<username>] [pass=<password>]

Where

mode is the mode that the software will be accessed for upload – serial, ftp or tftp.

ipaddress is the IP address of the ftp or tftp server only used when mode = ftp or tftp.

408
U P D A T I N G S O F T W A R E – S T E P 3

file=name is the name of the MNS-6K software file to be used for upgrade. This file was
downloaded from the GarrettCom site as described in Step 1 on page 395 and Step 2 on page
402.

user is the username to access the switch.

pass is the username password that has the privilege right.

Serial Connection
Prerequisites: Make sure the directory and the file name of the MNS-6K software image
downloaded in Steps 1 and 2 is known. To use the serial connection to update the MNS-6K
image, the command dialog is shown below:

Magnum10KT# show version

MNS-6K-Secure Ver: 14.3.2 Mar 27 2012 12:03:47 Build ID 1333024938
Magnum10KT# upgrade mode=serial

Do you wish to upgrade the image? [ 'Y' or 'N'] Y

FIGURE195 – Upgrade using serial connection.

Once the upgrade process is started, the VT100 emulation software, HyperTerminal will ask
for the file location. Once the file location is indicated, the file transfer begins. Make sure the
Xmodem protocol is also selected in this file location dialog window. Once selected, the file
transfer begins. The file transfer status window is shown in the Figure below. Note
Xmodem has to be set to the send the file.

FIGURE 196 – File upload status window under Xmodem using HyperTerminal in Windows.

409
U P D A T I N G S O F T W A R E – S T E P 3

Once the transfer is complete, the dialog is shown in the Figure below:

Upgrade is Successful. Please reboot Magnum 6Kxx to start the application

Magnum10KT# reboot
Proceed on rebooting the switch? [ 'Y' or 'N' ] Y

Do you wish to save current configuration? [ 'Y' or 'N' ] Y

<The switch will now reboot. After the reboot, the Magnum 6K switch may prompt you should the
boot code need an update. If prompted, use Y to update the boot code. After the reboot and login
verify the MNS-6K software was upgraded.>

Magnum10KT# show version

MNS-6K-Secure Ver: 14.3.2 Mar 27 2012 12:03:47 Build ID 1333024938

FIGURE 197 – Upgrading the switch using the serial interface.

Network Access
Prerequisites: Make sure the directory and the file name of the MNS-6K software image
downloaded in Step 1 on page 395 and Step 2 on page 402 is known. To upgrade using TFTP or
FTP, ensure that the FTP or TFTP server is set up and the switch can ping the TFTP or the FTP
server and vice-versa. Ensure that the server has access to the MNS-6K software image
downloaded in Step 2 on page 402. Ensure the MNS-6K software image file is copied to the
default folder specified by the FTP or TFTP server. If using the FTP services, make sure the FTP
access information login name and password is also known.

In the example below, let us assume that the IP address of the TFTP server is 192.168.10.99; that
the server can ping the switch and the switch can ping the server.

Magnum10KT# show version

MNS-6K-Secure Ver: 14.3.2 Mar 27 2012 12:03:47 Build ID 1333024938
Magnum10KT# upgrade mode=tftp 192.168.10.99 file=Rel4.1.10.bin
Do you wish to upgrade the image? [ 'Y' or 'N'] Y
Upgrade is Successful. Please reboot Magnum 10KT to start the application
OR
Magnum10KT# ftp get type=app ip=192.168.10.99 file=Rel4.1.10.bin
Login :
Password :
OR

410
U P D A T I N G S O F T W A R E – S T E P 3

Magnum10KT# tftp get type=app ip=192.168.10.99 file=Rel_A_4.1.10.bin

Magnum10KT# reboot

Proceed on rebooting the switch? [ 'Y' or 'N' ] Y

Do you wish to save current configuration? [ 'Y' or 'N' ] Y
<The switch will now reboot. Reconnect and login. Verify the MNS-6K software was upgraded.
Note as discussed in Step 1, the switch may need a boot code update. After a reboot, the switch
awaits a Y or N on whether the boot code should be updated. If no answer is given, the default is
not to update the boot code or a N. Since this connection is over the network the question will not
be visible and the boot code will not be automatically updated. See Step 4 – Updating boot
code over the network on page 412 to update the boot code manually.>
Magnum10KT# show version
MNS-6K-Secure Ver: 14.3.2 Mar 27 2012 12:03:47 Build ID 1333024938

FIGURE 198 – Dialog for upgrading the image using tftp.

This will load the Rel 4.1.10.bin file from the TFTP server with the IP address (192.168.10.99) on
the switch.

When using FTP, make sure the username and password for the ftp user is known. Enter the
username and password when prompted by the FTP server. If no user name is provided, the
username anonymous is used. Note if you are using MNS-6K version 3.0 or lower, it is best to
use the FTP server without a password and use the anonymous login.

Next Steps
Optional Step: Reload the saved configuration. Update the boot code if needed. This is
described in Step 4 on the next page.

411
U P D A T I N G S O F T W A R E – S T E P 4

Step

4
Step 4 - Optional Step: Restoring The
Configuration
Optionally, restore back the original configuration and update the boot code…

A t this optional step, the original configuration has been saved, MNS-6K image copied from the
www.garrettcom.com site and then onto the Magnum 6K switch and finally, if required, the
configuration can be restored using the instructions in this step. If the Magnum 6K switch is updated
over the network, it maybe necessary to update the boot code.

Accessing The Switch

Continue to use the access method defined in Steps 1, 2 and 3.

Reloading The Configuration

The command used for restoring the original configuration is:

Syntax loadconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>]

Where

mode is the mode by which the configuration file will be accessed for upload – serial, ftp or tftp.

ipaddress is the IP address of the FTP or TFTP server only used when mode = ftp or tftp.

file=name is the name of the configuration file.

At this stage, follow the same process for uploading the files as described in Step 3 on page 408. The file
that needs to be uploaded is the configuration file which was saved in Step 2.

Updating Boot Code Over The

Network
As discussed in Step 1 – Selecting The Proper Version on page 396, with either upgrade path the boot
code will be updated. At boot up time, the Magnum 6K switch identifies that there is a new version of

412
U P D A T I N G S O F T W A R E – S T E P 4

the boot code and asks if the new boot code should be loaded12. The new boot code is not loaded unless
the user responds affirmatively to the question from the console port (or serial connection)13. If the
Magnum 6K switch is upgraded over the network or remotely, the boot code can be manually updated
by using the upgrade command discussed below. This allows the boot code to be updated without
requiring access to serial port.

Syntax upgrade mode=bl

mode=bl is a hidden option and is not visible using the help capabilities in MNS-6K.
This command can be executed by accessing the switch through the console port serial
connection or through the network by using telnet to the switch.

Continue to use the Network Access method defined in Steps 1, 2, and 3. Use the upgrade command
as shown below, and reboot the switch.
Magnum10KT# upgrade mode=bl

The BOOT Flash image will be replaced by the version

embedded in this application.

Do you wish to upgrade the image? [ 'Y' or 'N'] Y

Uncompressing image and programming flash memory.
This will take up to a minute to complete...

Boot loader upgrade is successful...

Magnum10KT# reboot
Proceed on rebooting the switch? [ 'Y' or 'N' ] Y

Do you wish to save current configuration? [ 'Y' or 'N' ] Y

FIGURE 199 – Updating the boot code over the network using the upgrade command. Make sure to reboot the switch after
the boot loader upgrade is completed.

Ensure there is no power failure during the boot loader update. If the boot code does not load properly,
contact GarrettCom Inc., Technical Support at (510) 438-9071, or email [email protected].

12 This question is asked on the console port (serial connection) only.

13 Note if the response is not given, the switch will not load the new boot code.

413
U P D A T I N G S O F T W A R E – S T E P 4

Intentionally left blank

414
M O D B U S M E M O R Y M A P

APPENDIX

6
Appendix 6 – MODBUS Memory Map
Develop HMI applications

The MODBUS memory map is listed below. Refer to the chapter on MODBUS on page 276 for more
details. This memory map can be used by HMI applications to query the Magnum 6K family of switches
for information using the MODBUS protocol.

Address Qty Description Min Max Step Unit Format Default

0000 12 System Name - - - - String Varies
000C 12 System Contact - - - - String support
@garrettcom.
com
0018 12 System Location - - - - String Fremont,
CA
0024 6 Software Version - - - - String Varies
002A 1 IP Address[0] 1 254 1 - F1 0
002B 1 IP Address[1] 1 254 1 - F1 0
002C 1 IP Address[2] 1 254 1 - F1 0
002D 1 IP Address[3] 1 254 1 - F1 0
002E 1 NetMask[0] 1 254 1 - F1 0
002F 1 NetMask[1] 1 254 1 - F1 0
0030 1 NetMask[2] 1 254 1 - F1 0
0031 1 NetMask[3] 1 254 1 - F1 0
0032 1 GateWay[0] 1 254 1 - F1 0
0033 1 GateWay[1] 1 254 1 - F1 0
0034 1 GateWay[2] 1 254 1 - F1 0
0035 1 GateWay[3] 1 254 1 - F1 0
0036 3 MacAddress - - - - String Varies
0039 16 OrderCode - - - - String Varies
0049 1 PowerAlarm1 0 1 1 - F1 0
004A 1 PowerAlarm2 0 1 1 - F1 0
004B 1 StpState 0 1 1 - F1 0
004C 2 Number of Ports 1 32 1 - F1 Varies
004E 2 Port Present Map - - - - Bitmap Varies
0050 2 Port Link Map - - - - Bitmap 0
0052 2 Port Stp State Map - - - - Bitmap 0

415
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0054 2 Port Activity Map - - - - Bitmap 0
0056 1 Port 1 Type 0 6 1 - F1 Varies
0057 1 Port 2 Type 0 6 1 - F1 Varies
0058 1 Port 3 Type 0 6 1 - F1 Varies
0059 1 Port 4 Type 0 6 1 - F1 Varies
005A 1 Port 5 Type 0 6 1 - F1 Varies
005B 1 Port 6 Type 0 6 1 - F1 Varies
005C 1 Port 7 Type 0 6 1 - F1 Varies
005D 1 Port 8 Type 0 6 1 - F1 Varies
005E 1 Port 9 Type 0 6 1 - F1 Varies
005F 1 Port 10 Type 0 6 1 - F1 Varies
0060 1 Port 11 Type 0 6 1 - F1 Varies
0061 1 Port 12 Type 0 6 1 - F1 Varies
0062 1 Port 13 Type 0 6 1 - F1 Varies
0063 1 Port 14 Type 0 6 1 - F1 Varies
0064 1 Port 15 Type 0 6 1 - F1 Varies
0065 1 Port 16 Type 0 6 1 - F1 Varies
0066 1 Port 17 Type 0 6 1 - F1 Varies
0067 1 Port 18 Type 0 6 1 - F1 Varies
0068 1 Port 19 Type 0 6 1 - F1 Varies
0069 1 Port 20 Type 0 6 1 - F1 Varies
006A 1 Port 21 Type 0 6 1 - F1 Varies
006B 1 Port 22 Type 0 6 1 - F1 Varies
006C 1 Port 23 Type 0 6 1 - F1 Varies
006D 1 Port 24 Type 0 6 1 - F1 Varies
006E 1 Port 25 Type 0 6 1 - F1 Varies
006F 1 Port 26 Type 0 6 1 - F1 Varies
0070 1 Port 27 Type 0 6 1 - F1 Varies
0071 1 Port 28 Type 0 6 1 - F1 Varies
0072 1 Port 29 Type 0 6 1 - F1 Varies
0073 1 Port 30 Type 0 6 1 - F1 Varies
0074 1 Port 31 Type 0 6 1 - F1 Varies
0075 1 Port 32 Type 0 6 1 - F1 Varies
0076 1 Port 1 Link Status 0 1 1 - F1 0
0077 1 Port 2 Link Status 0 1 1 - F1 0
0078 1 Port 3 Link Status 0 1 1 - F1 0
0079 1 Port 4 Link Status 0 1 1 - F1 0
007A 1 Port 5 Link Status 0 1 1 - F1 0
007B 1 Port 6 Link Status 0 1 1 - F1 0
007C 1 Port 7 Link Status 0 1 1 - F1 0
007D 1 Port 8 Link Status 0 1 1 - F1 0
007E 1 Port 9 Link Status 0 1 1 - F1 0
007F 1 Port 10 Link Status 0 1 1 - F1 0
0080 1 Port 11 Link Status 0 1 1 - F1 0
0081 1 Port 12 Link Status 0 1 1 - F1 0

