Implementation Guide
Page 6
... Management Access by IP Address 71 Securing Access to the Web Interface 72 Getting a Digital Certificate 72 Securing Access to the Command Line Interface 73 Access Control Lists 73 How Access Control List Rules Work 74 Port Security 74 What is Network Login? 75 How Network Login Works 75 Important Considerations 76 What is Switch Management Login? 77 Benefits of RADIUS Authentication 77 How RADIUS Authentication Works 78 Important Considerations 79 What is RADIUS? 80 11 IP ROUTING What is Routing? 82 Routing...
... Management Access by IP Address 71 Securing Access to the Web Interface 72 Getting a Digital Certificate 72 Securing Access to the Command Line Interface 73 Access Control Lists 73 How Access Control List Rules Work 74 Port Security 74 What is Network Login? 75 How Network Login Works 75 Important Considerations 76 What is Switch Management Login? 77 Benefits of RADIUS Authentication 77 How RADIUS Authentication Works 78 Important Considerations 79 What is RADIUS? 80 11 IP ROUTING What is Routing? 82 Routing...
Implementation Guide
Page 9
... the system or network administrator who is used when referring to the 3Com SuperStack 3 Switch 3226 and 3Com SuperStack 3 Switch 3250. ABOUT THIS GUIDE This guide describes the features of the Web interface operations and the Command Line Interface (CLI) commands that you require to manage the Switch please refer to the Management Quick Reference Guide that accompanies your network. The term Switch is responsible for details of the specific features your Switch supports. It assumes a working knowledge of your Switch or on...
... the system or network administrator who is used when referring to the 3Com SuperStack 3 Switch 3226 and 3Com SuperStack 3 Switch 3250. ABOUT THIS GUIDE This guide describes the features of the Web interface operations and the Command Line Interface (CLI) commands that you require to manage the Switch please refer to the Management Quick Reference Guide that accompanies your network. The term Switch is responsible for details of the specific features your Switch supports. It assumes a working knowledge of your Switch or on...
Implementation Guide
Page 11
... 3Com Network Supervisor. Related Documentation 11 Related Documentation Documentation Comments In addition to this guide, each Switch documentation set includes the following: ■ SuperStack 3 Switch 3226 and SuperStack 3 Switch 3250 Getting Started Guide This guide contains: ■ all the information you need to install and set up the Switch in HTML format on the CD-ROM that accompanies your Switch. ■ SuperStack 3 Switch 3226 and SuperStack 3 Switch 3250 Management Quick Reference Guide This guide contains: ■ a list of the Web interface and Command Line Interface...
... 3Com Network Supervisor. Related Documentation 11 Related Documentation Documentation Comments In addition to this guide, each Switch documentation set includes the following: ■ SuperStack 3 Switch 3226 and SuperStack 3 Switch 3250 Getting Started Guide This guide contains: ■ all the information you need to install and set up the Switch in HTML format on the CD-ROM that accompanies your Switch. ■ SuperStack 3 Switch 3226 and SuperStack 3 Switch 3250 Management Quick Reference Guide This guide contains: ■ a list of the Web interface and Command Line Interface...
Implementation Guide
Page 14
... support auto-negotiation of congestion on the Switch 3250). Flow Control All Switch ports support flow control, which is a mechanism that minimizes packet loss during periods of port speed. Your Switch supports one link is enabled (default), a port "advertises" its maximum capabilities - if one aggregated link using multiple links in effect, doubles the potential throughput of a connection. ■ They can potentially increase the bandwidth of a link. The Switch implements the IEEE 802.3ad standard for crossover cables. Duplex Full duplex mode allows packets...
... support auto-negotiation of congestion on the Switch 3250). Flow Control All Switch ports support flow control, which is a mechanism that minimizes packet loss during periods of port speed. Your Switch supports one link is enabled (default), a port "advertises" its maximum capabilities - if one aggregated link using multiple links in effect, doubles the potential throughput of a connection. ■ They can potentially increase the bandwidth of a link. The Switch implements the IEEE 802.3ad standard for crossover cables. Duplex Full duplex mode allows packets...
Implementation Guide
Page 15
... full duplex mode. or For more information about auto-negotiation and port capabilities, see Chapter 2 "Optimizing Bandwidth". Security information such as passwords and management IP information will be unsuccessful if the physical configuration of the device is saved and restored. The restore operation will not be set using the Switch's Command Line Interface is different. ■ The configuration of your Switch to be saved as a file on a remote server, or to its factory default settings...
