manualshive.com logo in svg

Asante IntraCore 36000 Series, User Manual

Share
Download
Asante IntraCore 36000 Series User Manual Download Page 64

64 

Asanté IntraCore 36000 Series 

CLI 

This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash 
memory, and then displays the host’s public keys. 

Console#

ip ssh crypto host-key generate 

 

Console#

ip ssh save host-key

 

Console#

show public-key host 

 

Host: 
RSA: 
1024 65537 127250922544926402131336514546131189679055192360076028653006761 
8240969094744832010252487896597759216832222558465238779154647980739631403386925
7931051057652122430528078658854857892726029378660892368414232759121276032591968
3697053439336438445223335188287173896894511729290510813919642025190932104328579
045764891 
DSA: 
ssh-dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE/Re6hlasfEthIwmj 
hLY4O0jqJZpcEQUgCfYlum0Py9ieGWQ8f2gobUZKIICuKg6vjO9XTs7XKc05xfzkBiKviDa
+26vFOgvUDFedlh5v8r0ea2rpnO6DkZAAAAFQCNZn/x17dwpW8RrV 
DQ6QAAAIEAptkGeB6B5hwagH4gUOCY6i1TmrmSiJgfwO9OqRPUuzxatOo7drnIZ
ypMx+Sx5R9ywsa1cWqHeFY5ilc3lDCNBueeRS+azTKIk/zrJh8GLG 
Nq375R55yRxFvmcGIn/Q7IphPqyJ3o9MK8LFDfmJEAAACAL8A6tESiswP2OFqX7VGoEbzVDSOI 
RTMFy3iUXtvGyQAOVSy67Mfc3lMtgqPRUOYXDiwIBp5NXgilCg5z7VqbmRm28mWc5a//f8TUAg 
PNWKV6W0hqmshQdoXKNTZj0uTwWfjO5Kytdn4MdoTHgrbl/DMdAfjnte8MZZs= 
 
Console# 

6.4.3 Configuring the SSH Server 

The SSH server includes basic settings for authentication.  

Field Attributes 

SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) 

Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management 
access through SSH either Version 1.5 or 2.0 clients. 

SSH Authentication Timeout – Specifies the time interval in seconds that the SSH server waits for a 
response from a client during an authentication attempt. 

(Range: 1 to 120 seconds; Default: 120 seconds) 

SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before 
authentication fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3) 

SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits) 

 

The server key is a private key that is never shared outside the switch. 

 

The host key is shared with the SSH client, and is fixed at 1024 bits.  

Summary of Contents for IntraCore 36000 Series

Page 1: ...IntraCore 36000 Series Managed Gigabit Ethernet Switches User s Manual ...

Page 2: ...Default password Asante Copyright 2004 Asanté Technologies Inc All rights reserved No part of this document or any associated artwork product design or design concept may be copied or reproduced in whole or in part by any means without the express written consent of Asanté Technologies Inc Asanté and IntraCore are registered trademarks and the Asanté logo AsantéCare Auto Uplink and IntraCare are t...

Page 3: ...2 8 Managing Firmware 30 2 9 Saving or Restoring Configuration Settings 31 2 10 Basic Management 33 Chapter 3 Configuring Global Settings 38 3 1 Configuring Spanning Tree 39 3 2 Configuring Interface Settings 44 3 3 Configuring Multiple Spanning Trees 46 Chapter 4 Configuring SNTP 53 4 1 SNTP Attributes 53 4 2 Setting the Time Zone 53 Chapter 5 Simple Network Management Protocol 55 5 1 Setting Com...

Page 4: ... Configuring Port Mirroring 100 7 7 Configuring Rate Limits 101 7 8 Showing Port Statistics 101 Chapter 8 Configuring Address Table Settings 106 8 1 Setting Static Addresses 106 8 2 Displaying the Dynamic Address Table 107 8 3 Changing the Aging Time 108 Chapter 9 Configuring Spanning Tree 109 Chapter 10 Configuring VLAN 112 10 1 Assigning Ports to VLANs 112 10 2 Configuring Private VLANs 121 10 3...

Page 5: ...ng the Command Line Interface 148 14 1 Exec Commands 148 14 2 Configuration Commands 149 14 3 Command Groups 150 Chapter 15 Configuration Guide 152 15 1 Line Commands 152 15 2 General Commands 152 15 3 System Management Commands 153 15 4 Authentication Commands 159 15 5 Access Control List Commands 161 15 6 SNMP Commands 164 15 7 DHCP Commands 164 15 8 Interface Commands 165 15 9 Mirror Port Comma...

Page 6: ...tion dot1x default 179 16 6 authentication enable 180 16 7 authentication login 181 16 8 boot system 181 16 9 bridge ext gvrp 182 16 10 calendar set 183 16 11 capabilities 184 16 12 channel group 185 16 13 clear counters 185 16 14 clear dns cache 186 16 15 clear host 187 16 16 clear logging 187 16 17 clear mac address table dynamic 188 16 18 clock timezone 188 16 19 combo forced mode 189 16 20 con...

Page 7: ...iet period 200 16 36 dot1x timeout re authperiod 201 16 37 dot1x timeout tx period 201 16 38 enable 202 16 39 enable password 203 16 40 end 203 16 41 exec timeout 204 16 42 exit 205 16 43 flowcontrol 205 16 44 garp timer 206 16 45 hostname 207 16 46 interface 208 16 47 interface vlan 208 16 48 ip access group 209 16 49 ip address 210 16 50 ip default gateway 211 16 51 ip dhcp restart 211 16 52 ip ...

Page 8: ...er port expire time 222 16 66 ip igmp snooping version 223 16 67 ip igmp snooping vlan mrouter 223 16 68 ip igmp snooping vlan static 224 16 69 ip name server 225 16 70 ip ssh authentication retries 226 16 71 ip ssh crypto host key generate 226 16 72 ip ssh crypto zeroize 227 16 73 ip ssh save host key 228 16 74 ip ssh server 228 16 75 ip ssh server key size 229 16 76 ip ssh timeout 230 16 77 jumb...

Page 9: ...able aging time 244 16 97 mac address table static 245 16 98 management 246 16 99 map access list ip 247 16 100 mask IP ACL 248 16 101 map access list mac 251 16 102 map ip dscp Global Configuration 252 16 103 map ip dscp Interface Configuration 252 16 104 map ip port Global Configuration 254 16 105 map ip port Interface Configuration 254 16 106 map ip precedence Global Configuration 255 16 107 ma...

Page 10: ...ompt 273 16 125 protocol vlan protocol group Configuring Groups 274 16 126 protocol vlan protocol group Configuring Interfaces 274 16 127 pvlan 275 16 128 queue bandwidth 276 16 129 queue cos map 277 16 130 queue mode 278 16 131 quit 278 16 132 radius server host 279 16 133 radius server key 279 16 134 radius server port 280 16 135 radius server retransmit 280 16 136 radius server timeout 281 16 1...

Page 11: ...ces counters 292 16 154 show interfaces protocol vlan protocol group 294 16 155 show interfaces status 294 16 156 show interfaces switchport 295 16 157 show ip access group 297 16 158 show ip access list 297 16 159 show ip igmp snooping 298 16 160 show ip igmp snooping mrouter 298 16 161 show ip interface 299 16 162 show ip redirects 300 16 163 show ip ssh 300 16 164 show lacp 300 16 165 show line...

Page 12: ...rt monitor 315 16 181 show protocol vlan protocol group 316 16 182 show public key 317 16 183 show pvlan 318 16 184 show queue bandwidth 318 16 185 show queue cos map 319 16 186 show queue mode 319 16 187 show radius server 320 16 188 show running config 320 16 189 show snmp 322 16 190 show sntp 323 16 191 show spanning tree 323 16 192 show spanning tree mst configuration 325 16 193 show ssh 325 1...

Page 13: ...6 213 spanning tree edge port 341 16 214 spanning tree forward time 342 16 215 spanning tree hello time 343 16 216 spanning tree link type 343 16 217 spanning tree mst cost 344 16 218 spanning tree mst port priority 345 16 219 spanning tree max age 346 16 220 spanning tree mode 347 16 221 spanning tree mst configuration 348 16 222 spanning tree pathcost method 349 16 223 spanning tree portfast 349...

