Maintenance and operation functions

• User account management
• LED control
• Using external memory
• Boot data management
• Viewing unit information
• Config management
• Remote access control
• Time management
• SNMP
• RMON
• SYSLOG
• Firmware update
• L2MS control
• Mail notification
• LLDP
• Terminal monitoring
• Performance observation
• Dante optimization setting function
• Stack function
• List of default settings

User account management

1 Function Overview

This product provides the functions shown below for managing user accounts.

• Functions for setting user information
• Functions for user authentication by user name and password

2 Definition of Terms Used

Unnamed user

A user who does not have a user name.

If an unnamed user logs into the console or Web GUI, they can log in without specifying a user name.

Guest privileges

Users that have guest privileges can use the Web GUI to view the device settings and status.

Administrator privileges

Users that have administrator privileges can perform the following actions in the Web GUI.

• View and modify the settings
• Restart the device
• Initialize the device
• Update the firmware

3 Function Details

3.1 User information settings

Use the username command to specify user information.

Specify the following as user information.

• User name
• Password
• Privileges

A user to whom privileges are granted has the following differences compared to a normal user.

• Password entry is not required when executing the enable command from the console.
• When logging into the Web GUI, the user can log on with administrator privileges.

Use the password command to specify the password for unnamed users.

In the factory-set state, this is unset.

You can use the password-encryption command to encrypt the specified password.

If you want to encrypt the password, specify password-encryption enable.

Once a password has been encrypted, it will not be returned to an unencrypted text string even if you specify password-encryption disable.

Encryption applies to the passwords specified by the following commands.

• password command
• enable password command
• username command

3.2 User authentication

3.2.1 When logging in to the console

When you connect to the console, the following login prompt appears.

Username:
Password:

Enter a specified user name and password to log in.

If you want to log in as an unnamed user, press the Enter key at the user name prompt to omit it, and then enter the password that was specified by the password command.

Only if you connected via the serial console, you can log in using the special password.

To log on using the special password, you must previously have specified force-password enable.

3.2.2 When logging in to the Web GUI

When you access the Web GUI, the following login form appears.

Enter a specified user name and password to log in.

If you want to log in as an unnamed user, leave the user name entry field blank, and in the password entry field, enter the password specified by the password command or the enable password command.

In this case if you enter the password specified by the password command, you will log in with Guest privileges.

If you enter the password specified by the enable password command, you will log in with Administrator privileges.

If the password that was entered matches both the password specified by the password command and by the enable password command, you will log in with Administrator privileges.

4 Related Commands

The related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Specifying the password for unnamed users

Specify yamaha as the login password for unnamed users.

Specify yamaha_admin as the administrative password.

Yamaha>enable
Yamaha#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Yamaha(config)#password yamaha
Yamaha(config)#enable password yamaha_admin

5.2 Adding a user

Grant privilege options to the user yamaha, and assign the password yamaha_pass.

Yamaha#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Yamaha(config)#username yamaha privilege on password yamaha_pass
Yamaha(config)#exit
Yamaha#exit

Username: yamaha
Password:

SWR2310-28GT Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
  Copyright (c) 2018-2019 Yamaha Corporation. All Rights Reserved.

Yamaha>enable
Yamaha#

6 Points of Caution

None

7 Related Documentation

• Remote access control

LED control

1 Function Overview

This product’s chassis features the following LEDs.

LED type

The location of each LED is shown below.

2 Definition of Terms Used

Explanation of port LED illumination

The port LED illumination used in subsequent explanations is described below.

Port LED illumination

3 Function Details

3.1 POWER LED

The POWER LED indicates the power status of this product.

The illumination pattern of the POWER LED and the corresponding statuses are as follows.

POWER LED illumination pattern and status

3.2 microSD LED

The microSD LED indicates the connection and usage status of the microSD card.

The illumination pattern of the microSD LED and the corresponding statuses are as follows.

microSD LED illumination pattern and status

Do not remove the microSD card while this is blinking green, since the microSD card is being accessed.

3.3 Port LEDs

3.3.1 Switching between display modes

This product provides the three display modes shown below.

The display mode can be switched by setting the initial LED mode (LED mode at system startup) using the led-mode default command.

However, the STATUS mode is an automatic transition only mode and cannot be switched manually by the user.

Display mode transition follows the flow shown below.

Transition of display mode

*1 ... When the initial LED mode is LINK/ACT mode

*2 ... When the initial LED mode is OFF mode

The display mode after system boot and the display mode after error resolve depend on the default LED mode setting.

When an error is detected by the following functions, the port LED display automatically switches to STATUS mode.

• Loop detection
• SFP optical reception level monitoring

The system will not transition from STATUS mode to LINK/ACT mode or OFF mode until all errors are resolved.

3.3.2 LED display in LINK/ACT mode

The port LEDs will display as shown below in LINK/ACT mode.

• LAN/SFP port link status
• LAN/SFP port connection speed

The LED display for the link status is shown below.

LAN/SFP port link status LED display

	Linking down	Linking up	Forwarding data
LAN port	(unlit)	(lit green)	(flashing green)
SFP port	(unlit)	(lit green)	(flashing green)

The LED display for the connection speed is shown below.

LAN/SFP port connection speed LED display

	10M Link	100M Link	1000M Link	10000M Link
LAN port	(unlit)	(lit orange)	(lit green)	(none)
SFP port	(none)	(none)	(lit green)	(lit green)

3.3.3 LED display in STATUS mode

In STATUS mode, the port LEDs indicate error statuses generated by the following functions of this product.

• Loop detection
• SFP optical reception level monitoring

Port LED display when an error occurs

	Normal state	An error has occurred
LAN port	(unlit)	(flashing orange)
SFP port	(unlit)	(flashing orange)

When this product detects an error, it forcibly switches to STATUS mode.

An error is determined by each function in the following cases.

• Loop detection
  • A loop was detected and the port was blocked.
  • A loop was detected and the port was shut down.
• SFP optical reception level monitoring
  • The SFP optical reception level fell below the normal range.
  • The SFP optical reception level exceeded the normal range.

To determine the cause of the error, you can use the show error port-led command.

In STATUS mode when an error has occurred, the LEDs will automatically switch to the default LED mode in the following states.

• All of the following errors were resolved.
  • Blocked status due to loop detection was resolved.
  • Shutdown status due to loop detection was resolved.
    • The monitoring time has elapsed following shutdown due to loop detection.
    • In a shutdown state due to loop detection, the unit linked up after the no shutdown command was executed.
  • SFP optical reception level recovered.

3.3.4 LED display in OFF mode

If the default LED mode is OFF mode, the port LEDs are all unlit regardless of the link status.

Even if the default LED mode is OFF mode, the unit automatically transitions to STATUS mode when an error occurs, indicating the error status.

3.3.5 Changing the LED mode after system boot

The LED mode after system boot (the default LED mode) for this product can be specified.

The default value for the default LED mode is set to LINK/ACT mode, but can be changed using the led-mode default command.

Use the show led-mode command to check the default LED mode and the LED mode currently displayed.

When STATUS mode is cleared during error detection, the unit will switch to the default LED mode that was set.

3.3.6 Other port LED displays

Regardless of the LED mode status, the LEDs of all ports will display as follows during initialization at startup and during firmware update.

Other port LED displays

	Updating firmware	Initializing
LAN port	(flashing green)	(lit orange)
SFP port	(flashing green)	(lit orange)

3.4 Stack ID display LED

The stack ID display LED (7SEG LED) displays the stack ID when the stack is being configured after the countdown display at startup.

If the stack is not being configured, ’1’ is displayed.

If an error occurs during stack configuration, ’E’ indicating the error is displayed.

When the initial LED mode is in OFF mode, the stack ID display LED also turns off.

4 Related Commands

Related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Check LAN/SFP port status

Use the show interface command to check the LAN/SFP port status.

Yamaha#show interface
show interface
Interface port1.1
  Link is UP
  Hardware is Ethernet
  HW addr: ac44.f23d.0b2c
  ifIndex 5001, MRU 1522
  Speed-Duplex: auto(configured), 1000-full(current)
  Auto MDI/MDIX: on
  Vlan info :
    Switchport mode        : access
    Ingress filter         : enable
    Acceptable frame types : all
    Default Vlan           :    1
    Configured Vlans       :    1
  Interface counter:
    input  packets          : 317111
           bytes            : 31387581
           multicast packets: 317074
    output packets          : 162694
           bytes            : 220469213
           multicast packets: 162310
           broadcast packets: 149
           drop packets     : 0
  ：
(Information for all LAN/SFP ports is shown)

5.2 Check LAN/SFP port loop detection status

Check the LAN/SFP port loop status.

Yamaha#show loop-detect
loop-detect: Enable

loop-detect: Enable

port      loop-detect    port-blocking           status
-------------------------------------------------------
port1.1        enable           enable           Normal
port1.2        enable           enable           Normal
port1.3        enable           enable           Normal
port1.4        enable           enable           Normal
port1.5        enable           enable           Normal
port1.6        enable           enable           Normal
port1.7        enable           enable           Normal
port1.8        enable           enable           Normal
port1.9        enable           enable           Normal
port1.10       enable           enable           Normal
-------------------------------------------------------
(*): Indicates that the feature is enabled.

5.3 Set the default LED mode

Set the default LED mode to OFF mode.

Yamaha#configure terminal
Yamaha(config)#led-mode default off … (Set default LED mode)
Yamaha(config)#exit
YamahaW#show led-mode … (Show LED mode)
default mode : off
current mode : off

Using external memory

1 Function Overview

This product provides the following functions using external memory.

• SD card boot (firmware, config)
  • The system can be started using a firmware file and config file from an SD card.
• Firmware update
  • This unit’s firmware can be updated by loading a firmware file from an SD card.
• Saving and copying a config file
  • The running-config that is currently running on the system can be saved to an SD card, and config files can be copied from the SD card to the unit’s flash ROM or from the unit’s flash ROM to the SD card.
• Saving a log file
  • By executing the save logging command you can back up the log file to an SD card.
• Saving technical support information
  • Technical support information (the result of executing the show tech-support command) can be saved to an SD card.
• Saving statistical information
  • Observations of resource information and traffic information are backed up regularly.
  • This statistical information can be saved as a CSV format file.
• Backing up and restoring system information
  • System information (including configurations) can be backed up to an SD card.
  • Backed up system information can be restored into the unit’s flash ROM.

2 Definition of Terms Used

None

3 Function Details

3.1 External memory that can be used

Requirements for external memory that can be used are as follows.

• Card type: microSD card / microSDHC card
• File format: FAT16/FAT32

3.2 Folder structure

The SD card must contain the following folder structure.

Device name	+-- firmware          Firmware file storage folder
 		|
 		|
 		+-- startup-config    Startup config storage folder
 		|
 		|
 		+-- log               SYSLOG storage folder
 		|
 		|
 		+-- techsupport       Technical support information storage folder
 		|
 		|
 		+-- data              System-wide folder
 		|
 		|
 		+-- backup-system     System backup folder
　　　　　　　　　　　　　　

3.3 Mounting and unmounting the SD card

If the SD card is inserted when starting up or after startup, it is automatically mounted and becomes available.

To prevent loss of files, execute the unmount sd command or execute the unmount operation from the Web GUI before removing the SD card.

If the SD card is unmounted, it cannot be used.

If you want to once again use the SD card after executing the unmount sd command, you must execute the following.

• Remove and reinsert the SD card
• Execute the mount sd command
• Execute mount from the Web GUI

3.4 SD card boot (firmware, config)

The system can be started using a firmware file and config file from an SD card.

In order to use SD card boot, the following conditions must be satisfied.

• SD card using a firmware file
  • The SD card is connected when the system starts up.
  • The following files exist in the SD card.
    • /swr2310/firmware/swr2310.bin
  • boot prioritize sd enable is specified.
    * With the factory settings, boot prioritize sd enable is specified.

• SD card boot using a config file
  • The SD card is connected when the system starts up.
  • The various files exist in the following directory of the SD card.
    • /swr2310/startup-config
  • startup-config select sd is specified.
    * With the factory settings, startup-config select sd is specified.

You can use the show environment command to check whether SD card boot was successful.

• In the case of SD card boot using a firmware file, “Startup Firmware” will indicate “exec(SD).”
• In the case of SD card boot using a config file, “Startup Configuration” will indicate “config(SD).”

In the case of SD card boot using a config file, executing the write and copy running-config startup-config commands will update the config file on the SD card.

If SD card boot using a config file fails, startup config #0 is loaded.

Also, the following message is shown in the console and in SYSLOG.

Loading config0 because can't read config in SD card.

3.5 Firmware update

This unit’s firmware can be updated by loading a firmware file from an SD card.

In order to use this function, the following conditions apply.

• The following files exist in the SD card.
  • /swr2310/firmware/swr2310.bin

If the above file exists on the inserted SD card, executing the firmware-update sd execute command updates the firmware in flash ROM using the firmware in the SD card.

When the firmware-update sd execute command is executed, the user will be asked whether to maintain the mounted state of the SD card when the firmware file has finished loading. Remove the SD card as necessary after it is unmounted.

Note that if the SD card is left inserted during the automatic reboot in conjunction with firmware update, the system will start up with the firmware file on the SD card.

The firmware of the stack slave can be updated by executing the firmware-update sd execute command from the stack master during stack configuration.

3.6 Saving and copying a config file

The running-config that is currently running on the system can be saved to the SD card. ( copy running-config startup-config command, write command)

You can copy the config file from the SD card to internal flash ROM, or from internal flash ROM to the SD card. ( copy startup-config command)

You can erase or show the startup-config in the SD card. ( erase startup-config command, show startup-config command)

The following folder in the SD card is affected.

• /swr2310/startup-config

3.7 Saving a log file

By executing the save logging command you can back up the log file to an SD card.

The logging backup sd command enables SYSLOG backup to the SD card.

If SYSLOG backup to the SD card is enabled, executing the save logging command will save the following log file with its save date to the SD card.

• /swr2310/log/YYYYMMDD_log.txt *YYYYMMDD=year month day

The log files in the SD card cannot be viewed or erased.

3.8 Saving technical support information

Technical support information (the result of executing the show tech-support command) can be saved to an SD card.

Executing the copy tech-support sd command will save the following technical support information file with its save date to the SD card.

• /swr2310/techsupport/YYYYMMDDHHMMSS_techsupport.txt *YYYYMMDD=year month day, HHMMSS=hours minutes seconds

The technical support information files in the SD card cannot be viewed or erased.

If the copy tech-support sd command is executed from the stack master during stack configuration, a file containing the technical support information of the stack slave is saved.

3.9 Saving statistical information

Observations of resource information and traffic information are backed up regularly.

To enable backup of statistical information to the SD card, you must make settings via the Web GUI in [Administration]–[Maintenance]–[Statistical information management].

This statistical information for the observed data can be saved via the Web GUI as a CSV format file.

3.10 Backup and restore of system information

This unit’s system information can be backed up to an SD card, and the backed up system information can be restored to a desired switch.
With an SD card connected to this unit, executing the backup system command will create a system information backup in the following folder.

• /swr2310/backup-system

If the file swr2310.bin exists in the /swr2310/firmware/ folder when backup is executed, it is backed up as a firmware file.

To restore the backed up system information, connect the SD card containing the system information backup to the desired switch, and execute the restore system command.
If the firmware file was backed up, a firmware update is also performed using that file.
When restore is completed, the system will restart.

The system information backup contains the following.

• Settings associated with the unit
  • startup-config #0 - #4 and associated information
  • startup-config select command setting values
  • boot prioritize sd command setting values
• Firmware file
  * Only if the specified folder of the SD card contained a firmware file when the backup was executed.

For this reason, when replacing a unit due to malfunction or another reason, the replacement unit can be returned to the same condition as the original unit simply by restoring the backed up system information.
Do not edit or delete the backed up system information.

4. List of related commands

The related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Unmount SD card

Unmount the SD card.

Yamaha>unmount sd

5.2 Mount SD card

Mount the SD card.

Yamaha>mount sd

5.3 Back up log file

By executing the save logging command you can back up the log file to the SD card as well.

Yamaha(config)#logging backup sd enable... (Enable SD card backup of log)
Yamaha(config)#exit
Yamaha#save logging ... (Back up log)

5.4 Saving technical support information

Save technical support information.

Yamaha#copy tech-support sd

6 Points of Caution

None

7 Related Documentation

• Config management
• SYSLOG
• Firmware update
• Performance observation

Boot data management

1 Function Overview

As system boot information, this product manages the information shown in the table below.

System boot information: items managed

This product stores the current boot information and information on the previous four boots, for a total of five boot records.

2 Related Commands

The related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

3 Examples of Command Execution

3.1 Show boot information

• This shows the current boot information.

  Yamaha>show boot 0
   Running EXEC: SWR2310 Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
  Previous EXEC: SWR2310 Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
  Restart by reload command

• This shows a list of the boot history.

  Yamaha>show boot list
  No. Date       Time     Info
  --- ---------- -------- -------------------------------------------------
    0 2018/03/15 09:50:29 Restart by reload command
    1 2018/03/14 20:24:40 Power-on boot
  --- ---------- -------- -------------------------------------------------

3.2 Clear boot information

• This clears the boot information.

  Yamaha#clear boot list

4 Points of Caution

If creation of the system information storage area at startup fails, the following message is output to the serial console screen.
At this time, all logs saved in the product are deleted.

• Message list

  Message	Output conditions
  Failed to create partition.	When the system information storage area could not be created
  Succeeded to re-create partition.	When the system information storage area was successfully recreated
  Boot sequence is interrupted by partition creation failure.	When the system information storage area could not be created and the system could not start up

5 Related Documentation

None.

Viewing unit information

1 Function Overview

1.1 Show unit information via command

This product provides the display functions shown in the table below.

List of unit information display items

1.2 Remote retrieval of technical support information

A TFTP client installed on a PC or other remote terminal can be used to obtain the technical support information (the output results of “show tech-support”) from this product.

In order to operate this product’s TFTP server, use the steps shown below to set up a network environment that allows remote access.

1. Decide on the VLAN that will be used for maintenance.
2. Set the IPv4 address on the maintenance VLAN. Use the “ip address” command for this setting.
3. Permit access from the maintenance VLAN to the TFTP server. If you want to specify a different VLAN than specified by the “management interface” command, use the “tftp-server interface” command to specify it.

When using a TFTP client, specify “techinfo” for the remote path from which technical support information is obtained.

1.3 Saving technical support information to external memory

You can use the copy tech-support sd command to save this product’s technical support information (the output result of “show tech-support”) on an SD card.

Before executing this command, you must insert an SD card.

The information is saved in the SD card with the following file name.

• /swr2310/techsupport/YYYYMMDDHHMMSS_techsupport.txt

  * YYYYMMDDHHMMSS … year, month, day, hour, minute, and second that the command was executed

2 Related Commands

The related commands are shown below.

For details, refer to the Command Reference.

List of related commands

3 Examples of Command Execution

3.1 Show inventory information

This checks the following inventory information for this unit and for the SFP modules.

• Name (NAME)
• Description (DESCR)
• Vendor Name (Vendor)
• Product ID (PID)
• Version ID (VID)
• Serial number (SN)

Yamaha>show inventory
NAME: L2 switch
DESCR: SWR2310-10G
Vendor: Yamaha
PID: SWR2310-10G
VID: 0000
SN: S00000000

NAME: SFP1
DESCR: 1000BASE-LX
Vendor: YAMAHA
PID: SFP-SWRG-LX
VID: 0000
SN: 00000000000

NAME: SFP2
DESCR: 1000BASE-SX
Vendor: YAMAHA
PID: SFP-SWRG-SX
VID: 0000
SN: 00000000000

3.2 Show operating information

This checks the system operating information (as shown below).

• Boot version
• Firmware revision
• Serial number
• MAC address
• CPU usage ratio
• Memory usage ratio
• Firmware file
• Startup config file
• Serial baud rate
• Boot time
• Current time
• Elapsed time from boot

Yamaha>show environment
SWR2310-10G BootROM Ver.1.00
SWR2310-10G Rev.2.04.00 (Mon Jul 8 00:00:00 2019)
main=SWR2310-10G ver=00 serial=S00000000 MAC-Address=ac44.f200.0000
CPU:   7%(5sec)   8%(1min)   8%(5min)    Memory:  18% used
Startup firmware: exec0
Startup Configuration file: config0
             selected file: config0
Serial Baudrate: 9600
Boot time: 2019/07/09 11:13:44 +09:00
Current time: 2019/07/10 16:19:43 +09:00
Elapsed time from boot: 1days 05:06:04

Yamaha>

3.3 Show technical support information

The following commands show information that is useful for technical support.

• show running-config
• show startup-config
• show environment
• show disk-usage
• show inventory
• show boot all
• show logging
• show process
• show users
• show interface
• show frame-counter
• show vlan brief
• show spanning-tree mst detail
• show etherchannel status detail
• show loop-detect
• show mac-address-table
• show l2ms detail
• show qos queue-counters
• show ddm status
• show errdisable
• show auth status
• show auth supplicant
• show error port-led
• show ip interface brief
• show ipv6 interface brief
• show ip route
• show ip route database
• show ipv6 route
• show ipv6 route database
• show arp
• show ipv6 neighbors
• show ip igmp snooping groups
• show ip igmp snooping interface

Yamaha#show tech-support
#
# Information for Yamaha Technical Support
#

*** show running-config ***
!
dns-client enable
!
!

...

#
# End of Information for Yamaha Technical Support
#

4 Points of Caution

None

5 Related Documentation

None

Config management

1 Function Overview

This product uses the following config information to maintain the value of settings.

Table 1.1 Config types

2 Definition of Terms Used

None

3 Function Details

3.1 Running config

running-config is the settings that are currently operating; since it is maintained in RAM, it is destroyed at reboot.

On this product, commands executed in configuration mode are immediately applied to running-config, and the unit operates according to these settings.

The contents of running-config can be viewed by using the show running-config command.

3.2 Startup config

startup-config is settings that are saved in flash ROM or on the SD card, and the contents are preserved through reboot.

When this product is started, the settings of startup-config are applied as the initial settings of running-config.

This product can maintain two startup configs in flash ROM and one startup config on the SD card.

The startup-config data in the internal flash ROM is managed with an ID of 0–1, and the config on the SD card is managed with the keyword “sd”.

To specify which of the five types of config in the unit’s flash ROM are used, use the startup-config select command.

• By default, sd is used.
• When executing the startup-config select command, the user selects whether to restart. If you don’t restart, no change occurs in the command setting.

  If you choose to restart, the unit restarts with the startup-config of the ID specified by the user’s command.

For easier management, you can use the startup-config description command to give each config a Description (explanatory text).

If you attempt to start up in a state where startup-config does not exist, such as after executing the cold start command, the default-config is automatically applied.

The running-config settings can be saved in startup-config by the copy running-config startup-config command or the write command.

The contents of startup-config can be erased by the erase startup-config command, viewed by the show startup-config command, and copied by the copy startup-config command.

3.3 Default config

default-config contains settings saved in internal flash ROM that are needed for this product to operate minimally as a switch. Like startup-config, the contents are preserved even after a restart.

The factory settings are maintained as default-config.

If startup-config does not exist when the system starts, default-config is copied to startup-config, and applied to running-config.

The contents of default-config cannot be viewed.

3.4 Deciding the config file at startup

The following describes the flow for deciding the config file used when this product starts up.

1. The startup-config select command setting is referenced to determine the startup-config that will be used.

   If the startup-config select command has specified sd, and an SD card on which startup-config is saved is not inserted, then startup-config #0 is selected.

2. If the determined startup-config exists, the corresponding data is applied as running-config in RAM.

   If the startup-config determined according to the value of the startup-config select command does not exist in ROM, then default-config is applied to RAM.

If startup using the config in the SD card fails, the following message is shown in the console and in SYSLOG.

Loading config0 because can't read config in SD card.

3.5 Controlling the config file via TFTP

If this product’s TFTP server function is enabled, a TFTP client installed on a PC or other remote terminal can be used to perform the following.

1. Acquire the currently running running-config and startup-config
2. Apply a previously prepared settings file as startup-config

In order for the TFTP server to function correctly, an IP address must be specified for the VLAN.

Acquisition and settings of the settings file from the remote terminal is done in binary mode, specifying the following as the remote path for acquiring or sending the settings file.

Table 1.2 Remote path for applicable files

• The startup-config settings are applied as running-config when the system restarts.

4 Related Commands

The related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Select startup config

Select startup-config #1 and restart.

Yamaha#startup-config description 1 TEST ... (Assign the description “TEST” to startup-config #1)
Yamaha#startup-config select 1 ... (Select startup-config #1)
reboot system? (y/n): y  ... (Restart)

5.2 Save running config

Save running-config.

Yamaha#copy running-config startup-config
Suceeded to write configuration
Yamaha#

5.3 Copy startup config

Copy startup-config #1 to the SD card.

Yamaha#copy startup-config 1 sd  ... (Copy startup-config #1 to SD card)
Suceeded to copy configuration
Yamaha#show startup-config sd  ... (Show startup-config of SD card)
!
!  Last Modified: Tue Mar 13 17:34:02 JST 2018
!
dns-client enable
!
interface port1.1
 switchport
 switchport mode access
 no shutdown
!
...

5.4 Erase startup config

Erase startup-config from the SD card.

Yamaha#erase startup-config sd  ... (Erase startup-config of SD card)
Suceeded to erase configuration
Yamaha#

6 Points of Caution

None

7 Related Documentation

• Using external memory

Remote access control

1 Function Overview

This product lets you restrict access to the following applications that implement network services.

• Telnet server
• SSH server
• HTTP server / secure HTTP server
• TFTP server

2 Definition of Terms Used

None

3 Function Details

The following four functions are provided to limit access to network services.

• Control whether to leave the service in question running in the background on the system (start/stop control)
• Change reception port number
• Limit access destinations for services currently running
• Limit the source IP addresses that can access services currently running

The following functions that correspond to each network service are shown in the table below.

Network service access control

1. Multiple instances of a network service cannot be started.

   If the start control is applied to the same service that is currently running, the service will restart. Any connected sessions will be disconnected as a result.

2. Limiting access destinations for network services is done for the VLAN interface.
3. Limiting access sources for network services is done by specifying access source IP addresses and whether to permit or deny access.
4. The default settings for the network services are shown in the table below.

   Network service	Start/stop status	Reception port number	Access destination restriction	Access source restriction
   Telnet server	run	23	Only default management VLAN (VLAN #1) permitted	Allow all
   SSH server	stop	22	Only default management VLAN (VLAN #1) permitted	Allow all
   HTTP server	run	80	Only default management VLAN (VLAN #1) permitted	Allow all
   Secure HTTP server	stop	443
   TFTP server	stop	69	Only default management VLAN (VLAN #1) permitted	Allow all

4 Related Commands

Related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Telnet server access control

This example restricts access to the Telnet server.

Change the Telnet server’s reception port to 1024.

Change the management VLAN to VLAN #1000 and allow access. Access from other than the management VLAN is denied.

Access to the Telnet server is allowed only for a client from 192.168.100.1.

If you specify telnet-server access, access from IP addresses that do not meet the conditions is denied.

Yamaha(config)#telnet-server enable 1024 ... (Change reception port to 1024, and restart Telnet server)
Yamaha(config)#management interface vlan1000 ... (Permit access for VLAN #1000 as the management VLAN)
Yamaha(config)#telnet-server access permit 192.168.100.1 ... (Permit access only from 192.168.100.1)
Yamaha(config)#end
Yamaha#show telnet-server ... (Check state of settings)
Service:Enable
Port:1024
Management interface(vlan):1000
Interface(vlan):None
Access:
    permit 192.168.100.1

5.2 SSH server access control

This example restricts access to the SSH server.

Generate the SSH server host key.

Register a user name and password.

Login from an SSH client is possible only for a registered user and password.

Change the SSH server’s reception port to 1024.

Change the management VLAN to VLAN #1000 and allow access for VLAN #2.

This allows access only from the management VLAN VLAN #1000 and from VLAN #2.

If you specify ssh-server access, access from IP addresses that do not meet the conditions is denied.

Yamaha#ssh-server host key generate ... (Create host key)
Yamaha#show ssh-server host key ... (Check contents of key)
ssh-dss (Omitted)
ssh-rsa (Omitted)
Yamaha#
Yamaha#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Yamaha(config)#username user1 password pw1 ... (Register a user name and password.)
Yamaha(config)#ssh-server enable 1024 ... (Change reception port to 1024, and restart SSH server)
Yamaha(config)#management interface vlan1000 ... (Permit access for #1000 as the management VLAN)
Yamaha(config)#ssh-server interface vlan2 ... (Permit access for VLAN #2)
Yamaha(config)#end
Yamaha#show ssh-serverr ... (Check state of settings)
Service:Enable
Port:1024
Hostkey:Generated
Client alive :Disable
Management interface(vlan):1000
Interface(vlan):2
Access:None
Yamaha#

5.3 HTTP server access restriction

This example makes it possible to restrict HTTP server access.