... full duplex mode. or For more information about auto-negotiation and port capabilities, see Chapter 2 "Optimizing Bandwidth". Security information such as passwords and management IP information will be unsuccessful if the physical configuration of the device is saved and restored. The restore operation will not be set using the Switch's Command Line Interface is different. ■ The configuration of your Switch to be saved as a file on a remote server, or to its factory default settings...
Implementation Guide
Page 16
... provides protection from network loops - 16 CHAPTER 1: SWITCH FEATURES OVERVIEW ■ LACP automatic aggregations - The aggregated link should be lost because the restore operation disables the aggregated link ports. For detailed descriptions of the Configuration Save and Restore Web interface operations and Command Line Interface (CLI) commands, please refer to which multicast traffic should be set up as VLANs and Fast Start may be forwarded. The multicast filtering system supported by your Switch uses IGMP (Internet Group Management Protocol) snooping to detect the...
... provides protection from network loops - 16 CHAPTER 1: SWITCH FEATURES OVERVIEW ■ LACP automatic aggregations - The aggregated link should be lost because the restore operation disables the aggregated link ports. For detailed descriptions of the Configuration Save and Restore Web interface operations and Command Line Interface (CLI) commands, please refer to which multicast traffic should be set up as VLANs and Fast Start may be forwarded. The multicast filtering system supported by your Switch uses IGMP (Internet Group Management Protocol) snooping to detect the...
Implementation Guide
Page 18
... connections - Alternatively, you can segment your network without any restrictions. ■ Secure As an example, with VLANs you can set for an individual port or a range of ports: ■ No Security Port security is disabled and all network traffic is faulty or configured incorrectly. For more information about how the automatic IP configuration feature works, see Chapter 8 "Setting Up Virtual LANs". Port Security Your Switch supports the following port...
... connections - Alternatively, you can segment your network without any restrictions. ■ Secure As an example, with VLANs you can set for an individual port or a range of ports: ■ No Security Port security is disabled and all network traffic is faulty or configured incorrectly. For more information about how the automatic IP configuration feature works, see Chapter 8 "Setting Up Virtual LANs". Port Security Your Switch supports the following port...
Implementation Guide
Page 23
... same number (25-26 on the Switch 3226, 49-50 on the Switch 3250). An aggregation can provide redundancy - The corresponding 10/100/1000 port is disabled when an SFP module is broken, the other link will still pass traffic. If both ports on the 10/100 ports. Switch Aggregated Link Switch How 802.3ad Link Aggregation Operates Your Switch supports IEEE Std 802.3-2002 (incorporating 802.3ad) aggregated links which use the Link Aggregation Control Protocol (LACP). Aggregated links...
... same number (25-26 on the Switch 3226, 49-50 on the Switch 3250). An aggregation can provide redundancy - The corresponding 10/100/1000 port is disabled when an SFP module is broken, the other link will still pass traffic. If both ports on the 10/100 ports. Switch Aggregated Link Switch How 802.3ad Link Aggregation Operates Your Switch supports IEEE Std 802.3-2002 (incorporating 802.3ad) aggregated links which use the Link Aggregation Control Protocol (LACP). Aggregated links...
Implementation Guide
Page 27
... the remaining ports. Aggregated Link - b Add the ports 25 and 26 on the core Switch for aggregated links. Figure 3 A 2 Gbps aggregated link between two Switch units, (that the ports have an identical configuration using your preferred management interface. To do this : a Check that the ports have an identical configuration using your preferred management interface. Aggregated Links 27 aggregated link traffic to prevent the possible occurrence of packet re-ordering when a link recovers too soon after a failure. b Add the ports 5 and 7 on...
... the remaining ports. Aggregated Link - b Add the ports 25 and 26 on the core Switch for aggregated links. Figure 3 A 2 Gbps aggregated link between two Switch units, (that the ports have an identical configuration using your preferred management interface. To do this : a Check that the ports have an identical configuration using your preferred management interface. Aggregated Links 27 aggregated link traffic to prevent the possible occurrence of packet re-ordering when a link recovers too soon after a failure. b Add the ports 5 and 7 on...
Implementation Guide
Page 35
.... The Switch provides resilient links using the Rapid Spanning Tree Protocol (RSTP). one of the major causes of the Web interface operations and the Command Line Interface (CLI) commands that use either the Spanning Tree Protocol (STP) or RSTP. The Rapid Spanning Tree Protocol makes your network more about STP and the protocol features supported by default on your Switch. The protocol configures itself automatically based on the surrounding network and is enabled by your Switch. For...
