manualshive.com logo in svg

Accton Technology VDSL Switch-VS4512, Management Manual, Page: 213 / 334

Share
Download
Accton Technology VDSL Switch-VS4512 Management Manual Download Page 213

Authentication Commands

4-67

port security

This command enables or configures port security. Use the 

no

 form without any 

keywords to disable port security. Use the 

no

 form with the appropriate keyword to 

restore the default settings for a response to security violation or for the maximum 
number of allowed addresses.

Syntax 

port security

 [

action

 {

shutdown

 | 

trap

 | 

trap-and-shutdown

|

max-mac-count

address-count

]

no port security 

[

action

 | 

max-mac-count

]

action

 - Response to take when port security is violated. 

shutdown

 - Disable port only.

trap

 - Issue SNMP trap message only.

trap-and-shutdown

 - Issue SNMP trap message and disable port.

• max-mac-count 

address-count

 - The maximum number of MAC addresses 

that can be learned on a port. (Range: 0 - 20)

Default Setting 

Status: Disabled
Action: None
Maximum Addresses: 0

Command Mode 

Interface Configuration (Ethernet)

Command Usage 

• If you enable port security, the switch will stop dynamically learning new 

addresses on the specified port. Only incoming traffic with source addresses 
already stored in the dynamic or static address table will be accepted. 

• To use port security, first allow the switch to dynamically learn the <source MAC 

address, VLAN> pair for frames received on a port for an initial training period, 
and then enable port security to stop address learning. Be sure you enable the 
learning function long enough to ensure that all valid VLAN members have been 
registered on the selected port.

• To add new VLAN members at a later time, you can manually add secure 

addresses with the 

mac-address-table static

 command, or turn off port 

security to re-enable the learning function long enough for new VLAN members 
to be registered. Learning may then be disabled again, if desired, for security. 

• A secure port has the following restrictions: 
• Cannot use port monitoring. 
• Cannot be a multi-VLAN port. 
• Cannot be connected to a network interconnection device. 
• Cannot be a trunk port. 
• If a port is disabled due to a security violation, it must be manually re-enabled 

using the 

no

 

shutdown

 command.

Summary of Contents for VDSL Switch-VS4512

Page 1: ...VDSL Switch VS4512 VDSL Switch VS4512DC Management Guide...

Page 2: ......

Page 3: ...VDSL lines with 2 Slots for Optional 1000BASE SX 1000BASE LX 1000BASE T or 1000BASE X GBIC uplink modules VDSL Switch VS4512DC VDSL Switch with DC power connector supporting 12 VDSL lines with 2 Slot...

Page 4: ...lle Fructu s Gelabert 6 8 2o 4a 08970 Sant Joan Desp Barcelona Spain Phone 34 93 477 4920 Fax 34 93 477 3774 Copyright 2003 by Accton Technology Corporation All rights reserved No part of this documen...

Page 5: ...ent Access 2 6 Community Strings 2 6 Trap Receivers 2 7 Saving Configuration Settings 2 7 Managing System Files 2 8 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web...

Page 6: ...uring the Secure Shell 3 30 Configuring Port Security 3 31 Configuring 802 1x Port Authentication 3 33 Displaying 802 1x Global Settings 3 34 Configuring 802 1x Global Settings 3 36 Configuring Port A...

Page 7: ...onfiguring Private VLANs 3 96 Enabling Private VLANs 3 97 Configuring Uplink and Downlink Ports 3 97 Class of Service Configuration 3 98 Setting the Default Priority for Interfaces 3 98 Mapping CoS Va...

Page 8: ...s 4 5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 5 Configuration Commands 4 6 Command Line Processing 4 7 Command Groups 4 8 Line Commands 4 9 line 4 9 login 4 10 passwo...

Page 9: ...nnect ssh 4 33 show ip ssh 4 34 show ssh 4 34 Event Logging Commands 4 35 logging on 4 35 logging history 4 36 logging host 4 37 logging facility 4 37 logging trap 4 38 clear logging 4 38 show logging...

Page 10: ...dius server key 4 62 radius server retransmit 4 63 radius server timeout 4 63 show radius server 4 64 TACACS Client 4 64 tacacs server host 4 64 tacacs server port 4 65 tacacs server key 4 65 show tac...

Page 11: ...trol 4 88 shutdown 4 89 switchport broadcast packet rate 4 89 clear counters 4 90 show interfaces status 4 91 show interfaces counters 4 92 show interfaces switchport 4 93 Mirror Port Commands 4 95 po...

Page 12: ...anning Tree Commands 4 125 spanning tree 4 126 spanning tree mode 4 126 spanning tree forward time 4 127 spanning tree hello time 4 128 spanning tree max age 4 128 spanning tree priority 4 129 spannin...

