AT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes Supported Platforms Please read this document before you begin to use the management software. The AT-S63 and AT-S63 NE Version 1.0.0 management software is supported on the AT-9400 Series Layer 2+ Gigabit Ethernet switches. Product Documentation For hardware installation instructions, refer to the following guide: AT-9400 Series Layer 2+ Gigabit Ethernet Switches Installation Guide (PN 613-50569-00) For management instructions, refer to the following guides: AT-S63 Management Software Menus Interface User s Guide (PN 613-50570-00) AT-S63 Management Software Web Browser Interface User s Guide (PN 613-50592-00) AT-S63 Management Software Command Line Interface User s Guide (PN 613-50571-00) All documents are available from the Allied Telesyn web site at www.alliedtelesyn.com. Product Features AT-S63 and AT-S63 NE support the following features: Autonegotiation (IEEE 803.3u-compliant) for speed and duplex mode Auto and manual MDI/MDI-X Flow control (IEEE 802.3x and 802.3z-compliant) HOL blocking prevention Unicast, multicast, and broadcast rate control Port mirroring Port trunking (IEEE 802.3ad) (static link aggregation, non LACP) Port security Port statistics (RMON) PN 613-50645-00 Rev A 1 Allied Telesyn, Inc.
16K total MAC addresses, including 1000 static, 256 static multicast, 255 dynamic multicast MAC addresses Spanning Tree Protocol (IEEE Std 802.1D) Rapid Spanning Tree Protocol (IEEE Std 802.1w) Multiple Spanning Tree Protocol (IEEE Std 802.1s) Virtual LANs (IEEE 802.1Q) Protected ports VLANs Ingress filtering GARP VLAN Registration Protocol (GVRP)-based dynamic VLANs Secure Sockets Layer (SSL) Protocol (not included in AT-S63 NE) Secure Shell (SSH) Protocol (not included in AT-S63 NE) Public Key Infrastructure (PKI) Certificates (not included in AT-S63 NE) Management VLAN Multiple VLAN modes Event log Enhanced stacking (for management) IGMP Snooping (RFC 2236) Class of Service (IEEE 802.1p-compliant) Queuing - map 802.1p to CoS queue to prioritize traffic at egress Strict priority and weighted round robin priority scheduling RRP Snooping File system SNMPv1, SNMPv2c and SNMPv3 management CLI-based configuration file Denial of Service detection 802.1x Port-based Network Access Control RADIUS accounting Console menus, CLI, web, and SNMP interfaces Password protected management access Management access control list Local authentication RADIUS and TACACS+ authentication protocols Xmodem and TFTP downloads and uploads, HTTP and enhanced stacking PN 613-50645-00 Rev A 2 Allied Telesyn, Inc.
Static and dynamic (BOOTP and DHCP clients) IP configuration Static and dynamic (SNTP client) system time configuration Battery supported real-time clock Fan and temperature diagnostics CPU, Flash, and RAM diagnostics Power supply and redundant power supply information Note The software described in this documentation contains certain cryptographic functionality and its export is restricted by U.S. law. As of this writing, it has been submitted for review as a retail encryption item in accordance with the Export Administration Regulations, 15 C.F.R. Part 730-772, promulgated by the U.S. Department of Commerce, and conditionally may be exported in accordance with the pertinent terms of License Exception ENC (described in 15 C.F.R. Part 740.17). In no case may it be exported to Cuba, Iran, Iraq, Libya, North Korea, Sudan, or Syria. If you wish to transfer this software outside the United States or Canada, please contact your local Allied Telesyn sales representative for current information on this product s export status. Operational Notes During the time when you are downloading a new image onto the switch, you cannot use the AT-S63 management software to perform any functions on the switch. Flow control and back pressure are operational among devices connected to ports 1 through 12 or ports 13 through 24. But flow control and back pressure are not operational between devices connected to ports 1 through 12 and 13 through 24. During a file upload or download, management of that switch may be delayed. This includes open HTTP, Telnet, and other connections. There may be some compatibility issues with GVRP and other switches. To work around this situation, change the Join and Leave time from the defaults to: Join Timer = 60 and Leave Timer = 120. Known Issues When both the global and/or per-server secrets do not match the secret on the TACACS+ server, management does not revert back to local authentication when you attempt to authenticate using TACACS+. (2175) The temperature threshold setting is not retained when the switch is rebooted. (2199) An untagged port in the Default VLAN set to the Limited security mode and then switched to a different VLAN as an untagged port while it is passing traffic loses the previously PN 613-50645-00 Rev A 3 Allied Telesyn, Inc.