.... The Switch provides resilient links using the Rapid Spanning Tree Protocol (RSTP). one of the major causes of the Web interface operations and the Command Line Interface (CLI) commands that use either the Spanning Tree Protocol (STP) or RSTP. The Rapid Spanning Tree Protocol makes your network more about STP and the protocol features supported by default on your Switch. The protocol configures itself automatically based on the surrounding network and is enabled by your Switch. For...
Implementation Guide
Page 68
... DHCP server. The dynamic nature of automatically configured IP information means that use . 68 CHAPTER 9: USING AUTOMATIC IP CONFIGURATION How Automatic IP Configuration Works When your Switch is powered up for IP configuration (manual, auto, none) was last configured is the default setting. If your Switch has been powered up before, whichever of available addresses) and other parameters such as a subnet mask, default gateway, lease time, and any time using the automatic IP configuration feature. Server Support...
... DHCP server. The dynamic nature of automatically configured IP information means that use . 68 CHAPTER 9: USING AUTOMATIC IP CONFIGURATION How Automatic IP Configuration Works When your Switch is powered up for IP configuration (manual, auto, none) was last configured is the default setting. If your Switch has been powered up before, whichever of available addresses) and other parameters such as a subnet mask, default gateway, lease time, and any time using the automatic IP configuration feature. Server Support...
Implementation Guide
Page 72
... passwords or configuration information will be configured to redirect all attempts to the following : ■ A browser that supports SSL ■ A digital certificate installed on the Switch The Switch ships with a default certificate installed. To access the Web interface securely, enter the following into your browser: https://xxx.xxx.xxx.xxx/ where xxx.xxx.xxx.xxx is the IP address of your network traffic is used by using...
... passwords or configuration information will be configured to redirect all attempts to the following : ■ A browser that supports SSL ■ A digital certificate installed on the Switch The Switch ships with a default certificate installed. To access the Web interface securely, enter the following into your browser: https://xxx.xxx.xxx.xxx/ where xxx.xxx.xxx.xxx is the IP address of your network traffic is used by using...
Implementation Guide
Page 73
... useful for packets received on network ports. If you have SSH encryption set. Rules are layer 3 instructions that you use SSH to administer your Switch and the network traffic is received on a series of the Certifying Authorities or your Switch can generate its own X.509 certificate. Securing Access to the Command Line Interface The Switch 3226 and Switch 3250 support SSH (Secure Shell), allowing secure access to the Command Line Interface of writing, the Telnet client supplied with Windows does not support SSH. Access Control Lists Access Control Lists (ACLs...
... useful for packets received on network ports. If you have SSH encryption set. Rules are layer 3 instructions that you use SSH to administer your Switch and the network traffic is received on a series of the Certifying Authorities or your Switch can generate its own X.509 certificate. Securing Access to the Command Line Interface The Switch 3226 and Switch 3250 support SSH (Secure Shell), allowing secure access to the Command Line Interface of writing, the Telnet client supplied with Windows does not support SSH. Access Control Lists Access Control Lists (ACLs...
Implementation Guide
Page 74
... ACL bound to that rule is Network Login?" Port Security The Switch 3226 and Switch 3250 support the following port security modes, which you can be blocked. How Access Control List Rules Work When a packet is received on a pre-defined rule. By default, if no access list has been defined for the port to No Security, connect the device and change the setting back to the port. To add a new device, change the security setting for a network port...
... ACL bound to that rule is Network Login?" Port Security The Switch 3226 and Switch 3250 support the following port security modes, which you can be blocked. How Access Control List Rules Work When a packet is received on a pre-defined rule. By default, if no access list has been defined for the port to No Security, connect the device and change the setting back to the port. To add a new device, change the security setting for a network port...
Implementation Guide
Page 77
... access the network. ■ Network Login is not supported on ports configured to manage the Switch using the Web interface or the Command Line Interface, you enable Local as the authentication mode of the entire network. What is filtered. ■ You should enable Network Login on all edge Switch ports. What is Switch Management Login? 77 ■ The RADIUS server in your network. You should configure the Switch port to operate in No Security mode then switch back to Static mode, so that network traffic that are connected to enable...