Page 13: ...Configuration 4 154 map ip port Global Configuration 4 155 map ip port Interface Configuration 4 155 show map ip precedence 4 156 show map ip dscp 4 156 show map ip port 4 157 Multicast Filtering Com...

Page 14: ...dress 4 167 ip default gateway 4 168 show ip interface 4 168 show ip redirects 4 169 ping 4 169 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Manag...

Page 15: ...stream 2 5 2 8 5 MHz Upstream 1 3 75 5 2 MHz Upstream 2 8 5 12 MHz ConfigurationBackup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Te...

Page 16: ...t s right to access the network via an authentication server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivale...

Page 17: ...table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 8K addresses Store and Forward Switching The...

Page 18: ...N and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using four priority q...

Page 19: ...BOOTP Disabled User Specified Disabled IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout...

Page 20: ...duplex 100 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled Module Port Capability 1000BASE T SX LX LH 1000 Mbps full duplex Full duplex flow control disabled Symmet...

Page 21: ...ity Disabled IP DSCP Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled BOOTP Disabled DNS Server Lookup Disabled Multicast Filtering I...

Page 22: ...Introduction 1 8...

Page 23: ...direct connection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protoco...

Page 24: ...software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud if want to view all t...

Page 25: ...basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides...

Page 26: ...t access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the sam...

Page 27: ...e need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can...

Page 28: ...rol management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified users or user groups a...

Page 29: ...2 In order to configure the switch to send SNMP notifications you must enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or li...

Page 30: ...after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 14 for more information Diagnostic Cod...

Page 31: ...2 Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwo...

Page 32: ...em Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Configuration Options Configurable parameters have a dialog...

Page 33: ...rs manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from this program Item Description Values Active Display...

Page 34: ...tes the host key pair public and private 3 30 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 3 31 802 1x Port authentication...

Page 35: ...rface information 3 66 Performance Monitor Information Displays line and channel performance data information since the switch was last reset during the current 15 minute interval and during the curre...

Page 36: ...t Port Priority Sets the default priority for each port 3 98 Default Trunk Priority Sets the default priority for each trunk 3 98 Traffic Classes Maps IEEE 802 1p priority tags to output queues 3 100...

Page 37: ...s the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface POST result Show...

Page 38: ...r contact Geoff 4 77 Console config exit Console show system 4 53 System description VS 4512 System OID string 1 3 6 1 4 1 259 6 13 4 System information System Up time 0 days 6 hours 7 minutes and 9 5...

Page 39: ...the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply This will display as not present since t...

Page 40: ...switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 73 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintain...

Page 41: ...need to establish a default gateway between the switch and management stations that exist on another network segment You can manually configure a specific IP address or direct the device to obtain an...

Page 42: ...he switch for an IP address DHCP BOOTP values can include the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is allowed management access Valid IP addresses c...

Page 43: ...ach power reset Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP...

Page 44: ...upload download firmware to or from a TFTP server By saving runtime code to a file on a TFTP server that file can later be downloaded to the switch to restore operation You can also set the switch to...

Page 45: ...different name from the current runtime code file and then set the new file as the startup file Web Click System Firmware Enter the source and destination file names with any other relevant details s...

Page 46: ...ser defined configuration files is limited only by available flash memory space Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then...

Page 47: ...ing configuration to a file If you download the startup configuration file under a new file name you can set this file as the startup file at a later time and then restart the switch Console copy tftp...

Page 48: ...p to three time server IP addresses The switch will attempt to poll each server in the configured sequence Broadcast The switch sets its clock from a time server in the same subnet that broadcasts tim...

Page 49: ...ent Setting the Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude To display a time corre...

Page 50: ...well as to monitor them to evaluate performance or detect potential problems The switch includes an onboard SNMP agent that continuously monitors the status of its hardware as well as the traffic pass...

Page 51: ...rd and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Read Only Specifies read only access Autho...

Page 52: ...tring sent with the notification operation Range 1 32 characters case sensitive Trap Version Specifies whether to send notifications as SNMP v1 or v2c traps The default is version 1 Enable Authenticat...

Page 53: ...SNMP management software such as HP OpenView It does not affect management access to the switch using the web interface or Telnet The default setting is null which allows all IP groups SNMP access to...

Page 54: ...rite access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest wit...

Page 55: ...nd Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication seq...

Page 56: ...key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon ac...

Page 57: ...g radius server port 181 4 62 Console config radius server key green 4 62 Console config radius server retransmit 5 4 63 Console config radius server timeout 10 4 63 Console show radius server 4 64 Se...

Page 58: ...ou start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use f...