416
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0082 1 Port 13 Link Status 0 1 1 - F1 0
0083 1 Port 14 Link Status 0 1 1 - F1 0
0084 1 Port 15 Link Status 0 1 1 - F1 0
0085 1 Port 16 Link Status 0 1 1 - F1 0
0086 1 Port 17 Link Status 0 1 1 - F1 0
0087 1 Port 18 Link Status 0 1 1 - F1 0
0088 1 Port 19 Link Status 0 1 1 - F1 0
0089 1 Port 20 Link Status 0 1 1 - F1 0
008A 1 Port 21 Link Status 0 1 1 - F1 0
008B 1 Port 22 Link Status 0 1 1 - F1 0
008C 1 Port 23 Link Status 0 1 1 - F1 0
008D 1 Port 24 Link Status 0 1 1 - F1 0
008E 1 Port 25 Link Status 0 1 1 - F1 0
008F 1 Port 26 Link Status 0 1 1 - F1 0
0090 1 Port 27 Link Status 0 1 1 - F1 0
0091 1 Port 28 Link Status 0 1 1 - F1 0
0092 1 Port 29 Link Status 0 1 1 - F1 0
0093 1 Port 30 Link Status 0 1 1 - F1 0
0094 1 Port 31 Link Status 0 1 1 - F1 0
0095 1 Port 32 Link Status 0 1 1 - F1 0
0096 1 Port 1 STP State 0 1 1 - F1 0
0097 1 Port 2 STP State 0 1 1 - F1 0
0098 1 Port 3 STP State 0 1 1 - F1 0
0099 1 Port 4 STP State 0 1 1 - F1 0
009A 1 Port 5 STP State 0 1 1 - F1 0
009B 1 Port 6 STP State 0 1 1 - F1 0
009C 1 Port 7 STP State 0 1 1 - F1 0
009D 1 Port 8 STP State 0 1 1 - F1 0
009E 1 Port 9 STP State 0 1 1 - F1 0
009F 1 Port 10 STP State 0 1 1 - F1 0
00A0 1 Port 11 STP State 0 1 1 - F1 0
00A1 1 Port 12 STP State 0 1 1 - F1 0
00A2 1 Port 13 STP State 0 1 1 - F1 0
00A3 1 Port 14 STP State 0 1 1 - F1 0
00A4 1 Port 15 STP State 0 1 1 - F1 0
00A5 1 Port 16 STP State 0 1 1 - F1 0
00A6 1 Port 17 STP State 0 1 1 - F1 0
00A7 1 Port 18 STP State 0 1 1 - F1 0
00A8 1 Port 19 STP State 0 1 1 - F1 0
00A9 1 Port 20 STP State 0 1 1 - F1 0
00AA 1 Port 21 STP State 0 1 1 - F1 0
00AB 1 Port 22 STP State 0 1 1 - F1 0
00AC 1 Port 23 STP State 0 1 1 - F1 0
00AD 1 Port 24 STP State 0 1 1 - F1 0
00AE 1 Port 25 STP State 0 1 1 - F1 0

417
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

00AF 1 Port 26 STP State 0 1 1 - F1 0
00B0 1 Port 27 STP State 0 1 1 - F1 0
00B1 1 Port 28 STP State 0 1 1 - F1 0
00B2 1 Port 29 STP State 0 1 1 - F1 0
00B3 1 Port 30 STP State 0 1 1 - F1 0
00B4 1 Port 31 STP State 0 1 1 - F1 0
00B5 1 Port 32 STP State 0 1 1 - F1 0
00B6 1 Port 1 Activity 0 1 1 - F1 0
00B7 1 Port 2 Activity 0 1 1 - F1 0
00B8 1 Port 3 Activity 0 1 1 - F1 0
00B9 1 Port 4 Activity 0 1 1 - F1 0
00BA 1 Port 5 Activity 0 1 1 - F1 0
00BB 1 Port 6 Activity 0 1 1 - F1 0
00BC 1 Port 7 Activity 0 1 1 - F1 0
00BD 1 Port 8 Activity 0 1 1 - F1 0
00BE 1 Port 9 Activity 0 1 1 - F1 0
00BF 1 Port 10 Activity 0 1 1 - F1 0
00C0 1 Port 11 Activity 0 1 1 - F1 0
00C1 1 Port 12 Activity 0 1 1 - F1 0
00C2 1 Port 13 Activity 0 1 1 - F1 0
00C3 1 Port 14 Activity 0 1 1 - F1 0
00C4 1 Port 15 Activity 0 1 1 - F1 0
00C5 1 Port 16 Activity 0 1 1 - F1 0
00C6 1 Port 17 Activity 0 1 1 - F1 0
00C7 1 Port 18 Activity 0 1 1 - F1 0
00C8 1 Port 19 Activity 0 1 1 - F1 0
00C9 1 Port 20 Activity 0 1 1 - F1 0
00CA 1 Port 21 Activity 0 1 1 - F1 0
00CB 1 Port 22 Activity 0 1 1 - F1 0
00CC 1 Port 23 Activity 0 1 1 - F1 0
00CD 1 Port 24 Activity 0 1 1 - F1 0
00CE 1 Port 25 Activity 0 1 1 - F1 0
00CF 1 Port 26 Activity 0 1 1 - F1 0
00D0 1 Port 27 Activity 0 1 1 - F1 0
00D1 1 Port 28 Activity 0 1 1 - F1 0
00D2 1 Port 29 Activity 0 1 1 - F1 0
00D3 1 Port 30 Activity 0 1 1 - F1 0
00D4 1 Port 31 Activity 0 1 1 - F1 0
00D5 1 Port 32 Activity 0 1 1 - F1 0
00D6 2 Port1 - Number of bytes received 0 4294967295 1 - F9 0
00D8 2 Port1 - Number of bytes sent 0 4294967295 1 - F9 0
00DA 2 Port1 - Number of frames received 0 4294967295 1 - F9 0
00DC 2 Port1 - Number of frames sent 0 4294967295 1 - F9 0
00DE 2 Port1 - Total bytes received 0 4294967295 1 - F9 0

418
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

00E0 2 Port1 - Total frames received 0 4294967295 1 - F9 0
00E2 2 Port1 - Number of broadcast frames 0 4294967295 1 - F9 0
received
00E4 2 Port1 - Number of multicast frames 0 4294967295 1 - F9 0
received
00E6 2 Port1 - Number of frames with CRC 0 4294967295 1 - F9 0
error
00E8 2 Port1 - Number of oversized frames 0 4294967295 1 - F9 0
received
00EA 2 Port1 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
00EC 2 Port1 - Number of jabber frames 0 4294967295 1 - F9 0
received
00EE 2 Port1 - Number of collisions occurred 0 4294967295 1 - F9 0
00F0 2 Port1 - Number of late collisions 0 4294967295 1 - F9 0
occurred
00F2 2 Port1 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
00F4 2 Port1 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
00F6 2 Port1 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
00F8 2 Port1 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
00FA 2 Port1 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
00FC 2 Port1 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
00FE 2 Port1 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0100 2 Port1 - Number of dropped received 0 4294967295 1 - F9 0
packets
0102 2 Port1 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0104 2 Port1 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0106 2 Port1 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
0108 2 Port2 - Number of bytes received 0 4294967295 1 - F9 0
010A 2 Port2 - Number of bytes sent 0 4294967295 1 - F9 0
010C 2 Port2 - Number of frames received 0 4294967295 1 - F9 0
010E 2 Port2 - Number of frames sent 0 4294967295 1 - F9 0
0110 2 Port2 - Total bytes received 0 4294967295 1 - F9 0
0112 2 Port2 - Total frames received 0 4294967295 1 - F9 0
0114 2 Port2 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0116 2 Port2 - Number of multicast frames 0 4294967295 1 - F9 0
received
0118 2 Port2 - Number of frames with CRC 0 4294967295 1 - F9 0
error

419
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

011A 2 Port2 - Number of oversized frames 0 4294967295 1 - F9 0
received
011C 2 Port2 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
011E 2 Port2 - Number of jabber frames 0 4294967295 1 - F9 0
received
0120 2 Port2 - Number of collisions occurred 0 4294967295 1 - F9 0
0122 2 Port2 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0124 2 Port2 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0126 2 Port2 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0128 2 Port2 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
012A 2 Port2 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
012C 2 Port2 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
012E 2 Port2 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0130 2 Port2 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0132 2 Port2 - Number of dropped received 0 4294967295 1 - F9 0
packets
0134 2 Port2 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0136 2 Port2 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0138 2 Port2 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
013A 2 Port3 - Number of bytes received 0 4294967295 1 - F9 0
013C 2 Port3 - Number of bytes sent 0 4294967295 1 - F9 0
013E 2 Port3 - Number of frames received 0 4294967295 1 - F9 0
0140 2 Port3 - Number of frames sent 0 4294967295 1 - F9 0
0142 2 Port3 - Total bytes received 0 4294967295 1 - F9 0
0144 2 Port3 - Total frames received 0 4294967295 1 - F9 0
0146 2 Port3 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0148 2 Port3 - Number of multicast frames 0 4294967295 1 - F9 0
received
014A 2 Port3 - Number of frames with CRC 0 4294967295 1 - F9 0
error
014C 2 Port3 - Number of oversized frames 0 4294967295 1 - F9 0
received
014E 2 Port3 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0150 2 Port3 - Number of jabber frames 0 4294967295 1 - F9 0
received

420
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0152 2 Port3 - Number of collisions occurred 0 4294967295 1 - F9 0
0154 2 Port3 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0156 2 Port3 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0158 2 Port3 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
015A 2 Port3 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
015C 2 Port3 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
015E 2 Port3 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0160 2 Port3 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0162 2 Port3 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0164 2 Port3 - Number of dropped received 0 4294967295 1 - F9 0
packets
0166 2 Port3 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0168 2 Port3 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
016A 2 Port3 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
016C 2 Port4 - Number of bytes received 0 4294967295 1 - F9 0
016E 2 Port4 - Number of bytes sent 0 4294967295 1 - F9 0
0170 2 Port4 - Number of frames received 0 4294967295 1 - F9 0
0172 2 Port4 - Number of frames sent 0 4294967295 1 - F9 0
0174 2 Port4 - Total bytes received 0 4294967295 1 - F9 0
0176 2 Port4 - Total frames received 0 4294967295 1 - F9 0
0178 2 Port4 - Number of broadcast frames 0 4294967295 1 - F9 0
received
017A 2 Port4 - Number of multicast frames 0 4294967295 1 - F9 0
received
017C 2 Port4 - Number of frames with CRC 0 4294967295 1 - F9 0
error
017E 2 Port4 - Number of oversized frames 0 4294967295 1 - F9 0
received
0180 2 Port4 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0182 2 Port4 - Number of jabber frames 0 4294967295 1 - F9 0
received
0184 2 Port4 - Number of collisions occurred 0 4294967295 1 - F9 0
0186 2 Port4 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0188 2 Port4 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
018A 2 Port4 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent

421
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

018C 2 Port4 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
018E 2 Port4 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0190 2 Port4 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0192 2 Port4 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0194 2 Port4 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0196 2 Port4 - Number of dropped received 0 4294967295 1 - F9 0
packets
0198 2 Port4 - Number of multicast frames 0 4294967295 1 - F9 0
sent
019A 2 Port4 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
019C 2 Port4 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
019E 2 Port5 - Number of bytes received 0 4294967295 1 - F9 0
01A0 2 Port5 - Number of bytes sent 0 4294967295 1 - F9 0
01A2 2 Port5 - Number of frames received 0 4294967295 1 - F9 0
01A4 2 Port5 - Number of frames sent 0 4294967295 1 - F9 0
01A6 2 Port5 - Total bytes received 0 4294967295 1 - F9 0
01A8 2 Port5 - Total frames received 0 4294967295 1 - F9 0
01AA 2 Port5 - Number of broadcast frames 0 4294967295 1 - F9 0
received
01AC 2 Port5 - Number of multicast frames 0 4294967295 1 - F9 0
received
01AE 2 Port5 - Number of frames with CRC 0 4294967295 1 - F9 0
error
01B0 2 Port5 - Number of oversized frames 0 4294967295 1 - F9 0
received
01B2 2 Port5 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
01B4 2 Port5 - Number of jabber frames 0 4294967295 1 - F9 0
received
01B6 2 Port5 - Number of collisions occurred 0 4294967295 1 - F9 0
01B8 2 Port5 - Number of late collisions 0 4294967295 1 - F9 0
occurred
01BA 2 Port5 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
01BC 2 Port5 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01BE 2 Port5 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01C0 2 Port5 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01C2 2 Port5 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
01C4 2 Port5 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent

422
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

01C6 2 Port5 - Number of Mac Error Packets 0 4294967295 1 - F9 0
01C8 2 Port5 - Number of dropped received 0 4294967295 1 - F9 0
packets
01CA 2 Port5 - Number of multicast frames 0 4294967295 1 - F9 0
sent
01CC 2 Port5 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
01CE 2 Port5 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
01D0 2 Port6 - Number of bytes received 0 4294967295 1 - F9 0
01D2 2 Port6 - Number of bytes sent 0 4294967295 1 - F9 0
01D4 2 Port6 - Number of frames received 0 4294967295 1 - F9 0
01D6 2 Port6 - Number of frames sent 0 4294967295 1 - F9 0
01D8 2 Port6 - Total bytes received 0 4294967295 1 - F9 0
01DA 2 Port6 - Total frames received 0 4294967295 1 - F9 0
01DC 2 Port6 - Number of broadcast frames 0 4294967295 1 - F9 0
received
01DE 2 Port6 - Number of multicast frames 0 4294967295 1 - F9 0
received
01E0 2 Port6 - Number of frames with CRC 0 4294967295 1 - F9 0
error
01E2 2 Port6 - Number of oversized frames 0 4294967295 1 - F9 0
received
01E4 2 Port6 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
01E6 2 Port6 - Number of jabber frames 0 4294967295 1 - F9 0
received
01E8 2 Port6 - Number of collisions occurred 0 4294967295 1 - F9 0
01EA 2 Port6 - Number of late collisions 0 4294967295 1 - F9 0
occurred
01EC 2 Port6 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
01EE 2 Port6 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01F0 2 Port6 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01F2 2 Port6 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
01F4 2 Port6 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
01F6 2 Port6 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
01F8 2 Port6 - Number of Mac Error Packets 0 4294967295 1 - F9 0
01FA 2 Port6 - Number of dropped received 0 4294967295 1 - F9 0
packets
01FC 2 Port6 - Number of multicast frames 0 4294967295 1 - F9 0
sent
01FE 2 Port6 - Number of broadcast frames 0 4294967295 1 - F9 0
sent

423
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0200 2 Port6 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
0202 2 Port7 - Number of bytes received 0 4294967295 1 - F9 0
0204 2 Port7 - Number of bytes sent 0 4294967295 1 - F9 0
0206 2 Port7 - Number of frames received 0 4294967295 1 - F9 0
0208 2 Port7 - Number of frames sent 0 4294967295 1 - F9 0
020A 2 Port7 - Total bytes received 0 4294967295 1 - F9 0
020C 2 Port7 - Total frames received 0 4294967295 1 - F9 0
020E 2 Port7 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0210 2 Port7 - Number of multicast frames 0 4294967295 1 - F9 0
received
0212 2 Port7 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0214 2 Port7 - Number of oversized frames 0 4294967295 1 - F9 0
received
0216 2 Port7 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0218 2 Port7 - Number of jabber frames 0 4294967295 1 - F9 0
received
021A 2 Port7 - Number of collisions occurred 0 4294967295 1 - F9 0
021C 2 Port7 - Number of late collisions 0 4294967295 1 - F9 0
occurred
021E 2 Port7 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0220 2 Port7 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0222 2 Port7 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0224 2 Port7 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0226 2 Port7 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0228 2 Port7 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
022A 2 Port7 - Number of Mac Error Packets 0 4294967295 1 - F9 0
022C 2 Port7 - Number of dropped received 0 4294967295 1 - F9 0
packets
022E 2 Port7 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0230 2 Port7 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0232 2 Port7 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
0234 2 Port8 - Number of bytes received 0 4294967295 1 - F9 0
0236 2 Port8 - Number of bytes sent 0 4294967295 1 - F9 0
0238 2 Port8 - Number of frames received 0 4294967295 1 - F9 0
023A 2 Port8 - Number of frames sent 0 4294967295 1 - F9 0

424
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

023C 2 Port8 - Total bytes received 0 4294967295 1 - F9 0
023E 2 Port8 - Total frames received 0 4294967295 1 - F9 0
0240 2 Port8 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0242 2 Port8 - Number of multicast frames 0 4294967295 1 - F9 0
received
0244 2 Port8 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0246 2 Port8 - Number of oversized frames 0 4294967295 1 - F9 0
received
0248 2 Port8 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
024A 2 Port8 - Number of jabber frames 0 4294967295 1 - F9 0
received
024C 2 Port8 - Number of collisions occurred 0 4294967295 1 - F9 0
024E 2 Port8 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0250 2 Port8 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0252 2 Port8 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0254 2 Port8 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0256 2 Port8 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0258 2 Port8 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
025A 2 Port8 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
025C 2 Port8 - Number of Mac Error Packets 0 4294967295 1 - F9 0
025E 2 Port8 - Number of dropped received 0 4294967295 1 - F9 0
packets
0260 2 Port8 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0262 2 Port8 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0264 2 Port8 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
0266 2 Port9 - Number of bytes received 0 4294967295 1 - F9 0
0268 2 Port9 - Number of bytes sent 0 4294967295 1 - F9 0
026A 2 Port9 - Number of frames received 0 4294967295 1 - F9 0
026C 2 Port9 - Number of frames sent 0 4294967295 1 - F9 0
026E 2 Port9 - Total bytes received 0 4294967295 1 - F9 0
0270 2 Port9 - Total frames received 0 4294967295 1 - F9 0
0272 2 Port9 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0274 2 Port9 - Number of multicast frames 0 4294967295 1 - F9 0
received

425
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0276 2 Port9 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0278 2 Port9 - Number of oversized frames 0 4294967295 1 - F9 0
received
027A 2 Port9 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
027C 2 Port9 - Number of jabber frames 0 4294967295 1 - F9 0
received
027E 2 Port9 - Number of collisions occurred 0 4294967295 1 - F9 0
0280 2 Port9 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0282 2 Port9 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0284 2 Port9 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0286 2 Port9 - Number of 128-255 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0288 2 Port9 - Number of 256-511 byte frames 0 4294967295 1 - F9 0
rcvd/sent
028A 2 Port9 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
028C 2 Port9 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
028E 2 Port9 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0290 2 Port9 - Number of dropped received 0 4294967295 1 - F9 0
packets
0292 2 Port9 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0294 2 Port9 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0296 2 Port9 - Number of <64 byte fragments 0 4294967295 1 - F9 0
w/ good CRC
0298 2 Port10 - Number of bytes received 0 4294967295 1 - F9 0
029A 2 Port10 - Number of bytes sent 0 4294967295 1 - F9 0
029C 2 Port10 - Number of frames received 0 4294967295 1 - F9 0
029E 2 Port10 - Number of frames sent 0 4294967295 1 - F9 0
02A0 2 Port10 - Total bytes received 0 4294967295 1 - F9 0
02A2 2 Port10 - Total frames received 0 4294967295 1 - F9 0
02A4 2 Port10 - Number of broadcast frames 0 4294967295 1 - F9 0
received
02A6 2 Port10 - Number of multicast frames 0 4294967295 1 - F9 0
received
02A8 2 Port10 - Number of frames with CRC 0 4294967295 1 - F9 0
error
02AA 2 Port10 - Number of oversized frames 0 4294967295 1 - F9 0
received
02AC 2 Port10 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
02AE 2 Port10 - Number of jabber frames 0 4294967295 1 - F9 0
received

426
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

02B0 2 Port10 - Number of collisions occurred 0 4294967295 1 - F9 0
02B2 2 Port10 - Number of late collisions 0 4294967295 1 - F9 0
occurred
02B4 2 Port10 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
02B6 2 Port10 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
02B8 2 Port10 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02BA 2 Port10 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02BC 2 Port10 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02BE 2 Port10 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
02C0 2 Port10 - Number of Mac Error Packets 0 4294967295 1 - F9 0
02C2 2 Port10 - Number of dropped received 0 4294967295 1 - F9 0
packets
02C4 2 Port10 - Number of multicast frames 0 4294967295 1 - F9 0
sent
02C6 2 Port10 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
02C8 2 Port10 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
02CA 2 Port11 - Number of bytes received 0 4294967295 1 - F9 0
02CC 2 Port11 - Number of bytes sent 0 4294967295 1 - F9 0
02CE 2 Port11 - Number of frames received 0 4294967295 1 - F9 0
02D0 2 Port11 - Number of frames sent 0 4294967295 1 - F9 0
02D2 2 Port11 - Total bytes received 0 4294967295 1 - F9 0
02D4 2 Port11 - Total frames received 0 4294967295 1 - F9 0
02D6 2 Port11 - Number of broadcast frames 0 4294967295 1 - F9 0
received
02D8 2 Port11 - Number of multicast frames 0 4294967295 1 - F9 0
received
02DA 2 Port11 - Number of frames with CRC 0 4294967295 1 - F9 0
error
02DC 2 Port11 - Number of oversized frames 0 4294967295 1 - F9 0
received
02DE 2 Port11 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
02E0 2 Port11 - Number of jabber frames 0 4294967295 1 - F9 0
received
02E2 2 Port11 - Number of collisions occurred 0 4294967295 1 - F9 0
02E4 2 Port11 - Number of late collisions 0 4294967295 1 - F9 0
occurred
02E6 2 Port11 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
02E8 2 Port11 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent

427
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

02EA 2 Port11 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02EC 2 Port11 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02EE 2 Port11 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
02F0 2 Port11 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
02F2 2 Port11 - Number of Mac Error Packets 0 4294967295 1 - F9 0
02F4 2 Port11 - Number of dropped received 0 4294967295 1 - F9 0
packets
02F6 2 Port11 - Number of multicast frames 0 4294967295 1 - F9 0
sent
02F8 2 Port11 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
02FA 2 Port11 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
02FC 2 Port12 - Number of bytes received 0 4294967295 1 - F9 0
02FE 2 Port12 - Number of bytes sent 0 4294967295 1 - F9 0
0300 2 Port12 - Number of frames received 0 4294967295 1 - F9 0
0302 2 Port12 - Number of frames sent 0 4294967295 1 - F9 0
0304 2 Port12 - Total bytes received 0 4294967295 1 - F9 0
0306 2 Port12 - Total frames received 0 4294967295 1 - F9 0
0308 2 Port12 - Number of broadcast frames 0 4294967295 1 - F9 0
received
030A 2 Port12 - Number of multicast frames 0 4294967295 1 - F9 0
received
030C 2 Port12 - Number of frames with CRC 0 4294967295 1 - F9 0
error
030E 2 Port12 - Number of oversized frames 0 4294967295 1 - F9 0
received
0310 2 Port12 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0312 2 Port12 - Number of jabber frames 0 4294967295 1 - F9 0
received
0314 2 Port12 - Number of collisions occurred 0 4294967295 1 - F9 0
0316 2 Port12 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0318 2 Port12 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
031A 2 Port12 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
031C 2 Port12 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
031E 2 Port12 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0320 2 Port12 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0322 2 Port12 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent

428
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0324 2 Port12 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0326 2 Port12 - Number of dropped received 0 4294967295 1 - F9 0
packets
0328 2 Port12 - Number of multicast frames 0 4294967295 1 - F9 0
sent
032A 2 Port12 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
032C 2 Port12 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
032E 2 Port13 - Number of bytes received 0 4294967295 1 - F9 0
0330 2 Port13 - Number of bytes sent 0 4294967295 1 - F9 0
0332 2 Port13 - Number of frames received 0 4294967295 1 - F9 0
0334 2 Port13 - Number of frames sent 0 4294967295 1 - F9 0
0336 2 Port13 - Total bytes received 0 4294967295 1 - F9 0
0338 2 Port13 - Total frames received 0 4294967295 1 - F9 0
033A 2 Port13 - Number of broadcast frames 0 4294967295 1 - F9 0
received
033C 2 Port13 - Number of multicast frames 0 4294967295 1 - F9 0
received
033E 2 Port13 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0340 2 Port13 - Number of oversized frames 0 4294967295 1 - F9 0
received
0342 2 Port13 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0344 2 Port13 - Number of jabber frames 0 4294967295 1 - F9 0
received
0346 2 Port13 - Number of collisions occurred 0 4294967295 1 - F9 0
0348 2 Port13 - Number of late collisions 0 4294967295 1 - F9 0
occurred
034A 2 Port13 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
034C 2 Port13 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
034E 2 Port13 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0350 2 Port13 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0352 2 Port13 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0354 2 Port13 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0356 2 Port13 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0358 2 Port13 - Number of dropped received 0 4294967295 1 - F9 0
packets
035A 2 Port13 - Number of multicast frames 0 4294967295 1 - F9 0
sent
035C 2 Port13 - Number of broadcast frames 0 4294967295 1 - F9 0
sent

429
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

035E 2 Port13 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0360 2 Port14 - Number of bytes received 0 4294967295 1 - F9 0
0362 2 Port14 - Number of bytes sent 0 4294967295 1 - F9 0
0364 2 Port14 - Number of frames received 0 4294967295 1 - F9 0
0366 2 Port14 - Number of frames sent 0 4294967295 1 - F9 0
0368 2 Port14 - Total bytes received 0 4294967295 1 - F9 0
036A 2 Port14 - Total frames received 0 4294967295 1 - F9 0
036C 2 Port14 - Number of broadcast frames 0 4294967295 1 - F9 0
received
036E 2 Port14 - Number of multicast frames 0 4294967295 1 - F9 0
received
0370 2 Port14 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0372 2 Port14 - Number of oversized frames 0 4294967295 1 - F9 0
received
0374 2 Port14 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0376 2 Port14 - Number of jabber frames 0 4294967295 1 - F9 0
received
0378 2 Port14 - Number of collisions occurred 0 4294967295 1 - F9 0
037A 2 Port14 - Number of late collisions 0 4294967295 1 - F9 0
occurred
037C 2 Port14 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
037E 2 Port14 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0380 2 Port14 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0382 2 Port14 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0384 2 Port14 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0386 2 Port14 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0388 2 Port14 - Number of Mac Error Packets 0 4294967295 1 - F9 0
038A 2 Port14 - Number of dropped received 0 4294967295 1 - F9 0
packets
038C 2 Port14 - Number of multicast frames 0 4294967295 1 - F9 0
sent
038E 2 Port14 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0390 2 Port14 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0392 2 Port15 - Number of bytes received 0 4294967295 1 - F9 0
0394 2 Port15 - Number of bytes sent 0 4294967295 1 - F9 0
0396 2 Port15 - Number of frames received 0 4294967295 1 - F9 0
0398 2 Port15 - Number of frames sent 0 4294967295 1 - F9 0
039A 2 Port15 - Total bytes received 0 4294967295 1 - F9 0

430
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

039C 2 Port15 - Total frames received 0 4294967295 1 - F9 0
039E 2 Port15 - Number of broadcast frames 0 4294967295 1 - F9 0
received
03A0 2 Port15 - Number of multicast frames 0 4294967295 1 - F9 0
received
03A2 2 Port15 - Number of frames with CRC 0 4294967295 1 - F9 0
error
03A4 2 Port15 - Number of oversized frames 0 4294967295 1 - F9 0
received
03A6 2 Port15 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
03A8 2 Port15 - Number of jabber frames 0 4294967295 1 - F9 0
received
03AA 2 Port15 - Number of collisions occurred 0 4294967295 1 - F9 0
03AC 2 Port15 - Number of late collisions 0 4294967295 1 - F9 0
occurred
03AE 2 Port15 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
03B0 2 Port15 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
03B2 2 Port15 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03B4 2 Port15 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03B6 2 Port15 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03B8 2 Port15 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
03BA 2 Port15 - Number of Mac Error Packets 0 4294967295 1 - F9 0
03BC 2 Port15 - Number of dropped received 0 4294967295 1 - F9 0
packets
03BE 2 Port15 - Number of multicast frames 0 4294967295 1 - F9 0
sent
03C0 2 Port15 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
03C2 2 Port15 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
03C4 2 Port16 - Number of bytes received 0 4294967295 1 - F9 0
03C6 2 Port16 - Number of bytes sent 0 4294967295 1 - F9 0
03C8 2 Port16 - Number of frames received 0 4294967295 1 - F9 0
03CA 2 Port16 - Number of frames sent 0 4294967295 1 - F9 0
03CC 2 Port16 - Total bytes received 0 4294967295 1 - F9 0
03CE 2 Port16 - Total frames received 0 4294967295 1 - F9 0
03D0 2 Port16 - Number of broadcast frames 0 4294967295 1 - F9 0
received
03D2 2 Port16 - Number of multicast frames 0 4294967295 1 - F9 0
received
03D4 2 Port16 - Number of frames with CRC 0 4294967295 1 - F9 0
error

431
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

03D6 2 Port16 - Number of oversized frames 0 4294967295 1 - F9 0
received
03D8 2 Port16 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
03DA 2 Port16 - Number of jabber frames 0 4294967295 1 - F9 0
received
03DC 2 Port16 - Number of collisions occurred 0 4294967295 1 - F9 0
03DE 2 Port16 - Number of late collisions 0 4294967295 1 - F9 0
occurred
03E0 2 Port16 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
03E2 2 Port16 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
03E4 2 Port16 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03E6 2 Port16 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03E8 2 Port16 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
03EA 2 Port16 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
03EC 2 Port16 - Number of Mac Error Packets 0 4294967295 1 - F9 0
03EE 2 Port16 - Number of dropped received 0 4294967295 1 - F9 0
packets
03F0 2 Port16 - Number of multicast frames 0 4294967295 1 - F9 0
sent
03F2 2 Port16 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
03F4 2 Port16 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
03F6 2 Port17 - Number of bytes received 0 4294967295 1 - F9 0
03F8 2 Port17 - Number of bytes sent 0 4294967295 1 - F9 0
03FA 2 Port17 - Number of frames received 0 4294967295 1 - F9 0
03FC 2 Port17 - Number of frames sent 0 4294967295 1 - F9 0
03FE 2 Port17 - Total bytes received 0 4294967295 1 - F9 0
0400 2 Port17 - Total frames received 0 4294967295 1 - F9 0
0402 2 Port17 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0404 2 Port17 - Number of multicast frames 0 4294967295 1 - F9 0
received
0406 2 Port17 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0408 2 Port17 - Number of oversized frames 0 4294967295 1 - F9 0
received
040A 2 Port17 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
040C 2 Port17 - Number of jabber frames 0 4294967295 1 - F9 0
received
040E 2 Port17 - Number of collisions occurred 0 4294967295 1 - F9 0

432
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0410 2 Port17 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0412 2 Port17 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0414 2 Port17 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0416 2 Port17 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0418 2 Port17 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
041A 2 Port17 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
041C 2 Port17 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
041E 2 Port17 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0420 2 Port17 - Number of dropped received 0 4294967295 1 - F9 0
packets
0422 2 Port17 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0424 2 Port17 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0426 2 Port17 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0428 2 Port18 - Number of bytes received 0 4294967295 1 - F9 0
042A 2 Port18 - Number of bytes sent 0 4294967295 1 - F9 0
042C 2 Port18 - Number of frames received 0 4294967295 1 - F9 0
042E 2 Port18 - Number of frames sent 0 4294967295 1 - F9 0
0430 2 Port18 - Total bytes received 0 4294967295 1 - F9 0
0432 2 Port18 - Total frames received 0 4294967295 1 - F9 0
0434 2 Port18 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0436 2 Port18 - Number of multicast frames 0 4294967295 1 - F9 0
received
0438 2 Port18 - Number of frames with CRC 0 4294967295 1 - F9 0
error
043A 2 Port18 - Number of oversized frames 0 4294967295 1 - F9 0
received
043C 2 Port18 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
043E 2 Port18 - Number of jabber frames 0 4294967295 1 - F9 0
received
0440 2 Port18 - Number of collisions occurred 0 4294967295 1 - F9 0
0442 2 Port18 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0444 2 Port18 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0446 2 Port18 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent

433
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0448 2 Port18 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
044A 2 Port18 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
044C 2 Port18 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
044E 2 Port18 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0450 2 Port18 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0452 2 Port18 - Number of dropped received 0 4294967295 1 - F9 0
packets
0454 2 Port18 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0456 2 Port18 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0458 2 Port18 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
045A 2 Port19 - Number of bytes received 0 4294967295 1 - F9 0
045C 2 Port19 - Number of bytes sent 0 4294967295 1 - F9 0
045E 2 Port19 - Number of frames received 0 4294967295 1 - F9 0
0460 2 Port19 - Number of frames sent 0 4294967295 1 - F9 0
0462 2 Port19 - Total bytes received 0 4294967295 1 - F9 0
0464 2 Port19 - Total frames received 0 4294967295 1 - F9 0
0466 2 Port19 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0468 2 Port19 - Number of multicast frames 0 4294967295 1 - F9 0
received
046A 2 Port19 - Number of frames with CRC 0 4294967295 1 - F9 0
error
046C 2 Port19 - Number of oversized frames 0 4294967295 1 - F9 0
received
046E 2 Port19 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0470 2 Port19 - Number of jabber frames 0 4294967295 1 - F9 0
received
0472 2 Port19 - Number of collisions occurred 0 4294967295 1 - F9 0
0474 2 Port19 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0476 2 Port19 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0478 2 Port19 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
047A 2 Port19 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
047C 2 Port19 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
047E 2 Port19 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0480 2 Port19 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent

434
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0482 2 Port19 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0484 2 Port19 - Number of dropped received 0 4294967295 1 - F9 0
packets
0486 2 Port19 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0488 2 Port19 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
048A 2 Port19 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
048C 2 Port20 - Number of bytes received 0 4294967295 1 - F9 0
048E 2 Port20 - Number of bytes sent 0 4294967295 1 - F9 0
0490 2 Port20 - Number of frames received 0 4294967295 1 - F9 0
0492 2 Port20 - Number of frames sent 0 4294967295 1 - F9 0
0494 2 Port20 - Total bytes received 0 4294967295 1 - F9 0
0496 2 Port20 - Total frames received 0 4294967295 1 - F9 0
0498 2 Port20 - Number of broadcast frames 0 4294967295 1 - F9 0
received
049A 2 Port20 - Number of multicast frames 0 4294967295 1 - F9 0
received
049C 2 Port20 - Number of frames with CRC 0 4294967295 1 - F9 0
error
049E 2 Port20 - Number of oversized frames 0 4294967295 1 - F9 0
received
04A0 2 Port20 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
04A2 2 Port20 - Number of jabber frames 0 4294967295 1 - F9 0
received
04A4 2 Port20 - Number of collisions occurred 0 4294967295 1 - F9 0
04A6 2 Port20 - Number of late collisions 0 4294967295 1 - F9 0
occurred
04A8 2 Port20 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
04AA 2 Port20 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
04AC 2 Port20 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04AE 2 Port20 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04B0 2 Port20 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04B2 2 Port20 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
04B4 2 Port20 - Number of Mac Error Packets 0 4294967295 1 - F9 0
04B6 2 Port20 - Number of dropped received 0 4294967295 1 - F9 0
packets
04B8 2 Port20 - Number of multicast frames 0 4294967295 1 - F9 0
sent
04BA 2 Port20 - Number of broadcast frames 0 4294967295 1 - F9 0
sent

435
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

04BC 2 Port20 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
04BE 2 Port21 - Number of bytes received 0 4294967295 1 - F9 0
04C0 2 Port21 - Number of bytes sent 0 4294967295 1 - F9 0
04C2 2 Port21 - Number of frames received 0 4294967295 1 - F9 0
04C4 2 Port21 - Number of frames sent 0 4294967295 1 - F9 0
04C6 2 Port21 - Total bytes received 0 4294967295 1 - F9 0
04C8 2 Port21 - Total frames received 0 4294967295 1 - F9 0
04CA 2 Port21 - Number of broadcast frames 0 4294967295 1 - F9 0
received
04CC 2 Port21 - Number of multicast frames 0 4294967295 1 - F9 0
received
04CE 2 Port21 - Number of frames with CRC 0 4294967295 1 - F9 0
error
04D0 2 Port21 - Number of oversized frames 0 4294967295 1 - F9 0
received
04D2 2 Port21 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
04D4 2 Port21 - Number of jabber frames 0 4294967295 1 - F9 0
received
04D6 2 Port21 - Number of collisions occurred 0 4294967295 1 - F9 0
04D8 2 Port21 - Number of late collisions 0 4294967295 1 - F9 0
occurred
04DA 2 Port21 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
04DC 2 Port21 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
04DE 2 Port21 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04E0 2 Port21 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04E2 2 Port21 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
04E4 2 Port21 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
04E6 2 Port21 - Number of Mac Error Packets 0 4294967295 1 - F9 0
04E8 2 Port21 - Number of dropped received 0 4294967295 1 - F9 0
packets
04EA 2 Port21 - Number of multicast frames 0 4294967295 1 - F9 0
sent
04EC 2 Port21 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
04EE 2 Port21 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
04F0 2 Port22 - Number of bytes received 0 4294967295 1 - F9 0
04F2 2 Port22 - Number of bytes sent 0 4294967295 1 - F9 0
04F4 2 Port22 - Number of frames received 0 4294967295 1 - F9 0
04F6 2 Port22 - Number of frames sent 0 4294967295 1 - F9 0
04F8 2 Port22 - Total bytes received 0 4294967295 1 - F9 0

436
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

04FA 2 Port22 - Total frames received 0 4294967295 1 - F9 0
04FC 2 Port22 - Number of broadcast frames 0 4294967295 1 - F9 0
received
04FE 2 Port22 - Number of multicast frames 0 4294967295 1 - F9 0
received
0500 2 Port22 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0502 2 Port22 - Number of oversized frames 0 4294967295 1 - F9 0
received
0504 2 Port22 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0506 2 Port22 - Number of jabber frames 0 4294967295 1 - F9 0
received
0508 2 Port22 - Number of collisions occurred 0 4294967295 1 - F9 0
050A 2 Port22 - Number of late collisions 0 4294967295 1 - F9 0
occurred
050C 2 Port22 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
050E 2 Port22 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0510 2 Port22 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0512 2 Port22 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0514 2 Port22 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0516 2 Port22 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0518 2 Port22 - Number of Mac Error Packets 0 4294967295 1 - F9 0
051A 2 Port22 - Number of dropped received 0 4294967295 1 - F9 0
packets
051C 2 Port22 - Number of multicast frames 0 4294967295 1 - F9 0
sent
051E 2 Port22 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0520 2 Port22 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0522 2 Port23 - Number of bytes received 0 4294967295 1 - F9 0
0524 2 Port23 - Number of bytes sent 0 4294967295 1 - F9 0
0526 2 Port23 - Number of frames received 0 4294967295 1 - F9 0
0528 2 Port23 - Number of frames sent 0 4294967295 1 - F9 0
052A 2 Port23 - Total bytes received 0 4294967295 1 - F9 0
052C 2 Port23 - Total frames received 0 4294967295 1 - F9 0
052E 2 Port23 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0530 2 Port23 - Number of multicast frames 0 4294967295 1 - F9 0
received
0532 2 Port23 - Number of frames with CRC 0 4294967295 1 - F9 0
error

437
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0534 2 Port23 - Number of oversized frames 0 4294967295 1 - F9 0
received
0536 2 Port23 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0538 2 Port23 - Number of jabber frames 0 4294967295 1 - F9 0
received
053A 2 Port23 - Number of collisions occurred 0 4294967295 1 - F9 0
053C 2 Port23 - Number of late collisions 0 4294967295 1 - F9 0
occurred
053E 2 Port23 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0540 2 Port23 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0542 2 Port23 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0544 2 Port23 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0546 2 Port23 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0548 2 Port23 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
054A 2 Port23 - Number of Mac Error Packets 0 4294967295 1 - F9 0
054C 2 Port23 - Number of dropped received 0 4294967295 1 - F9 0
packets
054E 2 Port23 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0550 2 Port23 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0552 2 Port23 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0554 2 Port24 - Number of bytes received 0 4294967295 1 - F9 0
0556 2 Port24 - Number of bytes sent 0 4294967295 1 - F9 0
0558 2 Port24 - Number of frames received 0 4294967295 1 - F9 0
055A 2 Port24 - Number of frames sent 0 4294967295 1 - F9 0
055C 2 Port24 - Total bytes received 0 4294967295 1 - F9 0
055E 2 Port24 - Total frames received 0 4294967295 1 - F9 0
0560 2 Port24 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0562 2 Port24 - Number of multicast frames 0 4294967295 1 - F9 0
received
0564 2 Port24 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0566 2 Port24 - Number of oversized frames 0 4294967295 1 - F9 0
received
0568 2 Port24 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
056A 2 Port24 - Number of jabber frames 0 4294967295 1 - F9 0
received
056C 2 Port24 - Number of collisions occurred 0 4294967295 1 - F9 0

438
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

056E 2 Port24 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0570 2 Port24 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0572 2 Port24 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
0574 2 Port24 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0576 2 Port24 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0578 2 Port24 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
057A 2 Port24 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
057C 2 Port24 - Number of Mac Error Packets 0 4294967295 1 - F9 0
057E 2 Port24 - Number of dropped received 0 4294967295 1 - F9 0
packets
0580 2 Port24 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0582 2 Port24 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0584 2 Port24 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0586 2 Port25 - Number of bytes received 0 4294967295 1 - F9 0
0588 2 Port25 - Number of bytes sent 0 4294967295 1 - F9 0
058A 2 Port25 - Number of frames received 0 4294967295 1 - F9 0
058C 2 Port25 - Number of frames sent 0 4294967295 1 - F9 0
058E 2 Port25 - Total bytes received 0 4294967295 1 - F9 0
0590 2 Port25 - Total frames received 0 4294967295 1 - F9 0
0592 2 Port25 - Number of broadcast frames 0 4294967295 1 - F9 0
received
0594 2 Port25 - Number of multicast frames 0 4294967295 1 - F9 0
received
0596 2 Port25 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0598 2 Port25 - Number of oversized frames 0 4294967295 1 - F9 0
received
059A 2 Port25 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
059C 2 Port25 - Number of jabber frames 0 4294967295 1 - F9 0
received
059E 2 Port25 - Number of collisions occurred 0 4294967295 1 - F9 0
05A0 2 Port25 - Number of late collisions 0 4294967295 1 - F9 0
occurred
05A2 2 Port25 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
05A4 2 Port25 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent

439
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

05A6 2 Port25 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05A8 2 Port25 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05AA 2 Port25 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05AC 2 Port25 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
05AE 2 Port25 - Number of Mac Error Packets 0 4294967295 1 - F9 0
05B0 2 Port25 - Number of dropped received 0 4294967295 1 - F9 0
packets
05B2 2 Port25 - Number of multicast frames 0 4294967295 1 - F9 0
sent
05B4 2 Port25 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
05B6 2 Port25 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
05B8 2 Port26 - Number of bytes received 0 4294967295 1 - F9 0
05BA 2 Port26 - Number of bytes sent 0 4294967295 1 - F9 0
05BC 2 Port26 - Number of frames received 0 4294967295 1 - F9 0
05BE 2 Port26 - Number of frames sent 0 4294967295 1 - F9 0
05C0 2 Port26 - Total bytes received 0 4294967295 1 - F9 0
05C2 2 Port26 - Total frames received 0 4294967295 1 - F9 0
05C4 2 Port26 - Number of broadcast frames 0 4294967295 1 - F9 0
received
05C6 2 Port26 - Number of multicast frames 0 4294967295 1 - F9 0
received
05C8 2 Port26 - Number of frames with CRC 0 4294967295 1 - F9 0
error
05CA 2 Port26 - Number of oversized frames 0 4294967295 1 - F9 0
received
05CC 2 Port26 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
05CE 2 Port26 - Number of jabber frames 0 4294967295 1 - F9 0
received
05D0 2 Port26 - Number of collisions occurred 0 4294967295 1 - F9 0
05D2 2 Port26 - Number of late collisions 0 4294967295 1 - F9 0
occurred
05D4 2 Port26 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
05D6 2 Port26 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
05D8 2 Port26 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05DA 2 Port26 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05DC 2 Port26 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
05DE 2 Port26 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent

440
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

05E0 2 Port26 - Number of Mac Error Packets 0 4294967295 1 - F9 0
05E2 2 Port26 - Number of dropped received 0 4294967295 1 - F9 0
packets
05E4 2 Port26 - Number of multicast frames 0 4294967295 1 - F9 0
sent
05E6 2 Port26 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
05E8 2 Port26 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
05EA 2 Port27 - Number of bytes received 0 4294967295 1 - F9 0
05EC 2 Port27 - Number of bytes sent 0 4294967295 1 - F9 0
05EE 2 Port27 - Number of frames received 0 4294967295 1 - F9 0
05F0 2 Port27 - Number of frames sent 0 4294967295 1 - F9 0
05F2 2 Port27 - Total bytes received 0 4294967295 1 - F9 0
05F4 2 Port27 - Total frames received 0 4294967295 1 - F9 0
05F6 2 Port27 - Number of broadcast frames 0 4294967295 1 - F9 0
received
05F8 2 Port27 - Number of multicast frames 0 4294967295 1 - F9 0
received
05FA 2 Port27 - Number of frames with CRC 0 4294967295 1 - F9 0
error
05FC 2 Port27 - Number of oversized frames 0 4294967295 1 - F9 0
received
05FE 2 Port27 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0600 2 Port27 - Number of jabber frames 0 4294967295 1 - F9 0
received
0602 2 Port27 - Number of collisions occurred 0 4294967295 1 - F9 0
0604 2 Port27 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0606 2 Port27 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0608 2 Port27 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
060A 2 Port27 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
060C 2 Port27 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
060E 2 Port27 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0610 2 Port27 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0612 2 Port27 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0614 2 Port27 - Number of dropped received 0 4294967295 1 - F9 0
packets
0616 2 Port27 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0618 2 Port27 - Number of broadcast frames 0 4294967295 1 - F9 0
sent

441
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

061A 2 Port27 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
061C 2 Port28 - Number of bytes received 0 4294967295 1 - F9 0
061E 2 Port28 - Number of bytes sent 0 4294967295 1 - F9 0
0620 2 Port28 - Number of frames received 0 4294967295 1 - F9 0
0622 2 Port28 - Number of frames sent 0 4294967295 1 - F9 0
0624 2 Port28 - Total bytes received 0 4294967295 1 - F9 0
0626 2 Port28 - Total frames received 0 4294967295 1 - F9 0
0628 2 Port28 - Number of broadcast frames 0 4294967295 1 - F9 0
received
062A 2 Port28 - Number of multicast frames 0 4294967295 1 - F9 0
received
062C 2 Port28 - Number of frames with CRC 0 4294967295 1 - F9 0
error
062E 2 Port28 - Number of oversized frames 0 4294967295 1 - F9 0
received
0630 2 Port28 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0632 2 Port28 - Number of jabber frames 0 4294967295 1 - F9 0
received
0634 2 Port28 - Number of collisions occurred 0 4294967295 1 - F9 0
0636 2 Port28 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0638 2 Port28 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
063A 2 Port28 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
063C 2 Port28 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
063E 2 Port28 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0640 2 Port28 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0642 2 Port28 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0644 2 Port28 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0646 2 Port28 - Number of dropped received 0 4294967295 1 - F9 0
packets
0648 2 Port28 - Number of multicast frames 0 4294967295 1 - F9 0
sent
064A 2 Port28 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
064C 2 Port28 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
064E 2 Port29 - Number of bytes received 0 4294967295 1 - F9 0
0650 2 Port29 - Number of bytes sent 0 4294967295 1 - F9 0
0652 2 Port29 - Number of frames received 0 4294967295 1 - F9 0
0654 2 Port29 - Number of frames sent 0 4294967295 1 - F9 0
0656 2 Port29 - Total bytes received 0 4294967295 1 - F9 0

442
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0658 2 Port29 - Total frames received 0 4294967295 1 - F9 0
065A 2 Port29 - Number of broadcast frames 0 4294967295 1 - F9 0
received
065C 2 Port29 - Number of multicast frames 0 4294967295 1 - F9 0
received
065E 2 Port29 - Number of frames with CRC 0 4294967295 1 - F9 0
error
0660 2 Port29 - Number of oversized frames 0 4294967295 1 - F9 0
received
0662 2 Port29 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0664 2 Port29 - Number of jabber frames 0 4294967295 1 - F9 0
received
0666 2 Port29 - Number of collisions occurred 0 4294967295 1 - F9 0
0668 2 Port29 - Number of late collisions 0 4294967295 1 - F9 0
occurred
066A 2 Port29 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
066C 2 Port29 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
066E 2 Port29 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0670 2 Port29 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0672 2 Port29 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0674 2 Port29 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
0676 2 Port29 - Number of Mac Error Packets 0 4294967295 1 - F9 0
0678 2 Port29 - Number of dropped received 0 4294967295 1 - F9 0
packets
067A 2 Port29 - Number of multicast frames 0 4294967295 1 - F9 0
sent
067C 2 Port29 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
067E 2 Port29 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0680 2 Port30 - Number of bytes received 0 4294967295 1 - F9 0
0682 2 Port30 - Number of bytes sent 0 4294967295 1 - F9 0
0684 2 Port30 - Number of frames received 0 4294967295 1 - F9 0
0686 2 Port30 - Number of frames sent 0 4294967295 1 - F9 0
0688 2 Port30 - Total bytes received 0 4294967295 1 - F9 0
068A 2 Port30 - Total frames received 0 4294967295 1 - F9 0
068C 2 Port30 - Number of broadcast frames 0 4294967295 1 - F9 0
received
068E 2 Port30 - Number of multicast frames 0 4294967295 1 - F9 0
received
0690 2 Port30 - Number of frames with CRC 0 4294967295 1 - F9 0
error

443
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0692 2 Port30 - Number of oversized frames 0 4294967295 1 - F9 0
received
0694 2 Port30 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
0696 2 Port30 - Number of jabber frames 0 4294967295 1 - F9 0
received
0698 2 Port30 - Number of collisions occurred 0 4294967295 1 - F9 0
069A 2 Port30 - Number of late collisions 0 4294967295 1 - F9 0
occurred
069C 2 Port30 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
069E 2 Port30 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
06A0 2 Port30 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06A2 2 Port30 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06A4 2 Port30 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06A6 2 Port30 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
06A8 2 Port30 - Number of Mac Error Packets 0 4294967295 1 - F9 0
06AA 2 Port30 - Number of dropped received 0 4294967295 1 - F9 0
packets
06AC 2 Port30 - Number of multicast frames 0 4294967295 1 - F9 0
sent
06AE 2 Port30 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
06B0 2 Port30 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
06B2 2 Port31 - Number of bytes received 0 4294967295 1 - F9 0
06B4 2 Port31 - Number of bytes sent 0 4294967295 1 - F9 0
06B6 2 Port31 - Number of frames received 0 4294967295 1 - F9 0
06B8 2 Port31 - Number of frames sent 0 4294967295 1 - F9 0
06BA 2 Port31 - Total bytes received 0 4294967295 1 - F9 0
06BC 2 Port31 - Total frames received 0 4294967295 1 - F9 0
06BE 2 Port31 - Number of broadcast frames 0 4294967295 1 - F9 0
received
06C0 2 Port31 - Number of multicast frames 0 4294967295 1 - F9 0
received
06C2 2 Port31 - Number of frames with CRC 0 4294967295 1 - F9 0
error
06C4 2 Port31 - Number of oversized frames 0 4294967295 1 - F9 0
received
06C6 2 Port31 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
06C8 2 Port31 - Number of jabber frames 0 4294967295 1 - F9 0
received
06CA 2 Port31 - Number of collisions occurred 0 4294967295 1 - F9 0

444
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

06CC 2 Port31 - Number of late collisions 0 4294967295 1 - F9 0
occurred
06CE 2 Port31 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
06D0 2 Port31 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent
06D2 2 Port31 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06D4 2 Port31 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06D6 2 Port31 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
06D8 2 Port31 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
06DA 2 Port31 - Number of Mac Error Packets 0 4294967295 1 - F9 0
06DC 2 Port31 - Number of dropped received 0 4294967295 1 - F9 0
packets
06DE 2 Port31 - Number of multicast frames 0 4294967295 1 - F9 0
sent
06E0 2 Port31 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
06E2 2 Port31 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
06E4 2 Port32 - Number of bytes received 0 4294967295 1 - F9 0
06E6 2 Port32 - Number of bytes sent 0 4294967295 1 - F9 0
06E8 2 Port32 - Number of frames received 0 4294967295 1 - F9 0
06EA 2 Port32 - Number of frames sent 0 4294967295 1 - F9 0
06EC 2 Port32 - Total bytes received 0 4294967295 1 - F9 0
06EE 2 Port32 - Total frames received 0 4294967295 1 - F9 0
06F0 2 Port32 - Number of broadcast frames 0 4294967295 1 - F9 0
received
06F2 2 Port32 - Number of multicast frames 0 4294967295 1 - F9 0
received
06F4 2 Port32 - Number of frames with CRC 0 4294967295 1 - F9 0
error
06F6 2 Port32 - Number of oversized frames 0 4294967295 1 - F9 0
received
06F8 2 Port32 - Number of bad fragments 0 4294967295 1 - F9 0
rcvd(<64 bytes)
06FA 2 Port32 - Number of jabber frames 0 4294967295 1 - F9 0
received
06FC 2 Port32 - Number of collisions occurred 0 4294967295 1 - F9 0
06FE 2 Port32 - Number of late collisions 0 4294967295 1 - F9 0
occurred
0700 2 Port32 - Number of 64-byte frames 0 4294967295 1 - F9 0
rcvd/sent
0702 2 Port32 - Number of 65-127 byte frames 0 4294967295 1 - F9 0
rcvd/sent

445
M O D B U S M E M O R Y M A P

Address Qty Description Min Max Step Unit Format Default

0704 2 Port32 - Number of 128-255 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0706 2 Port32 - Number of 256-511 byte 0 4294967295 1 - F9 0
frames rcvd/sent
0708 2 Port32 - Number of 512-1023 byte 0 4294967295 1 - F9 0
frames rcvd/sent
070A 2 Port32 - Number of 1023-MAX byte 0 4294967295 1 - F9 0
frames rcvd/sent
070C 2 Port32 - Number of Mac Error Packets 0 4294967295 1 - F9 0
070E 2 Port32 - Number of dropped received 0 4294967295 1 - F9 0
packets
0710 2 Port32 - Number of multicast frames 0 4294967295 1 - F9 0
sent
0712 2 Port32 - Number of broadcast frames 0 4294967295 1 - F9 0
sent
0714 2 Port32 - Number of <64 byte 0 4294967295 1 - F9 0
fragments w/ good CRC
0716 6 Serial Number - - - - String Varies