The HTTP server reception port is changed to 8000, and access is permitted from VLAN #2.

This allows access only from the default management VLAN VLAN #1 and from VLAN #2.

Access to the HTTP server is allowed only for a client from 192.168.100.1.

If you specify http-server access, access from IP addresses that do not meet the conditions is denied.

Yamaha(config)#http-server enable 8000 ... (Change reception port to 8000, and restart HTTP server)
Yamaha(config)#http-server interface vlan2 ... (Permit access for VLAN #2)
Yamaha(config)#http-server access permit 192.168.100.1 ... (Permit access only from 192.168.100.1)
Yamaha(config)#end
Yamaha#show http-server ... (Check state of settings)
HTTP :Enable(8000)
HTTPS:Disable
Management interface(vlan):1
Interface(vlan):2
Access:
    permit 192.168.100.1

5.4 TFTP server access restriction

This example restricts TFTP server access.

The TFTP server reception port is changed to 2048, and access is permitted from VLAN #10.

Allow access only from the default management VLAN VLAN #1 and from VLAN #10.

Yamaha(config)#tftp-server enable 2048 ... (Change reception port to 2048, and restart TFTP server)
Yamaha(config)#tftp-server interface vlan10 ... (Permit access for VLAN #10)

6 Points of Caution

None

7 Related Documentation

• User account management

Time management

1 Function Overview

This product provides the functions shown below for managing the date and time.

• Manual (user-configured) date/time information setting function
• Automatic date/time setting information function via network
• Time zone setting function

Note that a function to set summertime (DST: Daylight Saving Time) is not provided.

2 Definition of Terms Used

UTC (Coordinated Universal Time)

This is an official time used when recording worldwide times.

UTC is used as a basis to determine standard time in all countries around the world.

For instance, Japan (JST, or Japan standard time) is nine hours ahead of Coordinated Universal Time, and is thus shown as “+0900 (JST)”.

SNTP (Simple Network Time Protocol)

This is a simple protocol to correct clocks by using SNTP packets.

This protocol is defined in RFC4330.

3 Function Details

3.1 Manually setting the date and time

Use the clock set command to directly input the time.

3.2 Automatically setting the date and time

Date and time information is collected from a specified time server, and set in this product.

Defined in RFC4330, SNTP (Simple Network Time Protocol) is used as a communication protocol.

Up to two time servers can be specified, which can be either an IPv4 address, an IPv6 address, or an FQDN (Fully Qualified Domain Name).

Port number 123 is used for the SNTP client. (This setting cannot be changed by the user.)

Use the ntpdate command to choose from the following two methods of automatically setting the date/time.

• One-shot update (a function to update when a command is inputted)
• Interval update (a function to update in a 1–24-hour cycle from command input)

If time synchronization is performed when two time servers have been specified, queries are performed in the order of NTP server 1 and then NTP server 2 shown by the show ntpdate command.

The query to NTP server 2 is performed only if synchronization with NTP server 1 fails.

By default, one hour is specified as the update interval cycle.

However, when the default time cannot be set right after booting up the system, the time server will be queried in a one-minute cycle, regardless of the interval cycle time.

Synchronization with the time server operates with one sampling (the frequency of replies from the server) and with a timeout of 1 second.

Synchronization is blocked during command execution, and an error message is outputted if a timeout occurs.

3.3 Time zone settings

In order to manage the time for the region considered as the “base of daily life”, the “clock timezone” command is used to manage the time zone of the users, and reflect this into the time.

The time zone can be set in ±1 hour increments for Coordinated Universal Time (UTC), from -12 hours to +13 hours.

The default time zone value for this product is +9.0.

4 Related Commands

Related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Manually setting the time

In this example, the time zone is set to JST, and the current time is set to 2014.01.21 15:50:59.

Yamaha#configure terminal
Yamaha(config)#clock timezone JST … (Set time zone)
Yamaha(config)#exit
Yamaha#clock set 15:50:59 Jan 21 2014 … (Set time)
Yamaha#show clock … (Show current time)
15:50:59 JST Tue Jan 21 2014

5.2 Automatically setting the time

In this example, the time zone is set to +9.00, and the local 192.168.1.1 and ntp.nict.jp are specified as the NTP servers.

Also, the update cycle with the NTP server is changed to once per 24 hours.

Yamaha#configure terminal
Yamaha(config)#clock timezone +9:00 … (Set time zone)
Yamaha(config)#ntpdate server ipv4 192.168.1.1 … (Set NTP server)
Yamaha(config)#ntpdate server name ntp.nict.jp … (Set NTP server)
Yamaha(config)#ntpdate interval 24 … (Set 24 hours as the update interval for synchronizing with NTP server)
Yamaha(config)#exit
Yamaha#show clock … (Show current time)
10:03:20 +9:00 Mon Dec 12 2016
Yamaha#show ntpdate … (Show NTP time synchronization settings)
NTP server 1 : 192.168.100.1
NTP server 2 : ntp.nict.jp
adjust time : Mon Dec 12 10:03:15 2016 + interval 24 hours
sync server : 192.168.1.1

6 Points of Caution

None

7 Related Documentation

• RFC 4330: Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI

SNMP

1 Function Overview

Setting SNMP (Simple Network Management Protocol) makes it possible to monitor and change network management information for SNMP management software.

In this instance, this product will operate as an SNMP agent.

This product supports communication using SNMPv1, SNMPv2c, and SNMPv3. As an MIB (Management Information Base), it is also compatible with RFC1213 (MIB-II) and with a private MIB (yamahaSW).

SNMPv1 and SNMPv2 notifies the recipient of the group name (called a “community”), and communicates only with hosts that belong to that community. In this instance, different community names can be given for the two access modes, read-only and read-write.

In this sense, community names function as a kind of password; but since community names are sent over a network using plain text, they carry inherent security risks. The use of SNMPv3 is recommended when more secure communications are required.

SNMPv3 offers communication content authentication and encryption. SNMPv3 does away with the concept of community and instead uses security models called “USM” (User-based Security Model) and “VACM” (View-based Access Control Model). These models provide a higher level of security.

SNMP messages that notify the status of this product are called “traps.” This product transmits standard SNMP traps. In SNMPv1, trap requests that do not ask for an answer with the confirmation of receipt from the recipient are specified as the notification message format. However, with SNMPv2c and SNMPv3, either an “inform” request asking for an answer from the recipient, or a trap request can be selected.

Since this product does not specifically determine a default value for the read-only and community trap names used in SNMPv1 and SNMPv2c, you can specify a community name as appropriate. However, as described above, the community name is sent over the network in plaintext, so be careful to never use a login password or administrator password as the community name.

By default, no access is possible in each SNMP version. The transmission host for the trap is not set, so traps will not be sent anywhere.

2 Definition of Terms Used

None

3 Function Details

The main characteristics of each SNMP version and the router setting policies are explained below.

See “5 Examples of Command Execution” later in this text for specific examples of settings.

3.1 SNMPv1

This is authentication between the SNMP manager and agent by using community names.

The controlling device (this product) is divided and managed by zones called “communities”.

• Accessing the MIB objects

  Use the snmp-server community command to permit access using the community name that was set.

  Access is possible from a VLAN interface whose IP address has been specified.

• SNMP traps

  SNMP traps allow for the status of this product to be sent to the hosts that are configured with the snmp-server host command.

  The snmp-server enable trap command sets what kind of trap is transmitted.

3.2 SNMPv2c

As with SNMPv1, this performs authentication between the SNMP manager and agent by using community names.

The snmp-server community command sets the community name used when accessing via SNMPv2c.

The “GetBulk” and “Inform” requests are also now supported from this version.

These requests are used to efficiently retrieve multiple MIB objects, and to confirm replies to notification packets sent from this product.

• Accessing the MIB objects

  Use the snmp-server community command to permit access using the community name that was set.

  Access is possible from a VLAN interface whose IP address has been specified.

• SNMP traps

  SNMP traps allow for the status of this product to be sent to the hosts that are configured with the snmp-server host command.

  Also, the settings of this command can be used to select whether the transmitted message format is a trap or inform request.

  Inform requests are used to request confirmation of reply to the recipient.

3.3 SNMPv3

In addition to all of the functions offered in SNMPv2, SNMPv3 offers more robust security functions.

SNMP packets transmitted across the network are authenticated and encrypted, protecting the SNMP packets from eavesdropping, spoofing, falsification, replay attacks and so on, by offering security-related functionality that could not be realized in SNMPv1 and v2C in regard to community names and IP addresses of SNMP managers.

Security

SNMPv3 offers the following security functions.

1. USM (User-based Security Model)

   USM is a model for maintaining security at the message level. It offers authentication and encryption based on shared key cryptography, and prevents falsification of the message stream.

   • Security level

     The security level can be specified using the parameter settings for the group to which the user belongs.

     The security level combines authentication and encryption, and is classified as shown below.

     • noAuthNoPriv: no authentication and encryption
     • AuthNoPriv: authentication only
     • AuthPriv: authentication and encryption
   • User authentication

     For authentication, HMAC is used in the procedure to authenticate the integrity (whether data has been falsified or not) and the source.

     A hash is used in the authentication key to confirm whether the message has been falsified, and whether the sender is the user themselves.

     Both HMAC-MD5-96 and HMAC-SHA-96 are supported as hash algorithms.

   • Encryption

     With SNMPv3, SNMP messages are encrypted for the purpose of preventing leakage of managed information.

     Both the DES-CBC and AES128-CFB encryption schemes are supported.

     The user and membership group name, user authentication method and encryption scheme, as well as the password can be set with the snmp-server user command.

     The necessary authentication and encryption settings can be made according to the security level specified in the group settings.

2. VACM (View-based Access Control Model)

   VACM is a model for controlling access to SNMP messages.

   • Group

     With VACM, the access policies mentioned below are defined per group, not per user.

     Use the group option of the snmp-server user command to set the group(s) that the user will belong to. The MIB views set here that are accessible to the specified groups can be configured.

   • MIB view

     With SNMPv3, a collection of accessible MIB objects can be defined for each group. When defined, the collection of MIB objects is called the “MIB view”. The “MIB view” is expressed as a collected view sub-tree that shows the object ID tree.

     Use the snmp-server view command to configure the MIB view. Whether the MIB view should be included or excluded in each view sub-tree can be selected.

   • Access policies

     With VACM, set the MIB view that will permit reading and writing for each group.

     Use the snmp-server group command to set the group name, security level, and MIB view.

     The MIB view will be the view that was configured using the snmp-server view command.

SNMP traps

SNMP traps allow for the status of this product to be sent to the hosts that are configured with the snmp-server host command.

In order to transmit a trap, the snmp-server user command must first be used to configure the user.

Also, the settings of this command can be used to select whether the transmitted message format is a trap or inform request.

Inform requests are used to request confirmation of reply to the recipient.

3.4 Private MIB

This product supports yamahaSW, which is a proprietary private MIB for switch management.

This private MIB allows the obtaining of information for Yamaha’s proprietary functions, and for more detailed information about the switch.

Refer to the following SNMP MIB Reference for information on private MIBs that are supported, and on how to get them.

• SNMP MIB Reference

4 Related Commands

Related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 SNMPv1 setting example

This example makes SNMPv1-based network monitoring possible under the following conditions.

1. Set the read-only community name “public.”
2. Set the trap destination as “192.168.100.11”, and set “snmptrapname” as the trap community name.

Yamaha(config)# snmp-server community public ro                  　          ... 1
Yamaha(config)# snmp-server host 192.168.100.11 traps version 1 snmptrapname ... 2

5.2 SNMPv2c setting example

This example makes SNMPv2c-based network monitoring possible under the following conditions.

1. Set the readable/writable community name as “private.”
2. Specify the notification message destination as “192.168.100.12”, the notification type as “inform” request format, and the notification destination community name as “snmpinformsname”.

Yamaha(config)# snmp-server community private rw                  　               ...1
Yamaha(config)# snmp-server host 192.168.100.12 informs version 2c snmpinformsname ...2

5.3 SNMPv3 setting example

This example makes SNMPv3-based network monitoring possible under the following conditions.

1. Specify the view that shows the internet node (1.3.6.1) and below as “most”.
2. Specify the view that shows the mib-2 node (1.3.6.1.2.1) and below as “standard”.
3. Create the user group “admins”, and grant users belonging to the “admins” group full access rights to the “most” view.
4. Create the user group “users”, and grant users belonging to the “users” group read access rights to the “standard” view.
5. Create an “admin1” user that belongs to the “admins” group.

   Set the password to “passwd1234”, using the “HMAC-SHA-96” authentication algorithm.

   Set the encryption password to “passwd1234”, using the “AES128-CFB” encryption algorithm.

6. Create an “user1” user that belongs to the “users” group.

   Set the password to “passwd5678”, using the “HMAC-SHA-96” authentication algorithm.

7. Send notifications in trap format (without response confirmation) to 192.168.10.3.
8. Send notifications in inform request format to 192.168.20.3.

Yamaha(config)# snmp-server view most 1.3.6.1 include                                  ... 1
Yamaha(config)# snmp-server view standard 1.3.6.1.2.1 include                          ... 2
Yamaha(config)# snmp-server group admins priv read most write most                     ... 3
Yamaha(config)# snmp-server group users auth read standard                             ... 4
Yamaha(config)# snmp-server user admin1 admins auth sha passwd1234 priv aes passwd1234 ... 5
Yamaha(config)# snmp-server user user1 users auth sha passwd5678                       ... 6
Yamaha(config)# snmp-server host 192.168.10.13 traps version 3 priv admin1             ... 7
Yamaha(config)# snmp-server host 192.168.20.13 informs version 3 priv admin1           ... 8

6 Points of Caution

• Check the SNMP version that can be used with the SNMP manager beforehand. It is necessary to configure this product in accordance with the SNMP version that will be used.
• This product is not compatible with the following functions related to SNMPv3.
  • Proxy function
  • Access to MIB objects after the SNMPv2 subtree (1.3.6.1.6). Changing SNMPv3-related settings via SNMP is also not supported.

7 Related Documentation

• Yamaha rtpro Private MIB
• SNMP MIB Reference

RMON

1 Function Overview

By making settings for the RMON (Remote network MONitering) function, you can monitor and record the traffic volume and error occurrences for each interface.

Since the settings for the RMON function and the data obtained by the RMON function are held as an MIB, they can be retrieved and edited from the SNMP manager.

The RMON function of this product supports the following groups defined in RFC2819.

• Ethernet statistics group
• History group
• Alarm group
• Event group

2 Definition of Terms Used

RMON MIB

MIB for the RMON function, defined in RFC2819

Ethernet statistics group

MIB group defined as group 1 of the RMON MIB.

This holds a table for monitoring Ethernet statistical information.

The information in the table includes counters for the number of packets, the number of errors, etc.

The etherStatsTable is the applicable MIB for this product.

History group

MIB group defined as group 2 of the RMON MIB.

At a specified interval, it measures the same information as the Ethernet statistical information group, and has a table for saving the history of this information.

The MIBs relevant for this product are the historyControlTable and the etherHistoryTable.

Alarm group

MIB group defined as group 3 of the RMON MIB.

At the specified interval, the statistical information of the Ethernet statistical information group is compared with the threshold values.

If the sampled values exceed the threshold values, the event defined for the event group is generated.

The alarmTable is the applicable MIB for this product.

Event group

MIB group defined as group 9 of the RMON MIB.

This is the action taken in response when the alarm group conditions are met.

The eventTable is the applicable MIB for this product.

3 Function Details

The operating specifications for operation of the RMON function are shown below.

3.1 Common between groups

The specifications common between groups are given below.

1. In order to enable the RMON function on this product, the system-wide RMON function must be enabled.
   • Use the rmon command to make settings.
   • This is enabled by default.
   • You can also set this by using the private MIB ysrmonSetting(1.3.6.1.4.1.1182.3.7.1).

3.2 Ethernet statistics group

The operating specifications for the Ethernet statistics group are given below.

1. Make settings by using the rmon statistics command on an interface.
2. Starting at the point at which you specified the rmon statistics command, statistical information is collected, and the etherStatsTable of the RMON MIB will be available for retrieval.
3. This can be specified for a physical interface.
4. A maximum of eight rmon statistics commands can be specified for the same interface.
5. If an rmon statistics command is deleted, the collected statistical information is also deleted.
6. If an rmon statistics command is overwritten, the previously collected statistical information is deleted, and collection is started once again.
7. If the RMON function is disabled system-wide, collection of statistical information is halted.

   If the RMON function is subsequently enabled system-wide, the previously collected statistical information is deleted, and collection is started once again.

8. The supported OIDs in the Ethernet statistical information group are as follows.

 rmon(1.3.6.1.2.1.16)
  +- statistics(1.3.6.1.2.1.16.1)
      +- etherStatsTable(1.3.6.1.2.1.16.1.1)
              + etherStatsEntry(1.3.6.1.2.1.16.1.1.1) { etherStatsIndex }
                  +- etherStatsIndex(1.3.6.1.2.1.16.1.1.1.1)         (read-only)
                  +- etherStatsDataSource(1.3.6.1.2.1.16.1.1.1.2)    (read-create)
                  |     Interface being monitored
                  +- etherStatsDropEvents(1.3.6.1.2.1.16.1.1.1.3)    (read-only)
                  |     Number of packets dropped
                  +- etherStatsOctets(1.3.6.1.2.1.16.1.1.1.4)        (read-only)
                  |     Number of octets received
                  +- etherStatsPkts(1.3.6.1.2.1.16.1.1.1.5)          (read-only)
                  |     Number of packets received
                  +- etherStatsBroadcastPkts(1.3.6.1.2.1.16.1.1.1.6) (read-only)
                  |     Number of broadcast packets received
                  +- etherStatsMulticastPkts(1.3.6.1.2.1.16.1.1.1.7) (read-only)
                  |     Number of multicast packets received
                  +- etherStatsCRCAlignErrors(1.3.6.1.2.1.16.1.1.1.8)(read-only)
                  |     Number of FCS error packets received
                  +- etherStatsUndersizePkts(1.3.6.1.2.1.16.1.1.1.9) (read-only)
                  |     Number of undersize packets received (packets smaller than 64 octets) 
                  +- etherStatsOversizePkts(1.3.6.1.2.1.16.1.1.1.10) (read-only)
                  |     Number of oversize packets received (packets larger than 1518 octets) 
                  +- etherStatsFragments(1.3.6.1.2.1.16.1.1.1.11)    (read-only)
                  |     Number of fragment packets received (packets smaller than 64 octets with abnormal FCS)
                  +- etherStatsJabbers(1.3.6.1.2.1.16.1.1.1.12)      (read-only)
                  |     Number of jabber packets received (packets larger than 1518 octets with abnormal FCS)
                  +- etherStatsCollisions(1.3.6.1.2.1.16.1.1.1.13)   (read-only)
                  |     Number of collisions
                  +- etherStatsOwner(1.3.6.1.2.1.16.1.1.1.20)        (read-create)
                  |     Name of owner
                  +- etherStatsStatus(1.3.6.1.2.1.16.1.1.1.21)       (read-create)
                        Status of statistical group

3.3 History group

The operating specifications for the history group are shown below.

1. Make settings by using the rmon history command on an interface.
2. Starting at the point at which you specified the rmon history command, historical information is collected, and the etherHistoryTable of the RMON MIB will be available for retrieval.
3. This can be specified for a physical interface.
4. A maximum of eight rmon history commands can be specified for the same interface.
5. If an rmon history command is deleted, the collected historical information is also deleted.
6. If an rmon history command is overwritten, the previously collected historical information is deleted, and collection is started once again.
7. If the RMON function is disabled system-wide, collection of historical information is halted.

   If the RMON function is subsequently enabled system-wide, the previously collected historical information is deleted, and collection is started once again.

8. The supported OIDs in the Ethernet history group are as follows.

 rmon(1.3.6.1.2.1.16)
  +- history(1.3.6.1.2.1.16.2)
      +- historyControlTable(1.3.6.1.2.1.16.2.1)
      |       + historyControlEntry(1.3.6.1.2.1.16.2.1.1) { historyControlIndex }
      |           +- historyControlIndex(1.3.6.1.2.1.16.2.1.1.1)           (read-only)
      |           +- historyControlDataSource(1.3.6.1.2.1.16.2.1.1.2)      (read-create)
      |           |     Interface being monitored
      |           +- historyControlBucketsRequested(1.3.6.1.2.1.16.2.1.1.3)(read-create)
      |           |     Number of history group history saves requested
      |           +- historyControlBucketsGranted(1.3.6.1.2.1.16.2.1.1.4)  (read-only)
      |           |     Number of history group histories saved
      |           +- historyControlInterval(1.3.6.1.2.1.16.2.1.1.5)        (read-create)
      |           |     Interval at which history group histories are saved
      |           +- historyControlOwner(1.3.6.1.2.1.16.2.1.1.6)           (read-create)
      |           |     Name of owner
      |           +- historyControlStatus(1.3.6.1.2.1.16.2.1.1.7)          (read-create)
      |                 History group status
      |
      +- etherHistoryTable(1.3.6.1.2.1.16.2.2)
              + etherHistoryEntry(1.3.6.1.2.1.16.2.2.1) { etherHistoryIndex, etherHistorySampleIndex }
                  +- etherHistoryIndex(1.3.6.1.2.1.16.2.2.1.1)         (read-only)
                  +- etherHistorySampleIndex(1.3.6.1.2.1.16.2.2.1.2)   (read-only)
                  +- etherHistoryIntervalStart(1.3.6.1.2.1.16.2.2.1.3) (read-only)
                  |     Interval at which history group histories are saved
                  +- etherHistoryDropEvents(1.3.6.1.2.1.16.2.2.1.4)    (read-only)
                  |     Number of packets dropped
                  +- etherHistoryOctets(1.3.6.1.2.1.16.2.2.1.5)        (read-only)
                  |     Number of octets received
                  +- etherHistoryPkts(1.3.6.1.2.1.16.2.2.1.6)          (read-only)
                  |     Number of packets received
                  +- etherHistoryBroadcastPkts(1.3.6.1.2.1.16.2.2.1.7) (read-only)
                  |     Number of broadcast packets received
                  +- etherHistoryMulticastPkts(1.3.6.1.2.1.16.2.2.1.8) (read-only)
                  |     Number of multicast packets received
                  +- etherHistoryCRCAlignErrors(1.3.6.1.2.1.16.2.2.1.9)(read-only)
                  |     Number of FCS error packets received
                  +- etherHistoryUndersizePkts(1.3.6.1.2.1.16.2.2.1.10)(read-only)
                  |     Number of undersize packets received (packets smaller than 64 octets) 
                  +- etherHistoryOversizePkts(1.3.6.1.2.1.16.2.2.1.11) (read-only)
                  |     Number of oversize packets received (packets larger than 1518 octets) 
                  +- etherHistoryFragments(1.3.6.1.2.1.16.2.2.1.12)    (read-only)
                  |     Number of fragment packets received (packets smaller than 64 octets with abnormal FCS)
                  +- etherHistoryJabbers(1.3.6.1.2.1.16.2.2.1.13)      (read-only)
                  |     Number of jabber packets received (packets larger than 1518 octets with abnormal FCS)
                  +- etherHistoryCollisions(1.3.6.1.2.1.16.2.2.1.14)   (read-only)
                  |     Number of collisions
                  +- etherHistoryUtilization(1.3.6.1.2.1.16.2.2.1.15)  (read-only)
                        Estimated value of network usage ratio

3.4 Alarm group

The operating specifications for the alarm group are shown below.

1. Use the rmon alarm command to make settings.
2. From the point that the rmon alarm command is specified, sampling occurs at the specified interval.
3. If an rmon alarm command is overwritten, the previous sampling data is deleted, and sampling is started once again.
4. If the RMON function is disabled system-wide, sampling is halted.

   If the RMON function is subsequently enabled system-wide, the previous sampling data is deleted, and sampling is started once again.

5. Only etherStatsEntry(.1.3.6.1.2.1.16.1.1.1) MIB objects that have a counter type can be specified as the object of alarm group monitoring.
6. If the Ethernet statistical information group used by the rmon alarm command is deleted, the rmon alarm command is also deleted.
7. If the event group used by the rmon alarm command is deleted, the rmon alarm command is also deleted.
8. The supported OIDs in the alarm group are as follows.

 rmon(1.3.6.1.2.1.16)
  +- alarm(1.3.6.1.2.1.16.3)
      +- alarmTable(1.3.6.1.2.1.16.3.1)
              + alarmEntry(1.3.6.1.2.1.16.3.1.1) { alarmIndex }
                  +- alarmIndex(1.3.6.1.2.1.16.3.1.1.1)              (read-only)
                  +- alarmInterval(1.3.6.1.2.1.16.3.1.1.2)           (read-create)
                  |     Sampling interval
                  +- alarmVariable(1.3.6.1.2.1.16.3.1.1.3)           (read-create)
                  |     MIB object to be monitored
                  +- alarmSampleType(1.3.6.1.2.1.16.3.1.1.4)         (read-create)
                  |     Sampling type
                  +- alarmValue(1.3.6.1.2.1.16.3.1.1.5)              (read-only)
                  |     Estimated value
                  +- alarmStartupAlarm(1.3.6.1.2.1.16.3.1.1.6)       (read-create)
                  |     Threshold value used for first alarm determination
                  +- alarmRisingThreshold(1.3.6.1.2.1.16.3.1.1.7)    (read-create)
                  |     Upper threshold value
                  +- alarmFallingThreshold(1.3.6.1.2.1.16.3.1.1.8)   (read-create)
                  |     Lower threshold value
                  +- alarmRisingEventIndex(1.3.6.1.2.1.16.3.1.1.9)   (read-create)
                  |     Event index when crossing upper limit
                  +- alarmFallingEventIndex(1.3.6.1.2.1.16.3.1.1.10) (read-create)
                  |     Event index when crossing lower limit
                  +- alarmOwner(1.3.6.1.2.1.16.3.1.1.11)             (read-create)
                  |     Name of owner
                  +- alarmStatus(1.3.6.1.2.1.16.3.1.1.12)            (read-create)
                        Alarm group status

Alarm detection is determined by an upper threshold value and a lower threshold value. If the threshold value is crossed, the specified event is executed.

If an alarm is detected, the alarm will not be detected again until the value crosses the opposite threshold.

The following cases are explained as examples.

• At point 1, the upper threshold value is crossed, so an alarm is detected.

  The threshold value that is used for the very first decision can be specified by STARTUP.

  In the example above, we will assume that the STARTUP value is “1” (using only the upper threshold value (risingAlarm)) or “3” (using both the upper threshold value and the lower threshold value (risingOrFallingAlarm)).

• At point 2, an alarm is not detected.
• At point 3, the upper threshold value is crossed, but since the opposite threshold was not previously crossed, an alarm is not detected.
• At point 4, the lower threshold value is crossed, and since the upper threshold was previously crossed, an alarm is detected.
• At point 5, the lower threshold value is exceeded, but since the opposite upper threshold was not previously crossed, an alarm is not detected.
• At point 6, the upper threshold value is crossed, and since the lower threshold was previously crossed, an alarm is detected.

3.5 Event group

The operating specifications for the event group are shown below.

1. Use the rmon event command to make settings.
2. The following operations can be specified for the event group.
   • Record to log
   • Send SNMP trap
   • Record to log and send SNMP trap
3. If trap transmission is specified, the following SNMP commands must be set in order to transmit the SNMP trap.
   • snmp-server host
   • snmp-server enable trap rmon
4. The following operations will be carried out when specifying trap transmission.
   • SNMPv1, SNMPv2c
     • Only the traps for which the community name specified using the rmon event command, and for which the community name specified by the snmp-server host host command are matching will be transmitted.
   • SNMPv3
     • Only the traps for which the community name specified using the rmon event command, and for which the user name specified by the snmp-server host host command are matching will be transmitted.
       