Page 59: ...ant this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification...

Page 60: ...on the management station when using this protocol to configure the switch When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a...

Page 61: ...learning function long enough to ensure that all valid VLAN members have been registered on the selected port Note that you can also restrict the maximum number of addresses that can be learned by a...

Page 62: ...on a port Range 0 20 These actions can only be taken through CLI commands Web Click Security Port Security Set the action to take when an invalid address is detected on a port select Enabled from the...

Page 63: ...on method and request another depending on the configuration of the client software and the RADIUS server The authentication method can be MD5 TLS Transport Layer Security TTLS Tunneled Transport Laye...

Page 64: ...times out the authentication session Timeout for Quiet Period Indicates the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Timeo...

Page 65: ...Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 11 disabled Single Host ForceAuthorized yes 1 12 enabled Single Host Auto yes...

Page 66: ...to the client before it times out the authentication session Range 1 10 Default 2 Timeout for Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded be...

Page 67: ...authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise Force Unauthorized Forces t...

Page 68: ...en received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The...

Page 69: ...eld Attributes Web Name Interface label Type Indicates the port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE TX Admin Status Shows if the interface is enabled or disabled Oper Status Indicates i...

Page 70: ...Port Port Information or Trunk Information Command Attributes CLI Basic information Port type Indicates the port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE TX MAC address The physical layer ad...

Page 71: ...led or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 20 addresses Port security action Show...

Page 72: ...he problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode Flow Control Allows automatic or manual selec...

Page 73: ...rol Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex op...

Page 74: ...unk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the followin...

Page 75: ...ible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via...

Page 76: ...y be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Console config interface port channel...

Page 77: ...9 Console config if exit Console config interface ethernet 1 14 Console config if lacp Console config if end Console show interfaces status port channel 1 4 91 Information of Trunk 1 Basic information...

Page 78: ...port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast...

Page 79: ...ch containing the mirror source port This switch does not support stacking so this number will always be 1 Source Port The port whose traffic will be monitored Type Allows you to select which traffic...

Page 80: ...to limit traffic coming out of the switch Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied t...

Page 81: ...stics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statisti...

Page 82: ...equested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be...

Page 83: ...dropped due to lack of resources Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error...

Page 84: ...bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024...

Page 85: ...errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal...

Page 86: ...g S1 16 16 are for VDSL lines only 3 The following profiles are recommended for use with this switch S1 16 16 S2 16 16A A1 34 11 and A2 34 11A Profile Name ProfileType Downstream Rate Mbps Upstream Ra...

Page 87: ...Name The name for the specific set of communication parameters Profile Type Public profiles are those that meet specific standards e g ETSI or ANSI Private profiles do not meet these standards The po...

Page 88: ...line can be affected by factors such as temperature humidity and electro magnetic radiation When rate adaption is enabled the switch will determine the optimal transmission rate for the current condi...

Page 89: ...lomon error correction when there is pulse noise A greater degree of interleaving will provide more protection against pulse noise but will increase transmission delay and reduce the effective bandwid...

Page 90: ...s efm profile S1 16 16 to VDSL port 1 The following example enables power back off for port 1 Console config interface ethernet 1 1 4 84 Console config if efm shutdown 4 104 Console config if Console...

Page 91: ...SNR dB The signal to noise ratio of the VDSL line Downstream Rate Mbps The rate at which data is transmitted from the switch to the CPE Upstream Rate Mbps The rate at which data is transmitted from th...

Page 92: ...Solomon Errors The number of errors in data that have been corrected by the Reed Solomon code Interleave Interleaving improves Reed Solomon error correction when there is pulse noise A greater degree...

Page 93: ...errors 0 Console show controller efm Ethernet 1 2 actual link Link status Down Console show controller efm Ethernet 1 2 actual rxpower Local receive power 26 00 dBm Hz Console show controller lre Ethe...

Page 94: ...Configuring the Switch 3 64 Displaying VDSL Port Ethernet Statistics VDSL Port Ethernet Statistics display key statistics for an interface Web Click VDSL VDSL Port Ethernet Statistics...

Page 95: ...counters ethernet 1 11 4 92 Ethernet 1 11 Iftable stats Octets input 19648 Octets output 714944 Unitcast input 0 Unitcast output 0 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknow...

Page 96: ...nd Attributes Line Select the VDSL line from the drop down list Channel Select Slow or Fast from the drop down menu The switch uses the slow channel for data that requires a very low error rate in tra...

Page 97: ...able Rate The maximum line data rate using the current profile Unit Bits per second Current Line Rate The current line data rate Unit Bits per second Channel Interface Information Interleave Delay Tra...