Page 14: ...default 361 16 240 tacacs server host 362 16 241 tacacs server key 362 16 242 tacacs server port 363 16 243 username 363 16 244 vlan database 364 16 245 vlan 365 16 246 whichboot 366 Appendix A Web Browser Interface and Command Line Interface Overview 367 A 1 Navigating the Web Browser Interface 367 A 2 Improving Response Time 367 A 3 Configuration Options 367 A 4 Accessing the CLI 368 A 5 Console...

Page 15: ...roubleshooting Chart 380 D 2 Console Port Pin Assignments 380 Appendix E FCC Compliance and Warranty Statements 381 E 1 FCC Compliance Statement 381 E 2 Important Safety Instructions 381 E 3 IntraCare Warranty Statement 382 Appendix F Online Warranty Registration 383 ...

Page 16: ...ontrol Supported Static Address Up to 16K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Protocol Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Tree Protocol MSTP Virtual LANs Up to 255 using...

Page 17: ...can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Port Trunking Combine ports into an aggregate connection Trunks can be manually set up or dynamically configured using IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by ...

Page 18: ...inate broadcast storms that severely degrade performance in a flat network Simplify network management for node changes moves by remotely configuring VLAN membership for any port rather than having to manually change the network connection Provide data security by restricting all traffic to the originating VLAN Restrict private VLANs to restrict traffic to pass only between data ports and uplink p...

Page 19: ...ut Auto 8 1 none 0 disabled Authentication Privileged Exec Level Normal Exec Level Enable Privileged Exec from Normal Exec Level RADIUS Authentication S TATACS TATACS Authentication 802 1x Port Authentication HTTPS SSH Port Security IP Filtering Username root Password Asante Username root Password Asante Password super Disabled Disabled Disabled Enabled Disabled Disabled Disabled Web Management HT...

Page 20: ...bled Symmetric flow control disabled Rate Limiting Input and Output Limits Disabled Port Trucking Static Trucks LACP all ports None Disabled Broadcast Storm Protection Status Broadcast Limit Rate Enabled all ports 500 packets per second Spanning Tree Protocol Status Fast Forwarding edge port Enabled MSTP Defaults All values based on IEEE 802 1s Disabled Address Table Aging Time 300 seconds Virtual...

Page 21: ...rt Security 192 168 0 1 255 255 255 0 0 0 0 0 Client Disabled Disabled Enabled Cache Timeout 20 minutes Proxy Disabled Disabled Disabled Learning is enabled DNS Server Lookup Disabled Multicast Filtering IGMP Snooping IGMP Layer 3 Snooping Enabled Querier Enabled Disabled Multicast Routing DVMRP PIM DIM Disabled Disabled System Log Status Messages Logged Messages Logged to Flash Enabled Levels 0 3...

Page 22: ...ape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher Access the switch s web management interface from any computer attached to the network The following illustration shows the web interface Access the CLI program with a direct connection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also sup...

Page 23: ...or terminal for monitoring and configuring the switch The switch comes with a null modem console cable Attach a VT100 compatible terminal or a PC running a terminal emulation program to the switch You can use the console cable provided with this package or use a null modem cable that complies with the wiring assignments shown in the Installation Guide To connect a terminal to the console port comp...

Page 24: ...evels is controlled by user names and passwords The switch has a default user name and password for each level To log into the CLI at the Privileged Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification procedure starts 2 At the Username prompt enter root 3 At the Password prompt also enter Asante The ...

Page 25: ...t the IP address and subnet mask If your management station is not in the same IP subnet as the switch you also need to specify the default gateway Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all ports on the switch are members of VLAN 1...

Page 26: ...the interface configuration mode and press Enter 2 Type ip address ip address netmask where ip address is the switch IP address and netmask is the network mask for the network and press Enter 3 Type exit to return to the global configuration mode prompt and press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where g...

Page 27: ...ave your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address CLI To automatically configure the switch by communicating with BOOTP or DHCP address al...

Page 28: ...h inform the manager that certain events have occurred 2 5 1 Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified users or user groups and set the access level The default strings are public with read only access Authorized...

Page 29: ...must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file and press Enter Console copy running config startup config Startup configuration file name startu...

Page 30: ...a TFTP server By saving runtime code to a file on a TFTP server that file can later be downloaded to the switch to restore operation You can also set the switch to use new firmware without overwriting the previous version Command Attributes TFTP Server IP Address The IP address of a TFTP server File Name The file name should not contain slashes or the leading letter of the file name should not be ...

Page 31: ... restore settings Command Attributes TFTP Server IP Address The IP address of a TFTP server File Name The configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The available flash memory sp...

Page 32: ...start the switch Console copy tftp startup config TFTP server ip address 192 168 1 19 Source configuration file name config 1 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console reload If you download the startup configuration file under a new file name you can set this file as the startup file later and then restart the switch Console config Co...

Page 33: ...ons and bridge expansion capabilities 2 10 1 Setting the System Clock Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a timeserver SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also manually set the clock using the CLI Refer to the calendar set...

Page 34: ...er Shows if management access through HTTPS is active Web secure server port Shows the TCP port used by the HTTPS interface POST result Shows results of the power on self test Web Click System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interf...

Page 35: ...ardware firmware version numbers for the main board and management software as well as the power status of the system Field Attributes Main Board Serial Number The serial number of the switch Number of Ports Number of built in RJ 45 ports and SFP slots Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status C...

Page 36: ...ulticast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to the section Number of Egress Traffic Classes under the section 11 1 Setting the Default Priority for Interfaces Static Entry Individual Port Th...

Page 37: ...s This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension CLI Enter the following command Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local...

Page 38: ...ess subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Section 2 4 Setting an IP Address 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Section 2 3 Setting a Password in chapter 2 3 After you enter a user name and ...

Page 39: ... internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU For example...

Page 40: ... 1w MSTP Multiple Spanning Tree IEEE 802 1s MSTP is the default Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device If all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768...

Page 41: ...values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 3 1 4 Configuration Settin...

Page 42: ...unks in the Spanning Tree Field Attributes Spanning Tree Shows if STA has been enabled on this interface STA Status Displays current state of this port within the Spanning Tree Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory inform...

Page 43: ...ee Trunk Member Indicates if a port is a member of a trunk STA Port Information only These additional parameters are only displayed for the CLI Admin status Shows if this interface is enabled External path cost The path cost for the IST This parameter is used by the STA to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher...

Page 44: ...nformation CLI This example shows the STA attributes for port 5 Console show spanning tree ethernet 1 5 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5 Designated root 61440 0 0000E9313131 Designated bridge 61440 0 0000E9313131 Fast forwarding enable Forward transitions...

Page 45: ...st for all ports on a switch are the same the port with the highest priority For example lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier is enabled Default 1...

Page 46: ...mode You can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default Disabled Configuring Switch Using the Web or CLI Web Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply CLI This example sets STA attributes for port 7 Console config int...

Page 47: ...ance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs in MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign to this selec...

Page 48: ... 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discard...

Page 49: ... mst 1 priority 4096 Console config mstp mst 1 vlan 1 5 Console config mst 3 3 2 Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the status of ports and trunks in the selected MST instance Field Attributes MST Instance ID Instance identifier to configure Range 0 4094 Default 0 The other attributes are described under Section 3 1 5 Displayin...

Page 50: ...ng hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 ...

Page 51: ...gured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 MST Path Cost This parameter is used by the MSTP to determine the best path betw...

Page 52: ...e 36000 Series CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 Console config if spanning tree mst port priority 0 Console config if spanning tree mst cost 50 Console config if ...

Page 53: ...led SNTP Poll Interval Sets the interval between sending requests for a time update from a time server when set to SNTP Client mode Range 16 16284 seconds Default 16 seconds SNTP Server In unicast mode sets the IP address for up to three time servers The switch attempts to update the time from the first server if this fails it attempts an update from the next server in the sequence Configuring Swi...

Page 54: ...The number of minute s before after UTC Direction Configures the time zone to be before east or after west UTC Configuring Switch Using the Web or CLI Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply CLI This example shows how to set the time zone for the system clock Console config clock timezone PDT hours 7 minute 0 after UTC Console ...

Page 55: ... trap functions and restricting access to clients with specified IP addresses are described in the following sections 5 1 Setting Community Access Strings You may configure up to five community strings authorized for management access All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings 5 1 2 Attributes...