       
5. The supported OIDs in the event group are as follows.

    rmon(1.3.6.1.2.1.16)
     +- event(1.3.6.1.2.1.16.9)
         +- eventTable(1.3.6.1.2.1.16.9.1)
                 + eventEntry(1.3.6.1.2.1.16.9.1.1) { eventIndex }
                     +- eventIndex(1.3.6.1.2.1.16.9.1.1.1)        (read-only)
                     +- eventDescription(1.3.6.1.2.1.16.9.1.1.2)  (read-create)
                     |     Event description
                     +- eventType(1.3.6.1.2.1.16.9.1.1.3)         (read-create)
                     |     Event type
                     +- eventCommunity(1.3.6.1.2.1.16.9.1.1.4)    (read-create)
                     |     Community name
                     +- eventLastTimeSent(1.3.6.1.2.1.16.9.1.1.5) (read-only)
                     |     Event execution time
                     +- eventOwner(1.3.6.1.2.1.16.9.1.1.6)        (read-create)
                     |     Name of owner
                     +- eventStatus(1.3.6.1.2.1.16.9.1.1.7)       (read-create)
                           Event group status

3.6 Setting by SetRequest from an SNMP manager

The same content as the commands of each group can be specified by using SetRequest from an SNMP manager.

The procedure for making settings from an SNMP manager is as follows.

As an example, we explain how to make new settings for the Ethernet statistics information (etherStatsTable) group to port1.1 using index number 1.

Similar operations can be used to make settings for a supported MIB on other groups.

1. Make SNMP settings to allow the MIB to be written.

   For details, refer to the SNMP technical reference.

2. For etherStatsStatus.1, specify “2” (createRequest).

   The “.1” of etherStatsStatus.1 is the etherStatsTable index.

3. For etherStatsDataSource.1, specify iFindex.5001 as the interface to be monitored.

   ifIndex.5001 indicates port1.1.

4. Specifying “owner” is optional, but if you do, specify the text string in etherStatsOwner.1.
5. For etherStatsStatus, specify “1” (valid).

When you perform the above steps, the following commands are specified for port1.1.

We assume that “RMON” was set as the “owner” setting.

 rmon statistics 1 owner RMON

Below we show how to disable the RMON function system-wide from the SNMP manager.

1. Make SNMP settings to allow the MIB to be written.

   For details, refer to the SNMP technical reference.

2. For ysrmonSetting(1.3.6.1.4.1.1182.3.7.1), specify “2” (disabled).

When you perform the above steps, the following commands are specified.

 rmon disable

To specify enable, set ysrmonSetting(1.3.6.1.4.1.1182.3.7.1) to “1” (enabled).

4 Related Commands

Related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Set Ethernet statistical information group

Make Ethernet statistical information group settings for port 1.1, and from the SNMP manager, retrieve the MIB of the Ethernet statistical information group.

1. Enable the Ethernet statistical information group setting for port1.1.

   The index of the Ethernet statistical information group is “1.”

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#rmon statistics 1 ... (Enable the Ethernet statistical information group setting)

2. From the SNMP manager, make SNMP settings that the MIB of the Ethernet statistical information group can be retrieved.

   In this example, we use “private” access on SNMPv1 or SNMPv2c.

   Yamaha(config)#snmp-server community private rw ... (Set the readable/writable community name as “private”)

3. From the SNMP manger, it will be possible to retrieve the etherStatsTable(.1.3.6.1.2.1.16.1.1) with the community name “private.”

5.2 Set history group

Make settings for the history group of port1.1 and retrieve the MIB of the history group from the SNMP manager.

1. Enable the port1.1 history group setting.

   The index of the history group is “1.”

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#rmon history 1 ... (Enable the history group setting)

2. From the SNMP manager, make SNMP settings that the MIB of the history group can be retrieved.

   In this example, we use “private” access on SNMPv1 or SNMPv2c.

   Yamaha(config)#snmp-server community private rw ... (Set the readable/writable community name as “private”)

3. From the SNMP manger, it will be possible to retrieve the etherHistoryTable(.1.3.6.1.2.1.16.2.2) with the community name “private.”

5.3 Set alarm event group

Use the alarm group to monitor the statistical information values of the Ethernet statistical information group.

The conditions for monitoring are as follows.

• The MIB to be monitored is port1.1’s etherStatsPkts(.1.3.6.1.2.1.16.1.1.1.5).
• The sampling interval is 180 seconds.
• The sampling type is delta.
• The upper threshold value is 2000.
• The lower threshold value is 1000.

When the above monitoring conditions are matched, the following event group is executed.

• Record to log and send SNMP trap
• Community name is “RMON”

1. Make the required settings for SNMP trap transmission.

   Yamaha(config)#snmp-server host 192.168.100.3 traps version 2c RMON ... (Set trap transmission destination)
   Yamaha(config)#snmp-server enable trap rmon                         ... (Enable trap transmission for the RMON function)

2. Make event group settings.

   The index of the event group is “1.”

   Yamaha(config)#rmon event 1 log-trap RMON ... (Enable the event group setting)

3. In order to set the alarm group’s monitoring target MIB object, enable the port1.1 Ethernet statistical information group setting.

   The index of the Ethernet statistical information group is “1.”

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#rmon statistics 1 ... (Enable the Ethernet statistical information group setting)

4. Set the alarm group with the listed conditions.

   The index of the alarm group is “1.”

   Yamaha(config)#rmon alarm 1 etherStatsPkts.1 interval 180 delta rising-threshold 3000 event 1 falling-threshold 2000 event 1  ... (Enable the alarm group)

6 Points of Caution

None

7 Related Documentation

• SNMP

SYSLOG

1 Function Overview

This product provides the SYSLOG functions shown below as a means to ascertain the operating state.

1. Functions to collect, reference, and delete the log that is accumulated inside this product
2. Functions for output to the console simultaneously with logging
3. Functions for transmitting to a previously-registered notification destination (SYSLOG server) simultaneously with logging

Logging, output to console, and notifications to the SYSLOG server are performed according to the output level specified by the user. Processing occurs only for the permitted messages.

Logging occurs in RAM, and is automatically backed up to flash ROM or can be backed up manually.

When backing up manually, you can also back up to an SD card at the same time.

Notifications to the SYSLOG server are done simultaneously with logging, but only if a SYSLOG server has been registered.

2 Definition of Terms Used

None

3 Function Details

The SYSLOG function is described below.

1. Logging occurs in RAM, and can accumulate up to 10,000 items.

   Backup to Flash ROM can be performed by the following means.

   • Automatic backup performed every hour since system boot
   • Manual backup performed by the save logging command
   • Backup performed when the write command is executed successfully
2. The accumulated log can be viewed by the show logging command.

   It can also be deleted by the clear logging command.

   The show logging command shows the information in RAM.

   For the log information of this product, it is assumed that the information in RAM always matches the information in flash ROM.

   (When the system starts, the log information in flash ROM is applied to RAM, and the service is started. The log information in RAM is not deleted following execution of a backup.)

3. Log transmission occurs only if the notification destination (SYSLOG server) has been registered.

   You can use the logging host command to register up to two notification destinations.

   Specify the notification destination either by IP address or FQDN.

   As the port number of the notification destination, the default port number 514 is used. (This setting cannot be freely set by the user.)

4. The level of log that is transmitted (SYSLOG priority) can be set using the logging trap command.

   This product allows you to enable or disable output for each level of log.

   With the factory settings, the output level enables only Information and Error.

5. The logging backup sd command enables SYSLOG backup to the SD card.

   If SYSLOG backup to the SD card is enabled, executing the save logging command will save the dated log file to the SD card.

4. List of related commands

Related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Settings

1. Enable debug-level log output, and start log output to the SYSLOG server (192.168.1.100).

   Also output informational-level log to the console.

   Yamaha(config)# logging trap debug         … (Enable debug level log output)
   Yamaha(config)# logging host 192.168.1.100 … (Register SYSLOG server)
   Yamaha(config)# logging stdout info        … (Output informational-level log to the console)

2. Stop notifications to the SYSLOG server.

   Yamaha(config)# no logging host

3. Save and show the accumulated log information.

   Yamaha# save logging … (Save log from RAM to ROM)
   Yamaha# show logging … (Show accumulated log)
   2018/03/08 20:42:46: [ SESSION]:inf: Login succeeded as (noname) for HTTP: 192.168.1.40
   2018/03/09 10:06:42: [     NSM]:inf: Interface port1.11 changed state to down
   2018/03/09 10:09:48: [ SESSION]:inf: Logout timer expired as (noname) from HTTP: 192.168.1.40
   2018/03/09 16:19:36: [     NSM]:inf: Interface port1.17 changed state to up
    :

4. Clear the accumulated log information.

   Yamaha# clear logging … (Clear all accumulated logs)
   Yamaha# show logging  … (Show log)
    (Since they were cleared, nothing is shown)

6 Points of Caution

If creation of the system information storage area at startup fails, all logs saved inside this product will be deleted.

The following log is output after re-creating the system information storage area.

Syslog messages are cleared by partition re-creation.

7 Related Documentation

None

Firmware update

1 Function Overview

This product offers the following three firmware update functions, in order to correct problems in the program and to add new functionality.

1. Firmware updates can be transmitted and applied to this product from a remote terminal such as a PC.
2. This product’s built-in HTTP client can access an HTTP server, to download and apply the latest firmware.
3. A firmware update placed on the SD card can be applied to this product.

These update functions can be used to upgrade or downgrade the version of firmware used on this product.

While firmware is being updated, all port LEDs flash green regardless of the LED display mode.

During stack configuration, the updated firmware is written simultaneously to the stack master and stack slave.

When the firmware update has been correctly written, the system will reboot in order to apply the new firmware.

For details on how to specify reboot, refer to 3.4 Reboot following writing.

2 Definition of Terms Used

None

3 Function Details

3.1 Update by transmitting the firmware update

This function transmits firmware updates to this product from a remote terminal, such as a PC, and applies it as boot firmware.

The update process is executed using a TFTP client or the Web GUI.

3.1.1 Using a TFTP client to update the firmware

A TFTP client installed on a PC or other remote terminal can be used to transmit the firmware update to this product and apply it.

In order to operate this product’s TFTP server, use the steps shown below to set up a network environment that allows remote access.

1. Decide on the VLAN that will be used for maintenance.
2. Set the IPv4 address on the maintenance VLAN. Use the ip address command for this setting.
3. Permit access from the maintenance VLAN to the TFTP server. To make this setting, use the tftp-server interface command or the management interface command.
4. Enable the TFTP server. Use the tftp-server enable command for this setting.

Follow the rules below when sending the firmware update using the TFTP client.

• Set the transmission mode to “binary mode”.
• As shown in the table below, specify the remote path to which the firmware update is sent.
• If an administrative password has been specified for this product, use the form “/PASSWORD” to specify the administrative password following the remote path.

For a firmware update using a TFTP client, the following three types of update can be performed.

Updated firmware

If there is no problem with the firmware update that was sent, the firmware update will be saved.

3.1.2. Firmware update by specifying the Web GUI local file

Specify the firmware update located on the terminal accessing the Web GUI, and applies it to this product.

This function does not do a version comparison with the existing firmware, and will overwrite the specified firmware regardless of version.

Firmware updates by specifying a local file are done by updating the firmware via Update firmware from PC located in [Maintenance] - [Firmware update] of the Web GUI. (Refer to the part shown in a red frame on the screenshot below.)

Refer to the help contents within the GUI for the specific operation method.

Initial screen on the Web GUI for updating firmware using a PC

3.2 Using an HTTP client to update the firmware

This method of firmware update uses an HTTP client to obtain the firmware update from a specified URL, and then apply it to this product.

This function assumes that the firmware version will be upgraded. Downgrading to a previous version will only be permitted if “revision-down” is allowed.

The firmware cannot be rewritten with the same version of firmware.

This function cannot be used when the stack is enabled.

An HTTP client can be used to update the firmware using the methods below.

• Use the firmware-update command from the CLI (Command-line interface)
• Execute the firmware update over the network using the Web GUI

Updating the firmware with an HTTP client is done by using the settings value shown in the table below.

Firmware update using an HTTP client: setting parameters

Refer to “5 Examples of Command Execution” or to the “Command Reference” for more information on how to use the firmware-update command.

To update firmware over the network using the Web GUI, execute the [Maintenance] - [Firmware update] command from the Web GUI. (Refer to the part shown in a red frame on the screenshot below.)

Refer to the help contents within the GUI for the specific operation method.

Initial screen for updating the firmware over the network using the Web GUI

3.3 Using an SD card to update the firmware

This function takes a firmware update from the SD card and applies it as boot firmware.

Perform the update from the CLI (Command-line interface) by using the firmware-update sd execute command.

In the case of stack configuration, only commands from the stack master can be used.

After entering the firmware update confirmation, the update will continue even if the SD card is removed. To unmount the SD card when executing the command, enter “N” in the confirmation of continued SD card mounting status, or specify the “sd-unmount” option with the command.

When rebooting with the SD card inserted in the main unit, the system will be booted from the firmware in the SD card as specified by the boot prioritize sd command.

• File path in the SD card

  /swr2310/firmware/swr2310.bin

3.4 Reboot after writing

When the firmware update has been successfully written, the unit will reboot in accordance with the reboot time specified by the firmware-update reload-time command.

If the reboot time was not specified, the unit reboots immediately. If the reboot time was specified, the unit reboots at the specified time.

When configuring a stack, the firmware update method can be selected using the firmware-update reload-method command.

• Method to update member switches during configuration simultaneously
• Method to update without stopping network services

See Firmware Update in Stack function for an overview of how to update the firmware.

4 Related Commands

Related commands are shown below.

For details, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Using an HTTP client to update the firmware

In this example, the firmware update is stored on the local HTTP server, and this product is set to manage the firmware in order to perform the update.

• Change the firmware download URL to http://192.168.100.1/swr2310.bin.
• The revision-down option is left in disabled mode.
• The timeout value is left at 300 sec.
• We will not specify a reboot time, but will reboot immediately after update.

1. The download URL is changed, and the firmware update settings are confirmed.

       Yamaha(config)#firmware-update url http://192.168.100.1/swr2310.bin … (Set download destination URL)
       Yamaha(config)#exit
       Yamaha#show firmware-update … (Show firmware update function setting)
       url:http://192.168.100.1/swr2310.bin
       timeout:300 (seconds)
       revision-down:Disable
   

2. The firmware update is executed.

       Yamaha#firmware-update execute … (Execute firmware update)
       Found the new revision firmware
       Current Revision: Rev.2.04.01
       New Revision:     Rev.2.04.02
       Downloading...
       Update to this firmware? (Y/N)y … (Enter “y”)
       Updating...
       Finish
   
       (Reboots automatically)
   

3. Pressing “CTRL+C” during the firmware update process will interrupt the update.

       Yamaha#firmware-update execute
       Found the new revision firmware
       Current Revision: Rev.2.04.01
       New Revision:     Rev.2.04.02
       Downloading...                  … (Enter Ctrl-C)
       ^CCanceled the firmware download
   

5.2 Using an SD card to update the firmware

In this example, the firmware update is placed on an SD card inserted in the unit, and this product is set to manage the firmware in order to perform the update.

This is an example of a two-stack configuration.

• Change the reboot time to 23:30.
• Change the reboot method to stack master/slave sequential reboot.

1. Change the reboot time and reboot method.

       Yamaha(config)#firmware-update reload-time 23 30        … (Reboot time setting)
       Yamaha(config)#firmware-update reload-method sequential … (Reboot method setting)
       Yamaha(config)#exit
   

2. Insert the SD card into the stack master and execute the firmware update.

       Yamaha#firmware-update sd execute  … (Execute firmware update)
       Update the firmware.
       Current Revision: Rev.2.04.01
       New Revision:     Rev.2.04.01
   
       Update to this firmware? (Y/N)y … (enter “y”)
       Continue without unmounting the SD card? (Y/N)n     … (enter “n”)
       Unmounted the SD card.  Pull out the SD card.
       Updating...
       Finish
       Yamaha#
       (Reboots at specified reboot time)
   

3. The stack slave reboots after updating the firmware at the same time as the stack master and restarting the stack master.

   The following log is displayed on the console of the stack slave.

       (Press ENTER on the stack master. The firmware is received and the update starts.)
       Receiving exec file... 
       Testing received file... 
       Writing to Nonvolatile memory... 
       Done.
   
       (Wait for restart of stack master then reboot)
   

4. After checking the version of the update firmware, you can enter “n” to cancel.

       Yamaha#firmware-update sd execute  … (Execute firmware update)
       Update the firmware.
       Current Revision: Rev.2.04.01
       New Revision:     Rev.2.04.02
   
       Update to this firmware? (Y/N)n … (Enter “n”)
       Yamaha#
   

6 Points of Caution

If the system is rebooted or the power is turned off during firmware update, the update will be interrupted and the system will start with the firmware before the update operation.

7 Related Documentation

• Maintenance and operation functions: LED control

L2MS control

1 Function Overview

L2MS (Layer2 Management Service) is a function that manages Yamaha network devices at the layer 2 level.

L2MS consists of one L2MS master which performs centralized management and multiple L2MS slave units (subsequently called slaves) which are controlled from the L2MS master (subsequently called the master).

The SWR2310/SWR2311P-10G/SWP2 can be either a master or a slave.

Connections for the PC, master, and slaves are described below.

L2MS connections

From the PC, log in to the master via serial connection, Telnet, or HTTP/HTTPS.

The master provides commands for administering the slaves, and a Web GUI for making settings or acquiring the state, and these are used to operate the slaves.

The master and slaves are connected via Ethernet cables, and use a proprietary protocol for communication.

This function has the following features.

• Initial settings are not required

  Although it is necessary to specify the IP address if using Telnet or SSH, this function communicates using its own protocol, so initial settings for the slaves are not required.

  When an Ethernet cable is connected, the master automatically detects the slaves that are under it.

• Simultaneously control multiple supported units

  The master can simultaneously recognize and control multiple slaves.

2 Definition of Terms Used

Master

The device that manages Yamaha switches that are operating as L2MS and switch control function slaves.

It manages the Yamaha switches in the network.

Slave

A Yamaha switch that is managed by the L2MS and switch control function master.

Its settings can be viewed or changed from the master.

3 Function Details

3.1 Supported models

The SWP2/SWR2310/SWR2311P-10G can be either an L2MS master or slave.

If operating as a master, one master can control a maximum of 64 slave units.

The following models can be managed as slaves.

As described earlier, devices that support switch control functionality (slaves) can also be controlled.

• SWR2100P series (SWR2100P-5G, SWR2100P-10G)
• SWR2310 series (SWR2310-10G, SWR2310-18GT, SWR2310-28GT)
• SWR2311P-10G
• SWP1 series (SWP1-8, SWP1-8MMF, SWP1-16MMF)
• SWP2 series (SWP2-10MMF, SWP2-SMF)

When operating as a slave, the unit is managed from the master of the Yamaha switch.

3.2 Usage

L2MS operation and role is set by the l2ms command.

• For the L2MS master

  This unit manages the SWR2310 series, SWR2311P-10G, or SWP2 series units that are operating as slaves.

  By specifying the terminal-watch enable command, information for terminals such as PCs on the network can be acquired and monitored at regular intervals.

  Yamaha(config)#l2ms configuration
  Yamaha(config-l2ms)#l2ms enable
  Yamaha(config-l2ms)#l2ms role master
  Yamaha(config-l2ms)#terminal-watch enable
  

• For an L2MS slave

  This unit is managed from the Yamaha switch that is operating as the master.

  Yamaha(config)#l2ms configuration
  Yamaha(config-l2ms)#l2ms enable
  Yamaha(config-l2ms)#l2ms role slave
  

By specifying the show l2ms command, you can check current operation and role.

3.3 L2MS protocol

L2MS control is performed using the L2 frames of the proprietary protocol described below.

Contents of the L2MS protocol’s L2 frames

If there is a firewall between the master and slave, the firewall must be set to pass these L2 frames.

3.4 Slave monitoring

The master monitors the slaves under it by transmitting a query frame at regular intervals.

In response to the query frame, the slave sends a response frame, notifying the master of their own existence.

The interval at which the query frame is transmitted is set by the slave-watch interval command.

Higher settings of the value will reduce the frequency of transmission, but will lengthen the time from when a slave is connected to when the master recognizes it.

Lower settings of the value will have the opposite result, increasing the frequency of transmission but shortening the time from when a slave is connected to when the master recognizes it.

If a response frame from the slave is not received even though the master has sent the query frame for a specified number of times, the corresponding slave is determined to be down.

The number of times is specified by the slave-watch down-count command.

If the Ethernet cable connecting the slave is unplugged, there may be cases in which the slave is determined to be down even earlier than the setting of this command.

Set the slave-watch interval and slave-watch down-count commands to values that are appropriate for your network environment.

3.5 Slave ownership

One slave cannot be simultaneously controlled by multiple masters.

For this reason, you must make settings such that there is one master in a network.

If a slave receives a query frame after boot, that slave will be managed by the master that transmitted that query frame.

This state is canceled by any of the following conditions.

• If a query frame was not received for 30 seconds.
• If the master was restarted.
• If the l2ms reset command was executed on the master.

3.6 Slave control

When the master makes settings on an L2MS-compliant slave, or acquires its operating status, these actions are referred to as “controlling the slave.”

The LAN map of the Web GUI is used to control a slave.

After logging in to the Web GUI of the master, select the applicable slave in the LAN map and control it.

For details on operations in the LAN map, refer to the Web GUI help page.

Note that you cannot control a slave using commands from the SWP2/SWR2310/SWR2311P-10G (master).

Here we explain the operations that can be performed on slaves from the LAN map.

3.6.1 Operations for the SWR2100P series

The following operations can be performed for SWR2100P series (SWR2100P-5G, SWR2100P-10G) units.

• Display the status of the device and ports
• Update the firmware
• Show and control the power supply status of the ports (PoE-equipped models only)

3.6.2 Operations for the SWP1/SWP2/SWR2311P/SWR2310 series

The following operations can be performed for slaves.

• Display the status of the device and ports
• Show and control the power supply status of the ports (PoE-equipped models only)
• IP address setting
• Save and restore config

  * Saving and restoring the SWP1’s config is supported by Rev.2.00.14 and later firmware.

• Use the HTTP Proxy function to log in to the slave’s GUI

If the HTTP Proxy function is enabled, you can log in to the slave’s GUI from the master’s LAN map.

When logging in to the slave, it will not be necessary to enter a user name and password.

If the IP address of a slave in the network conflicts with another device, it will not be possible to log in to the slave GUI via the HTTP Proxy function.

In this case, make settings in the master LAN map to change the IP address setting of the slave.

For details, refer to “3.6.3. HTTP Proxy function and IP Address Settings.”

3.6.3 About the HTTP Proxy function and IP address settings

The following operations can be performed for the SWP1/SWP2/SWR2310/SWR2311P series.

With the factory settings, or immediately after the cold start command is executed, a fixed IP address is specified. (The L2MS operates as a slave.)

At this time if the unit is managed by the master, DHCP client settings are made automatically.

This is to avoid conflicting IP addresses in the case that multiple slaves exist.

Since the IP address is allocated by the DHCP sever in the network, you can access the slave’s Web GUI via HTTP Proxy without making slave settings.

If a DHCP server does not exist in the network, it will not be possible to obtain an IP address, so you must specify the slave’s IP address in the master’s LAN map.

If settings are made and a startup config has been saved, they will not subsequently be automatically set by the DHCP client.

3.7 Information notified from the slave

A slave that is managed by the master informs the master when its own state changes or if a fault is detected.

Information from the slave is output to the master’s SYSLOG or LAN map.

For details on the messages that are output to SYSLOG, refer to “7. SYSLOG message list.”

The notifications sent by each slave are as follows.

Notifications sent by each slave to the master

3.8 Monitoring of connected terminals

By specifying the terminal-watch enable command for the master, you can enable the monitoring function for connected terminals, and manage information for the terminals that are connected to the master and to the slaves.

The following information for connected terminals is managed by the master.

• If the master and slave are Yamaha switches
  • MAC address of the terminal
  • Port number of the master or slave to which the terminal is connected
  • Date and time at which the terminal was detected

This information can be referenced by the show l2ms detail command.

The recommended number of terminals managed by this function is a maximum of 200 units regardless of the network configuration.

Note that if more terminals than the recommended number of units exist in the network, the LAN map of the Web GUI might become sluggish or unresponsive.

According to changes in the network, the master will search for connected terminals or delete terminal information that it is managing.

The timing at which the master searches for connected terminals and the object of the search are as follows.

If new terminal information is found as a result of the search, it is determined that a terminal was detected.

Timing and object of terminal search

The timing at which the master determines that a terminal has disappeared from the network and deletes the managed terminal information, and the object of the deletion, are as follows.

Timing and object of terminal information deletion

4 Related Commands

Related commands are shown below.

For details, refer to the Command Reference.

List of L2MS-related commands

5 Examples of Command Execution

5.1 Set slave monitoring

Set the slave monitoring time interval.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#slave-watch interval 8

Set the number of times after which the slave is determined to be down.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#slave-watch down-count 7

5.2 Set terminal management function

Enable the terminal monitoring function.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#terminal-watch enable

Set the time interval at which terminal information is acquired.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#terminal-watch interval 3600

Show the terminal information acquired by the master.

Yamaha>show l2ms detail
Role : Master

[Master]
 Number of Terminals   : 0

[Slave]
 Number of Slaves      : 2
  [ac44.f230.00a5]
   Model name          : SWR2310-10G
   Device name         : SWR2310-10G_Z5301050WX
   Route               : port2.1
   LinkUp              : 1, 3, 9
     Uplink            : 1
     Downlink          : 3
   Config              : None
   Appear time         : Tue Mar 13 18:43:18 2018
   Number of Terminals : 1
    [bcae.c5a4.7fb3]
     Port              : 9
     Appear time       : Wed Mar 14 14:01:18 2018

  [00a0.deae.b8bf]
   Model name          : SWR2311P-10G
   Device name         : SWR2311P-10G_S4L000401
   Route               : port2.1-3
   LinkUp              : 1
     Uplink            : 1
     Downlink          : None
   Config              : None
   Appear time         : Tue Mar 13 18:43:18 2018
   Number of Terminals : 0

5.3 Set L2MS control frame transmission/reception

Make settings so that L2MS control frames are not transmitted and received on port 1.5.

L2SW(config)#interface port1.5
L2SW(config-if)#l2ms filter enable

5.4 Set event monitoring function

Disable the event monitoring function.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#event-watch disable

Set the time interval at which event information is acquired.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#event-watch interval 60

5.5 Enable/disable use of the zero-config function

Specify whether the master uses the zero-config function for slaves.

This setting must be made for the master.

Disable the zero config function.

L2SW(config)#l2ms configuration
L2SW(config-l2ms)#l2ms enable
L2SW(config-l2ms)#l2ms role master
L2SW(config-l2ms)#config-auto-set disable

6 Points of Caution

6.1 Regarding device configuration

Up to 64 slaves can be managed.

If slaves are used in a series connection, the maximum number of slave units that can be connected is eight units counting from the master.

Counting slaves from the master, a ninth or subsequent slave unit cannot be connected in series.

If the number of slave units connected in series is no more than eight units counting from the master, the number of units specified by the maximum number of administered units can be controlled.

If nine or more slave units are connected in series, counting from the master, L2MS communication will be delayed, preventing slaves from being correctly detected or controlled, and possibly causing problems such as the following.

• Synchronization processing might not work correctly.
• When slave settings are modified from the GUI, correct execution might not be possible.

If a switch made by a different manufacturer exists in the L2MS communication route, such as if a switch made by a different manufacturer is inserted between the master and a slave, it might not be possible to correctly control the slave.

If you are configuring a network that includes a switch made by a different manufacturer, verify operation beforehand.

6.2 Regarding terminal monitoring

The recommended number of managed units in the network is a maximum of 200 units.

If more terminals than the recommended number of managed units exist, the LAN map of the Web GUI might become sluggish or unresponsive.

If necessary, disable the terminal management function (terminal-watch disable command).

Terminal monitoring is performed using the information that is registered in the FDB (MAC address table) of the applicable device.

For this reason, depending on the timing at which search is performed, a terminal might not be detected even though it is connected, or a terminal might be detected even though it is no longer present on the network.

If link-down is detected for a master port or for a port of a Yamaha switch, all information for terminals connected to that port is deleted even if the terminals are registered in the FDB (MAC address table).

After a slave is connected to a port, it may take several seconds until L2MS detects the slave.

During this time, the corresponding slave is handled as a terminal.

Yamaha network devices that are not managed by the master as a slave are treated as terminals.

Since terminal search at the interval specified by the terminal-watch interval command is performed for the master and for all slaves, it might take twenty to thirty minutes for terminal search to be completed, depending on the configuration of the network.

It is not the case that other processing cannot be executed until terminal search has completed.

If an L2 switch made by another manufacturer is connected to an L2MS-compliant device, the terminals that are connected to the other manufacturer’s L2 switch are detected as terminals connected to the L2MS-compliant device.

However, if a terminal and a Yamaha switch are connected in parallel to the other manufacturer’s L2 switch, it will not be possible to detect terminals that are connected to the other manufacturer’s L2 switch.