Page 98: ...rial Number Ethernet 1 1 Vendor ID ACCTON Ethernet 1 1 Version Number 91 Ethernet 1 1 Current Signal to Noise Ratio Margin 45 Ethernet 1 1 Current Attenuation 54 Ethernet 1 1 Current Status 0 Ethernet...

Page 99: ...ere was loss of link since the switch was last reset or in the indicated time interval Errored Second Number of Errored Seconds since the switch was last reset or in the indicated time interval An Err...

Page 100: ...Configuring the Switch 3 70 Web Click VDSL Performance Monitor Information...

Page 101: ...thernet 1 1 Valid Intervals at interval 15 minutes 96 Ethernet 1 1 Invalid Intervals at interval 15 minutes 0 Ethernet 1 1 Time Elapsed at interval 1 day 10861 Ethernet 1 1 Loss of Frame at interval 1...

Page 102: ...umber of seconds that there was loss of signal in the indicated time interval Loss of Power Number of seconds that there was loss of power in the indicated time interval Loss of Link Number of seconds...

Page 103: ...ed in the dynamic address table You can also manually configure static addresses that are bound to a specific port Setting Static Addresses A static address can be assigned to a specific interface on...

Page 104: ...he switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded...

Page 105: ...table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table Command Attributes Aging Status Enables disables the function Aging Time The time a...

Page 106: ...iant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwa...

Page 107: ...on message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in t...

Page 108: ...e All device ports except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new roo...

Page 109: ...de If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Command Attribut...

Page 110: ...rt is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x He...

Page 111: ...nning Tree Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter with...

Page 112: ...th the root of the Spanning Tree Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto dete...

Page 113: ...ed LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devic...

Page 114: ...n the Spanning Tree See Displaying Interface Settings on page 3 81 for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmi...

Page 115: ...2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet...

Page 116: ...separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environme...

Page 117: ...y traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then manually assign ports on the other VLAN aware network devices al...

Page 118: ...s Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path tha...

Page 119: ...of configured VLAN 1 4093 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Ad...

Page 120: ...current version Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel...

Page 121: ...ot pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Rem...

Page 122: ...ame Name of the VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Trunk Trunk id...

Page 123: ...rt menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tagged member Non Me...

Page 124: ...types and ingress filtering Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VL...

Page 125: ...his ensures that after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group Range 60 3000 centiseconds Default 60 GARP LeaveAll Timer The int...

Page 126: ...ty and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports Note that private VLANs and normal VLANs can exist simultaneously...

Page 127: ...wnlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports Ports designated as downlink ports can not communicate with any other ports on the switch except for the upl...

Page 128: ...rt priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of...

Page 129: ...Apply CLI This example assigns a default priority of 5 to port 3 Not supported in the current version Console config interface ethernet 1 3 4 84 Console config if switchport priority default 5 4 147...

Page 130: ...IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffi...

Page 131: ...relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This...

Page 132: ...and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications...

Page 133: ...ed in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Precedence or DSCP Priority and then Default Port Priority IP...

Page 134: ...ontrol and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service...

Page 135: ...ic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Att...

Page 136: ...ys the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map...

Page 137: ...ort to set a new IP port number Class of Service to set a new class of service for an IP port Note that 0 represents low priority and 3 represent high priority Web Click Priority IP Port Priority Stat...

Page 138: ...ettings are copied Destination Interface The port or trunk to which the priority settings are copied Web Click Priority Copy Settings Check the type of priority settings to be copied select the source...

Page 139: ...called multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group h...

Page 140: ...rotocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive...

Page 141: ...ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically dis...

Page 142: ...known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast g...

Page 143: ...Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members...

Page 144: ...configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multi...

Page 145: ...ress and click Add After you have completed adding ports to the member list click Apply CLI This example assigns a multicast address to VLAN 1 and then displays all the known multicast services suppor...

Page 146: ...Configuring the Switch 3 116...

Page 147: ...nsole prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exe...

Page 148: ...elnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty 0 prompt for the administrator to show that you a...

Page 149: ...w startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username adm...

Page 150: ...status dot1x Show 802 1x content history Information of history interfaces Information of interfaces ip IP information line TTY line information log Show the records of login logging Show the setting...

Page 151: ...al counters Configuration commands on the other hand modify interface parameters or enable certain switching functions These classes are further divided into different modes Available commands depend...

Page 152: ...the system level configuration and include commands such as hostname and snmp server community Interface Configuration These commands modify the port configuration such as speed duplex and negotiation...

Page 153: ...ace interface ethernet port port channel id vlan id Console config if 4 91 VLAN vlan database Console config vlan 4 137 Console config interface ethernet 1 5 Console config if exit Console config Keys...