Page 56: ...eted recipient Trap Manager Community String Community string sent with the notification operation Range 1 32 characters case sensitive Trap Version Specifies whether to send notifications as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP access authentication process The default is e...

Page 57: ...itch Using the CLI CLI Assign a user name to access level 15 For example administrator then specify the password Console config username james access level 15 Console config username james password 0 smith Console config 6 2 Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually c...

Page 58: ...ser authentication is performed using a RADIUS server only TACACS User authentication is performed using a TACACS server only authentication sequence User authentication is performed by up to three authentication methods in the indicated sequence 6 2 3 RADIUS Settings Server IP Address Address of authentication server Default 0 0 0 0 Server Port Number Network UDP port of authentication server use...

Page 59: ...ress 0 0 0 0 Communication key with radius server Server port number 1812 Retransmit times 5 Request timeout 10 Console show tacacs server Remote TACACS server configuration Server IP address 0 0 0 0 Communication key with tacacs server green Server port number 200 Console 6 3 Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Sock...

Page 60: ...t HTTPS Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Netscape Navigator 4 76 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Solaris 2 6 To specify a secure site certificate see section 6 3 2 Replacing the Default Secure site Certificate Command Attributes HTTPS Status Allows you to enable...

Page 61: ...indows and other environments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the c...

Page 62: ...3718772119969631781 3662774141689851320491172048303392543241016379975923714490119380060902539484084 8271781943722884025331159521348610229029789827213532671316294325328189150453063 93916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service...

Page 63: ... generate the host key pair For example public and private keys Range RSA Version 1 DSA Version 2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM For example...

Page 64: ...375R55yRxFvmcGIn Q7IphPqyJ3o9MK8LFDfmJEAAACAL8A6tESiswP2OFqX7VGoEbzVDSOI RTMFy3iUXtvGyQAOVSy67Mfc3lMtgqPRUOYXDiwIBp5NXgilCg5z7VqbmRm28mWc5a f8TUAg PNWKV6W0hqmshQdotVzDR1e XKNTZj0uTwWfjO5Kytdn4MdoTHgrbl DMdAfjnte8MZZs Console 6 4 3 Configuring the SSH Server The SSH server includes basic settings for authentication Field Attributes SSH Server Status Allows you to enable disable the SSH server on th...

Page 65: ...le disconnect 0 Console 6 5 Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port When port security is enabled on a port the switch stops learning new MAC addresses on the specified port Only incoming traffic with source addresses already stored in the dynami...

Page 66: ...a security violation it must be manually re enabled from the Port Port Configuration page see section 7 2 Configuring Interface Connections Command Attributes Port Port number Name Descriptive text Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Sh...

Page 67: ...th the client and a remote RADIUS authentication server to verify user identity and access rights When a client For example Supplicant connects to a switch port the switch For example Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the clie...

Page 68: ...witch port requires a client to be re authenticated after a certain period 802 1X Max Request Count The maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session Timeout For Quiet Period Indicates the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client ...

Page 69: ...timeout 30 server timeout 30 reauth max 2 max req 2 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 47 disabled Single Host ForceAuthorized n a 1 48 enabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is disabled on port 1 2 802 1X is disabled on port 1...

Page 70: ...ult Disabled 802 1X Max Request Count Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session Range 1 10 Default 2 Timeout For Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 se...

Page 71: ...1X authorized port Range Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 20 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied acce...

Page 72: ...ameters and descriptions for the 802 1x statistical values Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recogniz...

Page 73: ...his Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Configuring Switch Using the Web or CLI Web Select Security 802 1x Statistics Select the required port and then click Query Click Refresh to update the statistics CLI This example displays the 802 1x statistics for port 4 Console show dot1x statistics interface...

Page 74: ...mber of ACLs is also 32 The average number of rules bound to the ports should not exceed 20 You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule When an ACL is bound to an interface as an egress filter all entries in the ACL must be deny rules Otherwise the bind operation will fail The switch does not support the e...

Page 75: ... click Add to open the configuration page for the new list CLI This example creates a standard IP ACL named asante Console config access list ip standard asante Console config std acl 6 7 3 Configuring a Standard IP ACL Command Attributes Action An ACL can contain all permit rules or all deny rules Default Permit rules IP Specifies the source IP address Use Any to include all possible addresses Ho...

Page 76: ...SubMask fields Options Any Host IP Default Any Src Dst Address Source or destination IP address Src Dst SubMask Subnet mask for source or destination address See the description for SubMask in section 6 7 3 Configuring a Standard IP ACL Service Type Packet priority settings based on the following criteria Precedence IP precedence level Range 0 7 TOS Type of Service level Range 0 15 DSCP DSCP prior...

Page 77: ...CP control code Then click Add Jaci need pic here 3 29 Need Breen to help CLI This example adds three rules Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched For example the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through Allow TCP packets from class C addresses 192 168 1 0 to any destin...

Page 78: ...ype Mask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet types Any Any Ethernet packet type Untagged eth2 Untagged Ethernet II packets Untagged 802 3 Untagged Ethernet 802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets Configuring Switch Using the Web or CLI Web Specify the action For example Permit or Deny ...

Page 79: ...he ACL rules are entered Create the required ACLs and the ingress or egress masks before mapping an ACL to an interface You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Use the ACL Mask Configuration page to edit the mask for the Ingress IP ACL Egress IP ACL Ingress MAC ACL or Egress MAC ACL Configuring Switch ...

Page 80: ...Protocol port of rule must match this bitmask Range 0 65535 Control Bitmask Control flags of rule must match this bitmask Range 0 63 Configuring Switch Using the Web or CLI Web Configure the mask to match the required rules in the IP ingress or egress ACLs Set the mask to check for any source or destination address a specific host address or an address range Include other criteria to search for in...

Page 81: ...ecify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any Source Destination MAC Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format Bitmask A packet format must be specified in the rule Configuring Switch Using the...

Page 82: ...ess Control Lists ACL you can bind the ports that need to filter traffic to the appropriate ACLs You can only bind a port to one ACL for each basic type IP ingress IP egress MAC ingress and MAC egress Follow these guidelines You must configure a mask for an ACL rule before you can bind it to a port This switch supports ACLs for both ingress and egress filtering You can only bind one IP ACL and one...

Page 83: ...ess group david in Console config if 6 8 Configuring IP Filters The switch allows you to create a web browser list of up to 16 IP addresses or IP address groups that are allowed access to the switch via web browser SNMP or Telnet 6 8 1 Guidelines To specify the clients allowed management access enter an IP address to identify a specific host or a range of valid addresses For example IP address 192...

Page 84: ... end address of a range Configuring Switch Using the Web or CLI Web Click Security IP Filter Enter the addresses that are allowed management access to an interface and click Add IP Filtering Entry CLI This example allows SNMP access for a specific client Console config management snmp client 10 1 2 3 Console config end Console show management all client Management Ip Filter Http Client Start ip ad...

Page 85: ...n Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Forced Mode1 Shows the forced preferred port type to use for combination ports 21 24 or 45 48 Copper Forced Copper Preferred Auto SFP Forced SFP P...

Page 86: ...upports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 500 262143 packets per second Flow control Shows if...

Page 87: ...e the Port Configuration or Trunk Configuration page to enable disable an interface set auto negotiation and the interface capabilities to advertise or manually fix the speed duplex mode and flow control Command Attributes Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive...

Page 88: ...verall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Forced Mode Shows the forced preferred port type to use for the combination ports 21 24 or 45 48 Copper Forced Always uses the built in RJ 45 port Copper Preferred Auto Uses the built in RJ 45 port if both co...

Page 89: ...P configured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another device are also configured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than four ports all other ports will be placed in a standby mode Should ...

Page 90: ...e Web or CLI Web Click Port Trunk Membership Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply CLI This example creates trunk 2 with ports 1 and 2 Just connect these ports to two static trunk ports on another switch to form a trunk Console config interface port ...

Page 91: ... available trunk ID If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex by forced either mode or auto negotiation Configuring Switch Using the Web or CLI Web Click Port LACP Configuration Se...

Page 92: ... LACP port Admin Key If the port channel Admin Key is set lacp admin key command then the port Admin Key must be set to the same value for a port to be allowed to join a channel group Note If the port channel admin key lacp admin key command is not set through the CLI when a channel group is formed it has a null value of 0 this key is set to the same value as the port admin key used by the interfa...