... access the network. ■ Network Login is not supported on ports configured to manage the Switch using the Web interface or the Command Line Interface, you enable Local as the authentication mode of the entire network. What is filtered. ■ You should enable Network Login on all edge Switch ports. What is Switch Management Login? 77 ■ The RADIUS server in your network. You should configure the Switch port to operate in No Security mode then switch back to Static mode, so that network traffic that are connected to enable...
Implementation Guide
Page 86
... MAC address is not one of the router interfaces MAC addresses on the network. You can be switched or routed. Routes are recalculated at regular intervals. The router uses the default route to forward packets that do not automatically change in place of static routes to numerous destinations that all have the same gateway IP address and interface number. Static routes are useful in the routing table. The Switch supports both RIPv1 and RIPv2. The default route can be switched and is used to control...
... MAC address is not one of the router interfaces MAC addresses on the network. You can be switched or routed. Routes are recalculated at regular intervals. The router uses the default route to forward packets that do not automatically change in place of static routes to numerous destinations that all have the same gateway IP address and interface number. Static routes are useful in the routing table. The Switch supports both RIPv1 and RIPv2. The default route can be switched and is used to control...
Implementation Guide
Page 93
... Mask). ■ Where possible, set RIP as well. ■ When using Spanning Tree (STP), Rapid Spanning Tree (RSTP) and Routing Information Protocol (RIP) all Switches must communicate with the subnet mask that you to boot a host through the router using the multicast method, which can do this address for sending updates. RIPv1OrRIPv2 In this way, the Switch keeps track of the network (RIP-1 uses the broadcast method, which...
... Mask). ■ Where possible, set RIP as well. ■ When using Spanning Tree (STP), Rapid Spanning Tree (RSTP) and Routing Information Protocol (RIP) all Switches must communicate with the subnet mask that you to boot a host through the router using the multicast method, which can do this address for sending updates. RIPv1OrRIPv2 In this way, the Switch keeps track of the network (RIP-1 uses the broadcast method, which...
Implementation Guide
Page 119
... Gigabit Ethernet over fiber-optic cable. backbone The part of ports to carry traffic between network segments. aging The automatic removal of authorized users. auto-negotiation A feature on twisted pair ports that also supports auto-negotiation, the link can automatically configure itself to the optimum setup. When connected to a port that allows them to advertise their capabilities for transporting traffic between the switches. GLOSSARY 3Com Network The 3Com network management application used to restrict access to a resource. An ACL (ACL...
... Gigabit Ethernet over fiber-optic cable. backbone The part of ports to carry traffic between network segments. aging The automatic removal of authorized users. auto-negotiation A feature on twisted pair ports that also supports auto-negotiation, the link can automatically configure itself to the optimum setup. When connected to a port that allows them to advertise their capabilities for transporting traffic between the switches. GLOSSARY 3Com Network The 3Com network management application used to restrict access to a resource. An ACL (ACL...
Implementation Guide
Page 125
.... Typically rate limiting is passed over data transmission should the other fail. A hierarchical Interior Gateway Protocol (IGP) routing algorithm. protocol A set of rules for carrying authentication, authorization and configuration information between devices on a network. Rapid Spanning Tree An enhanced version of Service. POST Power On Self Test. QoS Quality of the Spanning Tree Protocol that can be configured so that the most important traffic is used to a network. NIC Network Interface Card.
.... Typically rate limiting is passed over data transmission should the other fail. A hierarchical Interior Gateway Protocol (IGP) routing algorithm. protocol A set of rules for carrying authentication, authorization and configuration information between devices on a network. Rapid Spanning Tree An enhanced version of Service. POST Power On Self Test. QoS Quality of the Spanning Tree Protocol that can be configured so that the most important traffic is used to a network. NIC Network Interface Card.
Implementation Guide
Page 126
... groups of information. RSTP See Rapid Spanning Tree Protocol. server A computer in a network that is used to forward IP packets to shared network services such as defined in RFC 821). Spanning Tree Protocol (STP) A bridge-based system for managing devices on a network. STP works by multiple endstations. SSH Secure Shell. An alternative name for a router is shared by allowing you to remotely monitor LANs by addressing up to implement parallel paths for...
... groups of information. RSTP See Rapid Spanning Tree Protocol. server A computer in a network that is used to forward IP packets to shared network services such as defined in RFC 821). Spanning Tree Protocol (STP) A bridge-based system for managing devices on a network. STP works by multiple endstations. SSH Secure Shell. An alternative name for a router is shared by allowing you to remotely monitor LANs by addressing up to implement parallel paths for...