Page 154: ...egated links and VLANs 4 91 Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 95 Rate Limiting Controls the ma...

Page 155: ...rd checking at login LC 4 10 password Specifies a password on a line LC 4 11 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 12 password thresh Sets...

Page 156: ...here are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using t...

Page 157: ...m prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before...

Page 158: ...is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Example To set the timeout to two minu...

Page 159: ...time 4 13 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh comma...

Page 160: ...databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required s...

Page 161: ...s per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the se...

Page 162: ...command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec C...

Page 163: ...audrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive timeout 65535 Command Function Mode Page enable Activates privileged mode NE 4 18 disable Return...

Page 164: ...ord required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 25 The character is appended to the end of the prompt to indi...

Page 165: ...other configuration modes including Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 5 Default...

Page 166: ...eload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by th...

Page 167: ...Configuration mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the...

Page 168: ...basic user names and passwords for management access 4 24 IP Filter Configures IP addresses that are allowed management access 4 26 Web Server Enables management access via a Web browser 4 28 Secure...

Page 169: ...haracters Default Setting Console Command Mode Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore the default host name S...

Page 170: ...ice has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password passw...

Page 171: ...th 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null passw...

Page 172: ...an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP Web and Telnet acce...

Page 173: ...nmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Global Configuration Example Console config management all client 192 168 1 19 Console...

Page 174: ...is command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Function Mode Pag e ip http...

Page 175: ...tion is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The cli...

Page 176: ...ommand Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS serve...

Page 177: ...re the switch When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication Note T...

Page 178: ...ple Related Commands Event Logging Commands 4 35 ip ssh timeout Use this command to configure the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout second...

Page 179: ...n retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4...

Page 180: ...3 Console Console show ssh Information of secure shell Session Username Version Encrypt method Negotiation state 0 admin 1 5 cipher 3des session started Console Field Description Session The session...

Page 181: ...Example Related Commands logging history 4 36 clear logging 4 38 Command Function Mode Pag e logging on Controls logging of error messages GC 4 35 logging history Limits syslog messages saved to switc...

Page 182: ...7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Level Argument Lev...

Page 183: ...ging facility This command sets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates t...

Page 184: ...to the table on page 4 36 Default Setting Level 3 0 Command Mode Global Configuration Example clear logging This command clears messages from the log buffer Syntax clear logging flash ram flash Event...

Page 185: ...default level 3 0 the message level for RAM is debugging i e default level 7 0 and lists one sample error Console show logging flash Syslog logging Enable History logging in FLASH level errors 0 0 0 5...

Page 186: ...REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facil...

Page 187: ...loses the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send...

Page 188: ...ssages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator re...

Page 189: ...is command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Disabled Command Mode Global Configuration Example show logging sendmail This...

Page 190: ...rs 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enable Console Command Function Mode Pag...

Page 191: ...oadcast client command is issued then the no sntp broadcast client command must be used to return the switch to SNTP client mode Example Related Commands sntp server 4 45 sntp poll 4 46 sntp broadcast...

Page 192: ...lient 4 44 sntp poll 4 46 show sntp 4 47 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syn...

Page 193: ...mand displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usa...

Page 194: ...ime zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local tim...

Page 195: ...the system Default Setting None Console calendar set 15 12 34 1 February 2002 Console Console show calendar set 15 12 34 February 1 2002 Console Command Function Mode Pag e show startup config Display...

Page 196: ...ode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access l...

Page 197: ...ss level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private...

Page 198: ...tree settings Any configured settings for the console port and Telnet Example Console show running config building running config please wait snmp server community private rw snmp server community pub...

Page 199: ...et sessions including user name idle time and IP address of Telnet client Default Setting None Console show system System description 20 10 100 1000 ports 4 Gigabit Combo ports L2 L4 managed standalon...

Page 200: ...h Hardware Software Versions on page 3 9 for detailed information on the items displayed by this command Example Console show users Username accounts Username Privilege Public Key admin 15 None guest...

Page 201: ...rtup config file running config tftp copy tftp file running config startup config https certificate file Keyword that allows you to copy to from a file running config Keyword that allows you to copy t...

Page 202: ...file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFT...

Page 203: ...file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 4 58 Console copy t...

Page 204: ...d Usage If you enter the command dir without any parameters the system displays all files File information is shown below Example The following example shows how to display all file information Column...

Page 205: ...config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required filename Name of the con...

Page 206: ...ng Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADI...

Page 207: ...authentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name passw...

Page 208: ...lt Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no ra...

Page 209: ...guration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server time...

Page 210: ...management access to a switch tacacs server host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_i...

Page 211: ...ommand Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key k...