446
I N D E X

Index
!!, 359 bootcfg, 42, 76, 335
!<n>, 359 bootimg, 42, 76, 335
802.1d, 158, 162, 170, 171, 173, 176, 183, 346 bootp, 41, 42, 76, 335
802.1D, 253 BOOTP, 86
802.1q, 243 BPDU, 119, 185, 187, 188, 190, 191, 194, 208
802.1Q, 144, 158 broadcast storms, 140
802.1w, 170, 171, 176, 185 broadcast-protect, 140, 141, 143, 344
802.1x, 116, 117, 118, 119, 125, 342 certificate, 59, 60, 78, 79, 337, 338, 364, 375,
access, 48, 69, 112, 113, 115, 270, 341 381, 384, 387, 388, 390, 391, 392, 393
Access Privileges chlevel, 31, 39, 334
useraccess, 32 chlevel user, 31
action, 102, 103, 106, 114, 340 clear, 103, 108, 109, 114, 341
action port, 102 clear log, 108, 109, 114, 325, 341
add, 30, 39, 105, 146, 150, 157, 210, 212, 214, clear-reserveip, 91, 93, 340
298, 299, 300, 303, 305, 330, 331, 334, CLI, 24
345, 349, 356, 357, 360, 361 climode, 80
add a user, 30 com2sec, 264, 268, 274, 353
add mac, 105 community, 263, 273, 352, 362
add port, 210, 211, 212, 214, 349, 361 community string, 259
add user, 30 config, 58, 91, 92, 93, 337, 338, 339, 364, 384
addlease, 91, 93, 339 config startip, 91, 93, 339
advertisement, 243 configure, 80, 114, 146, 338, 340
alarm, 272, 275, 298, 299, 300, 330, 354, 356 configure access, 43, 80, 338
alarm disable, 301 CoS, 217
Alarm Group, 272 cost, 161, 163, 167, 169, 177, 181, 183, 346,
allow, 102, 103, 104, 112, 113, 114, 115, 340, 347
341 date and time
allow mac, 102, 103, 114, 340 set day, time or time zone, 53
anycast address, 82 default user name, 26
app, 58, 337, 338, 364, 384 DEFAULT-VLAN, 145
auth, 119, 121, 122, 123, 124, 125, 126, 342, deftrap, 263, 267, 274, 353
343, 383 del, 58, 210, 211, 214, 299, 301, 330, 337, 349,
Authentication, 260 356, 363, 364
Authentication Server, 116 del port, 210, 211, 214, 349, 363
authenticator, 116, 118, 119, 120, 125, 126, delete, 31, 39, 304, 305, 331, 334
342, 343 delete user, 31
Authenticator, 116 deny, 113, 115, 341
Authoritative SNMP engine, 260 device, 134, 135, 138, 141, 142, 344
authorize, 39, 192, 195, 347, 361 dhcp, 42, 76, 335
authserver, 119, 125, 342 DHCP, 24, 26, 40, 41, 42, 76, 86, 87, 88, 89, 90,
authtrap, 263, 267, 273, 274, 352 91, 93, 94, 335, 339, 340
auto, 42, 76, 335 IP address lease, automatic, permanent,, 87
backend, 125, 342 DHCP Server, 86
backpressure, 137, 138, 142, 344 dhcpsrv, 91, 92, 93, 339
banner, 308, 309 Differentiated Services. See Diffserv
Banner Message. See banner Diffie-Hellman, 46

447
I N D E X

DiffServ, 216 GVRP, 21, 243, 245

disable mode, 101 GVRP BPDUs, 243
displaying configuration, 70 help, 34, 39, 334
displaying passwords, 65 Help
dns, 50, 77, 336, 369 exit from the CLI interface, 37
DNS, 50, 77, 336, 369, 376 options for a specific command, 35
drop mode, 101 TAB key, 35
DS. See Diffserv Helsinki University of Technology, 46
DSA, 47 hiding passwords, 65
DSCP, 216 HiDiscovery, 46
dualhome, 200, 201, 202, 348, 363 history, 272, 275, 354
Dual-Homing, 197 History Group, 271
EAP, 117 HiVision, 273
EAPOL, 117 host, 69, 79
edit, 147, 150, 157, 210, 214, 345, 363 hosts, 58, 337, 338, 364, 384
edit port, 210, 214, 349, 363 IEEE, 117, 119, 136, 144, 158, 162, 170, 171,
enable, 29, 30, 39, 334 173, 176, 183, 185, 193, 194, 195, 196,
enable ps, 105 203, 215, 217, 243, 346, 347, 348
Encryption, 46 IEEE 1588, 136, 281, 376
end-span, 311 IEEE 802.1AB, 252
engineid, 263, 267, 274, 352 IEEE 802.1D-2004, 170
erase the configuration IEEE 802.1p, 215, 243
kill config, 74 IEEE 802.1q, 215, 243
Ethernet segments, 144 IEEE 802.3ad, 203
Ethernet Statistics Group. See IEEE 802.3af, 311
EtherType, 253 IEEE 802.3at, 312
event, 272, 275, 354 IETF, 216
exit, 48, 53, 56, 111, 113, 136, 140, 182, 212, igmp, 235, 236, 238, 241, 242, 350
241, 302, 306, 322 IGMP, 21, 218, 228, 229, 230, 231, 232, 235,
exportlog, 325, 326, 332, 358 236, 237, 238, 239, 240, 242, 243, 252,
FIFO, 215 259, 276, 281, 289, 296, 334, 350, 385,
file transfer protocol. See ftp 387, 394, 415
flowcontrol, 138, 142, 344 IGMP-L2, 232, 233, 234, 235, 241, 242, 350,
forceversion, 177, 179, 183, 347 351, 366, 370
FTA, 172 IMAP, 302
ftp, 58, 78, 85, 323, 337, 339, 364 IP address
FTP modes, 323 DNS, 50
GARP, 243 set serial port parameters, 51
get, 58, 60, 79, 337, 338, 364, 384 system parameters, 52
Getting Started IP addresses
Connect the console, 24 Bootp database, 41
IP address, 23 DHCP, 41
VLAN configuration, 23 system information, 40
group, 32, 39, 83, 97, 102, 113, 144, 204, 205, IP adresses
211, 212, 228, 229, 230, 231, 232, 233, SSH, 46
235, 236, 237, 238, 241, 242, 260, 261, ipconfig, 28, 38, 41, 66, 68, 73, 84, 334, 339,
264, 269, 272, 274, 275, 309, 334, 350, 365, 376
353, 354, 361, 364, 365, 374, 377, 378, IPv4, 81, 82, 83, 217, 218, 364, 381
380, 383 IPv6, 81, 82, 83, 84, 85, 98, 339, 364, 381
group add, 269 address, configuration, 83
GSSAPI, 47 ISP, 116
gvrp, 249, 351 Kerberos, 47

448
I N D E X

kill, 45, 78, 337, 365 network time

kill config, 73, 74, 78, 80, 309, 337, 339, 365 SNTP, 55
kill session, 45, 78, 337, 365 NMS, 252
lacp, 210, 211, 214, 349, 365 Notify
LACP, 21, 203, 204, 205, 206, 207, 208, 209, all enables, none disables all, 140
210, 211, 212, 213, 214, 349, 361, 363, devices - setport, 140
365, 376 log, trap or alarm, 140
LACPDU, 204, 205, 208 Syntax setport, 135
learn, 102, 104, 105, 106, 114, 340 NTLM, 47
learn port, 102, 114, 340 oldconf, 58, 337, 338, 364, 384
Link Layer Discovery Protocol Data Unit. See OPEN, 194
LLDPDU OpenSSH, 47
Link-Loss-Learn, 184, 185, See LLL Operator, 29
list, 58, 337, 364 Operator privileges, 30
lldp, 254, 255, 256, 257, 258, 351, 365, 376 Option 82, 90
LLDP, 252, 253, 254, 255, 256, 257, 258, 312, PAM, 47
351, 365, 372, 376, 379, 381 passwd, 31, 39, 334
LLDPDU, 253 passwd user, 31
lll, 194, 195, 196, 348 period, 299, 330, 356
LLL, 184, 185, 191, 194, 195, 196, 348 PHB, 216
lll add, 194, 196, 348 ping, 323, 333, 359
lll del, 194, 195, 196, 348 ping6, 83, 85, 339
loadconf, 78, 336 poe, 313, 358, 367
log, 58, 63, 79, 337, 338, 339, 364, 382, 384 PoE, 198, 311
Log and Event Group, 272 poereset, 313, 332, 358, 367
logout, 37, 38, 39, 309, 335 POP3, 302
Management Information Base. See MIB port, 161, 164, 167, 169, 172, 173, 177, 181,
Management Information Database. See MIB 182, 183, 346, 347
Manager, 29 Port mirroring
Manager privileges, 30 from one port to another setup, 133
manual, 42, 76, 335 port security, 101, See ps
map, 223, 225, 227, 280, 349, 366, 415 Port setup
mcast, 235, 236, 242, 350 speed, flow, back pressure, broadcast storms, 134
MD5, 119, 129 portaccess, 122, 125, 342
mgrip, 263, 273, 352 port-mirror, 133, 142, 344
MIB, 119, 229, 252, 259, 264, 271, 272, 274, port-security, 101, 105, 114, 340
353 Power Sourcing Equipment. See PSE
mid-span, 311 priority, 161, 163, 166, 169, 177, 180, 183, 215,
modbus, 278, 279, 280, 355, 366 346, 347
Modbus, 276, 277, 278, 279, 280, 355, 366 privilege level, 29
mode, 235, 241, 242 prtmr, 133, 142, 344
mode L2, 241 ps, 102, 103, 114, 341
mode normal, 241 PSE, 311
modes of operation, 25 PTP, 281, 368, 373, 376
modify password, 31 PTP IEEE 1588, 281
MOMENTARY, 297, 298 public keys, 46
more, 69, 70, 80 put, 58, 60, 79, 337, 338, 364, 384
MOTD, 308 qos, 218, 223, 226, 349
multicast, 294 QoS, 21, 137, 215, 216, 217, 218, 219, 220,
NAS, 127 223, 224, 226, 349
Network Management Station. See NMS quickcfg, 263, 267, 273, 352