Page 93: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply CLI The following example configures LACP parameters for ports 1 6 Ports 1 4 are used as active...

Page 94: ...nel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Ty...

Page 95: ...ce within the channel group Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled For exam...

Page 96: ... a port channel to display the corresponding information Configuring Switch Using the Web or CLI CLI The following example displays the LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Ad...

Page 97: ...rational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protoco...

Page 98: ...faulted distributing collecting synchronization long timeout Oper State distributing collecting synchronization aggregation long timeout LACP activity Console 7 5 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning or if application programs are not well designed or properly configured If there is too much broadcast traffic on your network ...

Page 99: ...ng Switch Using the Web or CLI Web Click Port Port Trunk Broadcast Control Set the threshold and click Apply CLI Specify any interface and then enter the threshold The following disables broadcast storm control for port 1 and then sets broadcast suppression at 600 packets per second for port 2 Console config interface ethernet 1 1 Console config if no switchport broadcast Console config if exit Co...

Page 100: ... the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Target Port The port that duplicates mirrors ...

Page 101: ...t any changes Command Attribute Rate Limit Sets the output rate limit for an interface Default Status Disabled Default Rate 1000 Mbps Range 1 1000 Mbps Configuring Switch Using the Web or CLI Web Click Rate Limit Input Output Port Trunk Configuration Set the Input Rate Limit Status or Output Rate Limit Status then set the rate limit for the individual interfaces and click Apply CLI This example se...

Page 102: ...o prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The number of packets received using the interface that were discarded because of an unknown or unsupported protocol Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a hig...

Page 103: ...han one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a particular interface Frames Too Long A count of frames received on a particular interface that exceed the maximum permitted frame size Deferr...

Page 104: ...ber of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or an alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 1518 Byte Frames The total number of frames including bad packets received...

Page 105: ... FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize pkts 0 Fr...

Page 106: ...s ignored and is not written to the address table Command Attributes Static Address Counts Web Only The number of manually configured addresses Current Static Address Table Lists all the static addresses Interface Port or trunk associated with the device assigned a static address MAC Address Physical address of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Configuring Switch ...

Page 107: ...h this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of addresses dynamically learned Current Dynamic Address Table Lists all the dynamic addresses Configuring Switch Using the Web or CLI Web Click Address Table Dynamic Addresses Specify the search type...

Page 108: ...able Command Attributes Aging Status Enables or disables the aging time Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Configuring Switch Using the Web or CLI Web Click Address Table Address Aging Specify the new aging time click Apply CLI This example sets the aging time to 400 seconds Console config mac address table aging time 400 Conso...

Page 109: ...redefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology RSTP is designed as a general replacement for the slower legacy STP RSTP is also incorporated into MSTP RSTP achieves must faster reconfiguration For example around one tenth of t...

Page 110: ... reconfigured These additional parameters are only displayed for the CLI Spanning tree mode Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w MSTP Multiple Spanning Tree IEEE 802 1s Instance Instance identifier of this spanning tree This is always 0 for the CIST Vlans configuration VLANs assigned to the CIST Priority...

Page 111: ...ch Using the Web or CLI Web Click Spanning Tree STA Information CLI This command displays global STA settings followed by settings for each port Console show spanning tree Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time...

Page 112: ... VLAN unaware devices Priority tagging 10 1 Assigning Ports to VLANs Before enabling VLANs for the switch assign each port to the VLAN group s where it participates By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Use GVR...

Page 113: ...VRP should be configured as static or untagged VLANs for the switch ports connected to these devices see section 10 1 6 Adding Static Members to VLANs VLAN Index You can still enable GVRP on these edge switches as well as on the core switches in the network 10 1 1 Forwarding Tagged Untagged Frames If you want to create a small port based VLAN for devices attached directly to a single switch you ca...

Page 114: ...Configuring Switch Using the Web or CLI Web Click VLAN 802 1Q VLAN Basic Information CLI Enter the following command Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GVRP status Enabled GMRP Disab...

Page 115: ...a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Configuring Switch Using the Web or CLI Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Stat...

Page 116: ...s Current List all the current VLAN groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Statu...

Page 117: ...6 Console config vlan 10 1 6 Adding Static Members to VLANs VLAN Index Use the VLAN Static Table to configure port members for the selected VLAN index Assign ports as tagged if they are connected to 802 1Q VLAN compliant devices or untagged they are not connected to any VLAN aware devices You can also configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via th...

Page 118: ...ort Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration in section 10 1 Assigning VLAN Ports None Interface is not a member of the VLAN Packets associated with this VLAN is not transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on t...

Page 119: ... the Web or CLI Web Open VLAN 802 1Q VLAN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply CLI This example adds Port 3 to VLAN...

Page 120: ... filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP They do affect VLAN dependent BPDU frames such as GMRP GVRP Status Enables disables GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect See...

Page 121: ...e ethernet 1 3 Console config if switchport acceptable frame types tagged Console config if switchport ingress filtering Console config if switchport native vlan 3 Console config if switchport gvrp Console config if garp timer join 20 Console config if garp timer leave 90 Console config if garp timer leaveall 2000 Console config if switchport mode hybrid Console config if 10 2 Configuring Private ...

Page 122: ...5 and 6 as downlinks Console config pvlan uplink ethernet 1 3 4 downlink ethernet 1 5 6 Console config 10 3 Configuring Protocol Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol Thi...

Page 123: ...l group Range 1 2147483647 Frame Type Frame type used by this protocol Options Ethernet RFC_1042 LLC_other Protocol Type The only option for the LLC_other frame type is IPX_raw The options for all other frames types include IP ARP RARP Configuring Switch Using the Web or CLI Web Click VLAN Protocol VLAN Configuration Enter a protocol group ID frame type and protocol type then click Apply CLI The f...

Page 124: ...gged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Command Attributes Interface Port or trunk identifier Protocol Group ID Group identifier of this protocol group Range 1 2147483647 VLAN ID VLAN to which matching ...

Page 125: ...vent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types for example receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used If the output port is an untagged member of the as...

Page 126: ...n strict or Weighted Round Robin WRR Up to eight separate traffic priorities are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table The following table gives information for mapping CoS values to egress queues Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 The priority levels recommended in the IE...

Page 127: ...sole config if queue cos map 2 2 Console config if end Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7 console Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch 11 3 Selecting the Queue Mode You can set the switch to se...

Page 128: ...s switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue As described in section 11 2 Mapping CoS Values to Egress Queues the traffic classes are mapped to one of the eight egress queues provided for each port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequ...

Page 129: ... of a frame using the priority bits in the Type of Service ToS octet or the number of the TCP port If priority bits are used the ToS octet may contain three bits for IP Precedence or six bits for Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output qu...

Page 130: ... following example enables IP Precedence service on the switch Console config map ip precedence Console config 11 5 1 Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The default IP Precedence values are mappe...

Page 131: ...following example globally enables IP Precedence service on the switch maps IP Precedence value 1 to CoS value 0 on port 1 and then displays the IP Precedence settings Console config map ip precedence Console config interface ethernet 1 1 Console config if map ip precedence 1 cos 0 Console config if end Console show map ip precedence ethernet 1 1 Precedence mapping status disabled Port Precedence ...

Page 132: ...s are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low pri...

Page 133: ...1 5 3 Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number For example TCP UDP port number in the frame header Some of the more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority Default Disabled Interface Selects the port or trunk...

Page 134: ... the IP Port Priority settings for that port Console config map ip port Console config interface ethernet 1 5 Console config if map ip port 80 cos 0 Console config if end Console show map ip port ethernet 1 5 TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console 11 6 Mapping CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as...

Page 135: ...les within the specified ACL on port 24 Console config interface ethernet 1 24 Console config if map access list ip bill cos 0 Console config if 11 7 Changing Priorities Based on ACL Rules Change traffic priorities for frames matching the defined ACL rule This is the ACL packet marking feature This switch can change the IEEE 802 1p priority IP Precedence or DSCP Priority of IP frames or change the...

Page 136: ...oint value Range 0 63 802 1p Priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Configuring Switch Using the Web or CLI Web Click Priority ACL Marker Select a port and an ACL rule To specify a ToS priority mark the Precedence DSCP check box select Precedence or DSCP from the scroll down box and enter a priority To specify an 802 1p priority mark the...

Page 137: ...lticast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all ports in the subnet VLAN ...