6.3 Regarding use in conjunction with other functions

6.3.1 Use in conjunction with VLAN

If using a VLAN, you must specify the port used for L2MS communication as the access port or as the trunk port assigned to the native VLAN.

It is not possible to perform L2MS communication on a trunk port that is not assigned to the native VLAN.

6.3.2 Use in conjunction with mirroring

When the mirroring function is used, L2MS communication sent and received at the monitor port is also copied.

For this reason, connecting a master or slave to the mirror port might cause L2MS to not operate correctly; do not make such a connection.

6.3.3 Use with ACL

L2MS communication is not subject to ACL control.

Although the ACL discards frames that are not specified in the permission list (tacit rejection), L2MS communication is not subject to control, and therefore will be forwarded without being discarded.

6.3.4 Use with STP and the loop detection function

L2MS communication cannot be performed on a port that is in a blocked state because of STP or the loop detection function.

If link switching is performed by STP, the master is unable to correctly recognize the topology, possibly making it impossible to find a slave, or causing a mistake in the route when a slave is found.

In such cases, reset slave management by executing the l2ms reset command after STP has finished switching the link.

If multiple MST instances are operating, L2MS control frames are sent and received on the logical route (tree) formed by CIST (instance #0).

6.3.5 Use with link aggregation

If link aggregation is used, L2MS communication is considered to be occurring on “the lowest-numbered of the linked-up ports associated with the logical interface.”

If link aggregation is used in conjunction with the monitoring function for connected terminals, and a terminal is discovered at the end of a logical interface connection, the terminal is considered to be connected to “the lowest-numbered of the linked-up ports associated with the logical interface,” and the corresponding port number is shown.

In the following situation, L2MS communication is considered to be occurring between port1.1 and port1.1.

In the following situation, L2MS communication is considered to be occurring between port1.4 of the master and port1.5 of the slave.

6.3.6 Use with the stack function

In the case of one-unit stack configuration, L2MS will not function.

• For a one-unit configuration (standalone state)

  In the case of an L2MS slave, it cannot be detected from the L2MS master.

  In the case of the L2MS master, an L2MS slave in the network cannot be detected.

• For a two-unit configuration (active status)

  In the case of the L2MS master, the L2MS slave cannot be detected.

  In the case of an L2MS slave, it will be detected from the L2MS master.

  Devices connected below either stack ID#1 or stack ID#2 will also be detected.

7. SYSLOG message list

The SYSLOG messages output by L2MS are shown below.

The messages that are output are given the prefix “[ L2MS].”

The prefix “route(ADDR):” is further added to SYSLOG messages that are shown when operating as the master.

ADDR is the MAC address of the slave.

SYSLOG messages shown when the unit starts up

SYSLOG messages shown when operating as master

• SYSLOG
  messages that are shown if operating as the master and the logging event lan-map command is set are prefixed with “[LANMAP].”

  Type	Output level	Message	Meaning
  Snapshot function	informational	SnapShot: Not found. [Device_Name: “device_name”, MAC_Address: addr]	There is a Yamaha switch that cannot be found.
  		SnapShot: Not found. [MAC_Address: addr]	There is a terminal that cannot be found.
  		SnapShot: Unknown. [Device_Name: “device_name”, MAC_Address: addr]	There is a Yamaha switch that is not registered.
  		SnapShot: Unknown. [MAC_Address: addr]	There is a terminal that is not registered.
  		SnapShot: Route difference. [Device_Name: “device_name”, Route: route(UpLink:uplink_port), Route(SnapShot): route_snapshot(UpLink:uplink_port_snapshot), MAC_Address: addr]	There is a Yamaha switch of a different connection port. The correct route is route_snapshot, and the uplink port is uplink_port_snapshot.
  		SnapShot: Route difference. [Route: route, Route(SnapShot): route_snapshot, MAC_Address: addr]	There is a terminal of a different connection port. The correct route is route_snapshot.
  		SnapShot: Status recovered. [Device_Name: “device_name”, MAC_Address: addr]	The state of the Yamaha switch matched the snapshot file.
  		SnapShot: Status recovered. [MAC_Address: addr]	The state of the terminal matched the snapshot file.

• Notifications received by the master from the slave include the following information.

  Type	Output level	Message	Meaning
  Link status	informational	Port n link up(SPEED)	Port n of the slave linked-up. The communication speed is SPEED.
  		Port n link down	Port n of the slave went link-down.
  Loop detection	informational	Port n loop detect	A loop occurred at port n of the slave.
  PoE	informational	Port n PoE state(supply-classX)	Power supply to a classX device started on slave port n. classX is shown as class0–4.
  		Port n PoE state(terminate)	Power supply stopped at slave port n.
  		Port n PoE state(overcurrent)	Power supply stopped at slave port n because of overcurrent.
  		Port n PoE state(forced-terminate)	Power supply stopped at slave port n which had been supplying Class3 (15.4 W) by Class4 (30 W) power supply.
  		Port n PoE state(over-supply)	Power supply stopped because the supplied power at slave port n exceeded the maximum supply capability.
  		Port n PoE state(over-temperature)	Power supply stopped at slave port n because of an internal temperature error.
  		Port n PoE state(power-failure)	Power supply stopped at slave port n because the power supply malfunctioned.
  		Port n PoE state(class-failure)	Power supply stopped at slave port n because a class higher than the power class setting was detected.
  		Port n PoE state(pd-failure)	Power supply stopped at slave port n because a malfunction was detected on the PD.
  		Port n PoE state(over-guardband)	The supplied power reached the guard band on slave port n.
  		PoE state error(over-supply)	The power supplied by the slave exceeded the maximum supply capacity.
  		PoE state error(over-temperature)	Power supply stopped because of a slave internal temperature error.
  		PoE state error(fanlock)	Power supply stopped due to slave fan stop.
  		PoE state error(power-failure)	The slave’s power supply has malfunctioned.
  SFP optical reception level	informational	Port n SFP RX power(normal)	The SFP optical reception level at slave port n returned to normal.
  		Port n SFP RX power(low)	The SFP optical reception level at slave port n fell below the lower threshold value.
  		Port n SFP RX power(high)	The SFP optical reception level at slave port n rose above the upper threshold value.
  Transmit queue usage	informational	Port n queue m usage rate(recovered)	The transmission load at slave port n returned to normal. (QoS transmission queue: m)
  		Port n queue m usage rate(busy)	The transmission load at slave port n increased. (QoS transmission queue: m)
  		Port n queue m usage rate(full)	The transmission load at slave port n reached the upper limit. (QoS transmission queue: m)
  Terminal monitoring	informational	ping: ip-address(description) state(IDLE)	ip-address(description) is not performing ping monitoring.
  		ping: ip-address(description) state(DOWN)	According to ping monitoring, ip-address(description) has gone down.
  		ping: ip-address(description) state(UP)	According to ping monitoring, ip-address(description) is now operating.
  		Frame Counter: port(description) state(IDLE)	port(description) is not performing frame reception volume monitoring.
  		Frame Counter: port(description) state(DOWN)	According to frame reception volume monitoring, port(description) has gone down.
  		Frame Counter: port(description) state(UP)	According to frame reception volume monitoring, port(description) is now operating.
  		LLDP: port(description) state(IDLE)	port(description) is not performing LLDP frame monitoring.
  		LLDP: port(description) state(DOWN)	According to LLDP frame monitoring, port(description) has gone down.
  		LLDP: port(description) state(UP)	According to LLDP frame monitoring, port(description) is now operating.
  Power supply	informational	Power voltage(high)	The slave’s power supply voltage exceeded the upper threshold value.
  		Power current(high)	Overcurrent occurred at the slave’s power supply.
  Temperature	informational	CPU temperature(normal)	The slave’s CPU temperature returned to normal.
  		CPU temperature(high)	The slave’s CPU temperature exceeded the threshold value.
  		CPU temperature(alarm)	A temperature fault occurred at the slave’s CPU.
  		PHY temperature(normal)	The slave’s PHY temperature returned to normal.
  		PHY temperature(high)	The slave’s PHY temperature exceeded the threshold value.
  		PHY temperature(alarm)	A temperature fault occurred at the slave’s PHY.
  		SFP temperature(normal)	The slave’s SFP temperature returned to normal.
  		SFP temperature(high)	The slave’s SFP temperature exceeded the threshold value.
  		SFP temperature(alarm)	A temperature fault occurred at the slave’s SFP.
  		Thermal sensor temperature(normal)	The slave’s thermal sensor monitoring temperature returned to normal.
  		Thermal sensor temperature(high)	The slave’s thermal sensor monitoring temperature exceeded the threshold value.
  		Thermal sensor temperature(alarm)	A temperature fault occurred at the slave’s thermal sensor.
  		PSE temperature(normal)	The slave’s PSE temperature returned to normal.
  		PSE temperature(high)	The slave’s PSE temperature exceeded the threshold value.
  Config management	informational	Executing a config ... progress% (file)	Config file (file) settings are being recovered on the slave. progress indicates the ratio of completion.
  		Finished executing a config (file)	Recovery of config file (file) settings on the slave has finished.
  		line: errmsg (file)	While recovering a config file (file) on the slave, line line produced the error errmsg. errmsg is the content of the error, and line is the line within the config file of the command that produced the error.

SYSLOG messages shown when operating as slave

8 Related Documentation

None

Mail notification

1 Function Overview

Mail notification is a function in which information detected by the L2MS function or the terminal monitoring function is conveyed via email.

By making the following settings, you can be notified of the information detected by various functions.

• Specify the mail server used when sending the mail.
• Specify the mail template.

For models that do not support the stack function, functions related to the stack function cannot be used.

2 Definition of Terms Used

Mail template

A definition that collects the following information needed when sending mail.

• Mail server to use
• Sender’s mail address
• Recipient’s mail address
• Subject of mail
• Content of notification
• Transmission wait time

3 Function Details

3.1 Operation

With the mail server settings and mail template settings having been made correctly, when a notification event occurs for a function that supports mail notification, the mail notification function will enter the send-standby state.

The mail notification function that is now in the send-standby state will wait until the mail transmission wait time specified for each mail template has elapsed.

When the mail transmission wait time has elapsed, the mail notification function combines the notification events that have occurred during the wait time into a single mail, and sends it to the recipient.

3.2. Mail server setting

This can be set in List of registered mail servers in the Web GUI’s [Advanced settings]-[Mail notification].

Press the [New] button or the [Setting] button of an existing setting to move to Mail server settings.

In Mail server settings, make the following settings.

• Account identification name

  A name that distinguishes the mail server settings. This may be omitted.

• SMTP server address
• Port number of the SMPT server

3.3 Mail template settings

This can be set in List of mail notification settings in the Web GUI’s [Advanced settings]-[Mail notification].

Press the [New] button or the [Setting] button of an existing setting to move to Mail notification settings.

In Mail notification settings, make the following settings.

• Sender (From)
• Recipient (To)
• Subject

  If Use prescribed subject has a check mark, the subject line of the mail will be Notification from (device name).

• Content of notification
• Mail transmission wait time

For models that do not support the stack function, the stack function error notification is not displayed in item notification contents

3.4 Functions that support mail notification

The following functions support mail notification.

LAN map

The following notification events will be the subject of mail notification.

For the correspondence between Yamaha network products managed by L2MS and notification events, refer to the technical data on L2MS control.

Terminal monitoring function

The following notification events will be the subject of mail notification.

Stack function

The following notification events will be the subject of mail notification.

3.5 Mail body example

The body of a notification mail includes content such as the following.

For details, refer to the technical reference for each function.

Up to 100 items can be shown in one notification mail.

Model: SRX2310-28GT                  * Model name
Revision: Rev.2.04.01                * Firmware version
SystemName: SRX2310-28GT_XXXXXXXX    * Host name
Time: 2017/06/13 11:42:56            * Mail transmission time
Template ID: 1                       * Mail template ID

<<<<<<<<<<<<<<<<<<<<<<<<    Lan Map Information    >>>>>>>>>>>>>>>>>>>>>>>>>

[SFP RX Power]

  Type                                Device_Name
  MAC_Address                         Err_Port
  Route
  State
============================================================================
(Detected: 2017/06/13 10:09:40  Recovered: 2017/06/13 10:10:10)
  SWR2311P-10G                        SWR2311P-10G_S4K000398
  00a0.deae.b89c                      1.9
  port1.7(UpLink:1.5)
  Low
----------------------------------------------------------------------------

[Queue Usage Rate]

  Type                                Device_Name
  MAC_Address                         Err_Port
  Route
  State
============================================================================
(Detected: 2017/06/13 10:15:42  Recovered: 2017/06/13 10:17:24)
  SWR2311P-10G                        SWR2311P-10G_S4K000398
  00a0.deae.b89c                      1.6
  port1.7(UpLink:1.5)
  Full(Queue:2)
----------------------------------------------------------------------------

[Fan Lock]

  Type                                Device_Name
  MAC_Address
  Route
============================================================================
(Detected: 2017/06/13 10:28:43  Recovered: ----/--/-- --:--:--)
  SWR2311P-10G                        SWR2311P-10G
  00a0.de83.4146
  port1.5(UpLink:2)
----------------------------------------------------------------------------
(Detected: 2017/06/13 10:42:13  Recovered: 2017/06/13 10:42:22)
  SWR2311P-10G                        SWR2311P-10G
  00a0.de2a.dbbb
  port1.1(UpLink:23)
----------------------------------------------------------------------------

<<<<<<<<<<<<<<<<<<    Terminal Monitoring Information    >>>>>>>>>>>>>>>>>>>

[via Ping]

 Date                      Status    IP Address        Description
----------------------------------------------------------------------------
 2017/06/13 Thu 10:42:56   UP        192.168.100.155   IP_Camera_1
 2017/06/13 Thu 10:51:00   DOWN      192.168.100.155   IP_Camera_1
 2017/06/13 Thu 10:54:02   UP        192.168.100.10    IP_Camera_2
 2017/06/13 Thu 11:29:27   UP        192.168.100.155   IP_Camera_1
 2017/06/13 Thu 11:30:31   DOWN      192.168.100.10    IP_Camera_2

[via Bandwidth Usage]

 Date                      Status    Interface         Description
----------------------------------------------------------------------------
 2017/06/13 Thu 10:45:43   UP        port1.4           IP_Camera_2
 2017/06/13 Thu 10:45:56   UP        port1.6           Note_PC_1
 2017/06/13 Thu 10:50:00   DOWN      port1.6           Note_PC_1
 2017/06/13 Thu 10:53:27   DOWN      port1.4           IP_Camera_2

[via LLDP]

 Date                      Status    Interface         Description
----------------------------------------------------------------------------
 2017/06/13 Thu 10:53:56   UP        port1.3           Note_PC_2
 2017/06/13 Thu 11:11:54   DOWN      port1.3           Note_PC_2
 2017/06/13 Thu 11:14:24   UP        port1.3           Note_PC_2

<<<<<<<<<<<<<<<<<<<<<<<<<<    Stack Information    >>>>>>>>>>>>>>>>>>>>>>>>>

 Date                      Information 
----------------------------------------------------------------------------
 2017/06/13 Thu 10:53:44   The stack port changed state to down. (port1.28)
 2017/06/13 Thu 10:53:46   Promoted from a slave to a master. (Old master ID : 1)
 2017/06/13 Thu 10:59:10   Occurred the heartbeat error. (ID : 1)

LAN map

The device information included in the notification is shown below.

The device information that is shown will differ depending on the type of fault. The device information shown for each type of fault is as follows.

4 Related Commands

This function does not support settings via commands.

5 Points of Caution

None

6 Related Documentation

• L2MS control
• Terminal monitoring
• Stack function

LLDP

1 Function Overview

LLDP is a protocol for passing device management information between a device and its neighboring devices.

This is a simple protocol in which a device unidirectionally advertises its own information and neighbor devices receive this information. However, since LLDP-compliant devices maintain the information received from neighbor devices as MIB objects, the user can access this information via SNMP and ascertain what type of devices are connected to which interfaces are.

This is also used for negotiation between devices that support PoE (Power Over Ethernet).

2 Definition of Terms Used

LLDP

Link Layer Discovery Protocol.

This is defined in IEEE 802.1AB.

LLDP-MED

LLDP for Media Endpoint Devices.

This is defined in ANSI/TIA-1057.

3 Function Details

3.1 Operating Specifications

3.1.1 Basic Specifications

This product supports the following operations.

• LLDP frames are transmitted from any LAN/SFP port to convey information about the device itself.
• LLDP frames are received at any LAN/SFP port to obtain information about neighboring devices.
• Information transmitted via LLDP about the device itself, and information obtained via LLDP about neighbor devices, etc., can be referenced via SNMP.

LLDP sends and receives information using Type, Length, and Value (TLV) attributes.

For details on the TLV information sent by this product, refer to 3.2 TLV list.

This product’s LLDP supports the following MIBs of SNMP. For details, refer to 3.3 Supported MIBs.

• LLDP-V2-MIB

The following settings are required in order to use the LLDP function.

• Use the lldp run command to enable the system-wide LLDP function.
• Use the lldp-agent command to create an LLDP agent for the applicable interface.
• Use the set lldp command to specify the LLDP frame transmit/receive mode.

With the default settings of this product, the LLDP function is enabled.

LLDP frames are always transmitted without tags, regardless of the VLAN settings of the transmitting switch port.

They are also transmitted without tags from a trunk port without a native VLAN.

3.1.2 Transmitted information settings

Use the following commands to specify the LLDP frames that are transmitted from the device itself. There are also some TLVs (required TLVs) that are transmitted regardless of the settings of the following commands.

• tlv-select basic-mgmt command (basic management TLV)
• tlv-select ieee-8021-org-specific command (IEEE 802.1 TLV)
• tlv-select ieee-8023-org-specific command (IEEE 802.3 TLV)
• tlv-select med command (LLDP-MED TLV)

The system name and description that are transmitted in the basic management TLVs are specified by the lldp system-name command and the lldp system-description command.

The type of management address is set by the set management-address-tlv command.

3.1.3 Transmission timer setting

The interval at which LLDP frames are sent is specified by the set timer msg-tx-interval command.
The multiplier for calculating the hold time (TTL) for device information is set by the set msg-tx-hold command.

The TTL for LLDP transmission is the result of the following calculation. The default is 121 seconds.

• TTL = ( value set by the “set timer msg-tx-interval” command ) × ( value set by the “set msg-tx-hold” command ) ＋ 1 (second)

When a neighbor device is connected to a LAN/SFP port for which LLDP frame transmission is enabled, LLDP frames are transmitted rapidly at a fixed interval according to the high-speed transmission interval setting.

The transmission interval and the number of transmissions for high speed transmission are set by the set timer msg-fast-tx command and the set tx-fast-init.

If from a state in which LLDP frame transmission is enabled, the set lldp command is used to disable it, this product transmits a shut-down frame, notifying the neighbor device that LLDP frame transmission has stopped.

Subsequently, even if LLDP frame transmission is once again enabled, LLDP frame transmission to the neighbor device is stopped for a time.

The stopped duration until the next transmission occurs after transmitting the shutdown frame is set by the set timer reinit-delay command.

3.1.4 Maximum connected devices setting

The maximum number of connected devices that can be managed by the corresponding port is set by the set too-many-neighbors limit command.

The default value for the maximum number of connected devices is 5 devices.

3.1.5 Checking LLDP information

LLDP interface settings and received information about neighbor devices can be checked by using the show lldp interface command or the show lldp neighbors command.

To clear the LLDP frame counter, use the clear lldp counters command.

3.1.6 Other functions using LLDP

This product provides a function that uses LLDP to automatically make optimal settings for the Dante digital audio network. The Dante optimization settings function is set by the lldp auto-setting command. For details, refer to Dante optimization setting function.

This product also provides a function that uses LLDP to monitor the live/dead state of a specific connected terminal. For details, refer to Terminal monitoring.

For the voice VLAN function, you can use LLDP-MED to make voice traffic settings for IP telephony. For details, refer to VLAN.

3.2 TLV list

The TLVs supported by this product are listed below.

• Required TLVs
• Basic management TLVs
• IEEE 802.1 TLV
• IEEE 802.3 TLV
• LLDP-MED TLV

For the detailed specification of each TLV, refer to IEEE 802.1AB (LLDP) and ANSI/TIA-1057 (LLDP-MED).

The TLVs that are transmitted by this product are explained below.

3.2.1 Required TLVs

If LLDP frame transmission is enabled, these TLVs are always transmitted.

Three TLVs are transmitted: chassis ID, port ID, and TTL.

The required TLVs are shown below.

Required TLVs

3.2.2 Basic management TLVs

These TLVs are transmitted if LLDP frame transmission is enabled and the tlv-select basic-mgmt command is specified.

System-related management information is transmitted, such as name, system capabilities, and address.

The basic management TLVs are as follows.

Basic management TLVs

3.2.3 IEEE 802.1 TLV

These TLVs are transmitted if LLDP frame transmission is enabled and the tlv-select ieee-8021-org-specific command is specified.

These transmit information such as VLAN and link aggregation for the corresponding port.

The IEEE 802.1 TLVs are shown below.

IEEE 802.1 TLV

3.2.4 IEEE 802.3 TLV

These TLVs are transmitted if LLDP frame transmission is enabled and the tlv-select ieee-8023-org-specific command is specified.

Auto negotiation support information and PoE information etc. for the corresponding port is transmitted.

The IEEE 802.3 TLVs are shown below.

IEEE 802.3 TLV

3.2.5 LLDP-MED TLV

These TLVs are transmitted if LLDP frame transmission is enabled and the tlv-select med command is specified.

These transmit information such as network policy and extended PoE information.

The LLDP-MED TLVs are shown below.

LLDP-MED TLV

3.3 Supported MIBs

Refer to the following SNMP MIB Reference for information on the MIBs that are supported.

• SNMP MIB Reference

4 Related Commands

Related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Set LLDP frame transmission/reception

For port1.1, enable LLDP frame transmission/reception.

Basic management TLVs, IEEE 802.1 TLVs, IEEE 802.3 TLVs, and LLDP-MED TLVs are transmitted.

Set the LLDP frame transmission interval to 60 seconds. Set the LLDP frame TTL to 181 seconds.

Set “SWITCH1” as the name of the transmitting system.

Specify 10 as the maximum number of connected devices managed by the port.

Yamaha#configure terminal
Yamaha(confif)#lldp system-name SWITCH1 ... (Set system name)
Yamaha(config)#interface port1.1
Yamaha(config-if)#lldp-agent ... (Create LLDP agent and transition modes)
Yamaha(lldp-agent)#tlv-select basic-mgmt ... (Set basic management TLV)
Yamaha(lldp-agent)#tlv-select ieee-8021-org-specific ... (Set IEEE 802.1 TLV)
Yamaha(lldp-agent)#tlv-select ieee-8023-org-specific ... (Set IEEE 802.3 TLV)
Yamaha(lldp-agent)#tlv-select med ... (Set LLDP-MED TLV)
Yamaha(lldp-agent)#set timer msg-tx-interval 60 ... (Set transmission interval)
Yamaha(lldp-agent)#set msg-tx-hold 3 ... (Set multiplier for TTL calculation: TTL = 60 × 3 + 1 = 181 seconds)
Yamaha(lldp-agent)#set too-many-neighbors limit 10 ... (Set maximum number of connected devices)
Yamaha(lldp-agent)#set lldp enable txrx ... (Set LLDP transmission/reception mode)
Yamaha(lldp-agent)#exit
Yamaha(config-if)#exit
Yamaha(config)#lldp run ... (Enable LLDP function)
Yamaha(config)#exit

5.2 Show LLDP interface status

Show the port1.1 LLDP interface status.

Yamaha#show lldp interface port1.1  ... (Show interface information)
Agent Mode                    : Nearest bridge
Enable (tx/rx)                : Y/Y
Message fast transmit time    : 1
Message transmission interval : 30
Reinitialisation delay        : 2
MED Enabled                   : Y
Device Type                   : NETWORK_CONNECTIVITY
LLDP Agent traffic statistics
  Total frames transmitted       : 0

5.3 Show LLDP connected device information

Show LLDP connected device information.

Yamaha#show lldp neighbors  ... (Show connected device information)
Interface Name           : port1.1
System Name              : SWR2310-10G
System Description       : SWR2310 Rev.2.04.01 (Mon Dec  4 12:33:18 2019)
Port Description         : port1.3
System Capabilities      : L2 Switching
Interface Numbering      : 2
Interface Number         : 5003
OID Number               :
Management MAC Address   : ac44.f230.0000
Mandatory TLVs
  CHASSIS ID TYPE
    IP ADDRESS           : 0.0.0.0
  PORT ID TYPE
    INTERFACE NAME       : port1.3
  TTL (Time To Live)     : 41
8021 ORIGIN SPECIFIC TLVs
  Port Vlan id                : 1
  PP Vlan id                  : 0
  Remote VLANs Configured
    VLAN ID                   : 1
    VLAN Name                 : default
  Remote Protocols Advertised :
    Multiple Spanning Tree Protocol
  Remote VID Usage Digestt    : 0
  Remote Management Vlan      : 0
  Link Aggregation Status     : Disabled
  Link Aggregation Port ID    : 0
8023 ORIGIN SPECIFIC TLVs
  AutoNego Support            : Supported Enabled
  AutoNego Capability         : 27649
  Operational MAU Type        : 30
  Power via MDI Capability (raw data)
    MDI power support         : 0x0
    PSE power pair            : 0x0
    Power class               : 0x0
    Type/source/priority      : 0x0
    PD requested power value  : 0x0
    PSE allocated power value : 0x0
  Max Frame Size              : 1522
LLDP-MED TLVs
  MED Capabilities            :
    Capabilities
    Network Policy
  MED Capabilities Dev Type   : End Point Class-3
  MED Application Type        : Reserved
  MED Vlan id                 : 0
  MED Tag/Untag               : Untagged
  MED L2 Priority             : 0
  MED DSCP Val                : 0
  MED Location Data Format    : ECS ELIN
    Latitude Res      : 0
    Latitude          : 0
    Longitude Res     : 0
    Longitude         : 0
    AT                : 0
    Altitude Res      : 0
    Altitude          : 0
    Datum             : 0
    LCI length        : 0
    What              : 0
    Country Code      : 0
    CA type           : 0
  MED Inventory

6 Points of Caution

None

7 Related Documentation

• SNMP
• Terminal monitoring
• Dante optimization setting function
• VLAN

Terminal monitoring

1 Function Overview

The terminal monitoring function checks the dead-or-alive state of specific terminals connected to the network switch.

The operating specifications for the terminal monitoring function are shown below.

Terminal monitoring function overview

This is an example with an L2 switch as the L2MS master and an intelligent L2 PoE switch as the L2MS slave.

As dead/alive monitoring methods, the following three types are provided.

1. Monitoring by ping

   Ping (ICMP Echo request/reply) is issued at regular intervals to a terminal that has an IP address, and the terminal is determined to be down if there is no longer a response.

   The user can specify the interval at which ping is transmitted, the time to wait for ping response, and the number of failures until the terminal is determined to be down.

2. Frame reception amount monitoring

   The frame reception amount is monitored at regular intervals for an individual port, and the terminal is determined to be down if the traffic falls below a specified amount.

   The user can specify the monitoring start threshold value and the threshold value at which a down condition is determined.

   Monitoring starts when the traffic exceeds the monitoring start threshold value, and a down condition is determined when the traffic falls below the down decision threshold.

3. LLDP reception interval monitoring

   The LLDP received at regular intervals by an individual port is monitored.

   Using the TTL which is a required item in the data portion of an LLDP packet, a down condition is determined if LLDP is not received within the TTL interval.

If monitoring detects a terminal fault (down), the following processing is automatically performed.

1. Alert shown in dashboard screen

   An indication that a fault (down) occurred for the monitored terminal is displayed in the alert screen of the dashboard.

2. Alert shown in LAN map screen

   • If the switch performing the monitoring is the L2MS master

     An indication that a fault (down) occurred for the monitored terminal is shown in the LAN map notification and history information.

   • If the switch performing the monitoring is an L2MS slave

     The L2MS trap function is used to notify the L2MS master.

     The L2MS master that receives the notification indicates in the LAN map screen that the monitored terminal has experienced a fault (down).

By the user’s choice, the following operations can be applied in parallel.

1. Fault detection notification by mail

   Notification that a monitored terminal has experienced a fault is sent to the desired recipient.

2. Notification to the SNMP manager

   A trap is sent to the SNMP manager specified by a command.

3. Restart terminal by temporarily stopping the PoE power supply

   If a down condition is detected on a port to which PoE power is being supplied, PoE power supply is temporarily turned off in an attempt to recover the monitored terminal.