Page 212: ...rs on the selected port and then enable port security to ensure that the port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port C...

Page 213: ...amically learning new addresses on the specified port Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted To use port security first allo...

Page 214: ...ion dot1x default Sets the default authentication server type GC 4 68 dot1x default Resets all dot1x parameters to their default values GC 4 69 dot1x max req Sets the maximum number of times that the...

Page 215: ...the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax d...

Page 216: ...e Configuration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to sin...

Page 217: ...ication Syntax no dot1x re authentication Command Mode Global Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been...

Page 218: ...t 3600 seconds Command Mode Global Configuration Example dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet...

Page 219: ...alue including the following items supp timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts 802 1X Port Summary Displays the port access con...

Page 220: ...tate is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without...

Page 221: ...ed n a 2 disabled ForceAuthorized n a 25 disabled ForceAuthorized yes 26 enabled Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 26 Max request 2 Quiet period 350 R...

Page 222: ...ieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are ab...

Page 223: ...g None Command Mode Global Configuration Example Related Commands snmp server location 4 77 snmp server location This command sets the system location string Use the no form to remove the location str...

Page 224: ...Configuration Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to send SNMP notifications you must enter at least one snmp serve...

Page 225: ...s command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter th...

Page 226: ...integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore If the IP is the address of a single management station the bitmask shoul...

Page 227: ...le show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP ver...

Page 228: ...A text string Range 1 15 characters hex The hexadecimal value Default Setting None Command Mode Interface Configuration VLAN Command Usage This command is used to include a client identifier in all co...

Page 229: ...client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example...

Page 230: ...4 85 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 85 negotiation Enables autonegotiation of a given interface IC 4 86 capabilities...

Page 231: ...following example adds a description to port 2 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the defa...

Page 232: ...enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation the required mode must be specified in the capabilities...

Page 233: ...form without parameters to restore the default values Syntax no capabilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full Supp...

Page 234: ...nd stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation To force flow cont...

Page 235: ...collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast packet r...

Page 236: ...0 packets per second clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit port unit This is device 1 port Port number port channel chan...

Page 237: ...unit This is device 1 port Port number port channel channel id Value 1 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command U...

Page 238: ...isplayed For a description of the items displayed by this command see Showing Port Statistics on page 3 51 Console show interfaces status ethernet 1 1 Information of Eth 1 1 Basic information Port typ...

Page 239: ...os input 0 QLen output 0 Extended iftable stats Multi cast input 482 Multi cast output 9 Broadcast input 38 Broadcast output 0 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames...

Page 240: ...old Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 4 89 Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabl...

Page 241: ...rface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe...

Page 242: ...eged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from port 6 to port...

Page 243: ...on conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate...

Page 244: ...ode i e speed duplex mode and flow control VLAN assignments and CoS settings All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN via the specified po...

Page 245: ...e Interface Configuration Ethernet Command Usage When configuring static trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk U...

Page 246: ...rts 13 14 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that Trunk1 has been established Console config interfac...

Page 247: ...ers efm actual Displays the current values of the VDSL link on a specific VDSL port PE 4 111 show controllers efm admin Displays the administrative settings of the VDSL link on a specific VDSL port PE...

Page 248: ...FM a VDSL based technology Profile Name ProfileType Downstream Rate Mbps Upstream Rate Mbps Default Public 1 20 1 40 A1 02OAG R1 Public 7 56 2 43 A2 02OAG R1 Public 10 80 2 43 A3 01OAG R1 Public 17 28...

Page 249: ...ote that the distance may be limited by factors such as how the cable is bundled and the interference and noise on the link 6 Public profiles conform to specific standards such as ANSI or ETSI Private...

Page 250: ...nd Mode Interface Configuration Command Usage Use this command to troubleshoot VDSL port performance Example The following example resets the CO side VDSL and CPE side VDSL chipset of VDSL port 1 efm...

Page 251: ...L port 1 Related Commands shutdown 4 89 efm rdl Use this command to enable Remote Digital Loopback RDL Use the no form of this command to disable RDL Syntax efm rdl no efm rdl Default Setting Off Comm...

Page 252: ...lomon error correction when there is pulse noise A greater degree of interleaving will provide more protection against pulse noise but will increase transmission delay and reduce the effective bandwid...

Page 253: ...e efm rate adapt on page 4 108 the Signal to Noise Ratio SNR is an indicator of link quality The switch itself has no internal functions to ensure link quality To ensure a stable link you should add a...

Page 254: ...be affected by factors such as temperature humidity and electro magnetic radiation When rate adaption is enabled the switch will determine the optimal transmission rate for the current conditions Exam...