Page 138: ... Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service This procedure is called multicast filtering 12...

Page 139: ...ad been receiving query packets to have expired Range 300 500 seconds Default 300 IGMP Version Sets the protocol version for compatibility with other devices on the network Range 1 2 Default 2 Notes All systems on the subnet must support the same version Some attributes are only enabled for IGMPv2 including IGMP Report Delay and IGMP Query Timeout Configuring Switch Using the Web or CLI Web Click ...

Page 140: ...y assigned to an interface on this switch Configuring Switch Using the Web or CLI Web Click IGMP Snooping Multicast Router Port Information Select the required VLAN ID from the scroll down list to display the associated multicast routers CLI This example shows that Port 11 has been statically configured as a port attached to a multicast router Console show ip igmp snooping mrouter vlan 1 VLAN M ca...

Page 141: ...rnet 1 11 Console config exit Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Port Type 1 Eth 1 11 Static Console 12 1 4 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific ...

Page 142: ...cipating hosts to a common VLAN and then assign the multicast service to that VLAN group Follow these guidelines Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VL...

Page 143: ...s all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 Console config exit Console show mac address table multicast vlan 1 VLAN M cast IP addr Member ports Type 1 224 1 1 12 Eth1 12 USER 1 224 1 2 3 Eth1 12 IGMP Console ...

Page 144: ...te host name is received by the DNS server on this switch and a domain name list has been specified the switch works through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match When more than one name server is specified the servers are queried in the specified sequence until a response is received or the end of the list ...

Page 145: ...com jp Name Server List 192 168 1 55 10 1 0 55 Console 13 2 Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses 13 2 1 Guidelines Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network Servers or other network d...

Page 146: ... es as a previously configured entry Configuring the Switch Using the Web or CLI Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 Console config ip host rd6 10 1 0 55 Console confi...

Page 147: ...domain name associated with this record Configuring the Switch Using the Web or CLI Web Select DNS Cache CLI This example displays all the resource records learned from the designated name servers Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207 46 134 222 51 www microsoft akadns net 1 4 CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadn...

Page 148: ...n you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session w...

Page 149: ...nd such as parity and databits VLAN Configuration Includes the command to create VLAN groups Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance To enter the Global Configuration mode enter the command configure in Privileged Exec mode The system prompt will change to Console config which gives you access privilege to all Global C...

Page 150: ...res logon access using local or remote authentication also configures port security and IEEE 802 1x port access control Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type SNMP Activates authentication failure traps configures community access strings and trap managers also con...

Page 151: ...r untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP traffic types IP precedence and DSCP Multicast Filtering Configures IGMP multicast filtering query parameters and specifies ports attached to a multicast router IP Interface Configures IP address for the switch The access mode shown in the following tables is indicat...

Page 152: ...sword thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command This command only applies to the serial port LC databits Sets the number of data bits per character that are interpre...

Page 153: ...rom flash memory or a TFTP server PE delete Deletes a file or code image PE dir Displays a list of files in flash memory PE whichboot Displays the files booted PE boot system Specifies the file or image used to start up the system GC 15 3 System Management Commands Use these commands to control system logs passwords user names browser configuration options and display or configure a variety of oth...

Page 154: ...s the system location string GC 15 3 2 User Access Commands The basic commands required for management access are listed in this section This switch also includes other options for password checking through the console or a Telnet connection user authentication through a remote authentication server and host access authentication for specific ports The following table lists the user access command...

Page 155: ...replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes t...

Page 156: ...and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 5194174677298486546861571773939016477935594230357...

Page 157: ... entered into the known host file You do not need to configure the client s keys 15 3 6 Event Logging Commands The following table lists the even logging commands Command Function Mode logging on Controls logging of error messages GC logging history Limits syslog messages saved to switch memory based on severity GC logging host Adds a syslog server host IP address that will receive logging message...

Page 158: ...Shows current SNTP configuration settings NE PE clock timezone Sets the time zone for the switch s internal clock GC Calendar set Sets the system date and time PE show calendar Displays the current date and time setting NE PE 15 3 9 System Status Commands The following table lists the system status commands Command Function Mode show startup config Displays the contents of the configuration file s...

Page 159: ...sing 802 1x 15 4 1 Authentication Sequence The following table lists the authentication sequence commands Command Function Mode authentication login Defines logon authentication method and precedence GC authentication enable Defines the authentication method and precedence for command mode change GC 15 4 2 RADIUS Client Remote Authentication Dial in User Service RADIUS is a logon authentication pr...

Page 160: ...arning function to register all the current VLAN members on the selected port and then enable port security Doing this helps that the port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port Command Function Mode port security Configures a secure port IC mac address table static Maps a static address to a port in a VLAN GC show m...

Page 161: ...ests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters pack...

Page 162: ...the ingress MAC ACL for ingress ports 7 If no explicit rule is matched the implicit default is permit all Masks for Access Control Lists You can specify optional masks that control the order in which ACL rules are checked The switch includes two system default masks that pass filter packets matching the permit deny the rules specified in an ingress ACL You can also configure up to seven user defin...

Page 163: ...list for an interface PE match access list ip Changes the 802 1p priority IP Precedence or DSCP Priority of a frame matching the defined rule For example also called packet marking IC show marking Displays the current configuration for packet marking PE 15 5 2 MAC ACLs The following table lists the MAC access control list commands Command Function Mode access list mac Creates a MAC ACL and enters ...

Page 164: ...rols access to this switch from management stations using the Simple Network Management Protocol SNMP as well as the error types sent to trap managers Command Function Mode snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC snmp server host Speci...

Page 165: ...vers to use for host name to address translation GC ip domain lookup Enables DNS based host name to address translation GC show hosts Displays the static host name to address mapping table PE show dns Displays the configuration for DNS services PE show dns cache Displays entries in the DNS cache PE clear dns cache Clears all entries from the DNS cache PE 15 8 Interface Commands These commands are ...

Page 166: ...t falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Function ...

Page 167: ...void creating a loop A trunk can have up to eight ports The ports at both ends of a connection must be configured as trunk ports All ports in a trunk must be configured in an identical manner including communication mode For example speed duplex mode and flow control VLAN assignments and CoS settings All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a ...

Page 168: ...the address table GC show mac address table aging time Shows the aging time for the address table PE 15 13 Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm STA globally for the switch and commands that configure STA for the selected interface Command Function Mode spanning tree Enables the spanning tree protocol GC spanning tree mode Configures STP R...

Page 169: ...ning tree mst port priority Configures the priority of an instance in the MST IC show spanning tree Shows spanning tree configuration for the common spanning tree For example overall bridge a selected interface or an instance within the multiple spanning tree PE show spanning tree mst configuration Shows the multiple spanning tree configuration PE 15 14 VLAN Commands A VLAN is a group of ports tha...

Page 170: ...s filtering Enables ingress filtering on an interface IC switchport native vlan Configures the PVID native VLAN of an interface IC switchport allowed vlan Configures the VLANs associated with an interface IC switchport gvrp Enables GVRP for an interface IC switchport forbidden vlan Configures forbidden VLANs for an interface IC 15 14 3 Displaying VLAN Information The following table lists the comm...

Page 171: ...VLAN IC show protocol vlan protocol group Shows the configuration of protocol groups PE show interfaces protocol vlan protocol group Shows the interfaces mapped to a protocol group and the corresponding VLAN PE To configure protocol based VLANs follow these steps 1 Configure VLAN groups for the protocols you want to use see 15 14 2 Although not mandatory you should suggest configuring a separate V...

Page 172: ...elative weight of each queue and the mapping of frame priority tags to the switch s priority queues Command Groups Function Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 15 16 1 Priority Commands Layer 2 The foll...

Page 173: ... access list mac Shows CoS value mapped to an access for an interface PE show map ip port Shows the IP port map PE show map ip precedence Shows the IP precedence map PE show map ip dscp Shows the IP DSCP map PE 15 17 Multicast Filtering Commands This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies t...

Page 174: ... Commands Layer 2 The following table lists the IGMP layer 2 query commands Command Function Mode ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC ip igmp snooping query count Configures the query count GC ip igmp snooping query interval Configures the query interval GC ip igmp snooping query max response time Configures the report delay GC ip igmp snooping ro...