2 Definition of Terms Used

None

3 Function Details

3.1 Monitoring by ping (ICMP Echo request/reply)

Specifications for terminal monitoring by ping are given below.

1. The interval of ICMP Echo request transmission from the network switch is fixed at 5 seconds.
2. The ICMP Echo request that is transmitted has the following format.
   • As the ID field of the ICMP header, the unique ID assigned to each monitored terminal is specified.
   • As the sequence field of the ICMP header, a number that is sequentially incremented from 0 is specified.
3. The validity of the ICMP Echo reply is checked as follows.
   • Whether the ID field of the ICMP header contains the ID that was specified when sending the request
   • Whether the sequence field of the ICMP header contains the sequence number that was specified when sending the request
4. The wait time for ICMP Echo reply can be changed in the range of 1–60 sec, and the default is 2 sec.
5. The number of failures to receive the ICMP Echo reply from the monitored terminal after which a fault is determined can be set in the range of 1–100, and the default is twice.
6. Monitoring via ping can be done for a maximum of 64 units.

3.2 Monitoring by frame reception amount

The way in which this device monitors by frame reception amount is described below.

Overview of frame reception amount monitoring

1. At one-second intervals, the number of octets received at the port is referenced, and the number of octets received during one second is calculated.
   • All ports are the object of observation.
2. Using the number of octets received during one second and the link speed, the reception throughput (bps) and reception ratio (%) are calculated.
3. Monitoring by frame reception amount starts when the monitoring start threshold value (bps) specified by the user is exceeded.
4. After monitoring has started, a fault (down) is detected if the amount falls below the down detection threshold value (bps) specified by the user.

3.3 Monitoring by LLDP

Using the TTL which is a required item in the data portion of an LLDP frame, a down condition is determined if LLDP is not received within the TTL time.

Monitoring starts when an LLDP frame is first received.

This monitoring can be specified individually by port.

4 Related Commands

This function does not support settings via commands.

5. Settings via the Web GUI

Terminal monitoring settings can be done from [Advanced settings]-[Terminal monitoring] of the Web GUI.

Details on the settings in each screen can be referenced via the Web GUI help.

5.1 Terminal monitoring top page

The top page of terminal monitoring is shown below.

Terminal monitoring top page

• If you want to newly add a terminal for monitoring, press the New icon.
• If you want to change a currently-specified monitored terminal, press the [Setting] button in the list.

  If you want to delete a currently-specified monitored terminal, select the check box of that terminal, and press the [Delete] button.

• If you want to ascertain the current state of the monitored terminal for which you are making settings, press the [Update] button to acquire the latest state.

5.2 Adding or modifying a monitored terminal

The method for adding a new monitored terminal, or for making changes, is shown below for each method of monitoring.

1. Monitoring by ping

   

2. Monitoring by frame reception amount

   

3. Monitoring by LLDP

   

• Restart terminal by controlling PoE power supply can be specified only for models that support PoE power supply.
• When specifying the monitoring start threshold value and the down detection threshold value for frame reception amount monitoring, it is useful to use the traffic observation function.
• If you want mail notification to be sent in the event of a fault, you must separately make mail notification settings.

  For details, refer to Technical reference: [Maintenance and operation functions] - [Mail notification] and to Web GUI help: [Advanced settings] - [Mail notification].

5.3. Checking the state of a monitored terminal

The state of a specified monitored terminal can be checked in the terminal monitoring gadget of the dashboard.

Dashboard terminal monitoring gadget

• For each monitored terminal, this shows the monitoring target, model name, monitoring type, and status.
• The following three states are shown as the state of the monitored terminal.
  • Idle: Monitoring is not yet being performed:
  • Up: The monitored terminal is operating correctly:
  • Down: The monitored terminal is not operating correctly:
• When you place the mouse cursor on the status field, the status of the monitored terminal is shown.
• If you click the [Idle] , [Up], or [Down] button in the upper part of the dashboard, only the monitored terminals that are in the corresponding state are shown. (The [All] button shows terminals of all states.)
• If not even one monitor terminal is registered, the display indicates “No monitored terminals are registered.”

6 Points of Caution

None

7 Related Documentation

• Performance observation

Performance observation

1 Function Overview

This product provides a mechanism for constantly observing the system’s performance.

An overview of the function is given below.

Performance observation

This product constantly observes the following two types of data.

1. Resource usage: CPU and memory usage
2. Traffic amount: The amount of communication port bandwidth used (transmission/reception)

Based on the results of observation, one year’s worth of the following change data is accumulated inside this product.

• Hourly change: Change for each hour (e.g. 0:00, 1:00, ...)
• Daily change: Change for each day of each month (e.g. 1/1, 1/2, ...)
• Weekly change: Change for each day of the week (e.g. SUN, MON, ...)
• Monthly change: Change for each month (e.g. Jan, Feb, ...)

The accumulated data can be backed up to an SD card. By accessing this product via the Web GUI, the maintainer can view the various types of change data including live data in the dashboard, and can also acquire the accumulated result in a PC.

Since the acquired data is in CSV format, it can also be manipulated using spreadsheet software on a PC.

By using this function, the maintainer can accomplish the following:

• Ascertain the short-term communication status
• Predict long-term future demand for network facilities

2 Definition of Terms Used

None

3 Function Details

3.1 Resource and traffic usage observation

Starting immediately after boot, this device automatically observes the CPU and memory and the transmit/receive throughput of each port every second.

The observed data is normalized using a moving average, and one year of data is saved in RAM.

3.3 Observation data backup

Backup of observation data can be specified only in the Web GUI.

Backup of observation data assumes that an SD card is inserted in this device.

If backup is enabled, the most recent hour of observation data every hour starting at the point it was enabled (e.g., 1:00, 2:00 ...) is saved on the SD card.

The saved data is dedicated binary data of this device.

The save-destination on the SD card and the file name of the backup data file are as follows.

1. Resource information

   1. Hourly change data

      /[model name]/data/resource/YYYYMM_smsys_res_monitor_hour.bin

   2. Daily change data (data for each day)

      /[model name]/data/resource/YYYYMM_smsys_res_monitor_day.bin

   3. Weekly change data

      /[model name]/data/resource/YYYYMM_smsys_res_monitor_week.bin

   4. Monthly change data

      /[model name]/data/resource/YYYY_smsys_res_monitor_month.bin

2. Traffic information

   1. Hourly change data

      /[model name]/data/trf/YYYYMM_trf_bandwidth_hour.bin

   2. Daily change data

      /[model name]/data/trf/YYYYMM_trf_bandwidth_day.bin

   3. Weekly change data

      /[model name]/data/trf/YYYYMM_trf_bandwidth_week.bin

   4. Monthly change data

      /[model name]/data/trf/YYYY_trf_bandwidth_month.bin

• [Model name] is the following.
  • For the SWR2310-10G/18GT/28GT: swr2310
  • For the SWR2311P-10G: swr2311p
  • For the SWP2-10SMF/MMF: swp2
• YYYY: year, MM: month are specified.
• Since this is a proprietary Yamaha format, it cannot be referenced.

3.4. Observation data export

Export of observation data to a PC can be executed only in the Web GUI.

As with backup data, export of observation data to a PC assumes that an SD card is inserted in this device.

The exported data is multiple CSV files compressed in zip format. The structure of the compressed files are given below.

1. When resource observation data is exported
   • zip file name: YYYYMMDDhhmmss_resource_csv.zip
   • Folder structure

   YYYYMMDDhhmmss_resource_csv
       +- 20170922_resource_hour.csv ... (CPU and memory data for each hour of 2017/9/22)
       +-     :
       +- 20170925_resource_hour.csv ... (CPU and memory data for each hour of 2017/9/25)
       +- 201709_resource_day.csv    ... (CPU and memory data for each day of 2017/9)

2. When transmission traffic observation data is exported
   • zip file name: YYYYMMDDhhmmss_trf_tx_csv.zip
   • Folder structure

   YYYYMMDDhhmmss_trf_tx_csv
       +- 20170922_trf_tx_hour.csv  ... (Transmission traffic data for each hour of 2017/9/22)
       +-     :
       +- 20170925_trf_tx_hour.csv  ... (Transmission traffic data for each hour of 2017/9/25)
       +- 201709_trf_tx_day.csv     ... (Transmission traffic data for each day of 2017/9)

3. When reception traffic observation data is exported
   • zip file name: YYYYMMDDhhmmss_trf_rx_csv.zip
   • Folder structure

   YYYYMMDDhhmmss_trf_rx_csv
       +- 20170922_trf_rx_hour.csv  ... (Reception traffic data for each hour of 2017/9/22)
       +-     :
       +- 20170925_trf_rx_hour.csv  ... (Reception traffic data for each hour of 2017/9/25)
       +- 201709_trf_rx_day.csv     ... (Reception traffic data for each day of 2017/9)

• YYYYMMDDhhmmss specifies the date and time at which export was executed (the date and time that the file was generated).

4 Related Commands

This function does not support settings via commands.

5. Settings via the Web GUI

Performance observation can be controlled from the following pages of the Web GUI.

• Viewing the resource usage amount
  • This can be viewed in the [Dashboard] item [Resource information (graph)].
• Viewing the traffic usage amount
  • This can be viewed in the [Dashboard] item [Traffic information (graph)].
• Backing up, clearing, or exporting observation data
  • Select [Management], and then use [Maintenance] - [Summary data management] to make these settings.

Details on how to view and make settings in each screen can be referenced via the Web GUI help.

5.1 Viewing the resource usage amount

The resource information (graph) screen is shown below.

Example when Live is selected for resource information (graph)

1. The graph rendering can be changed using the following buttons.

   • Current status: [Live]

     The various current usage ratios are obtained at one-second intervals and shown on the graph.

   • Hourly change: [Day]

     The various usage ratios for the specified day are shown at one-hour intervals on the graph.

     To specify the day, use the day-specifying box in the upper right of the gadget.

   • Daily change: [Month]

     The various usage ratios for the specified month are shown at one-day intervals.

     To specify the month, use the month-specifying box in the upper right of the gadget.

   • Monthly change: [Year]

     The various usage ratios for the specified year are shown at one-month intervals.

     To specify the year, use the select box in the upper right of the gadget.

   • It is not currently possible to reference changes in the day of the week.
2. If the CPU and memory usage ratios exceed 80%, then a warning message is shown on the dashboard.

   If the ratio falls below 80% after having exceeded 80%, the warning is automatically cleared.

5.2 Viewing the traffic usage amount

The traffic usage amount (graph) screen is shown below.

Example of when traffic usage amount (graph) Day is selected / Example of transmission traffic

1. The traffic usage amount of each port can be shown separately for transmission and reception.
2. The graph rendering can be changed using the following buttons.

   • Current status: [Live]

     The various current usage ratios are obtained at one-second intervals and shown on the graph.

     The most recent two minutesof the obtained data is held and rendered on the graph.

   • Hourly change: [Day]

     The various usage ratios for the specified day are shown at one-hour intervals on the graph.

     To specify the day, use the day-specifying box in the upper right of the gadget.

   • Daily change: [Month]

     The various usage ratios for the specified month are shown at one-day intervals.

     To specify the month, use the month-specifying box in the upper right of the gadget.

   • Monthly change: [Year]

     The various usage ratios for the specified year are shown at one-month intervals.

     To specify the year, use the select box in the upper right of the gadget.

   • It is not currently possible to reference changes in the day of the week.

3. To select the interface to be shown, click the interface select button (), and then make a selection in the following screen.

   
4. If the traffic usage ratio exceeds 60%, a warning message is shown on the dashboard. If the ratio falls below 50% after having exceeded 60%, the warning is automatically cleared.

5.3 Backing up, clearing, or exporting observation data

Backup, clearing, and exporting of observation data is performed from [Management] - [Maintenance] - [Summary data management].

The Summary data management screen is shown below.

Summary data management screen (top page)

5.3.1 Observation data backup settings

Backup settings for observation data are performed from [Top page] - [Backup settings for summary data].

The screen that appears when you press the [Settings] button is shown below.

• Observation data backup settings screen

  

• Place a check mark in the check box of the summary data for which you want to enable backup, and then press the [Confirm] button.

  After you press the button, the following screen appears.

  
• If you decide to cancel this setting, press the [Back] button in each screen.

5.3.2 Clearing observation data

Clearing the observation data is performed from [Top page] - [Clearing summary data].

The screen that appears when you press the [Next] button is shown below.

• Clear observation data screen

  

• In the select box, choose the statistical data that will be cleared, and press the [Confirm] button. After you press the button, the following screen appears.

  

• If you decide to cancel this operation, press the [Back] button in each screen.

5.3.3 Exporting observation data

Exporting observation data is performed from [Top screen] - [Export summary data].

The screen that appears when you press the [Next] button is shown below.

• Observation data export screen

  

• From the select box, choose the observation data that you want to export to the PC that is accessing the Web GUI, and then specify the term of observation data that you want to export.

  After making the selection, press the [OK] button, and the following screen will appear.

  
• If you decide to cancel this operation, press the [Back] button in each screen.

6 Points of Caution

None

7 Related Documentation

None

Dante optimization setting function

1 Function Overview

Dante optimization settings is a function that makes it easy to specify the optimal environment for the Dante digital audio network.

This allows the user to easily make settings such as QoS settings, IGMP snooping settings, flow control disable settings, and EEE disable settings.

The following items can be set using the Dante optimization setting function.

Use the Dante optimization setting function after you have made all of the basic switch settings (such as VLAN and IP).

If you make new changes to the settings, the Dante optimization settings will not follow.

2 Definition of Terms Used

Dante

A digital audio network specification developed by the Audinate Corporation.

3 Function Details

This function provides the following operations.

• Automatic optimization settings using LLDP
• Manual optimization settings via the Web GUI

3.1 Automatic optimization settings using LLDP

By receiving special LLDP frames from certain Dante-enabled devices made by Yamaha, optimal settings for using Dante can be automatically applied.

Automatic optimization settings via LLDP are set by the lldp auto-setting command.

By default, this product is set to enable automatic optimization settings via LLDP.

Certain Dante-enabled devices made by Yamaha transmit Yamaha-proprietary LLDP frames that include the following content.

• EEE (Energy-Efficient Ethernet) disable setting
• Flow control disable setting
• Diffserve base QoS setting
• IGMP snooping setting

If this function is enabled and the corresponding LLDP frame is received, the following settings are automatically applied to running-config.

[System-wide]

flowcontrol disable ... (Disable flow control)
qos enable ... (Enable QoS)
qos dscp-queue 0 0 ... (Set the DSCP-transmission queue ID conversion table; same for the following)
qos dscp-queue 1 0
qos dscp-queue 2 0
qos dscp-queue 3 0
qos dscp-queue 4 0
qos dscp-queue 5 0
qos dscp-queue 6 0
qos dscp-queue 7 0
qos dscp-queue 8 2
qos dscp-queue 9 0
qos dscp-queue 10 0
qos dscp-queue 11 0
qos dscp-queue 12 0
qos dscp-queue 13 0
qos dscp-queue 14 0
qos dscp-queue 15 0
qos dscp-queue 16 0
qos dscp-queue 17 0
qos dscp-queue 18 0
qos dscp-queue 19 0
qos dscp-queue 20 0
qos dscp-queue 21 0
qos dscp-queue 22 0
qos dscp-queue 23 0
qos dscp-queue 24 0
qos dscp-queue 25 0
qos dscp-queue 26 0
qos dscp-queue 27 0
qos dscp-queue 28 0
qos dscp-queue 29 0
qos dscp-queue 30 0
qos dscp-queue 31 0
qos dscp-queue 32 0
qos dscp-queue 33 0
qos dscp-queue 34 0
qos dscp-queue 35 0
qos dscp-queue 36 0
qos dscp-queue 37 0
qos dscp-queue 38 0
qos dscp-queue 39 0
qos dscp-queue 40 0
qos dscp-queue 41 0
qos dscp-queue 42 0
qos dscp-queue 43 0
qos dscp-queue 44 0
qos dscp-queue 45 0
qos dscp-queue 46 5
qos dscp-queue 47 0
qos dscp-queue 48 0
qos dscp-queue 49 0
qos dscp-queue 50 0
qos dscp-queue 51 0
qos dscp-queue 52 0
qos dscp-queue 53 0
qos dscp-queue 54 0
qos dscp-queue 55 0
qos dscp-queue 56 7
qos dscp-queue 57 0
qos dscp-queue 58 0
qos dscp-queue 59 0
qos dscp-queue 60 0
qos dscp-queue 61 0
qos dscp-queue 62 0
qos dscp-queue 63 0

[VLAN interface that received LLDP]

interface vlanX *Applies to the VLAN
  ip igmp snooping enable ... (Enable IGMP snooping)
  ip igmp snooping query-interval 30 ... (Set query transmission interval)
  ip igmp snooping querier ... (Set query)
  ip igmp snooping check ttl disable ... (Disable IGMP packet TTL value checking function)

[LAN/SFP port that received LLDP]

interface portX.X
  qos trust dscp ... (Set DSCP trust mode)
  flowcontrol disable ... (Disable flow control)
  eee disable ... (Disable EEE)

If you save using the copy running-config startup-config command or the write command, the settings are also applied to the startup-config that is used for the next and subsequent startups.

Even if the port to which the device is connected experiences a link-down state after automatic optimization settings, the automatically added settings are maintained.

This function can be used only for a physical interface (LAN/SFP port). It cannot be used with a link aggregated logical interface.

This does not apply to the trunk port.

In order to use this function, reception of LLDP frames must be enabled.

For this reason, check in advance that the following settings have been made.

• Use the lldp run command to enable the system-wide LLDP function.
• Use the lldp-agent command to create an LLDP agent for the applicable interface.
• Use the set lldp command to specify the LLDP frame transmit/receive mode.

With the default settings of this product, LLDP frame transmission and reception is enabled.

3.2 Manual optimization settings via the Web GUI

The Web GUI of this product allows you to manually specify Dante optimization settings and to enable/disable automatic settings using LLDP.

If manual settings are executed, the settings shown in 3.1 Automatic optimization settings via LLDP are specified for all LAN/SFP ports and VLAN interfaces.

In addition, the no shutdown command is set for the VLAN interface.

Dante optimization settings are performed from [Management] - [Dante optimization].
The Dante optimization screen is shown below.

Dante optimization screen (top page)

To execute manual settings, press the [Next] button for Manual settings.

To enable/disable automatic settings, press the [Setting] button for Automatic settings using LLDP.

3.2.1 Manual settings

The screen that appears when you press the [Next] button for Manual settings is shown below.

Manual settings - execution screen

To execute manual settings, press the [OK] button.

3.2.2 Auto-configure via LLDP

The screen that appears when you press the [Setting] button for Auto-configure via LLDP is shown below.

Auto-configure via LLDP - execution screen

To enable/disable the automatic setting function using LLDP, select the [Enable] or [Disable] radio button, and then press the [Confirm] button.

The screen that appears when you press the [Confirm] button is shown below.

Auto-configure via LLDP - confirmation screen

To enable/disable automatic settings using LLDP, press the [OK] button.

4 Related Commands

Related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Automatic optimization settings using LLDP

Enable automatic optimization settings using LLDP.

Enable LLDP transmission and reception on port1.1.

Yamaha#configure terminal
Yamaha(config)#interface port1.1
Yamaha(config-if)#lldp-agent ... (Create LLDP agent and transition modes)
Yamaha(lldp-agent)#set lldp enable txrx ... (Set LLDP transmission/reception mode)
Yamaha(lldp-agent)#exit
Yamaha(config-if)#exit
Yamaha(config)#lldp run ... (Enable LLDP function)
Yamaha(config)#lldp auto-setting enable ... (Enable automatic optimization settings using LLDP)

6 Points of Caution

• Note that if you use this function when settings such as QoS settings, flow control settings, EEE settings, and IGMP snooping have already been made, those settings are overwritten by Dante-optimized settings.
• It is assumed that you will use the Dante optimization setting function after you have made all of the basic switch settings (such as VLAN and IP).
  If you make new changes to the settings (such as adding a VLAN), the Dante optimization settings will not follow.
• The setting values requested from Dante-enabled devices must be consistent between all devices. If the values are different, operation cannot be guaranteed.
• In general, IGMP snooping operates as version “3”.

7 Related Documentation

• LLDP
• QoS
• Flow control
• IGMP Snooping
• Interface basic functions

Stack function

1 Function Overview

A stack is a function that connects multiple switches and operates as a single virtual switch.

The features of the stack are shown below.

1. Realization of highly efficient redundancy

   There are two methods for removing single points of failure (SPOF) in the network configuration: the method composed of VRRP and STP, and the method composed of stack and link aggregation.

   By using the stack, unlike VRRP, there is no standby switch, so you can increase the usage efficiency of the switch while ensuring redundancy.

2. Easy port expansion

   You can easily increase the number of available ports by adding switches.

Stack overview

The stack function is disabled when shipped from the factory.

2 Definition of Terms Used

Member switch

Network switches that make up the stack.

Each switch is identified by a stack ID.

Stack ID

An ID that identifies the member switches that make up the stack.

The stack ID can be set from 1 to the maximum number of stacks that can be configured (currently 2).

Master switch

A switch that manages the network switches that make up the stack.

By default, the switch with stack ID 1 operates as the master switch.

Slave switch

A network switch managed by the master switch.

By default, a switch with a stack ID other than 1 operates as a slave switch.

Virtual switch

A single logical switch consisting of multiple member switches using the stack function.

Stack port

SFP+ slot used to connect the network switches that make up the stack.

Stack link

A connection between member switches that make up a stack.

3 Function Details

3.1 Stack configuration

The configurations that can be stacked for each model are shown below.

Only two units of the same model are supported.

Note that the stack must be configured with two stack links in order to reduce the impact of failure.

SWR2310-28GT stack configuration

3.2 Connection between member switches

When the stack function is enabled, the following SFP+ slots are switched to stack ports as connecting ports between members.

• SWR2310-28GT: ports 27, 28

Unlike normal communication ports, stack ports are used only for communication between member switches.

Connection between member switches is only possible with the direct attach cable (DAC-SWRT-1M/3M) or SFP+ module (SFP-SWRT-SR/LR) provided by Yamaha.

When connecting with another company’s product, the stack link will be forced down.

The stack port to be connected connects the lower number port and the higher number port of the member switch.

3.3 Master switch selection and MAC address assignment

The master switch selection and MAC address assignment rules are shown below.

Note that the MAC address used in the stack configuration is applied according to the following rules in order to eliminate the impact on communication.

1. In the initial stack configuration, the MAC address of the master switch (switch with ID 1) is used as the virtual switch MAC address.
2. If a slave switch is disconnected (due to an error) during stack configuration, the virtual switch continues to use the configured MAC address.
3. If a master switch is disconnected (due to an error) during stack configuration, the virtual switch continues to use the configured MAC address.

   In other words, the MAC address of the switch that is not included in the stack configuration is used.

4. Even when a switch other than the failed switch (a switch with a different MAC address) is installed as a member switch, the virtual switch continues to use the configured MAC address.

   If you want to reconfigure the stack with the current configuration status, restart the virtual switch at the same time to perform reconstruction.

   (ID 1 is the master switch, and the virtual switch uses the MAC address of the master switch.)

Master switch selection and MAC address assignment

No	Stack configuration		Master selection rules
1	Initial composition		The switch with stack ID 1 is elected as the master switch. At this time, the MAC address of stack ID 1 is used as the virtual switch MAC address.
2	Fault occurrence		If an error occurs in the master switch, the switch with the smallest stack ID among the member switches is elected as the master switch. At this time, the virtual switch MAC address retains the MAC address of stack ID 1.
3	Abnormal state recovery		When the failed switch is re-installed in the stack, the currently elected master switch retains its function as the master switch. At this time, the virtual switch MAC address retains the MAC address of the faulty stack ID 1.

3.4 Operations on virtual switches

Operations on virtual switches in a stack configuration are basically controlled from the master switch.

The specifications related to operation are shown below.

1. When you log in to the virtual switch, you are always logged in to the master switch.
   If necessary, use the remote-login command to log in to the slave switch.
   • Prompt when logging in to master switch

     Yamaha>

   • Prompt when logging in to slave switch

     Yamaha-2> ... (Stack ID is displayed after the host name)

2. The configuration (running-config, startup-config) for the virtual switch is always synchronized between member switches.

   After completing the configuration, be sure to save running-config with the write command.

   The write command can only be executed from the master switch side.

3. When operating a virtual switch, the information stored in the L2 network switch (e.g. FDB learning information, ARP cache, etc.) is automatically synchronized.

   There is no need for the user to be aware of this.

4. Use the show logging command to show logging for the virtual switch after logging in.

   The logging shown in this state is the master switch logging. If you want to show the slave switch logging, log in to the relevant switch using the remote-login command and show the logging.

3.5 Switch status when stacking

The member switch manages the status in the stack configuration as follows.

This state can be shown using the show stack command.

1. Setting

   • A state in which one or more stack port links are up, and the settings necessary for stacking between member switches are performed.

     Specifically, the configuration is automatically ascertained between member switches.

2. Active

   • A state in which automatic recognition of the configuration between member switches is completed, various settings are synchronized, and virtualization is performed by multiple member switches.

     Virtualization is performed by two or more switches.

3. Inactive

   • A state in which a failure has occurred and the virtual switch has been removed.

     All communication ports including the stack port are forcibly shut down and communication cannot be established. (Closed state)

4. Standalone

   • The stack function is enabled, but since negotiation cannot be performed with the member switch, it is operating on one unit.

     Transition to this state occurs when there is no opposing switch temporarily, such as during initial installation.

     In this state, the stack ID that has been set must be enabled, so it is operated with the set ID.

5. Disable

   • The stack function is disabled.

     In this state, the stack ID is forcibly operated at 1. (Even if the stack ID is set to other than 1)

3.6 Detection and measures for abnormal conditions

When a member switch in the stack configuration detects an error, it tries to resolve it autonomously within the virtual switch so that the network service is not affected.

This switch monitors the following abnormal conditions.

• Abnormality detection on the local node

  1. Does not meet stack configuration conditions (stack ID error, firmware version error)
  2. Stack link error (down detection)
  3. Voltage value error
  4. Current value error

• Connection node error detection

  1. Heartbeat frame reception timeout

Heartbeat is a function to check whether member switches are operating normally.

If the heartbeat frame is not received for a certain period (currently 4 seconds), it is determined that an error has occurred in the member switch.

The operation when an error is detected is shown below.

Operation when fault is detected

4 Related Commands

Related commands are shown below.

For details, refer to the Command Reference.

List of stack related commands

5 stack initial settings

The initial setting flow for stack configuration is shown below.

1. Preparation of necessary equipment
2. Member switch settings
3. Connecting member switches

5.1 Preparation of necessary equipment

Prepare the equipment necessary to configure the stack.

• Member switch

  Prepare member switches for stack configuration.

  For the stackable configuration, refer to 3.1 Stack configuration.

• Stack port connection cable

  Determine and prepare the interface to which the member switches are connected.

  Use direct attach cables when configuring the stack in a rack, and SFP+ modules when a certain distance is required such as between floors or buildings.

  For details, refer to 3.2 Connection between member switches.

• External memory (SD card)

  It is recommended to use external memory to save backup data such as configs and logs during stack operation.

  By using external memory, you can use it to recover the config if a failure occurs.

5.2 Member switch settings

Set the member switches that constitute the stack.

Consider the following before you begin configuration.

1. Determine the stack IDs assigned to the member switches

   The stack IDs assigned to the member switches must be determined statically.

   During initial settings, stack ID: 1 is the master switch, and other IDs are slave switches.

2. Determine the IP address range of the stack port

   The IP address range used for the stack port is 192.168.250.0/24 as the initial setting.

   If the corresponding address is used on the operation network, it is necessary to change the IP address range of the stack port.

3. Determine the startup config save destination

   Determine the save destination for the startup config during stack configuration.

   Select the config ID in the flash ROM as the save destination and make it clear that it is to be used for saving the stack in the description.

After reviewing, configure member switches individually as follows.

1. Activate member switches

   Start the member switches individually and access them from the serial console.

2. Check and update firmware version

   Check the current firmware version with the show environment command.

   Yamaha> show environment
   SWR2310-28GT BootROM Ver.1.00
   SWR2310-28GT Rev.2.04.01 (Thu Sep 26 17:35:20 2019)　... (Check firmware version)
   main=SWR2310-28GT ver=00 serial=Z0000000XX MAC-Address=ac44.f200.0000
   ...
   

   
   Check the latest public firmware on Rt pro.
   If the public firmware version of the relevant switch is newer than the firmware that is running, update it.
   • It is recommended that member switches be updated to the latest firmware with improvements made to known issues.
   • By default, firmware update using an SD card is enabled.