learned static addresses and they are not relearned. To work around this situation, set the port s security mode to Automatic, move the port to the new VLAN, and then change the security mode back to Limited. (2229) If two untagged ports in the Default VLAN, one with the security mode set to the Limited security mode and one with the security mode set to Automatic, are moved to a different VLAN as untagged ports while they are passing traffic, the forwarding database contains duplicate entries for the port set to Automatic security mode, and no entries for the port set to Limited security mode. To work around this situation, set the security mode on both ports to Automatic, move the ports to the new VLAN, and then change the security mode of the one that was previously set to Limited back to Limited. (2229) When you display the MAC addresses for ports 1-22, the MAC addresses for ports 23 and 24 are also displayed. (1566) When SSL is enabled on a master switch and you attempt to connect to a slave switch using HTTPS, you cannot access the slave switch and lose connection to the master switch if SSL is not enabled on the slave switch. (1915) When a host port on a VLAN is joined to a multicast group and the port s VLAN membership changes, the port continues to belong to the multicast group even though it is no longer a member of the original VLAN. To work around this situation, disable IGMP before you make VLAN changes. (2232) When an authenticator port s DoS configuration is set to Land or Teardrop, a supplicant port cannot be authenticated. (2262) When the mode of a VLAN is changed from User Configured to 802.1Q Multiple VLAN mode while the switch is passing traffic, the MAC addresses belonging to a port set to Limited security mode are not flushed. However, if the port is set to 802.1Q Multiple VLAN mode and then changed to User Configured, the MAC addresses are flushed. (2266) The IP address and UTC offset for an SNTP server cannot be obtained dynamically from a BootP server. (2066) When a static unicast and multicast address is added to a port that belongs to the default VLAN, and then that port is moved to a different VLAN, an error is generated for the multicast address but not for the unicast address when the switch is rebooted. The errors do not affect the functionality. (2182) If an AT-S63 Web browser management session is closed without the user logging out, the switch is not accessible using the AT-S63 management software until the management session times out or you reboot the switch. (2272) The AT-9424 switch supports only one supplicant instance per port. (1343) BootP requests for IP addresses can take up to two minutes to process. (1484) The AtiStkSwPortMirroringConfigInfo - SourceModuleId, AtiStkSwPortMirroringConfigInfo - SourcePortId, and AtiStkSwPortMirroringConfigInfo - DestinationModuleId MIBs are not supported. (1829) PN 613-50645-00 Rev A 4 Allied Telesyn, Inc.
The selections on the Advanced Configuration menu should be numbered 1 and 2, not 1 and 3. (2270) When a DHCP release message is sent, the server identifier field is not included. (2279) PN 613-50645-00 Rev A 5 Allied Telesyn, Inc.
Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base at www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions. Email and Telephone Support For Technical Support via email or telephone, refer to the Support & Services section of the Allied Telesyn web site: www.alliedtelesyn.com. Returning Products Products for return or repair must first be assigned a return materials authorization (RMA) number. A product sent to Allied Telesyn without an RMA number will be returned to the sender at the sender s expense. To obtain an RMA number, contact Allied Telesyn s Technical Support group through our web site: www.alliedtelesyn.com. For Sales or Corporate Information You can contact Allied Telesyn for sales or corporate information on four web site: www.alliedtelesyn.com. To find the contact information for your country, select Contact Us -> Worldwide Contacts. Obtaining Management Software Updates New releases of management software for our managed products are available from either of the following Internet sites: Allied Telesyn web site: www.alliedtelesyn.com Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com If you prefer to download new software from the Allied Telesyn FTP server from your workstation s command prompt, you will need FTP client software and you will be asked to log in to the server. Enter anonymous as the user name and your email address for the password. PN 613-50645-00 Rev A 6 Allied Telesyn, Inc.