Page 175: ...s that exist on another network segment The following table lists the basic IP configuration commands Command Function Mode ip address Sets the IP address for the current interface IC ip default gateway Defines the default gateway through which this switch can reach other subnetworks GC show ip interface Displays the IP settings for this device PE show ip redirects Displays the default gateway con...

Page 176: ...n ACL that filters packets based on the source or destination IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default None Command Mode Global Configuration Usage Guidelines An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the botto...

Page 177: ...s The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by the order of the masks For example the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Example The following is sample ...

Page 178: ...ist To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example The following is sample output from the access list command with the mac argument Console config access list mac james Console config mac acl Related Commands permit deny mac access group show mac access list 16 4 access list mac mask preced...

Page 179: ...k that matches a rule will determine the rule that is applied to a packet Example The following is sample output from the access list command with the mac mask precedence argument Console config access list mac mask precedence in Console config mac mask acl Related Commands mask MAC ACL mac access group 16 5 authentication dot1x default This command sets the default authentication server type Use ...

Page 180: ...the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indica...

Page 181: ...of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequence For example if you enter authentication login radius tacacs local the user name...

Page 182: ...lename Default None Command Mode Global Configuration Usage Guidelines A colon is required after the specified file type If the file contains an error it cannot be set as the default file Example The following is sample output from the boot command with the system argument Console config boot system config startup Console config Related Commands dir whichboot 16 9 bridge ext gvrp This command enab...

Page 183: ...d Console config bridge ext gvrp Console config 16 10 calendar set This command sets the system clock Syntax Description calendar set hour min sec day month year month day year Hour Hour in 24 hour format Range 0 23 Min Minute Range 0 59 Sec Second Range 0 59 Day Day of month Range 1 31 month january february march april may june july august september october november december Year Year 4 digit Ra...

Page 184: ...not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines When auto negotiation is enab...

Page 185: ...t Usage Guidelines When configuring static trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 Console config interface port channel 1 Console config if exit Console config interface ethernet 1...

Page 186: ... the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on port 5 Console clear counters ethernet 1 5 Console 16 14 clear dns cache This command clears all entries in the DNS cache Default None Command Mode Privileged Exec Example The following is sample output from the clear dns cache co...

Page 187: ... all static entries from the DNS table Console clear host Console 16 16 clear logging This command clears messages from the log buffer Syntax Description clear logging flash ram flash Event history stored in flash memory For example permanent memory ram Event history stored in temporary RAM For example memory flushed on power reset Default Flash and RAM Command Mode Privileged Exec Example The fol...

Page 188: ... command using the mac address argument Console clear mac address table dynamic 16 18 clock timezone This command sets the time zone for the switch s internal clock Syntax Description clock timezone name hour hours minute minutes before utc after utc Name Name of timezone usually an acronym Range 1 29 characters Hours Number of hours before after UTC Range 0 12 hours Minutes Number of minutes befo...

Page 189: ... selected for combination ports 21 24 45 48 Use the no form to restore the default mode Syntax Description combo forced mode mode no combo forced mode Mode copper forced Always uses the built in RJ 45 port copper preferred auto Uses the built in RJ 45 port if both combination types are functioning and the RJ 45 port has a valid link sfp forced Always uses the SFP port even if module not installed ...

Page 190: ...h s flash memory and a TFTP server When you save the system code or configuration settings to a file on a TFTP server that file can later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection Syntax Description copy file file running config startup config tftp copy running c...

Page 191: ...ion you must use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must use a direct console connection and access the download menu during a boot up to download the Boot ROM or diagnostic image See Appendix B Upgrading Firmware via the Serial Port for more informaiton For information on specifying an https certificate see section 6...

Page 192: ...ress 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y The following example shows coping a public key used by SSH from an TFTP server Note that public key authentication via SSH is only supported for users configured locally on the switch Console copy tftp public key TFTP server...

Page 193: ...om devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Console config line databits 7 Console config line Related Commands parity 16 23 delete This command deletes a file or image Syntax Description delete filename filename Name of th...

Page 194: ... 24 delete public key Use this command to delete the specified user s public key Syntax Description delete public key username dsa rsa username Name of an SSH user Range 1 8 characters Dsa DSA public key type Rsa RSA public key type Default Deletes both the DSA and RSA key Command Mode Privileged Exec Example The following example shows using the public key command with the dsa argument Console de...

Page 195: ...nsole config interface ethernet 1 24 Console config if description RD SW 3 Console config if 16 26 dir This command displays a list of files in flash memory Syntax Description dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file Config Switch configuration file opcode Run time operation code image file filename Name of the fil...

Page 196: ...artup size byte Unit1 Diag bix Boot Rom image Y 818812 ES4548C_ZZ V0 1 0 2 bix Operation Code Y 2346020 Factory_Default_Config cfg Config File N 374 startup Config File Y 7606 Total free space 3932160 Console 16 27 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics T...

Page 197: ...ed Exec Usage Guidelines Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example The following example show disconnecting session 1 Console disconnect 1 Console Related Commands show ssh show users 16 29 dot1x default This command sets all configurable dot1x global and port set...

Page 198: ...ber of requests to 2 Console config dot1x max req 2 Console config 16 31 dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form without keywords to restore the default to single host Use the no form with the multi host max count keywords to restore the default maximum count Syntax Description dot1x operation mode single hos...

Page 199: ...ption dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients force unauthorized Configures the port to deny access to all clients Default force authorized Command Mode...

Page 200: ... for all ports Use the no form to disable re authentication Syntax Description no dot1x re authentication Command Mode Global Configuration Example Console config dot1x re authentication Console config 16 35 dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset ...

Page 201: ... no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Global Configuration Example Console config dot1x timeout re authperiod 300 Console config 16 37 dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Synt...

Page 202: ... Privilege level to log into the device The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Level 15 Command Mode Normal Exec Usage Guidelines The default password required to change the command mode from Normal Exec to Privileged Exec is super To set this password refer to the enable password command The character i...

Page 203: ...mum length 8 characters plain text 32 encrypted case sensitive Default The default is level 15 The default password is super Command Mode Global Configuration Usage Guidelines You must enter a password to change the command mode from Normal Exec to Privileged Exec using the enable command The encrypted password is required for compatibility with legacy password settings for example plain or encryp...

Page 204: ...tected Use the no form to restore the default Syntax Description exec timeout seconds no exec timeout seconds Integer that specifies the number of seconds Range 0 65535 seconds 0 no timeout Default CLI No timeout Telnet 10 minutes Command Line Configuration Usage Guidelines If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This comma...

Page 205: ...Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command...

Page 206: ...Console config if Related Commands negotiation capabilities flowcontrol symmetric 16 44 garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax Description garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Ranges join 20 100...

Page 207: ...eet the following criteria leave 2 x join leaveall leave Note To avoid problems set GVRP timers on all Layer 2 devices connected in the same network to the same values Example Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Related Commands show garp timer 16 45 hostname This command specifies or modifies the host name for this device Use the no form t...

Page 208: ... 1 port Port number port channel channel id Range 1 6 Vlan vlan id Range 1 4094 Default None Command Mode Global Configuration Example To specify port 24 enter the following command Console config interface ethernet 1 24 Console config if 16 47 interface vlan This command enters interface configuration mode for VLANs which is used to configure VLAN parameters for a physical interface Syntax Descri...

Page 209: ...l_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default None Command Mode Interface Configuration Ethernet Usage Guidelines A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch replaces the old binding wi...

Page 210: ...the network You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Nothing outside this format will be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been received R...

Page 211: ...te Syntax Description ip default gateway gateway no ip default gateway gateway IP address of the default gateway Default No static route is established Command Mode Global Configuration Usage Guidelines Define the gateway first if the management station is located in a different IP segment Example The following example defines a default gateway for this device Console config ip default gateway 10 ...

Page 212: ... command Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode Dhcp Console Related Commands ip address show ip interface 16 52 ip domain list This command defines a list of domain names that can be appended to incomplete host names For e...

Page 213: ...domain names to the current list and then displays the list and uses the show dns command to confirm the configuration Console config ip domain list sample com jp Console config ip domain list sample com uk Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List Console Related Commands ip do...

Page 214: ...5 Console Related Commands ip domain name ip name server show dns 16 54 ip domain name This command defines the default domain name appended to incomplete host names For example host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name Syntax Description ip domain name name no ip domain name name Name of the host Do not include th...