     Refer to Firmware update for how to update using an SD card.

3. Set the save destination for startup config

   Use the startup-config select command to select the config to be used during stack operation.

   At this time, it is recommended to set the description to use for the config during stack operation.

   Yamaha> enable
   Yamaha# startup-config description 1 Stack ... (Set “Stack” and the description in startupconfig#1)
   Yamaha# startup-config select 1 ... (Select startup-config#1)
   reboot system? (y/n): y  ... (Reboot)
   

4. Stack ID settings

   Check the switch status with show stack and confirm that the stack function is disabled.

   Also check the stack ID. The initial value of the stack ID is set to 1.

   Yamaha> enable
   Yamaha#
   Yamaha# show stack
   Stack: Disable
   
   Configured ID: 1
   Subnet on stack port : Auto-ip
   
   ID  Model          Status    Role    
   -------------------------------------
   Yamaha#
   

   
   If necessary, change the stack ID using the stack renumber command.

   Yamaha(config)# stack 1 renumber 2 ... (Change the stack ID from #1 to #2)
   Yamaha(config)# do show stack
   Stack: Disable
   
   Configured ID: 2
   Subnet on stack port : 192.168.250.0
   
   ID  Model          Status    Role    
   -------------------------------------
   Yamaha#
   

5. Set the stack port IP address range

   The IP address range used for the stack port is 192.168.250.0/24 as the initial setting.

   If necessary, change the stack port IP address range using the stack subnet command.

   Be sure to make the same setting on all member switches.

   Yamaha(config)# stack subnet 192.168.255.0 ... (Change the IP address range to 192.168.255.0/24)
   Yamaha(config)# do show stack
   Stack: Disable
   
   Configured ID: 1
   Subnet on stack port : 192.168.255.0
   
   ID  Model          Status      Role
   -------------------------------------
   

6. Enabling the stack function

   Use the stack enable command to enable the stack function.

   After entering the command, reboot the device.

   After the reboot is complete, default-config is applied.

   Yamaha(config)# stack enable ... (enable stack function)
   reset configuration and reboot system? (y/n): y ... (execute reboot)
   

   
   After rebooting, check the switch status with show stack and confirm that the stack function is enabled.
   Also check the save destination of the startup config.

   Yamaha> enable
   Yamaha#
   Yamaha# show stack
   Stack: Enable ... (Stack function is enabled)
   
   Configured ID: 1
   Running ID   : 1
   Status       : Standalone
   Subnet on stack port : 192.168.255.0
   
   ID  Model          Status      Role    
   -------------------------------------
   1   SWR2310-28GT   Standalone  Master ... (Because it is operating with one unit, it is Standalone Master)
   
   Yamaha>show environment
   SWR2310-28GT BootROM Ver.1.00
   SWR2310-28GT Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
   main=SWR2310-28GT ver=00 serial=Z0000000XX MAC-Address=ac44.f200.0000
   CPU:  12%(5sec)   5%(1min)   6%(5min)    Memory:  11% used
   Startup firmware: exec0
   Startup Configuration file: config1   ... (Confirm that the set startup config is applied)
                selected file: config1
   Serial Baudrate: 9600
   Boot time: 2019/10/10 22:52:22 +09:00
   Current time: 2019/10/10 22:57:38 +09:00
   Elapsed time from boot: 0days 00:05:21
   
   

5.3 Connecting member switches

Connect the enabled switches to the stack using a direct attach cable or SFP+ module.

Refer to 3.2 Connection between member switches for the connection method.

The member switches can be connected with the power turned off or the power turned on.

After connecting the member switches, check the system status using the show stack command.

Yamaha# show stack
Stack: Enable

Configured ID: 1
Running ID   : 1
Status       : Active
Subnet on stack port : 192.168.255.0

ID  Model          Status      Role    
-------------------------------------
1   SWR2310-28GT   Active      Master  ... (Switch with stack ID 1 is master)
2   SWR2310-28GT   Active      Slave   ... (Switch with stack ID 2 is slave)  

Use the backup system command to back up the initial setting status of the member switch to the SD card.

By saving swr2310.bin (firmware file) in the /swr2310/firmware folder in the SD card, both settings and firmware can be backed up during backup execution.

Yamaha> enable
Yamaha# backup system  ... (Copy all master switch settings to the SD card)
Succeeded to backup system files and firmware file.
Yamaha# remote-login 2 ... (Remote login to slave switch (stack ID: 2))

Entering character mode
Escape character is '^]'.

SWR2310-28GT Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
  Copyright (c) 2018-2019 Yamaha Corporation. All Rights Reserved.

Yamaha-2> enable
Yamaha-2# backup system  ... (Copy all slave switch settings to SD card)
Succeeded to backup system files and firmware file.

This completes the initial stack settings.

Install the virtual switch in the network to be used and perform the settings required for operation.

After completing the settings required for operation, backup should be performed in case of an abnormality, just as with the initial settings.

6 Exchanging member switches

This section describes the exchange procedure when an error occurs in a member switch in a configuration that uses two SWR2310-28GTs.

The following shows each case of using and not using an SD card.

6.1 Exchange procedure using an SD card

Member switches are exchanged by backup/restore using an SD card.

Exchange procedure

1. During normal operation

   After completing the setting to the member switches, back up the system information to the SD card in consideration of failure.

   To back up system information, execute the backup system command.

   Before performing backup, save swr2310.bin (firmware file) in the /swr2310/firmware folder on the SD card to back up the firmware.

2. Fault occurrence

   Stack ID: Assume that an error occurred in the second slave device.

3. Fault recovery

   Prepare the member switches to be exchanged and connect the SD card that contains the backup of the failed switches.

   Apply the firmware and system information by executing the restore system command.

   After application, turn off the power, connect to the active master switch, and turn on the power to restore the stack configuration.

6.2 Exchange procedure without using an SD card

Exchange the member switches without using an SD card.

1. At the start of operation

   After installation of the member switches is completed, store the same revision firmware as the firmware written in the member switches on a PC, etc.

   Record the serial number, config ID being used, and stack ID of each member switch.

   Yamaha> show environment
   SWR2310-28GT BootROM Ver.1.00
   SWR2310-28GT Rev.2.04.01 (Thu Sep 26 17:35:20 2019)
   main=SWR2310-28GT ver=00 serial=Z0000000XX MAC-Address=ac44.f200.0000   ... (Serial number)
   CPU:  12%(5sec)   5%(1min)   6%(5min)    Memory:  11% used
   Startup firmware: exec0
   Startup Configuration file: config1   ... (config ID)
                selected file: config1
   Serial Baudrate: 9600
   Boot time: 2019/10/10 22:52:22 +09:00
   Current time: 2019/10/10 22:57:38 +09:00
   Elapsed time from boot: 0days 00:05:21
   
   Yamaha> show stack
   Stack: Enable
   
   Configured ID: 1   ... (Stack ID)
   Running ID   : 1
   Status       : Active
   Subnet on stack port : 192.168.250.0
   
   ID  Model          Status      Role
   -------------------------------------
   1   SWR2310-28GT   Active      Master
   2   SWR2310-28GT   Active      Slave
   

2. Fault occurrence

   Stack ID: Assume that an error occurred in the second slave device.

3. Fault recovery

   Prepare the member switches to be exchanged and write the saved firmware.

   Start the member switches and change the config ID used at startup.

   * If the config ID used at the start of operation is 0, there is no need to change it.

   Yamaha> enable
   Yamaha# startup-config select 1
   reboot system? (y/n): y
   

   
   After rebooting, enable the stack function.
   For the stack ID to be set, refer to the member switch serial number and stack ID recorded at the start of operation.

   Yamaha> enable
   Yamaha# configure terminal
   Yamaha(config)# stack 1 renumber 2   ... (Set stack ID 2)
   Yamaha(config)# stack enable         ... (Enable stack function)
   reset configuration and reboot system? (y/n): y
   

   
   After enabling the stack function, turn off the power, connect to the active master switch, and turn on the power to restore the stack configuration.

7 Firmware update

The following two methods are provided for updating the firmware during stack configuration.

1. Method to update member switches during configuration simultaneously (parallel update)
2. Method to update without stopping network services (sequential update)

Parallel update is an effective method if you have enough time to allow a service outage.

However, during stack configuration, it is recommended to perform a sequential update without service interruption.

Note that firmware updates during stack configuration are supported only for the following.

• Update by sending update firmware using tftp client or Web GUI
• Using an SD card to update the firmware

If the firmware is updated while the SD card is inserted, SD card boot may be performed when restarting.

You can disable SD card boot with the boot prioritize sd command.

Yamaha> enable
Yamaha# boot prioritize sd disable   ... (Disable SD card boot)
reboot system? (y/n): y

For details, refer to Firmware update.

7.1 Firmware parallel update

Firmware parallel update updates the firmware of the member switches in the stack configuration at the same time.

The service will be stopped because the entire virtual switch is restarted for the update.

Note the following points when performing parallel update.

• Confirm that the firmware update method is set to normal (firmware-update reload-method command)
• Confirm that the firmware update application time is set to the set time (firmware-update reload-time command)

An overview of parallel update is shown below.

Parallel update process flow

7.2 Firmware sequential update

Firmware serial update updates the firmware of the member switches in the stack configuration sequentially.

The service will not be stopped because the entire virtual switch is not restarted for the update. (* See Points of Caution 6)

Note the following points when performing sequential update.

• Confirm that the firmware update method is set to sequential (firmware-update reload-method command)
• Confirm that the firmware update application time is set to the set time (firmware-update reload-time command)

An overview of sequential update is shown below.

Sequential update process flow

8 Points of Caution

1. When the stack function is enabled, the following functions cannot be used.
   1. RMON
   2. MLD snooping
2. When the stack function is enabled, it can be used as a function, but some restrictions occur.
   1. Mirroring function
      • Mirroring between member switches is not possible.
   2. Flow control
      • Pause frame cannot be transmitted.
   3. Back pressure function
      • When communicating via the stack port, jam signals are not transmitted.
   4. SFP optical reception level monitoring
      • The optical reception level of the stack port is not monitored.
   5. Link aggregation
      • Dynamic link aggregation (LACP) cannot be used.
      • The maximum number of logical groups is reduced by one.
   6. Command line input
      • The users who can transition to global configuration mode are limited.

        When the console side is in global configuration mode and the telnet side transitions to global configuration mode, the console side automatically transitions to privileged EXEC mode.

        Console, telnet, ssh, remote login, and GUI settings are exclusively controlled.

      • It is not possible to log in from the master switch and slave switch consoles at the same time.
   7. DHCP client
      • If the stack function is enabled and the Auto IP function is used on the stack port, the DHCP client cannot be used.
   8. startup-config select command
      • Do not use the startup-config select command while the stack is configured. It may become impossible to configure correctly.

        To switch the config using the startup-config select command, disconnect the direct attach cable and cancel the stack configuration before executing.

3. When the stack function is enabled, make sure that the stack configuration is configured before setting functions with commands or the GUI.

   If the stack is not configured correctly, the settings may not be reflected correctly.

   The write command and copy running-config startup-config command can be executed only on the master switch side (Active state).

   They cannot be executed on the slave switch side or when the stack is not configured correctly.

4. When the stack function is enabled, the stack control packets use transmission queues #7 and #6, so do not assign other packets to transmission queues #7 and #6.

   When QoS is enabled, transmission queues #7 and #6 are assigned by default in the CoS-transmission queue ID conversion table, so change the assignment.

5. When the stack function is enabled, the initial setting for the transmission queue specification for frames transmitted from the switch itself is transmission queue #6.

   Do not change the transmission queue specification setting for frames transmitted from the switch itself from the default setting.

6. If the member switches are reconnected due to device exchange or connection failure, etc., all communication will be temporarily stopped because it is in stack configuration.

   The communication stop state is canceled after stack configuration is completed.

   Even during firmware update (sequential update), the startup-config reflection period is temporarily stopped.

7. If there is a difference in the settings (startup-config) on the master/slave switch during stack configuration, update the slave switch settings and reboot.
8. If there is a difference in the IP address range settings of the stack port between the master switch/slave switch during stack configuration, communication between stacks cannot be performed normally.

9 Related Documentation

• Firmware update

List of default settings

List of default settings

The default settings of the SWR2310 Series is shown below.

System-wide default settings

Default settings for each LAN/SFP port

Settings for default VLAN (vlan1)

• IPv4 Address: DHCP client
• IGMP Snooping: Enable
  • Querier : Disable
  • Fast-Leave : Disable
  • Check TTL : Enable

Interface control functions

• Interface basic functions
• Link aggregation
• Port authentication functions
• Port security functions

Interface basic functions

1 Function Overview

Here we explain the basic interface functions of this product.

2 Definition of Terms Used

None

3 Function Details

3.1 Interface types

This product can handle the five interface types shown in the table below.

Interface list

3.2 Interface control

The interface on this product can be controlled as shown in the table below.

Interface control items

Command control of the interface is performed as shown on the table below.

Interface control functionality chart

*1: As the communication speed / communication mode setting for a LAN port, it is not possible to select 10 Gbps / full-duplex.

*2: The communication speed / communication mode setting for an SFP port will be either auto negotiation or 1 Gbps / full-duplex.

*3: The communication speed / communication mode setting for an SFP+ port will be either auto negotiation or 10 Gbps / full-duplex.
When 10 Gbps / full duplex is set and an SFP module is connected, it operates as 1 Gbps / full-duplex.

3.3 LAN/SFP port defaults

Initially, this product’s LAN/SFP ports will be in the following state.

• All LAN/SFP ports function as access ports (ports that handle untagged frames), and belong to the default VLAN (VLAN #1).
• The following functions are enabled for the default VLAN (VLAN #1) to which all LAN/SFP ports belong.
  • MSTP: Multiple Spanning Tree Protocol
  • IGMP Snooping
  • IPv4 address (192.168.100.240/24)
  • Access from a Telnet client
  • Access from a web client

3.4 Port mirroring

This product provides a port mirroring function, which copies the data traffic from a selected LAN/SFP port to another specified port.

The communication status can be analyzed by collecting the copied packets.

This product allows you to specify one mirror port, making all other LAN/SFP port allocable as “monitor ports”.

The monitoring direction (transmit/receive, transmit only, receive only) can be selected for the monitor ports.

The mirror command can be used to set the port mirroring.

The mirror port setting is disabled by default.

3.5 Frame counter

This product counts the number of frames transmitted/received for each LAN/SFP port. (This is called a “frame counter”.)

To reference the frame counter, use the show frame counter command.

The table below shows the display items for the frame counter and their maximum values.

Received frame counter display items

(*1): Packets is the total value of the (*2) packets.

(*3): This will change, depending on the MRU that is set for the LAN/SFP port.

(4): This is shown only if tail drop is disabled.

Transmitted frame counter display items

(*1): The packet value is the total of the (*2) packets.

(3): This is shown only if tail drop is enabled.

Transmitted/received frame counter display items

(*1): This will change, depending on the MRU that is set for the LAN/SFP port.

The frame counter can also be cleared by using the clear counters command.

When you execute the show interface command which shows the status of the LAN/SFP ports, information on the number of transmitted and received frames is shown, but this information is shown based on the frame counter information.

The number of frames transmitted/received that is displayed using the show interface command and how the frame counter is handled are shown below.

• Number of frames transmitted/received that is displayed by the show interface command, and how the frame counter is handled

  Display item		Information on the frame counter referred to
  input	packets	Received frame counter packets
  	bytes	Received frame counter octets
  	multicast packets	Received frame counter multicast packets
  	drop packets(*1)	Received frame counter drop packets
  output	packets	Transmitted frame counter packets
  	bytes	Transmitted frame counter octets
  	multicast packets	Transmitted frame counter multicast packets
  	broadcast packets	Transmitted frame counter broadcast packets
  	drop packets(*1)	Transmitted frame counter drop packets

  (*1) If tail drop is enabled this shows only the transmission information; if it is disabled this shows only the reception information.

3.6 SFP module optical receive level monitoring

This product provides functionality for monitoring the optical receive level of an SFP/SFP+ module connected to the SFP/SFP+ port.

If a fault occurs in an SFP/SFP+ module’s optical receive level, this product’s port lamp indications change to a dedicated state, and a SYSLOG message is output.

When the optical receive level returns to the normal range, this product’s port lamp indications will recover, and a SYSLOG message is output.

The SYSLOG message is not output when the corresponding port is linked down.

The SFP/SFP+ module’s optical receive level monitoring settings can be made using the sfp-monitor command.

By default, SFP module optical receive level monitoring is enabled.

3.7 Transmit queue usage monitoring

If the transmit queue’s usage ratio becomes high (above 60%, above 100%), a SYSLOG message is output.

A SYSLOG message is also output when the transmit queue’s usage ratio returns to the normal range (below 50%).

Transmit queue usage monitoring is always enabled.

4 Related Commands

The related commands are shown below.

For details on the commands, refer to the Command Reference.

Basic interface functions: list of related commands

5 Examples of Command Execution

5.1 Basic LAN port settings

Some examples of basic LAN port settings are shown below.

For details on how to make the settings, refer to the Command Reference.

• Set the description text for LAN port #1 (port1.1).

  Yamaha(config)#interface port1.1
  Yamaha(config-if)#description Connected to rtx1200-router

• Disable LAN port #1 (port1.1).

  Yamaha(config)#interface port1.1
  Yamaha(config-if)#shutdown

• Enable LAN port #1 (port1.1).

  Yamaha(config)#interface port1.1
  Yamaha(config-if)#no shutdown

• Set the communication speed and communication mode for LAN port #1 (port1.1) to 100Mbps/Full.

  Yamaha(config)#interface port1.1
  Yamaha(config-if)#speed-duplex 100-full

5.2 Mirroring settings

In this example, we will set LAN port #1 to monitor the frames transmitted/received by LAN port #4 and the frames transmitted by LAN port #5.

The roles of the ports are shown below.

• Mirror port: LAN port #1 (port1.1)
• Monitor port: LAN port #4 (port1.4), LAN port #5 (port1.5)

1. Set the monitor port for mirror port LAN port #1 (port1.1).

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#mirror interface port1.4 direction both     ... (Monitor transmission/reception frames)
   Yamaha(config-if)#mirror interface port1.5 direction transmit ... (Monitor transmission frames)

2. Confirm the mirroring settings.

   Yamaha#show mirror
   Monitor Port  Mirror Port  Mirror Option  Direction
   ============= ============ ============== ==========
   port1.1       port1.4      enable         both
                 port1.5      enable         transmit

5.3 Show LAN/SFP port information

• Confirm the status of LAN port #1 (port1.1).

  Yamaha#show interface port 1.1
  Interface port1.1
    Link is UP
    Hardware is Ethernet
    HW addr: 00a0.deae.b89f
    Description: Connected to router
    ifIndex 5001, MRU 1522
    Speed-Duplex: auto(configured), 1000-full(current)
    Auto MDI/MDIX: on
    Vlan info :
      Switchport mode        : access
      Ingress filter         : enable
      Acceptable frame types : all
      Default Vlan           :    1
      Configured Vlans       :    1
    Interface counter:
      input  packets          : 0
             bytes            : 0
             multicast packets: 0
      output packets          : 0
             bytes            : 0
             multicast packets: 0
             broadcast packets: 0
             drop packets     : 0

6 Points of Caution

None

7 Related Documentation

None

Link aggregation

1 Function Overview

Link aggregation is a function used to combine multiple LAN/SFP ports that connect network devices, and handle them as a single logical interface.

Link aggregation is a technology that is useful when multiple communications occur. Communications can be distributed by using a load balance function within the combined lines.

If one LAN/SFP port fails within the lines that were combined using link aggregation, and communications cannot be made, the other ports will continue communicating.

Link aggregation function overview

The link aggregation functions in this L2 switch are shown below.

Link aggregation functions

2 Definition of Terms Used

LACP

Abbreviation for “Link Aggregation Control Protocol”. This is a technology standardized in IEEE802.3ad,

and is also called EtherChannel.

• IEEE 802.3 Study Group Interim meeting

Load balance

This is a function to distribute forwarded frames between the LAN/SFP ports that are associated with the logical interface.

As a distribution rule, the L2/L3/L4 information within frames is used.

3 Function Details

3.1 Static/LACP link aggregation: common specifications

The common specifications for the static/LACP link aggregation functions of this L2 switch are shown below.

1. The link aggregation on this L2 switch can be defined for 127 interfaces, including both static and LACP.

   A single logical interface can be associated with up to eight LAN/SFP ports.

2. The settings shown below must be the same for each of the LAN/SFP ports contained within.
   • Communication speed/communication mode

     If auto negotiation is enabled, only the same port that was used in the contained ports for the initial negotiation results will be contained.

   • Port mode (access/trunk [including native VLAN settings])
   • Associated VLAN
   • QoS trust mode (including port priority and default CoS settings)
3. The following operations are performed when a LAN/SFP port is associated with a logical interface.
   • LAN/SFP ports that are linked up will be linked down.

     The logical interface’s default value will be set to shutdown, in order to safely integrate the logical interface into the system.

   • MSTP settings will be discarded and will revert to their defaults.

     When dissociating a LAN/SFP port from the logical link, the MSTP settings for the relevant port will revert to their defaults as well.

4. The following operations can be performed for the logical interface.
   • Add description text (description command)
   • Enable/disable the interface (shutdown command)
5. Another LAN/SFP port cannot be associated with a logical interface in operation.

   To associate a LAN/SFP port, make sure to shut down the logical interface before associating.

6. LAN/SFP ports that are associated with a logical interface that is in operation cannot be removed.

   When dissociating a LAN/SFP port, make sure to shut down the logical interface before dissociating.

   LAN/SFP ports that have been dissociated from a logical interface will be in shutdown mode. Enable the ports as necessary (using “no shutdown”).

7. Load balance settings can be made on the logical interface. The rules that can be set for this are shown below.

   The default value when defining a logical interface is the destination/source MAC address.

   • Destination MAC address
   • Source MAC address
   • Destination/source MAC address
   • Destination IP address
   • Source IP address
   • Destination/source IP address
   • Destination port number
   • Source port number
   • Destination/source port number

3.2 Static link aggregation

The operating specifications for static link aggregation are shown below.

1. An interface number from 1–96 can be assigned to the static logical interface.
2. Use the static-channel-group command to associate a LAN/SFP port with a static logical link interface.
   • When associating a LAN/SFP port with an interface number for which there is no static logical interface, a new logical interface will be generated.
   • When the associated port no longer exists as a result of removing a LAN/SFP port from a static logical interface, the relevant logical interface will be deleted.
3. Use the show static-channel-group command to show the static logical link interface’s status.

3.3 LACP link aggregation

The operating specifications for LACP link aggregation are shown below.

Refer to “3.1 Static/LACP link aggregation: common specifications” for the common specifications of static link aggregation.

1. An interface number from 1–127 can be assigned to the LACP logical interface.
2. Use the channel-group command to associate a LAN/SFP port with an LACP logical link interface.
   • When associating an LAN/SFP, specify the following operating modes. (It is recommended to specify “active mode”.)
     • Active mode

       The LACP frame will be voluntarily transmitted, and negotiation with the opposing device’s port will begin.

     • Passive mode

       The LACP frame will not be voluntarily transmitted, but will instead be transmitted when a frame is received from the opposing device.

   • When associating a LAN/SFP port with an interface number for which there is no LACP logical interface, a new logical interface will be generated.
   • When the associated port no longer exists as a result of removing a LAN/SFP port from an LACP logical interface, the relevant logical interface will be deleted.
3. The parameters that influence the operations of the LACP logical interface are shown below.
   • LACP timeout

     LACP timeout indicates the down time that was determined, when an LACP frame has not been received from the opposing device.

     Specify either “Long” (90 sec.) or “Short” (3 sec.) using the lacp timeout command.

     The LACP timeout value is stored in the LACP frame and transmitted to the opposing device.

     The opposing device that received the frame will transmit the LACP frames it has stored at intervals equaling 1/3 of the LACP timeout value.

     The default value when the logical interface is generated is “Long (90 sec.)”.

   • LACP system priority

     The LACP system priority is used when deciding which device will control the logical interface, when communicating with the opposing device.

     The device with the highest combined system priority exchanged with the opposing device and MAC address (together called the “system ID”) is selected.

     The LAN/SFP port associated with the logical interface that is to be enabled (active) is determined for the selected device.

     The LACP system priority can be specified from a range of 1–65,535 by the lacp system-priority command. (Lower numbers have higher priority.)

     The default value when the logical interface is generated is set to 32,768 (0x8000).

   • LACP port priority

     LACP port priority is used to control active/standby for the LAN/SFP ports that are associated with the logical interface.

     When there are more LAN/SFP ports associated to the logical interface than the 8-port maximum, the port status is controlled based on a combination of the LACP port priority and the port number (which is called “port ID”).

     As the maximum number of LAN/SFP ports associated to a logical interface is currently eight, this function is disabled.

     The LACP system priority for opposing devices is transmitted at a fixed value (32,768 (0x8000)).

4. Use the show etherchannel command to show the LACP logical interface status.

4 Related Commands

The related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Setting the static logical interface

In this example, we will set link aggregation to use four LAN ports, in order to communicate between L2 switches.

• Static logical interface setting example
• Static link aggregation is set to static.

  The logical interface numbers are set to switch A: #2 and switch B: #5.

• The LAN ports associated with the logical interface are all access ports, and are associated with the VLAN #1000.

1. Define [switch A] VLAN #1000, and associate it with LAN ports (#15, #17, #19, #21, #23).

   Together with this, associate LAN ports (#17, #19, #21, #23) with the logical interface #2.

   Yamaha(config)#vlan database ... (VLAN-ID #1000 definition)
   Yamaha(config-vlan)#vlan 1000
   Yamaha(config-vlan)#exit
   Yamaha(config)#interface port1.15 ... (Set LAN port #15)
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#interface port1.17 ... (Set LAN port #17)
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#static-channel-group 2 ... (Associate with logical interface #2)
   Yamaha(config-if)#interface port1.19
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 2
   Yamaha(config-if)#interface port1.21
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 2
   Yamaha(config-if)#interface port1.23
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 2

2. Confirm the setting status of [switch A] logical interface #2.

   Yamaha#show static-channel-group
   % Static Aggregator: sa2
   % Member:
      port1.17
      port1.19
      port1.21
      port1.23

3. Define [switch B] VLAN #1000, and associate it with LAN ports (#07, #09, #11, #13, #15).

   Together with this, associate LAN ports (#09, #11, #13, #15) with the logical interface #5.

   Yamaha(config)#vlan database
   Yamaha(config-vlan)#vlan 1000
   Yamaha(config-vlan)#exit
   Yamaha(config)#interface port1.7
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#interface port1.9
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 5
   Yamaha(config-if)#interface port1.11
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 5
   Yamaha(config-if)#interface port1.13
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 5
   Yamaha(config-if)#interface port1.15
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)#static-channel-group 5

4. Confirm the setting status of [switch B] logical interface #5.

   Yamaha#show static-channel-group
   % Static Aggregator: sa5
   % Member:
      port1.9
      port1.11
      port1.13
      port1.15

5. Enable [switch A] logical interface.

   Yamaha(config)#interface sa2 ... (Set logical interface #2)
   Yamaha(config-if)#no shutdown ... (Enable logical interface)

6. Enable [switch B] logical interface.

   Yamaha(config)#interface sa5 ... (Set logical interface #5)
   Yamaha(config-if)#no shutdown ... (Enable logical interface)

7. Confirm the setting status of [switch A] logical interface.

   Yamaha#show interface sa2
   Interface sa2
     Link is UP ... (is enabled)
     Hardware is AGGREGATE
     ifIndex 4502, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 1020
              bytes            : 102432
              multicast packets: 1020
       output packets          : 15
              bytes            : 1845
              multicast packets: 15
              broadcast packets: 0

8. Confirm the setting status of [switch B] logical interface.

   Yamaha#show interface sa5
   Interface sa5
     Link is UP
     Hardware is AGGREGATE
     ifIndex 4505, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 24
              bytes            : 2952
              multicast packets: 24
       output packets          : 2109
              bytes            : 211698
              multicast packets: 2109
              broadcast packets: 0

5.2 Setting the LACP logical interface

In this example, we will set link aggregation to use four LAN ports, in order to communicate between L2 switches.

• Set the LACP logical interface
• Use LACP for link aggregation.

  The logical interface numbers are set to switch A: #10 and switch B: #20.

  Set the switch A logical interface to active status, and the switch B logical interface to passive status.

• The LAN ports associated with the logical interface are all access ports, and are associated with the VLAN #1000.
• For load balance, set the destination/source IP address.