449
I N D E X

RADIUS, 116, 117, 118, 119, 120, 125, 342 rstp, 172, 178, 182, 346
rate-threshold, 140, 141, 143, 357 RSTP, 20, 21, 70, 75, 160, 162, 163, 164, 165,
rcp, 46 166, 168, 169, 170, 171, 172, 173, 174,
reauth, 123, 126, 343 175, 176, 177, 178, 179, 180, 181, 182,
reboot, 28, 38, 334, 410, 411, 413 183, 184, 185, 186, 187, 188, 189, 190,
reboot-date, 319, 332, 359 191, 192, 207, 208, 298, 346, 347, 364,
reboot-frequency, 319, 332, 359 367, 369, 370, 375, 378, 379
reboot-reminder, 319, 332, 359 rstp enable, 172
reboot-scheduler, 318, 319, 320, 332 RSTP Path cost, 176
reboot-time, 319, 332, 359 RTSP, 170
remove, 102, 104, 113, 114, 115, 341 running configuration
remove mac, 102, 114, 341 saved, script, 72
removeall, 113, 341 save, 38, 105, 106, 157, 250, 334, 345
reserve-ip, 91, 93, 340 saveconf, 74, 78, 336
RFC, 116, 228 saveconf mode, 78, 336
RFC 1112, 228 saving and loading configuration, 56
RFC 1122, 277 script, 58, 337, 338, 364, 384
RFC 1752, 81 script file
RFC 1901, 262 FTP or TFTP, 64
RFC 1902, 262 Script files, 64
RFC 1903, 262 Secure ftp, 59, 78, 79
RFC 1904, 262 Secure Shell. See SSH
RFC 1905, 262 sendmail, 304, 306, 331, 358
RFC 1906, 262 serial number, 75
RFC 1907, 262 server, 108, 110, 114, 115, 304, 331, 341, 358
RFC 1908, 262 service, 113
RFC 2104, 262 set, 24, 25, 34, 37, 38, 40, 42, 51, 53, 54, 77,
RFC 2131, 86 80, 100, 103, 105, 106, 108, 112, 114,
RFC 2271, 262 134, 136, 138, 146, 157, 162, 172, 182,
RFC 2272, 262 193, 195, 196, 232, 264, 273, 308, 322,
RFC 2273, 262 324, 334, 336, 338, 340, 345, 348, 352,
RFC 2274, 262 357, 369, 370, 371, 373
RFC 2275, 262 set bootmode, 42
RFC 2922, 252 set date, 53, 54, 77, 336
RFC 3164, 106, 108, 325 set daylight, 54, 336
RFC 3315, 86 set dns, 50, 77, 336, 369
RFC 3396, 86 set ftp, 324
RFC 4251, 47 set ftp mode, 58, 65, 78, 324, 333, 359, 369
RFC 4252, 47 set history, 321
RFC 4253, 47 set igmp, 232
RFC 4254, 47 set logsize, 108, 112, 114, 341
RFC 4256, 47 set motd, 308, 330, 357, 370
RFC 4391, 86 set password, 83, 85, 100
RFC 4541, 235 set prompt, 322, 333, 359, 373
RFC 821, 302 set secrets, 65, 67, 80, 339, 370
RING_CLOSED, 188, 190 set serial, 51, 77, 336
RING_OPEN, 189 set snmp, 262, 264, 273, 352
rlogin, 46 set stp, 162, 172, 182, 193, 195, 196, 346, 347,
rmon, 272, 275, 354 348
RMON, 271, 272, 273, 275, 298, 304, 354 set time, 53, 54, 77, 336
RSA, 46, 47 set timeformat, 54, 77, 336
rsh, 46 set timezone, 53, 77, 336

450
I N D E X

set vlan, 146, 157, 345 show gvrp, 249, 351

set-forbid, 249, 250, 351 show history, 320, 321, 332, 359
set-leave, 239, 242, 350 show host, 79
setport, 119, 121, 124, 125, 133, 134, 135, 139, command, 69
142, 342, 344, 371, 372 show igmp, 235, 236, 239, 240, 241, 242, 350
set-port, 350 show ip-access, 113, 114
set-port, 371 show ipconfig, 41, 80, 338
set-port, 371 show ipv6, 83, 85, 339
set-port, 371 show keys, 38, 192
set-port, 371 show lacp, 210, 211, 212, 213, 214, 349
set-port, 371 show lldp, 255, 256, 257, 258
set-port, 371 show lll, 194, 196, 348
set-port, 372 show log, 108, 109, 114, 325, 341
set-port, 372 show modbus, 279, 280, 355
setport monitor, 133, 142, 344, 371 show modules, 136, 142
setport port, 372 show motd, 308, 309, 330, 357, 376
set-qi, 238, 240, 242, 350 show port, 138, 142, 220, 344
setqos, 220, 221, 222 show port-mirror, 133, 142, 344
set-qri, 238, 240, 242, 350 show port-security, 102, 103, 104, 105, 114,
set-querier, 238, 239 340
setsntp, 55, 77, 336 show power, 309, 310
setsntp server, 77, 336 show qos, 220, 221, 222, 224, 226, 349
set-untag, 227, 349 show rmon, 272
setvar, 53, 77, 263, 267, 273, 322, 336, 352 show rstp, 173, 175, 176, 178, 179, 180, 181
set-weight, 219, 222, 224, 226, 349 show secrets, 65, 67, 80, 339
SFTP, 48
show serial, 52, 80, 321, 338
show, 52, 141, 143, 162, 163, 165, 173, 176,
show session, 45, 78, 337
200, 242, 247, 274, 306, 320, 321, 339,
show setup, 28, 29, 38, 52, 75, 80, 321, 334,
340, 344, 359, 377, 378, 379, 409
338
show ipconfig, 85, 339
show smtp, 303, 305, 306, 330, 357
show active-snmp, 263, 264, 267, 273, 352
show snmp, 263, 267, 273, 352
show active-stp, 162, 173, 178, 183, 193, 195,
show sntpsrv, 98, 378
196, 346, 347, 348
show s-ring, 193, 195, 347
show active-vlan, 150 show ssh, 48, 77, 336
show address-table, 329, 330 show stp, 159, 160, 161, 163, 164, 165, 166,
show alarm, 299, 300, 301, 302, 356 167, 168, 169, 173, 174, 175, 183, 345,
show auth config, 121, 122 347
show auth ports, 121, 125 show sysconfig, 29, 52, 80, 338
show backpressure, 137, 138, 143, 344 show syslog, 109, 110, 111, 115
show broadcast-protect, 141 show tacplus, 129, 131, 343
show config, 39, 64, 66, 70, 71, 73, 80, 334, show temp, 310, 332, 358, 378
339, 375 show time, 54, 80, 338
show console, 44, 49, 80, 338 show timezone, 54, 80, 338
show date, 54, 80, 339 show uptime, 80, 339
show daylight, 54 show version, 321, 333, 359
show dhcpsrv, 91, 92, 94, 340 show vlan, 147, 150, 151, 153, 157, 247, 345
show dns, 50, 77, 336, 376 show-access, 270
show dualhome, 200, 201, 202, 348, 376 show-authtrap, 263, 267, 274, 353
show fans, 310, 332, 358, 376 show-com2sec, 268
show flowcontrol, 138, 142, 344 show-deftrap, 263, 267, 274, 353
show ftp, 58, 65, 78, 324, 333, 359, 376

451
I N D E X

show-forbid, 249, 250, 351 SSH-1, 46

show-forceversion, 177, 179, 183, 347 SSH-2, 46
show-group, 237, 242, 264, 269, 274, 350, 353 start, 147, 157, 345
show-poe, 313, 332, 358, 378 static, 247, 249, 351
show-port, 122, 123, 157, 238, 242 static multicast
show-portweight, 219, 222, 223, 226, 349 commands, 356
show-remote, 255, 256, 258, 351, 379 static multicast commands, 294
show-router, 238, 239, 242, 350 Station and Media Access Control Connectivity
show-stats, 123, 126, 343 and Discovery. See LLDP
show-timers, 177, 180, 183, 347 statistics, 272, 275, 354
show-trap, 264, 268, 274, 353 stftp, 59, 78, 79, 337, 375
show-user, 264, 270, 271, 275, 354 stp, 162, 165, 169, 193, 195, 196, 346, 347, 348
show-view, 264, 269, 274, 353 STP, 20, 21, 70, 75, 119, 139, 158, 159, 160,
show-vlan, 249, 351 161, 162, 163, 164, 165, 166, 167, 168,
signal, 102, 105, 106, 114, 341 169, 170, 171, 172, 173, 174, 175, 176,
signal port, 102, 114, 341 177, 178, 179, 182, 183, 184, 185, 186,
Simple Network Management Protocol. See 187, 188, 189, 190, 191, 192, 193, 194,
SNMP 195, 196, 208, 298, 345, 346, 347, 348,
smtp, 303, 305, 306, 330, 332, 357, 358 364, 367, 370, 375, 378, 380, 381
SMTP, 302, 303, 304, 305, 306, 307, 330, 331, stp enable, 163, 165
332, 357, 358, 369, 377, 379 STP Path cost, 176
snmp, 53, 77, 273, 322, 336, 352 Stratum, 96, 97
SNMP, 21, 24, 40, 44, 53, 102, 113, 114, 119, supplicant, 116, 118, 119, 120, 125, 126, 342,
252, 259, 260, 261, 262, 263, 264, 265, 343
267, 271, 272, 273, 303, 304, 306, 328, Supplicant, 116
330, 331, 332, 352, 357, 358, 360, 368, SUSTAINED, 297, 298
370, 378, 379, 380 sync, 55, 77
SNMP engine, 260 syslog, 108, 109, 111, 114, 115, 341, 380
SNMP group, 260 sysname, 322
SNMP user, 260 TAB, 36, 39, 335
SNMPv2c, 259 TACACS+, 127, 128, 129, 130, 131, 132, 343,
snmpv3, 263, 267, 273, 352 381
sntp, 55, 78 authentication, 127
SNTP, 55, 56, 70, 75, 77, 78, 95, 96, 97, 109, packets, encrypted, configuring, 129
325, 328, 336, 340, 374, 380 TACACSD, 127
sntp enable, 56 tacplus, 130, 131, 343, 380
SNTP server tacserver, 130, 131, 132, 343, 381
only with MNS-6K SECURE switch, 95 TAI, 95
Stratum 0, Stratum 1, Stratum 2, Stratum 3, 96 Tatu Ylönen, 46
sntpserver, 98, 99, 340, 380 TCP, 26, 127, 130, 132, 343, 381
sntpsrv, 98, 99, 340, 378, 380 telnet, 43, 44, 48, 77, 85, 309, 335, 339
s-ring, 193, 195, 196, 347, 348 Telnet, 46
S-Ring, ii, 20, 21, 184, 185, 187, 189, 190, 191, telnet enable, 43
192, 193, 194, 195, 215, 347, 361
tftp, 59, 66, 67, 79, 326, 337
s-ring add, 193, 194, 195, 347
TFTP server
s-ring del, 193, 196, 348
commands and capabilities, 61
s-ring enable, 193 tftpsrv, 63, 79, 339, 382
s-ring learn, 193, 195, 347 timers, 161, 164, 168, 169, 177, 182, 183, 194,
ssh, 48, 49, 77, 336, 380 255, 258, 346, 347, 352, 379, 381
SSH, 43, 46, 47 TLV, 253, 254
SSH client, 46 ToS, 216, 217, 218, 223, 226, 349

452
I N D E X

trap, 263, 267, 274, 353 VACM, 262, 263, 264, 267, 273, 274, 352, 353
trigger-reauth, 124, 126, 343 VID, 243, 244, 245, 246, 247, 248, 249, 251,
Type-Length-Value. See TLV 351
UDP, 119, 121, 122, 124, 125, 127, 342 view, 264, 269, 274, 353
UNKNOWN, 194 virtual LAN. See VLAN
upgrade vlan, 146, 147, 149, 150, 157
MNS-6k series, 61 VLAN, 21, 23, 24, 134, 138, 139, 144, 145, 146,
tftp, 61 147, 158, 243
uptime, 320 set-port, 147
user, 264, 270, 274, 353 show-port, 148
useraccess, 32, 39, 334 Write view, 260
USM, 262, 264, 275, 353 xmodem, 338, 384
UTC, 95 XTACACS, 127

453