Page 255: ...Use this command to display the Ethernet link transmit and receive statistics for a specific VDSL port or for all the VDSL ports on the switch and the connected CPE Syntax show controllers ethernet c...

Page 256: ...s 0 Carrier sense errors Receive 1406434 Bytes Received 17551 Frames Received 0 Broadcast frames 0 Pause frames 0 Alignment errors 0 Collisions and Runts 0 Oversize frames 0 FCS errors EFM MAC on CPE...

Page 257: ...splay the quality of the VDSL link The SNR represents the upper limit of received signal to noise ratio that the switch will handle before disconnecting from the remote CPE The Reed Solomon errors sho...

Page 258: ...VDSL port 1 Example Related Commands show controllers efm actual 4 111 show controllers efm profile 4 112 show controllers efm profile Use this command to to display information about the profiles av...

Page 259: ...1 5 Default Active Ethernet 1 6 Default Active Ethernet 1 7 Default Active Ethernet 1 8 Default Active Ethernet 1 9 Default Active Ethernet 1 10 Default Active Ethernet 1 11 Default Active Ethernet 1...

Page 260: ...rs are the result of noise exceeding the noise margin Note The Reed Solomon errors are reset each time the show controllers efm status link command is performed Interleaving improves Reed Solomon erro...

Page 261: ...the speed and duplex mode for the CPE side VDSL link Examples Related Commands show controllers efm actual 4 111 show controllers efm admin 4 112 show controllers efm status 4 114 show controllers efm...

Page 262: ...the switch s VDSL ports Related Commands show controllers efm actual 4 111 show controllers efm admin 4 112 show controllers efm status 4 114 show controllers efm channel performance 4 117 Console sho...

Page 263: ...formance at intervals of 15 minutes 1 day Performance at intervals of 1 day Command Mode Privileged EXEC Example Related Commands show controllers efm actual 4 111 show controllers efm admin 4 112 sho...

Page 264: ...Ethernet 1 1 Line Alarm Config Profile DEFVAL VDSL_LINE_ENTRY Ethernet 1 12 Line Coding 3 Ethernet 1 12 Line Type 4 Ethernet 1 12 Line Config Profile DEFVAL Ethernet 1 12 Line Alarm Config Profile DEF...

Page 265: ...EXEC Example Console show controllers efm phy table vtu c 1 1 VDSL_PHYS_ENTRY Ethernet 1 1 Serial Number Ethernet 1 1 Vendor ID ACCTON Ethernet 1 1 Version Number 91 Ethernet 1 1 Current Signal to Noi...

Page 266: ...15 minute interval and for the current day Syntax show controllers efm current performance vtu r vtu c interface vtu r VTU VDSL Transceiver Unit at the remote end of the line vtu c VTU VDSL Transceive...

Page 267: ...1 1 Loss of Signal at interval 1 day 0 Ethernet 1 1 Loss of Power at interval 1 day 0 Ethernet 1 1 Loss of Link at interval 1 day 0 Ethernet 1 1 Errored Second at interval 1 day 0 Ethernet 1 1 Severe...

Page 268: ...Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assign...

Page 269: ...ystem configured entries Default Setting None Command Mode Privileged Exec Example show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac addres...

Page 270: ...a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address table aging time This command sets the agi...

Page 271: ...tree max age Configures the spanning tree bridge maximum age GC 4 128 spanning tree priority Configures the spanning tree bridge priority GC 4 129 spanning tree path cost method Configures the path co...

Page 272: ...r network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows h...

Page 273: ...d Spanning Tree spanning tree forward time This command configures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax spanning tree forward ti...

Page 274: ...time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch...

Page 275: ...ning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range...

Page 276: ...devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 131 takes precedence over port pri...

Page 277: ...000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree...

Page 278: ...e Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than on...

Page 279: ...n interface to fast forwarding Use the no form to disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command U...

Page 280: ...ecify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the s...

Page 281: ...terface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfa...

Page 282: ...ation Spanning tree mode RSTP Spanning tree enable disable enable Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Roo...

Page 283: ...entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running confi...

Page 284: ...N state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Co...

Page 285: ...VLAN Related Commands shutdown 4 89 Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 4 139 switchport mode Configures VLAN membership mode for an...

Page 286: ...ts are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then set the sw...

Page 287: ...s filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this por...

Page 288: ...is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress port Example The following example shows how to set the PVID for port 1 to VLA...

Page 289: ...VLAN for the interface If a VLAN on the forbidden list for an interface is manually added to that interface the VLAN is automatically removed from the forbidden list for that interface Example The fol...