Page 215: ...Name of the host Range 1 64 characters address1 Corresponding IP address address2 address8 Additional corresponding IP addresses Default No static entries Command Mode Global Configuration Usage Guidelines Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try ...

Page 216: ... Syntax Description ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default 80 Command Mode Global Configuration Example The following example shows setting the ip http port to 769 Console config ip http port 769 Console config Related Commands ip http server 16 57 ip http secure port This command specifies the UDP port number use...

Page 217: ... port number in the URL in this format https device port_number Example The following example shows setting the secure port to port 1000 Console config ip http secure port 1000 Console config Related Commands ip http secure server 16 58 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access For example an enc...

Page 218: ...padlock icon should appear in the status bar for Internet Explorer 5 x and Netscape Navigator 4 x or later versions Jaci Verify this The following Web browsers and operating systems currently support HTTPS Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Netscape Navigator 4 76 or later Windows 98 Windows NT with service...

Page 219: ...mand enables IGMP snooping on this switch Use the no form to disable it Syntax Description no ip igmp snooping Default Enabled Command Mode Global Configuration Example The following example enables IGMP snooping Console config ip igmp snooping Console config 16 61 ip igmp snooping querier This command enables the switch as an IGMP source that queries other IGMP hosts Use the no form to disable it...

Page 220: ...h there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default 2 times Command Mode Global Configuration Usage Guidelines The query count defines how long the IGMP query source waits for a response from a multicast client before taking action If queries were sent and the client has not responded a countdown timer is started using the time d...

Page 221: ...e The following shows how to configure the query interval to 100 seconds Console config ip igmp snooping query interval 100 Console config 16 64 ip igmp snooping query max response time This command configures the query report delay Use the no form to restore the default Syntax Description ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The repo...

Page 222: ...ime 20 Console config Related Commands ip igmp snooping version 16 65 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax Description ip igmp snooping router port expire time seconds no ip igmp snooping router port expire time seconds The time the switch waits before it considers the router port for example the interface ...

Page 223: ...at only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 Console config ip igmp snooping version 1 Console config 16 67 ip igmp snooping vlan mrouter This command statically configures a multica...

Page 224: ... that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config 16 68 ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax Description no ip igmp snooping vlan vlan id stati...

Page 225: ...domain name server server address2 server address6 IP address of additional domain name servers Default None Command Mode Global Configuration Usage Guidelines The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Example This example adds two domain name servers to the list and then displays the list Use the s...

Page 226: ...ries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default 3 Command Mode Global Configuration Example The following example shows setting the SSH server to stop after the third attempt Console config ip ssh authentication retires 2 Console config Related Commands show ip ssh 16 71 ip ssh crypto host key generate Use this command to generate the...

Page 227: ...must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Console ip ssh crypto host key generate dsa Console Related Commands ip ssh crypto zeroize ip ssh save host key 16 72 ip ssh crypto zeroize Use this command to clear the host key from memory Fo...

Page 228: ...elated Commands ip ssh crypto host key generate ip ssh save host key no ip ssh server 16 73 ip ssh save host key Use this command to save host key from RAM to flash memory Syntax Description ip ssh save host key Default Save Command Mode Privileged Exec Example Console ip ssh save host key Console Related Commands ip ssh crypto host key generate 16 74 ip ssh server Use this command to enable the S...

Page 229: ...tes with the client to select either DES 56 bit or 3DES 168 bit for data encryption You must generate the host key before enabling the SSH server Example Console configure Console config ip ssh server Console config Related Commands ip ssh crypto host key generate show ssh 16 75 ip ssh server key size Use this command to set the SSH server key size Use the no form to restore the default setting Sy...

Page 230: ...ult setting Syntax Description ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default 10 seconds Command Mode Global Configuration Usage Guidelines The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user i...

Page 231: ... and destination end nodes such as a computer or server must support this feature In addition when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size For half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames limits the maximum threshold for bro...

Page 232: ...ommand shows that Trunk1 has been established Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic info...

Page 233: ... 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next time an ...

Page 234: ...d the group Note that when the LAG is no longer used the port channel admin key is reset to 0 Example Console config interface port channel 1 Console config if lacp admin key 3 Console config if 16 81 lacp port priority This command configures LACP port priority Use the no form to restore the default setting Syntax Description lacp actor partner port priority priority no lacp actor partner port pr...

Page 235: ...ctor partner system priority actor Use this to set the local side an aggregate link partner Use this to set the remote side of an aggregate link priority Use this to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Command Mode Interface Configuration Ethernet Usage Guidelines You must configure the po...

Page 236: ...d is shown as Vty in screen displays such as show users The serial communication parameters for example databits do not affect Telnet connections Example To enter console line mode enter the following command Console config line console Console config line Related Commands show line show users 16 84 logging facility This command sets the facility type for remote logging of syslog messages Use the ...

Page 237: ... the default level Syntax Description logging history flash ram level no logging history flash ram flash Event history stored in flash memory For example permanent memory ram Event history stored in temporary RAM For example memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 The following table gives information on ...

Page 238: ...level specified for flash memory must be a higher priority for example numerically lower than that specified for RAM Example Console config logging history ram 0 Console config 16 86 logging host This command adds a syslog server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax Description no logging host host_ip_address host_ip_address The I...

Page 239: ...iption no logging on Default None Command Mode Global Configuration Usage Guidelines The logging process controls error messages saved to switch memory You can use the logging history command to control the type of error messages that are stored Example Console config logging on Console config Related Commands logging history clear logging 16 88 logging sendmail This command enables SMTP event han...

Page 240: ...ge 1 41 characters Default None Command Mode Global Configuration Usage Guidelines You can specify up to five recipients for alert messages To do this you must enter a separate command to specify each recipient Example Console config logging sendmail destination email ted this company com Console config 16 90 logging sendmail host This command specifies SMTP servers that will be sent alert message...

Page 241: ...ered if the switch cannot successfully open a connection Example Console config logging sendmail host 192 168 1 19 Console config 16 91 logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax Description logging sendmail level level level One of the system message levels Messages sent include the selected level down to level 0 Range 0 7 For more inform...

Page 242: ...ws setting to system to send email alerts for system alerts for emails received from a specific address Console config logging sendmail source email bill this company com Console config 16 93 logging trap This command enables the logging of system messages to a remote server or limits the syslog messages saved to a remote server based on severity Use this command without a specified level to enabl...

Page 243: ...ne configuration command When using this method the management interface starts in Normal Exec NE mode login local Selects authentication via the user name and password specified by the username command For example default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login...

Page 244: ... Guidelines A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch replaces the old binding with the new one Example Console config interface ethernet 1 25 Console config if mac access group james in Console config if Related Commands show mac access list 16 96 mac address table aging time This command sets the aging time for entries ...

Page 245: ... to a destination port in a VLAN Use the no form to remove an address Syntax Description mac address table static mac address interface interface vlan vlan id action no mac address table static mac address vlan vlan id mac address The MAC address interface Is ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 vlan id VLAN ID Range 1 4094 Action Specify dele...

Page 246: ...ng is sample output from the mac address table command using the static argument Console config mac address table static 00 e0 29 94 34 de interface ethernet 1 1 vlan 1 delete on reset 16 98 management This command specifies the client IP addresses that are allowed management access to the switch through various protocols Use the no form to restore the default setting Syntax Description no managem...

Page 247: ... range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This example restricts management access to the indicated addresses Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console Related Commands show management 16 99 map ac...

Page 248: ...ACL This command defines a mask for IP ACLs This mask defines the fields to check in the IP header Use the no form to remove a mask Syntax Description no mask protocol any host source bitmask any host destination bitmask precedence tos dscp source port port bitmask destination port port bitmask control flag flag bitmask protocol Check the protocol field any Any address will be matched host The add...

Page 249: ...ly to packets with a header length of exactly five bytes Example This example creates an IP ingress mask with two rules Each rule is checked in order of precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet Console config access list ip mask precedence in Console config ip mask acl mask host any Console config ip mask acl mask 255 255 25...

Page 250: ...config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list A3 deny host 171 69 198 5 any deny 171 69 198 0 255 255 255 0 any source port 23 Console config Console config access list ip mask precedence out Console config ip mask acl mask 255 255 255 0 any source port ...