1. Define [switch A] VLAN #1000, and associate it with LAN ports (#15, #17, #19, #21, #23).

   Together with this, associate LAN ports (#17, #19, #21, #23) in active status with the logical interface #10.

   The logical interface at this point in time will be in shutdown mode.

   Yamaha(config)#vlan database
   Yamaha(config-vlan)#vlan 1000 ... (VLAN #1000 definition)
   Yamaha(config-vlan)#exit
   Yamaha(config)#interface port1.15
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#interface port1.17
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#channel-group 10 mode active ... (Associate with logical interface #10 in an active status)
   Yamaha(config-if)#interface port1.19
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 10 mode active
   Yamaha(config-if)#interface port1.21
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 10 mode active
   Yamaha(config-if)#interface port1.23
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 10 mode active

2. Confirm the setting status of [switch A] logical interface #10.

   Yamaha#show etherchannel
   % Lacp Aggregator: po10
   % Member:
      port1.17
      port1.19
      port1.21
      port1.23
   Yamaha#show lacp sys-id ... (Check LACP system ID: set to the default value (0x8000))
   % System 8000,00-a0-de-ae-b9-1f
   Yamaha#show interface po10
   Interface po10
     Link is DOWN ... (Link is down)
     Hardware is AGGREGATE
     ifIndex 4610, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 0
              bytes            : 0
              multicast packets: 0
       output packets          : 0
              bytes            : 0
              multicast packets: 0
              broadcast packets: 0

3. Define [switch A] VLAN #1000, and associate it with LAN ports (#07, #09, #11, #13, #15).

   Together with this, associate LAN ports (#09, #11, #13, #15) in passive status with the logical interface #20.

   The logical interface at this point in time will be in shutdown mode.

   Yamaha(config)#vlan database
   Yamaha(config-vlan)#vlan 1000 ... (VLAN #1000 definition)
   Yamaha(config-vlan)#exit
   Yamaha(config)#interface port1.7
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#interface port1.9
   Yamaha(config-if)#switchport access vlan 1000 ... (Set as access port, and associate with VLAN #1000)
   Yamaha(config-if)#channel-group 20 mode passive ... (Associate with logical interface #20 in a passive status)
   Yamaha(config-if)#interface port1.11
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 20 mode passive
   Yamaha(config-if)#interface port1.13
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 20 mode passive
   Yamaha(config-if)#interface port1.15
   Yamaha(config-if)#switchport access vlan 1000
   Yamaha(config-if)# channel-group 20 mode passive

4. Confirm the setting status of [switch B] logical interface #20.

   Yamaha#show etherchannel
   % Lacp Aggregator: po20
   % Member:
      port1.9
      port1.11
      port1.13
      port1.15
   Yamaha#show lacp sys-id ... (Check LACP system ID: set to the default value (0x8000))
   % System 8000,00-a0-de-ae-b8-7e
   Yamaha#show interface po20
   Interface po20
     Link is DOWN ... (Link is down)
     Hardware is AGGREGATE
     ifIndex 4620, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 0
              bytes            : 0
              multicast packets: 0
       output packets          : 0
              bytes            : 0
              multicast packets: 0
              broadcast packets: 0

5. Set the load balance of [switch A] to the destination/source IP address, and enable.

   Yamaha(config)#port-channel load-labance src-dst-ip ... (Set load balancing)
   Yamaha(config)#interface po10 ... (Set logical interface #10)
   Yamaha(config-if)#no shutdown ... (Enable logical interface)

6. Set the load balance of [switch B] to the destination/source IP address, and enable.

   Yamaha(config)#port-channel load-labance src-dst-ip ... (Set load balancing)
   Yamaha(config)#interface po20 ... (Set logical interface #20)
   Yamaha(config-if)#no shutdown ... (Enable logical interface)

7. Confirm the setting status of [switch A] logical interface.

   Link up and confirm whether frames are being sent and received.

   Yamaha#show interface po10
   Interface po10
     Link is UP
     Hardware is AGGREGATE
     ifIndex 4610, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 560
              bytes            : 58239
              multicast packets: 560
       output packets          : 98
              bytes            : 12474
              multicast packets: 98
              broadcast packets: 0
   Yamaha#
   Yamaha#show lacp-counter
   % Traffic statistics
   Port       LACPDUs         Marker         Pckt err
           Sent    Recv    Sent    Recv    Sent    Recv
   % Aggregator po10 , ID 4610
   port1.17     50      47      0       0       0       0
   port1.19     49      46      0       0       0       0
   port1.21     49      46      0       0       0       0
   port1.23     49      46      0       0       0       0

8. Confirm the setting status of [switch B] logical interface.

   Link up and confirm whether frames are being sent and received.

   Yamaha#show interface po20
   Interface po20
     Link is UP
     Hardware is AGGREGATE
     ifIndex 4620, MRU 1522
     Vlan info :
       Switchport mode        : access
       Ingress filter         : enable
       Acceptable frame types : all
       Default Vlan           : 1000
       Configured Vlans       : 1000
     Interface counter:
       input  packets          : 78
              bytes            : 9914
              multicast packets: 78
       output packets          : 438
              bytes            : 45604
              multicast packets: 438
              broadcast packets: 0
   Yamaha#
   Yamaha#show lacp-counter
   % Traffic statistics
   Port       LACPDUs         Marker         Pckt err
           Sent    Recv    Sent    Recv    Sent    Recv
   % Aggregator po20 , ID 4620
   port1.9      55      57      0       0       0       0
   port1.11     54      56      0       0       0       0
   port1.13     54      56      0       0       0       0
   port1.15     54      56      0       0       0       0

6 Points of Caution

• A host port that is associated with a private VLAN cannot be aggregated as a link aggregation logical interface.
• If access list settings exist for the received frame of a LAN/SFP port, the ports cannot be aggregated as a link aggregation logical interface.

7 Related Documentation

• LAN/SFP port control: Interface basic functions

Port authentication functions

1 Function Overview

Port authentication is a function that authenticates devices or users.

This authenticates a device connected to the LAN/SFP port, and permits LAN access only for devices that succeeded in authenticating.

Devices that are not yet authenticated or that failed to authenticate can be denied access to the LAN, or permitted to access only a specific VLAN.

2 Definition of Terms Used

IEEE 802.1X

The authentication standard used when connecting to the LAN.

Authenticator

A device or software that authenticates a supplicant connected to a LAN/SFP port.

It mediates between the supplicant and the authentication server, controlling access to the LAN according to the success or failure of authentication.

Supplicant

A device or software that connects to an authenticator and receives authentication.

Authentication server

A device or software that authenticates a supplicant that is connected via the authenticator.

This manages authentication information such as user names, passwords, MAC addresses, and associated VLANs.

EAP (Extended authentication protocol)

This is an authentication protocol that extends PPP, allowing various authentication methods to be used.

This is defined in RFC3748.

EAP over LAN (EAPOL)

This is a protocol for conveying EAP packets between the supplicant and the authenticator.

EAP over Radius

This is a protocol for conveying EAP packets between the authenticator and the authentication server (RADIUS server).

EAP-MD5 (Message digest algorithm 5)

Client authentication using user name and password.

This uses an MD5 hash value to authenticate.

EAP-TLS (Transport Layer Security)

This uses the digital certificates of the server and the client to authenticate.

With the transport layer encrypted, the digital certificates are exchanged and authenticated.

This is defined in RFC2716 and RFC5216.

EAP-TTLS (Tunneled TLS)

This is an extended version of EAP-TLS.

This uses the digital signature of the server to establish a TLS communication route, and within this encrypted communication route uses a password to authenticate the client.

This is defined in RFC5281.

EAP-PEAP (Protected EAP)

The principle of operation is equivalent to EAP-TTLS (the only difference is the protocol inside the encrypted tunnel).

This uses the digital signature of the server to establish a TLS communication route, and within this encrypted communication route uses a password to authenticate the client.

3 Function Details

The operating specifications for port authentication are shown below.

As port authentication functions, this product supports IEEE 802.1X authentication, MAC authentication, and Web authentication.

The following table shows the distinctive features of each authentication method.

Port authentication method features

This screen assumes a RADIUS server as the authentication server.

Note that the port authentication functionality of this product has the following limitations.

• It cannot be used on a private VLAN port.
• It cannot be used on a voice VLAN port.
• If port authentication is enabled, a spanning tree topology change will occur according to the authentication result.

  If you want to avoid this, specify “spanning-tree edgeport” for the authentication port to which the supplicant will be connected.

• The number of supplicants that can be authenticated is one for each port in single host mode or multi-supplicant mode; for multi-supplicant mode, the maximum is 512 for the entire system.
• Web authentication can be used only in multi-supplicant mode.
• Web authentication cannot be used together with a guest VLAN.
• The L2MS functions cannot be used if settings are made with the trunk port without a native VLAN.
• When using the stack function, the file stored in the master switch is referenced for the Web authentication screen customization file.
• When using the stack function, if a member switch is added, the authentication information of the supplicant connected to the logical interface is cleared.
• The L2MS functions cannot be used if settings are made with the trunk port without a native VLAN.
• Guest VLAN cannot be used on trunk ports.
• If the following supplicant VLAN is changed by the authentication VLAN, the authentication function may not work properly.
  • DHCP server
  • L2MS compatible device

3.1 IEEE 802.1X authentication

IEEE 802.1X authentication uses EAP to authenticate in units of devices or users.

The supplicant receiving authentication must support IEEE 802.1X authentication.

This product operates as an authenticator that communicates with the supplicant via EAP over LAN and communicates with the RADIUS server via EAP over RADIUS.

The authentication process itself occurs directly between the supplicant and the RADIUS server.

As authentication methods, this product supports EAP-MD5, EAP-TLS, EAP-TTLS, and EAP-PEAP.

The features of each authentication method are shown in the following table.

Features of each authentication method

Make settings for the supplicant and the RADIUS server as appropriate for the authentication method you use.

The basic procedure for IEEE 802.1X authentication is shown in the following diagram.

Basic procedure for IEEE 802.1X authentication

The supplicant is connected to the LAN, and transmits a communication start message (EAPOL-Start) message to start authentication.

When authentication succeeds, authentication success (Success) notification is sent to the supplicant, and the supplicant’s MAC address is registered in the FDB, allowing the supplicant to access the network.

If authentication fails, an authentication failure (Failure) notification is sent to the supplicant, and network access is denied for the supplicant.

(Even without authentication, it is possible to allow access to a specific VLAN if a guest VLAN has been specified.)

3.2 MAC authentication

MAC authentication uses the MAC address of a device to authenticate an individual device.

Since the supplicant does not need special functionality to be authenticated, authentication is possible even for devices that do not support IEEE 802.1X.

The basic procedure for MAC authentication is shown in the following diagram.

When this product receives any Ethernet frame from the supplicant, it queries the RADIUS server with the supplicant’s MAC address as the user name and password.

EAP-MD5 is used as the authentication mode between this product and the RADIUS server.

When authentication succeeds, the supplicant’s MAC address is registered in the FDB, allowing the supplicant to access the network.

If authentication fails, the supplicant is denied network access.

(Even without authentication, it is possible to allow access to a specific VLAN if a guest VLAN has been specified.)

The supplicant’s MAC address must be registered as the user name and password in the RADIUS server, in one of the following formats.

• XX-XX-XX-XX-XX-XX (hyphen delimited)
• XX:XX:XX:XX:XX:XX (colon delimited)
• XXXXXXXXXXXX (not delimited)

This product lets you use the auth-mac auth-user command to change the format of the MAC address query that is made to the RADIUS server.

Specify the appropriate command according to the format of the MAC addresses that are registered in the RADIUS server.

3.3 Web authentication

Web authentication is a function that authenticates a user when a user name and password are entered from the supplicant’s web browser.

HTTP is supported as the communication method between the web browser and the switch.

Because web authentication performs authentication by communicating via HTTP, it is necessary for IP communication between this product and the supplicant to be possible even before authentication.

Either the DHCP server must assign an IP address to the supplicant, or the supplicant must specify an IP address statically.

Web authentication operates only in multi-supplicant mode.

Also, this cannot be used together with a guest VLAN.

The basic procedure for web authentication is shown in the following diagram.

This product queries the RADIUS server using the user name and password that were entered in the supplicant’s web browser.

EAP-MD5 is used as the authentication mode between this product and the RADIUS server.

When authentication succeeds, the supplicant’s MAC address is registered in the FDB, allowing the supplicant to access the network.

If authentication fails, the supplicant is denied network access.

3.3.1 Operations on the supplicant

When the supplicant’s web browser accesses IPv4 TCP port 80, the following authentication screen appears.

To be authenticated, enter a user name and password, and click the [Login] button.

The supplicant’s MAC address is registered in the FDB, allowing the supplicant to access the network.

If authentication fails three times in succession, authentication is temporarily restricted.

3.3.2 Customizing the authentication screen

The displayed content on the Web authentication screen (the edited HTML, CSS and image files) can be copied to this product, and the following parts can be customized.
Note that we cannot provide support for how to code in HTML/CSS or what formatting to use, or for any troubles that may occur due to modifications to the code.

1. Header
   The header section includes the “header.html” and “style.css” files. Edit these files and copy them to this product in order to customize them.
2. Image file
   Copy the image provided to this product in order to modify it.
3. Input form
   The display style used for the input form is defined in the “style.css” file. Although the text cannot be changed, you can edit the “style.css” file and copy it to this product in order to change the input form’s design.
4. Footer
   The footer section includes the “footer.html” and “style.css” files. Edit these files and copy them to this product in order to customize them.

The following explains how to modify the Web authentication screen.

3.3.2.1 Preparing the authentication screen customization files

The following files are used to customize the Web authentication screen.

• header.html
• footer.html
• logo.png
• style.css

Use the Web browser to access the “header.html”, “footer.html” and “style.css” files from the switch.

For example if the IP address of the switch is 192.168.100.240, you can use the following URL to access the file from a PC connected to a port on which Web authentication is enabled, and then use the browser’s “Save as” command to save the file on the PC.

• http://192.168.100.240/web-auth/header.html
• http://192.168.100.240/web-auth/footer.html
• http://192.168.100.240/web-auth/style.css

When saving, specify the extension as “.css” and specify the character encoding as “UTF-8.”

For the image file logo.png, prepare a desired image file on the PC, and save it with the file name logo.png.

The maximum file size is 1 MB.

3.3.2.2 Editing the authentication screen customization files

Edit the above-mentioned HTML and CSS files as appropriate on your PC.

You are free to edit each file in accordance with HTML and CSS specifications, but please note the following points.

• The only image file that can be referenced from the “header.html” and “footer.html” files is “logo.png”.
• The extension of the CSS file must be “.html” or “.css” and the character encoding must be consistent with UTF-8.

3.3.2.3 Placing the authentication screen customization files

When you have prepared the files, place them in /model name/startup-config/web-auth/ on the SD card.

After placing the files, use the copy auth-web custom-file command or the copy startup-config command to copy the authentication screen customization files to the switch.

If the following files exist in the folder hierarchy in which the currently-running CONFIG is saved, they are used to generate the Web authentication screen.

You can determine the currently-running CONFIG number by using the show environment command. Even if the switch started up using the CONFIG on the SD card, you can customize the Web authentication screen by placing these files in /model name/startup-config/web-auth/ on the SD card.

• header.html

  This is used as the header section referenced from the authentication screen. If this file does not exist, the original “header.html” is used.

• footer.html

  This is used as the footer section referenced from the authentication screen. If this file does not exist, the original “footer.html” is used.

• logo.png

  This is used as the logo in the upper left of the authentication screen. If this file does not exist, the original Yamaha logo is shown.

• style.css

  This is used as the “style.css” referenced from the authentication screen. If this file does not exist, the original style.css is used.

When you have finished placing the edited files, check the display by using your browser to access the Web authentication screen.

If you need to make additional changes, edit the files on your PC, and transfer them again.

3.3.2.4 Canceling customization

If you decide to cancel customization of the authentication screen, delete the customization files from the folder in which the currently-running CONFIG is saved. You will revert to the original authentication screen.

To delete the files, you can use the erase auth-web custom-file command or the erase startup-config command.

However, since the erase startup-config command also deletes files such as config.txt, you should first copy files such as config.txt to an SD card etc. as a backup.

3.4 Using multiple authentication functions

This screen lets you use IEEE802.1X authentication, MAC authentication, and Web authentication together on the same port.

When multiple methods are used together, IEEE 802.1X authentication takes priority.

Web authentication can be attempted at any time as long as another of the multiple authentication methods is not currently communicating with the RADIUS server.

If multiple authentication methods are being used simultaneously, operation is as follows.

• Procedure if the supplicant supports IEEE 802.1X authentication
• Procedure if the supplicant does not support IEEE 802.1X authentication

note

• If authentication succeeds with any one of the methods, authentication has succeeded.
• If the reauthentication setting is enabled, then reauthentication is performed using the method with which authentication succeeded.
• If multiple authentication methods are being used simultaneously, the forwarding control setting of an unauthenticated port will be to discard reception.
• If EAPOL start is received from an unauthenticated supplicant, operation will transition to IEEE 802.1X authentication even if authentication operation is already in progress using MAC authentication or Web authentication.
• If 802.1X authentication and MAC authentication are being used simultaneously, the authentication restriction interval does not start even if 802.1X authentication fails.
• If 802.1X authentication and MAC authentication are being used simultaneously, and any Ethernet frame is received from the supplicant, this product transmits an EAP Request.
• If Web authentication is also being used, unauthenticated supplicants are registered in FDB as static/discard.

3.5 Host mode

This product lets you select the host mode for the port authentication function.

Host mode indicates how an applicable supplicant’s communication will be permitted on the authentication port.

This product lets you choose from the following host modes.

• Single host mode

  This mode permits communication for only one supplicant for each LAN/SFP port.

  Communication is permitted only for the first supplicant that successfully authenticates.

• Multi-host mode

  This mode permits communication for multiple supplicants for each LAN/SFP port.

  When a supplicant successfully authenticates and communication is permitted, another supplicant that is connected to the same LAN/SFP port and that successfully authenticates is also permitted to communicate on the same VLAN.

• Multi-supplicant

  This mode permits communication for multiple supplicants for each LAN/SFP port.

  Each supplicant is distinguished by its MAC address, permitting communication in units of supplicants.

  When using dynamic VLAN functions, you can specify the VLAN for each supplicant.

3.5 Authentication VLAN

This product supports authentication VLAN with IEEE802.1X, MAC and Web authentication.

An authentication VLAN is a function that changes the authentication port’s associated VLAN according to the VLAN attributes of authentication data received from the RADIUS server.

As shown in the illustration above, if a port’s associated VLAN is 1, and the received authentication data has a VLAN attribute of 10, then following successful authentication, the authentication port’s associated VLAN is 10, and communication on VLAN 10 is permitted.

For the RADIUS server, make settings so that the authentication information sent from the server includes the following attribute values.

• Tunnel-Type = VLAN (13)
• Tunnel-Medium-Type = IEEE-802 (6)
• Tunnel-Private-Group-ID = VLAN ID

If an authentication VLAN is used, operation in the various host modes will be as follows.

• Single host mode

  The authentication port’s associated VLAN is changed according to the VLAN attribute value of the supplicant that successfully authenticates.

• Multi-host mode

  The authentication port’s associated VLAN is changed according to the VLAN attribute value of the supplicant that successfully authenticates.

  Other supplicants that are connected to the same port are also permitted to communicate on the same VLAN.

• Multi-supplicant mode

  The authentication port’s associated VLAN is changed according to the VLAN attribute value of the supplicant that successfully authenticates.

  You can specify the VLAN for each supplicant.

3.6 VLAN for unauthenticated or failed-authentication ports

This product’s IEEE 802.1X authentication and MAC authentication allows you to specify a guest VLAN so that unauthenticated ports or ports that failed authentication will be assigned to a specific VLAN.

In multi-supplicant mode, you can specify this for each supplicant.

This is useful when you want to provide partial functionality on a limited network even to a supplicant that has not succeeded in authenticating, as shown in the illustration above.

3.7 EAP pass-through function

You can switch between enable and disable for EAP pass-through and configure whether EAPOL frames are to be forwarded.

The authentication function will be prioritized for interfaces on which the 802.1X authentication function is enabled, and EAP pass-through will not be applied.

3.8 Attribute values sent to the RADIUS server

The NAS-Identifier attribute value can be notified to the RADIUS server.

The character string set with the auth radius attribute nas-identifier command is sent to the RADIUS server as the NAS-Identifier attribute value.

4 Related Commands

The related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Set IEEE 802.1X authentication

Make settings so that IEEE 802.1X authentication can be used.

• We will use LAN port #1 as the authentication port to which the supplicant is connected.
• We will set the host mode to multi-supplicant mode.
• We will use VLAN #10 as the guest LAN.
• We will use 192.168.100.101 as the IP address of the RADIUS server that is connected.

1. Define VLAN #10 as the guest VLAN.

   Yamaha(config)#vlan database
   Yamaha(config-vlan)#vlan 10               ... (VLAN #10 definition)
   Yamaha(config-vlan)#exit

2. Enable the IEEE 802.1X authentication function for the entire system.

   Yamaha(config)#aaa authentication dot1x

3. Set IEEE 802.1X authentication for LAN port #1.

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#dot1x port-control auto          ... (Set IEEE 802.1X authentication operating mode to auto)
   Yamaha(config-if)#auth host-mode multi-supplicant  ... (Set host mode to multi-supplicant mode)
   Yamaha(config-if)#auth guest-vlan 10               ... (Set guest VLAN as VLAN #10)
   Yamaha(config-if)#exit

4. Set RADIUS server settings.

   Yamaha(config)#radius-server host 192.168.100.101 key test1
                        (Set host as 192.168.100.101 and shared password as “test1”)

5. Check RADIUS server settings.

   Yamaha#show radius-server
   Server Host : 192.168.100.101
     Authentication Port : 1812
     Secret Key          : test1
     Timeout             : 5 sec
     Retransmit Count    : 3
     Deadtime            : 0 min

6. Check port authentication settings.

   Yamaha#show auth status
   [System information]
     802.1X Port-Based Authentication : Enabled
     MAC-Based Authentication         : Disabled
     WEB-Based Authentication         : Disabled
   
     Clear-state time : Not configured
   
     Redirect URL :
       Not configured
   
     RADIUS server address :
       192.168.100.101 (port:1812)
   
   [Interface information]
     Interface port1.1 (up)
       802.1X Authentication   : Force Authorized (configured:auto)
       MAC Authentication      : Disabled (configured:disable)
       WEB Authentication      : Enabled (configured:disable)
       Host mode               : Multi-supplicant
       Dynamic VLAN creation   : Disabled
       Guest VLAN              : Enabled (VLAN ID:10)
       Reauthentication        : Disabled
       Reauthentication period : 3600 sec
       MAX request             : 2 times
       Supplicant timeout      : 30 sec
       Server timeout          : 30 sec
       Quiet period            : 60 sec
       Controlled directions   : In (configured:both)
       Protocol version        : 2
       Clear-state time        : Not configured

5.2 Set MAC authentication

Make settings so that MAC authentication can be used.

• We will use LAN port #1 as the authentication port to which the supplicant is connected.
• We will set the host mode to multi-supplicant mode.
• We will use 192.168.100.101 as the IP address of the RADIUS server that is connected.

1. Enable the MAC authentication function for the entire system.

   Yamaha(config)#aaa authentication auth-mac

2. Set MAC authentication for LAN port #1.

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#auth-mac enable                  ... (Enable MAC authentication)
   Yamaha(config-if)#auth host-mode multi-supplicant  ... (Set host mode to multi-supplicant mode)
   Yamaha(config-if)#exit

3. Set RADIUS server settings.

   Yamaha(config)#radius-server host 192.168.100.101 key test1
                        (Set host as 192.168.100.101 and shared password as “test1”)

4. Check RADIUS server settings.

   Yamaha#show radius-server
   Server Host : 192.168.100.101
     Authentication Port : 1812
     Secret Key          : test1
     Timeout             : 5 sec
     Retransmit Count    : 3
     Deadtime            : 0 min

5. Check port authentication settings.

   Yamaha#show auth status
   [System information]
     802.1X Port-Based Authentication : Disabled
     MAC-Based Authentication         : Enabled
     WEB-Based Authentication         : Disabled
   
     Clear-state time : Not configured
   
     Redirect URL :
       Not configured
   
     RADIUS server address :
       192.168.100.101 (port:1812)
   
   [Interface information]
     Interface port1.1 (up)
       802.1X Authentication   : Force Authorized (configured:-)
       MAC Authentication      : Enabled (configured:enable)
       WEB Authentication      : Disabled (configured:disable)
       Host mode               : Multi-supplicant
       Dynamic VLAN creation   : Disabled
       Guest VLAN              : Disabled
       Reauthentication        : Disabled
       Reauthentication period : 3600 sec
       MAX request             : 2 times
       Supplicant timeout      : 30 sec
       Server timeout          : 30 sec
       Quiet period            : 60 sec
       Controlled directions   : In (configured:both)
       Protocol version        : 2
       Clear-state time        : Not configured
       Authentication status   : Unauthorized

5.3 Set Web authentication

Make settings so that Web authentication can be used.

• We will use LAN port #1 as the authentication port to which the supplicant is connected.
• We will assume that 192.168.100.10 the IP address of the supplicant.
• We will use 192.168.100.101 as the IP address of the RADIUS server that is connected.

1. Assign an IP address to the authenticator for IP communication.

   Yamaha(config)#interface valn1
   Yamaha(config-if)#ip address 192.168.100.240/24
   Yamaha(config-if)#exit

2. Enable the Web authentication function for the entire system.

   Yamaha(config)#aaa authentication auth-web

3. Set Web authentication for LAN port #1.

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#auth host-mode multi-supplicant     ... (Set host mode to multi-supplicant mode)
   Yamaha(config-if)#auth-web enable                     ... (Enable web authentication)
   Yamaha(config-if)#exit

4. Set RADIUS server settings.

   Yamaha(config)#radius-server host 192.168.100.101 key test1
                        (Set host as 192.168.100.101 and shared password as “test1”)

5. Check RADIUS server settings.

   Yamaha#show radius-server
   Server Host : 192.168.100.101
     Authentication Port : 1812
     Secret Key          : test1
     Timeout             : 5 sec
     Retransmit Count    : 3
     Deadtime            : 0 min

6. Check port authentication settings.

   Yamaha#show auth status
   [System information]
     802.1X Port-Based Authentication : Disabled
     MAC-Based Authentication         : Disabled
     WEB-Based Authentication         : Enabled
   
     Clear-state time : Not configured
   
     Redirect URL :
       Not configured
   
     RADIUS server address :
       192.168.100.101 (port:1812)
   
   [Interface information]
     Interface port1.1 (up)
       802.1X Authentication   : Force Authorized (configured:-)
       MAC Authentication      : Disabled (configured:disable)
       WEB Authentication      : Enabled (configured:enable)
       Host mode               : Multi-supplicant
       Dynamic VLAN creation   : Disabled
       Guest VLAN              : Disabled
       Reauthentication        : Disabled
       Reauthentication period : 3600 sec
       MAX request             : 2 times
       Supplicant timeout      : 30 sec
       Server timeout          : 30 sec
       Quiet period            : 60 sec
       Controlled directions   : In (configured:both)
       Protocol version        : 2
       Clear-state time        : Not configured

6 Points of Caution

Using dynamic VLAN in multi-supplicant mode will consume internal resources.

These resources are also used by the ACL and QoS functions. There may not be enough resources according to the settings.

Use caution, since communications may not be possible if there are not enough resources, even though authentication might succeed.

7 Related Documentation

None

Port security functions

1 Function Overview

Port security is a function that limits communication to only permitted terminals, preventing access from illegal terminals.

2 Definition of Terms Used

None

3 Function Details

For ports on which the port security function is enabled, you can pre-register the MAC address of a terminal for which you want to permit communication, thereby allowing communication only for permitted terminals.

Conversely, if there is access from a terminal that is not registered (an illegal terminal), this is considered illegal access, and the packets are discarded.

Depending on the settings, the corresponding port can also be shut down.

The port security function cannot be used simultaneously with the port authentication function.

3.1 Limiting the terminals that can access

By enabling the port security function, and using the port-security mac-address command to register the MAC addresses of only the terminals for which you want to allow communication, you can limit the terminals that are allowed access.

4 Related Commands

The related commands are shown below.

For details on the commands, refer to the Command Reference.

List of related commands

5 Examples of Command Execution

5.1 Limiting the terminals that can access

Manually specify the MAC address so that only the permitted terminal can communicate.