Page 290: ...k interfaces down link Specifies a list of downlink interfaces Default Setting No pvlan Command Mode Global configuration Console show vlan id 1 VLAN Type Name Status Ports Channel groups 1 Static Def...

Page 291: ...n configures ports 13 and 14 as uplink ports and ports 1 8 as downlink ports show pvlan Use this command to show the private VLAN configuration settings on this switch Syntax show pvlan Default Settin...

Page 292: ...g Basic VLAN Information on page 3 88 and Displaying Bridge Extension Capabilities on page 3 10 for a description of the displayed items Example Command Function Mode Pag e show bridge ext Shows the g...

Page 293: ...Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Command Groups Function Page Priority Layer 2 Configur...

Page 294: ...he output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priority tags will be placed in queue 0 of the output port Note that if the output port...

Page 295: ...riority service mode queue bandwidth This command assigns weighted round robin WRR weights to the four class of service CoS priority queues Use the no form to restore the default weights Syntax queue...

Page 296: ...port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface...

Page 297: ...or the eight priority queues Default Setting None Command Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface inter...

Page 298: ...e priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally Console show queue cos map ethernet 1 1 Information of Eth 1...

Page 299: ...lt switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to...

Page 300: ...SCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are map...

Page 301: ...P Port IP Precedence or IP DSCP and default switchport priority Example The following example shows how to enable TCP UDP port mapping globally map ip port Interface Configuration Use this command to...

Page 302: ...ted Commands map ip precedence Global Configuration 4 152 map ip precedence Interface Configuration 4 153 show map ip dscp This command shows the IP DSCP priority map Syntax show map ip dscp interface...

Page 303: ...s command to show the IP port priority map Syntax show map ip port interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None...

Page 304: ...o ip igmp snooping Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console Command Groups Function Pag e IGMP Snooping Configures multicast groups via IGMP snoo...

Page 305: ...group interface ethernet unit port unit This is device 1 port Port number port channel channel id Value 1 Default Setting None Command Mode Global Configuration Example The following shows how to stat...

Page 306: ...configures the switch to use IGMP Version 1 show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IG...

Page 307: ...s Example The following shows the multicast entries learned through IGMP snooping for VLAN 1 IGMP Query Commands Layer 2 Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP ad...

Page 308: ...gmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default Set...

Page 309: ...Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This...

Page 310: ...oping version 4 159 ip igmp snooping query max response time 4 163 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip i...

Page 311: ...ommand Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast...

Page 312: ...address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and management stations or other...

Page 313: ...to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration progra...

Page 314: ...ommand Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip r...

Page 315: ...cified because the switch adds header information Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another...

Page 316: ...9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets trans...

Page 317: ...Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Protocol Spanning Tree Protocol STP IEEE 802 1D Rapid Spanning Tree Protocol RSTP IEE...

Page 318: ...E 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 1Q VLAN IEEE 802...

Page 319: ...IB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1x Private MI...

Page 320: ...A 4 Software Specifications...

Page 321: ...not been disabled Check network cabling between the management station and the switch If you cannot connect using Telnet or SSH you may have exceeded the maximum number of concurrent Telnet SSH sessio...

Page 322: ...B 2 Troubleshooting...

Page 323: ...ted Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kin...

Page 324: ...tations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC brid...

Page 325: ...assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this...

Page 326: ...Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1x Private Branch Exchange PBX A telephone exchange local to a particular...

Page 327: ...ard host to host mail transport protocol that operates over TCP port 25 Simple Network Management Protocol SNMP The application protocol in the Internet suite of protocols which offers network managem...

Page 328: ...just unnecessary VDSL Very high data rate Digital Subscriber Line A family of digital telecommunications protocols designed to allow high speed data communication at data rates from below 1 Mbps to 52...

Page 329: ...configuration 2 5 Differentiated Code Point Service See DSCP downloading software 3 15 4 55 DSCP enabling 3 103 4 153 mapping priorities 3 105 4 154 dynamic addresses displaying 3 74 4 123 Dynamic Hos...

Page 330: ...s 3 41 speed 3 42 4 85 ports configuring 3 39 4 84 ports mirroring 3 49 4 95 priority default port ingress 3 98 4 147 problems troubleshooting C 1 protocol migration 3 86 4 135 Q queue weights 3 102 4...

Page 331: ...102 4 149 trap manager 2 7 3 22 4 78 troubleshooting C 1 trunk configuration 3 44 4 98 LACP 3 46 4 99 static 3 45 4 99 U upgrading software 3 15 4 55 user password 3 24 4 24 4 25 V VLANs 3 86 3 97 4...

Page 332: ...Index Index 4...

Page 333: ......

Page 334: ...VS4512 VS4512DC E122003 R02 150000041800A...

Reviews:

No comments