1. Enable port security on LAN port #1.

   Yamaha(config)#interface port1.1
   Yamaha(config-if)#port-security enable

2. Register the MAC address that you want to permit.

   Yamaha(config)#port-security mac-address 00A0.DE00.0001 forward port1.1 vlan 1
   Yamaha(config)#port-security mac-address 00A0.DE00.0002 forward port1.1 vlan 1

3. Check the port security status.

   Yamaha#show port-security status
    Port      Security  Action     Status    Last violation
    --------- --------- ---------- --------- ---------------------
    port1.1   Enabled   Discard    Normal    00A0.DE00.0003
    port1.2   Disabled  Discard    Normal
    port1.3   Disabled  Discard    Normal
    port1.4   Disabled  Discard    Normal
    port1.5   Disabled  Discard    Normal
    port1.6   Disabled  Discard    Normal
    port1.7   Disabled  Discard    Normal
    port1.8   Disabled  Discard    Normal
    port1.9   Disabled  Discard    Normal
    port1.10  Disabled  Discard    Normal

6 Points of Caution

• Use the no shutdown command to recover the port that has shut down due to illegal access.

  The status of the show port-security status command will not return to normal until the port links up. (The status will remain in shutdown state.)

• If the wrong port is specified with the port-security mac-address command, traffic and violation frames will not be correctly detected.

7 Related Documentation

None

Layer 2 functions

• Forwarding database
• VLAN
• Multiple VLAN
• Spanning tree
• Proprietary loop detection

Forwarding database

1 Function Overview

The Forwarding Database (subsequently referred to as the FDB) manages the combination of destination MAC addresses, transmission ports, and VLANs.

This product uses the FDB to determine the forwarding destination port for the received frames.

1. Enable/disable acquisition function
2. Timeout adjustment for FDB entries acquired
3. Timeout clear for FDB entries acquired
4. Manual registration of FDB entries (static entries)

2 Definition of Terms Used

FDB

Abbreviation of “Forwarding Database.”

This database manages the combination of destination MAC address, transmission port, and VLAN.

FDB entry

This is data registered in the FDB, and consists of multiple elements.

3 Function Details

3.1 FDB entry

On this product, the contents listed in the table below are registered as a single entry in the FDB.

3.1.1 MAC address

This is one of the FDB key items; the VLAN-ID and MAC address are combined to become the record key.

Operation differs depending on whether the MAC address is unicast or multicast.

• Unicast

  Since the forwarding destination interface ID must be uniquely determined for a given record key, duplication is not allowed.

  (Multiple combinations of the same VLAN-ID and MAC address do not exist.)

• Multicast

  Multiple forwarding destination interface IDs may exist for a given key record.

  In this case, frames are sent to multiple forwarding destination interface IDs.

Up to 16,384 addresses (described later*) can be registered on this product, including entries registered via automatic acquisition and manual registration.

The MAC addresses of all received frames can be acquired, and the source MAC address is acquired and registered in the FDB.

(However, if the transmission source MAC address is multicast, this is considered an invalid frame and is discarded without being registered.)

Automatically acquired MAC address information is maintained until the ageing timeout.

If multiple multicast MAC addresses are specified, all are considered as one in this case.

VLAN  port    mac             fwd      type    timeout
   1  port1.1 0100.0000.1000  forward  static       0
   1  port1.2 0100.0000.1000  forward  static       0
   1  port1.3 0100.0000.1000  forward  static       0
   1  port1.4 0100.0000.1000  forward  static       0
   1  port1.5 0100.0000.1000  forward  static       0
   1  port1.6 0100.0000.1000  forward  static       0

3.1.2 VLAN-ID

MAC address acquisition is done per VLAN, and the MAC address and VLAN are managed in the FBD as a pair.

For different VLANs, identical MAC addresses are also acquired.

3.1.3 Forwarding destination interface ID

The following IDs are registered.

• LAN/SFP port (port)
• Static/LACP logical interface (sa,po)

3.1.4 Action

This defines the action for a received frame that matches a key record.

If the MAC address is unicast, the actions are as follows.

• forward ... Forward to the forwarding destination interface ID.
• discard ... Discard without forwarding.

If the MAC address is multicast, the actions are as follows.

• forward ... Forward to the forwarding destination interface ID.
• discard ... Cannot be specified.

  (The discard setting cannot be made if the MAC address is multicast.)

3.1.5 Registration types

• dynamic ... Registered and deleted automatically. The registration result does not remain in the config settings file.
• static ... Registered and deleted manually, and therefore remains in the config settings file.
• multicast ... Automatically registered and deleted by the IGMP/MLD snooping function. The registration result does not remain in the config settings file.

3.2 Automatic MAC address acquisition

Automatic MAC address acquisition refers to the active creation of FBD entries based on the information for the source MAC address of the received frame, and the reception port.

Entries registered through automatic acquisition are called “dynamic entries”.

A timer (ageing time) is used to monitor individual entries.

Entries for MAC addresses that have not received frames within a certain amount of time will be deleted from the FDB (see below*).

This prevents invalid device entries from being left over in the FDB due to power shutoff, being moved and so on.

If a frame is received within the specified amount of time, the monitoring timer will be reset.

The control specifications for automatic acquisition are shown below.

1. Automatic MAC address acquisition can be enabled or disabled using the mac-address-table learning command. The setting is enabled by default.
2. If automatic acquisition is changed from enabled to disabled, all dynamic entries that have been learned will be deleted. The acquisition function “disable” setting is useful when you want to flood all ports with all received frames.
3. The ageing time for dynamic entries can be adjusted by specifying a value from 10–400 seconds, using the mac-address-table ageing-time command. This value is set to 300 seconds by default.
4. Clear the dynamic entries that have been acquired by using the clear mac-address-table dynamic command. The entire contents of the FDB can be cleared at once; or a VLAN number can be specified and all MAC addresses acquired by that VLAN can be cleared from the FDB. Specifying the port number will clear all MAC addresses from the FDB that were acquired from that port.
5. Use the show mac-address-table command to check the automatic acquisition status.

* The time after which an FDB entry is actually deleted from the FDB by the timer (ageing time) is as follows.

• With the ageing time as “T,” it is the time from “T” seconds that does not exceed 2*T seconds.

3.3 Setting MAC addresses manually

In addition to automatic acquisition using received frames, MAC addresses can be set on this product by using user commands.

Entries that have been registered by using commands are called “static entries”.

The specifications for manual settings are shown below.

1. Use the mac-address-table static command to register static entries.
2. When registering static entries, dynamic acquisition will not be performed on the corresponding MAC addresses.

   Entries that have already been acquired will be deleted from the FDB, and will be registered as static entries.

3. Use the no mac-address-table static command to delete static entries.
4. Either “forward” or “discard” can be specified for the destination MAC address of a received frame.
   • When forwarding is specified, either the LAN/SFP port forwarding destination or the static/LACP logical interface can be specified.
   • When discarding is specified, frames received by the MAC address will not be forwarded to any port, and will be discarded.
5. If registering a multicast MAC address, you cannot specify “discard.”

   Also, MAC addresses in the following ranges cannot be registered.

   • 0000.0000.0000
   • 0100.5e00.0000–0100.5eff.ffff
   • 0180.c200.0000–0180.c200.000f
   • 0180.c200.0020–0180.c200.002f
   • 3333.0000.0000–3333.ffff.ffff
   • ffff.ffff.ffff

4 Related Commands

4.1 List of related commands

5 Examples of Command Execution

5.1 Referring to the FDB

Yamaha#show mac-address-table
VLAN  port     mac             fwd      type     timeout
   1  port1.2  00a0.de11.2233  forward  static        0
   1  port1.1  1803.731e.8c2b  forward  dynamic     300
   1  port1.1  782b.cbcb.218d  forward  dynamic     300

5.2 Deleting a dynamic entry

Deleting an FDB entry registered in the FBD (MAC address 00:a0:de:11:22:33)

Yamaha#clear mac-address-table dynamic address 00a0.de11.2233

5.3 Changing the dynamic entry ageing time

This example shows how to change the dynamic entry ageing time to 400 seconds.

Yamaha(config)#mac-address-table ageing-time 400

5.4 Registering a static entry

This example shows how frames addressed to a device associated with VLAN #10 (MAC address 00:a0:de:11:22:33) can be forwarded to LAN port 2 (port1.2).

Yamaha(config)#mac-address-table static 00a0.de11.2233 forward port1.2 vlan 10

This example shows how to discard the frames sent to a device associated with VLAN #10 (MAC address 00:a0:de:11:22:33).

Specifying the interface name (“port1.2” in the example) will have no effect on operations. Since this cannot be omitted, specify the LAN/SFP port.

Yamaha(config)#mac-address-table static 00a0.de11.2233 discard port1.2 vlan 10

5.5 Deleting a static entry

This example shows how to delete the forwarding settings sent to a device associated with VLAN #10 (MAC address 00:a0:de:11:22:33).

Yamaha(config)#no mac-address-table static 00a0.de11.2233 forward port1.2 vlan 10

6 Points of Caution

If the l2-unknown-mcast command is configured to discard unknown multicast frames, using the mac-address-table static command to passively forward a multicast MAC address will have no effect when registered.

7 Related Documentation

None

VLAN

1 Function Overview

VLAN (Virtual LAN) is technology that allows a LAN to be constructed virtually, without regard to the physical structure of connections.

This product lets you use VLANs to divide the LAN into multiple broadcast domains.

The VLANs that are supported by this product are shown below.

Supported VLAN types

2 Definition of Terms Used

Broadcast domain

This is a range in which broadcast frames can be delivered in a network, such as an Ethernet.

Devices that are connected by relaying a data link layer (MAC layer), such as switching hubs, can belong to the same broadcast domain.

A broadcast domain generally refers to the network in an Ethernet.

3 Function Details

3.1 Defining a VLAN ID

On product, a maximum of 255 VLANs can be defined, with VLAN IDs ranging from 2–4094. (ID #1 is used as the default VLAN ID.)

VLAN IDs are defined using the vlancommand, after the vlan database command is used to enter VLAN mode.

For details, refer to the Command Reference.

3.2 VLAN settings for the LAN/SFP ports

The following settings must be configured after defining the VLANs to use, in order to make use of VLAN on this product.

• LAN/SFP port mode settings
• VLAN associations for LAN/SFP ports

1. The LAN/SFP ports on this product are set to one of the following modes.
   • Access port

     This is a port that handles untagged frames. It can be associated with one VLAN.

   • Trunk port

     This is a port that handles both tagged and untagged frames.

     It can be associated with multiple VLANs, and is mainly used to connect switches to one another.

     This product only supports IEEE 802.1Q. (Cisco ISL is not supported.)

2. Use the switchport mode command to set the LAN/SFP port mode.

   When setting the trunk port, use the input filter (“ingress-filter”) to control whether frames not belonging to the specified VLAN ID will be handled.

   • Input filter enabled: only frames set to the specified VLAN ID will be handled.
   • Input filter disabled: all VLAN IDs will be handled.
3. Use the show interface switchport command to check the LAN/SFP port setting mode.
4. Use the switchport access vlan command to set which VLANs belong to the access port.
5. Use the switchport trunk allowed vlan command to set which VLANs belong to the trunk port.

   As the trunk port can be associated with multiple VLANs, use the “all”, “none”, “except”, “add” and “remove” settings as shown below.

   • add

     Adds the specified VLAN ID.

     VLAN IDs that can be added are limited by the IDs that are defined by the VLAN mode.

   • remove

     Deletes the specified VLAN ID.

   • all

     Adds all VLAN IDs specified by the VLAN mode.

     The VLAN IDs added by the VLAN mode can also be added after this command is executed.

   • none

     The trunk port will not be associated with any VLAN.

   • except

     Adds all other VLAN IDs except for the ones specified.

     The VLAN IDs added by the VLAN mode can also be added after this command is executed.

6. A VLAN that uses untagged frames (native VLAN) can be specified for the trunk port.
7. Tagged audio frames can be transferred by specifying a voice VLAN for an access port.
8. Use the show vlan command to check which VLANs belong to a LAN/SFP port.

3.3 VLAN access control

This product provides an VLAN access map function, to control access to the VLAN.

The VLAN access map can be associated with a standard/extended IP access control list and a MAC address control list as VLAN ID filtering parameters.

The VLAN access map is operated using the commands shown below.

• Create VLAN access map: vlan access-map command
• Set VLAN access map parameters: match access-list command
• Assign VLAN access map: vlan filter command
• Show VLAN access map: show vlan access-map command

3.4 Default VLAN

The default VLAN is VLAN #1 (vlan1), which exists in this switch by default.

As the default VLAN is a special VLAN, it always exists and cannot be deleted.

The following operations can be used to automatically delete the relevant port from the default VLAN.

• Setting the VLAN for an access port
• Setting any VLAN other than the default as the native VLAN for the trunk port
• Setting the native VLAN for the trunk port to “none”

3.5 Native VLAN

A native VLAN is a VLAN that associates untagged frames received by the LAN/SFP port that was set as a trunk port.

Defining an LAN/SFP port as a trunk port will set the default VLAN (VLAN #1) as the native VLAN.

Use the switchport trunk native vlan command when specifying a certain VLAN as the native VLAN.

The native LAN can be set to none, when setting the relevant LAN/SFP port to not handle untagged frames. (Specify “none” in the switchport trunk native vlan command.)

3.6 Private VLAN

This product can configure a private VLAN for further dividing up groups that can communicate within the same subnet. The operating specifications are shown below.

1. A private VLAN contains the following three VLAN types.
   • Primary VLAN

     This is the parent VLAN of the secondary VLAN.

     Only one primary VLAN can be set per private VLAN.

   • Isolated VLAN

     This is a kind of secondary VLAN, which only sends traffic to a primary VLAN.

     Only one primary VLAN can be set per private VLAN.

   • Community VLAN

     This is a kind of secondary VLAN, which only sends traffic to VLANs in the same community and to a primary VLAN.

     Multiple community VLANs can be set for each private VLAN.

2. A primary VLAN may contain multiple promiscuous ports.

   Access ports, trunk ports, or static/LACP logical interfaces are the ports that can be used as promiscuous ports.

3. Only access ports can be used as host ports for a secondary VLAN (isolated VLAN, community VLAN).
4. A secondary VLAN (isolated VLAN, community VLAN) can be associated with one primary VLAN.

   Use the switchport private-vlan mapping command to create the association.

   • An isolated VLAN can be associated with multiple promiscuous ports contained within a private VLAN.
   • A community VLAN can be associated with multiple promiscuous ports contained within a private VLAN.

3.7 Voice VLAN

Voice VLAN is a function that can prevent audio from being adversely affected even when IP phone voice traffic is mixed with PC data traffic.

Some IP phones have two ports: a port for connection to the switch and a port for connection to the PC.

By connecting the switch to the IP phone, and the IP phone to the PC, it is possible to use one port of the switch to handle the IP phone audio traffic and the PC’s data traffic.

Using the voice VLAN function in this type of configuration allows the audio data and the PC data to be separated so that noise is less likely to occur on the IP phone, or to handle the audio data with a higher priority.

Voice VLAN settings are made by the switchport voice vlan command.

Set one of the following to be handled as voice traffic.

• Frames with the 802.1p tag
• Priority tag frames (802.1p tags with a VLAN ID of 0 and only the CoS value specified)
• Untagged frames

When tagged frames are handled as voice traffic, untagged frames are handled as data traffic.

By using LLDP, this product can automatically apply settings to a connected IP telephone.

The conditions for making automatic settings are as follows.

• LLDP-MED TLV transmission is enabled on the port for which voice VLAN is enabled.
• The connected IP phone supports settings via LLDP-MED.

If the above conditions are satisfied, and when an IP phone is connected to the corresponding port, voice VLAN information (tagged/untagged, VLAN ID, the CoS value to be used, DSCP value) are notified according to the Network Policy TLV of LLDP-MED when an IP phone is connected to the corresponding port.

The IP phone will transmit voice data according to the information that was provided to it from this unit.

The CoS value specified for the IP phone is set by the switchport voice cos command, and the DSCP value is set by the switchport voice dscp command.

In order to give priority to handling voice traffic, QoS settings (enable QoS, set trust mode) are also required.

The limitations of voice VLAN are as follows.

• It can be used only on a physical interface port that is assigned as an access port.

  It cannot be used on a link aggregation logical interface or on a VLAN logical interface.

• The voice VLAN function and the port authentication function cannot be used together.

4 Related Commands

4.1 List of related commands

• The related commands are shown below.

  Operations	Operating commands
  Enter VLAN mode	vlan database
  Define VLAN interface, or change a predefined VLAN	vlan
  Define a private VLAN	private-vlan
  Set the secondary VLAN for a private VLAN	private-vlan association
  Create VLAN access map	vlan access-map
  Set VLAN access map parameters	match
  Assign VLAN access map to VLAN	vlan filter
  Set access port (untagged port)	switchport mode access
  Set associated VLAN of an access port (untagged port)	switchport access vlan
  Set trunk port (tagged port)	switchport mode trunk
  Set associated VLAN for trunk port (tagged port)	switchport trunk allowed vlan
  Set native VLAN for trunk port (tagged port)	switchport trunk native vlan
  Set ports for private VLAN (promiscuous port, host port)	switchport mode private-vlan
  Configure VLAN for private VLAN port and host port	switchport private-vlan host-association
  Configure VLAN for private VLAN port and promiscuous port	switchport private-vlan mapping
  Configure voice VLAN	switchport voice vlan
  Set CoS value for voice VLAN	switchport voice cos
  Set DSCP value for voice VLAN	switchport voice dscp
  Show VLAN information	show vlan
  Show private VLAN information	show vlan private-vlan
  Show VLAN access map	show vlan access-map
  Show VLAN access map filter	show vlan filter

5 Examples of Command Execution

5.1 Port-based VLAN settings

In this example, a port-based VLAN is configured for this product in order to allow communication between hosts A–B and hosts C–D.

Port VLAN setting example

The LAN port settings for this product are as follows.

• Set LAN ports #1/#2 as access ports, and associate them with VLAN #1000.
• Set LAN ports #3/#4 as access ports, and associate them with VLAN #2000.

1. Switch to VLAN mode using the vlan database command, and define two VLANs using the vlan command.

   Yamaha(config)# vlan database … (Transition to VLAN mode)
   Yamaha(config-vlan)# vlan 1000 … (Create VLAN #1000)
   Yamaha(config-vlan)# vlan 2000 … (Create VLAN #2000)
   Yamaha(config-if)# exit

2. Set LAN ports #1–2 as access ports, and associate them with VLAN #1000.

   Yamaha(config)# interface port1.1-2 … (Transition to interface mode)
   Yamaha(config-if)# switchport mode access … (Set as access port)
   Yamaha(config-if)# switchport access vlan 1000 … (Specify VLAN ID)
   Yamaha(config-if)# exit

3. Set LAN ports #3–4 as access ports, and associate them with VLAN #2000.

   Yamaha(config)# interface port1.3-4
   Yamaha(config-if)# switchport mode access
   Yamaha(config-if)# switchport access vlan 2000
   Yamaha(config-if)# exit

4. Confirm the VLAN settings.

   Yamaha#show vlan brief
   (u)-Untagged, (t)-Tagged
   VLAN ID  Name            State   Member ports
   ======= ================ ======= ===============================
   1       default          ACTIVE  port1.5(u) port1.6(u)
                                    port1.7(u) port1.8(u)
   1000    VLAN1000         ACTIVE  port1.1(u) port1.2(u)
   2000    VLAN2000         ACTIVE  port1.3(u) port1.4(u)
   

5.2 Tagged VLAN settings

In this example, a tagged VLAN is configured between #A and #B of this product, in order to communicate between hosts A–B and hosts C–D.

Tagged VLAN setting example

The LAN port settings for #A and #B of this product are as follows.

• Set LAN port #1 as an access port, and associate it with VLAN #1000
• Set LAN port #2 as an access port, and associate it with VLAN #2000
• Set LAN port #3 as a trunk port, and associate it with LAN #1000 and VLAN #2000

1. [Switch #A/#B] Define VLAN.

   Yamaha(config)#vlan database … (Transition to VLAN mode)
   Yamaha(config-vlan)#vlan 1000 … (Define VLAN 1000)
   Yamaha(config-vlan)#vlan 2000 … (Define VLAN 2000)

2. [Switch #A/#B] Set LAN port #1 as the access port, and associate it with VLAN #1000.

   Yamaha(config)#interface port1.1 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode access … (Set as access port)
   Yamaha(config-if)#switchport access vlan 1000 … (Associate to VLAN 1000)
   Yamaha(config-if)#exit

3. [Switch #A/#B] Set LAN port #2 as the access port, and associate it with VLAN #2000.

   Yamaha(config)#interface port1.2 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode access … (Set as access port)
   Yamaha(config-if)#switchport access vlan 2000 … (Associate to VLAN 2000)
   Yamaha(config-if)#exit

4. [Switch #B] Set LAN port #3 as a trunk port, and associate it with VLAN #1000/#2000.

   Yamaha(config)#interface port1.3 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode trunk … (Set as trunk port)
   Yamaha(config-if)#switchport trunk allowed vlan add 1000 … (Add VLAN 1000)
   Yamaha(config-if)#switchport trunk allowed vlan add 2000 … (Add VLAN 2000)
   Yamaha(config-if)#exit

5. Confirm the VLAN settings.

   Yamaha#show vlan brief
   (u)-Untagged, (t)-Tagged
   
   VLAN ID  Name                            State   Member ports
   ======= ================================ ======= ======================
   1       default                          ACTIVE  port1.3(u)
   1000    VLAN1000                         ACTIVE  port1.1(u) port1.3(t)
   2000    VLAN2000                         ACTIVE  port1.2(u) port1.3(t)

5.3 Private VLAN settings

This example makes private VLAN settings for this product, to achieve the following.

Hosts connected to ports 1–7 will connect to the Internet and other external lines, through the line to which port 8 is connected

Communications between hosts connected to ports 1–4 are blocked (isolated VLAN: VLAN #21)

Communications between hosts connected to ports 5–7 are permitted (community VLAN: VLAN #22)

Communications between hosts connected to ports 1–4 and ports 5–7 are blocked

Private VLAN setting example

1. Define the VLAN ID to be used for the private VLAN.

   Yamaha(config)# vlan database … (Transition to VLAN mode)
   Yamaha(config-vlan)# vlan 2  … (Create VLAN)
   Yamaha(config-vlan)# vlan 21
   Yamaha(config-vlan)# vlan 22
   Yamaha(config-vlan)# private-vlan 2 primary … (Set Primary VLAN)
   Yamaha(config-vlan)# private-vlan 21 isolated … (Set Isolated VLAN)
   Yamaha(config-vlan)# private-vlan 22 community … (Set Community VLAN)
   Yamaha(config-vlan)# private-vlan 2 association add 21 … (Associate with Primary VLAN)
   Yamaha(config-vlan)# private-vlan 2 association add 22
   Yamaha(config-vlan)# exit

2. Configure the isolated VLAN (VLAN #21) for LAN ports 1–4.

   Yamaha(config)#interface port1.1-4 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode access … (Set as access port)
   Yamaha(config-if)#switchport access vlan 21 .. (Associate to VLAN #21)
   Yamaha(config-if)#switchport mode private-vlan host … (Set as private VLAN’s host port)
   Yamaha(config-if)#switchport private-vlan host-association 2 add 21
   Yamaha(config-if)#exit
   

3. Configure the community VLAN (VLAN #22) for LAN ports 5–7.

   Yamaha(config)#interface port1.5-7 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode access … (Set as access port)
   Yamaha(config-if)#switchport access vlan 22 … (Associate to VLAN #22)
   Yamaha(config-if)#switchport mode private-vlan host … (Set as private VLAN’s host port)
   Yamaha(config-if)#switchport private-vlan host-association 2 add 22
   Yamaha(config-if)#exit

4. Configure the primary VLAN (VLAN #2) for LAN port 8. (Promiscuous port)

   Yamaha(config)#interface port1.8 … (Transition to interface mode)
   Yamaha(config-if)#switchport mode access … (Set as access port)
   Yamaha(config-if)#switchport access vlan 2 … (Associate to VLAN #2)
   Yamaha(config-if)#switchport mode private-vlan promiscuous … (Set as private VLAN’s promiscuous port)
   Yamaha(config-if)#switchport private-vlan mapping 2 add 21
   Yamaha(config-if)#switchport private-vlan mapping 2 add 22
   Yamaha(config-if)#exit

5. Confirm the VLAN settings.

   Yamaha#show vlan brief
   (u)-Untagged, (t)-Tagged
   
   VLAN ID  Name                            State   Member ports
   ======= ================================ ======= ======================
   1       default                          ACTIVE
   2       VLAN0002                         ACTIVE  port1.8(u)
   21      VLAN0021                         ACTIVE  port1.1(u) port1.2(u)
                                                    port1.3(u) port1.4(u)
   22      VLAN0022                         ACTIVE  port1.5(u) port1.6(u)
                                                    port1.7(u)
   
   Yamaha#show vlan private-vlan
    PRIMARY        SECONDARY          TYPE          INTERFACES
    -------        ---------       ----------      ----------
          2              21          isolated       port1.1 port1.2
                                                    port1.3 port1.4
          2              22         community       port1.5 port1.6
                                                    port1.7

5.4 Voice VLAN settings

Make voice VLAN settings for this product, and implement the following.

Connect an IP phone to port 1. Connect a PC to the other LAN port of the IP phone.

Using LLDP-MED, make the following settings from this product for the IP phone.

• As voice traffic for the IP phone, transmit and receive 802.1q tagged frames of VLAN #2.
• Untagged frames are transmitted and received as PC data traffic.
• Use a CoS value of 6 when transmitting and receiving voice traffic.

1. Define the VLAN ID used by the voice VLAN.

   
   Yamaha(config)# vlan database … (transition to vlan mode)
   Yamaha(config-vlan)# vlan 2  … (create a VLAN)
   Yamaha(config-vlan)# exit
   

2. Set voice VLAN for LAN port #1.

   
   Yamaha(config)#interface port1.1 … (transition to interface mode)
   Yamaha(config-if)#switchport mode access … (assign as access port)
   Yamaha(config-if)#switchport voice vlan 2 … (set voice traffic as tagged frames of VLAN #2)
   Yamaha(config-if)#switchport voice cos 6 … (set CoS value to 6 for voice traffic)
   Yamaha(config-if)#exit
   
   

3. Set QoS for LAN port #1.

   
   Yamaha(config)#qos enable … (enable QoS)
   Yamaha(config)#interface port1.1 … (transition to interface mode)
   Yamaha(config-if)#qos trust cos ... (set trust mode to CoS)
   Yamaha(config-if)#exit
   

4. Set LLDP-MED transmission and reception for LAN port #1.

   
   Yamaha(config)#interface port1.1 … (transition to interface mode)
   Yamaha(config-if)#lldp-agent ... (create LLDP agent, transition modes)
   Yamaha(lldp-agent)#tlv-select med ... (set LLDP-MED TLV)
   Yamaha(lldp-agent)#set lldp enable txrx ... (set LLDP transmission and reception mode)
   Yamaha(lldp-agent)#exit
   Yamaha(config-if)#exit
   Yamaha(config)#lldp run … (enable LLDP function)
   Yamaha(config)#exit
   

6 Points of Caution

A host port that is associated with a private VLAN cannot be aggregated as a link aggregation logical interface; this limitation is specific to host ports.

7 Related Documentation

• Multiple VLAN

Multiple VLAN

1 Function Overview

On a multiple VLAN, by associating a port with a multiple VLAN group, you can block traffic from ports that do not belong to the same multiple VLAN group.

You can also join a single port to multiple VLAN groups.

By using this function, it is easy to handle requests to block only traffic between terminals, such as the example below.

Example of using multiple VLANs

2 Definition of Terms Used

None

3 Function Details

3.1 Operating Specifications

Use the switchport multiple-vlan group command to configure a multiple VLAN group.

Multiple VLANs can be configured as LAN/SFP ports and link aggregation logical interfaces.

If you wish to configure a multiple VLAN group for a trunk port, this will be applied to all relevant VLANs that belong to the port in question.

The VLAN group settings will also be applied to a multicast frame.

This can be used together with the following functions. Control of traffic enable/disable for these functions is set according to the multiple VLAN settings.

• Port-based VLAN/tagged VLAN/voice VLAN
• Port authentication

A multiple VLAN can contain up to 256 groups.

Use the show vlan multiple-vlan group command to confirm the setting status for the interface of each multiple VLAN group.

3.2 Examples of traffic between multiple VLAN groups

Example of traffic for a multiple VLAN group

When using multiple VLAN group settings (Group #1 through #4) as shown in the diagram above, enabling/disabling traffic between specific ports A/B and the reasons for such as shown in the table below.

Traffic enabled/disabled between specific ports A/B