Page 251: ...ethernet 1 1 Console config if ip access group A6 in Console config if end Console show access list IP extended access list A6 deny tcp any any control flag 2 2 permit any any IP ingress mask ACL mask protocol any any control flag 2 Console 16 101 map access list mac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet ...

Page 252: ... Use the no form to disable IP DSCP mapping Syntax Description no map ip dscp Default Disabled Command Mode Global Configuration Usage Guidelines The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following ...

Page 253: ...46 56 7 Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the...

Page 254: ... example shows how to enable TCP UDP port mapping globally Console config map ip port Console config 16 105 map ip port Interface Configuration This command enables IP port mapping For example TCP UDP port priority Use the no form to remove a specific setting Syntax Description map ip port port number cos cos value no map ip port port number port number The 16 bit TCP UDP port number Range 1 65535...

Page 255: ...ration Usage Guidelines The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally Console config map ip precedence Console config 16 107 map ip p...

Page 256: ...he eight hardware priority queues This command sets the IP Precedence for all interfaces Example The following example shows how to map IP precedence value 1 to CoS value 0 Console config interface ethernet 1 5 Console config if map ip precedence 1 cos 0 Console config if 16 108 mask MAC ACL This command defines a mask for MAC ACLs This mask defines the fields to check in the packet header Use the...

Page 257: ...bound masks before mapping an ACL to an interface Example This example shows how to create an Ingress MAC ACL and bind it to a port You can then see that the order of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit any any Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 Console config mac acl end Console ...

Page 258: ...ut Console config if end Console show access list MAC access list M5 deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 deny tagged 802 3 host 00 11 11 11 11 11 any MAC ingress mask ACL mask pktformat host any vid ethertype Console 16 109 match access list ip This command changes the IEEE 802 1p priority IP Precedence or DSCP Priority of a frame matching the defined ACL rule This fea...

Page 259: ...dscp keywords The IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Example Console config interface ethernet 1 12 Console config if match access list ip bill set dscp 0 Console config if Related Commands show marking 16 110 match access list mac This command chang...

Page 260: ...spanning tree Range 1 40 Default 20 Command Mode MST Configuration Usage Guidelines A MSTI region is treated as a single node by the STP and RSTP protocols Therefore the message age for BPDUs inside a MSTI region is never changed Each spanning tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that...

Page 261: ...r example lowest numerical value becomes the MSTI root device If all devices have the same priority the device with the lowest MAC address will then become the root device You can set this switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate device by specifying a priority of 16384 Example Console config mstp mst 1 priority 4096 Console config mstp 16 113 ms...

Page 262: ... MSTI Region see the name command with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example Console config mstp mst 1 vlan 2 5 Console config mstp 16 114 name This command configures the name for the multiple spanning tree region in which this...

Page 263: ...es command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration is also disabled for the RJ 45 ports Example The following example configures port 11 to use autonegotiation Console config interface ethernet 1 11 Console config if negotiation Console confi...

Page 264: ...and specifies the password for a line Use the no form to remove the password Syntax Description password 0 7 password no password 0 7 0 means plain password 7 means encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default No password is specified Command Mode Line Configuration Usage Guidelines When a c...

Page 265: ...assword intrusion threshold which limits the number of failed logon attempts Use the no form to remove the threshold value Syntax Description password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default The default is three attempts Command Mode Line Configuration Usage Guidelines When the logon attempt threshold is reached the s...

Page 266: ...n port dport port bitmask no permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bi...

Page 267: ...gned You can specify both Precedence and ToS in the same rule If DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2...

Page 268: ...access list ip 16 120 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address For example physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax Description no permit deny any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethe...

Page 269: ...f hex 1 means care and 0 means ignore Default None Command Mode MAC ACL Usage Guidelines New rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from a...

Page 270: ... subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific addr...

Page 271: ...al response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Example Console ping 10 1 0 9 Type ESC to abort ...

Page 272: ...tatus Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Usage Guidelines If you enable port security the switch stops dynamically learning new addresses on the specified port Only incoming traffic with source addresses already stored in the dynamic or static address table are accepted To use port security first allow the switch to dynamically learn the source M...

Page 273: ...ity violation to issue a trap message Console config interface ethernet 1 5 Console config if port security action trap Related Commands shutdown mac address table static show mac address table 16 124 prompt This command customizes the CLI prompt Use the no form to restore the default prompt Syntax Description prompt string no prompt string Any alphanumeric string to use for the CLI prompt Maximum...

Page 274: ...p rarp Default No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type ethernet protocol type ip Console config protocol vlan protocol group 1 add frame type ethernet protocol type arp Console config 16 126 protocol vla...

Page 275: ...ame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 Console config interface ethernet 1 1 Console co...

Page 276: ...1 4 16 128 queue bandwidth This command assigns weighted round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax Description queue bandwidth weight1 weight4 no queue bandwidth weight1 weight4 The ratio of weights for queues 0 3 determines the weights used by the WRR scheduler Range 1 15 Default Weights 1 2 4 6 8 10 12 14 are a...

Page 277: ...in queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines CoS values assigned at the ingress port are also used at the egress port This com...

Page 278: ...respectively Default Weighted Round Robin Command Mode Global Configuration Usage Guidelines You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that dete...

Page 279: ...us server host This command specifies the RADIUS server Use the no form to restore the default Syntax Description radius server host host_ip_address no radius server host host_ip_address IP address of server Default 10 1 0 1 Command Mode Global Configuration Example Console config radius server host 192 168 1 25 Console config 16 133 radius server key This command sets the RADIUS encryption key Us...

Page 280: ...nd sets the RADIUS server network port Use the no form to restore the default Syntax Description radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default 1812 Command Mode Global Configuration Example Console config radius server port 181 Console config 16 135 radius server retransmit This command sets the number...

Page 281: ... form to restore the default Syntax Description radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default 5 Command Mode Global Configuration Example Console config radius server timeout 10 Console config 16 137 rate limit This command defines the rate limit for a specific inter...

Page 282: ...s the system Note When the system is restarted it runs the Power On Self Test It retains all configuration information stored in non volatile memory by the copy running config startup config command Default None Command Mode Privileged Exec Usage Guidelines This command resets the entire system Example This example shows how to reset the switch Console reload System will be restarted continue y n ...

Page 283: ...tion all bridges in the same region must be configured with the same MST instances Example Console config mstp revision 1 Console config mstp Related Commands name 16 140 show access group This command shows the port assignments of ACLs Command Mode Privileged Executive Example The following is sample output from the show access group command Console show access group Interface ethernet 1 25 IP st...

Page 284: ...0 255 any protocol tcp control code 2 2 MAC access list jerry permit any 00 30 29 94 34 de ethertype 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any IP ingress mask ACL mask protocol any any control flag 2 Console 16 142 show access list ip mask precedence This command shows the ingress or egress rule masks for IP ACLs Syntax Description show access list ip mask pre...

Page 285: ...ut from the show access list mac mask precedence command Console show access list mac mask precedence MAC egress mask ACL mask pktformat host any vid ethertype Console Related Commands mask MAC ACL 16 144 show bridge ext This command shows the configuration for bridge extension commands Default None Command Mode Privileged Exec Usage Guidelines See section 10 1 3 Displaying Basic VLAN Information ...

Page 286: ...ndar This command displays the system clock Default None Command Mode Normal Exec Privileged Exec Example The following is sample output from the show calendar command Console show calendar 15 12 34 February 1 2004 Console 16 146 show dns This command displays the configuration of the DNS server Command Mode Privileged Exec Example The following is sample output from the show dns command Console s...

Page 287: ...t 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Field Description NO The entry number for each resource record FLAG The flag is always 4 indicating a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifi...

Page 288: ...mpts 802 1X Port Summary Displays the port access control parameters for each interface including the following items Status Administrative state for port access control Operation Mode Dot1x port operation mode command Mode Dot1x port control mode command Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays detailed port access control settings for each interface ...

Page 289: ...sample output from the show dot1x command Console show dot1x Global 802 1X Parameters reauth enabled yes reauth period 3600 quiet period 60 tx period 30 supp timeout 30 server timeout 30 reauth max 2 max req 2 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 47 disabled Single Host ForceA...

Page 290: ...e GARP timers for the selected interface Syntax Description show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Shows all GARP timers Command Mode Normal Exec Privileged Exec Example The following is sample output from the show garp timer command Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join t...

Page 291: ...al Exec Privileged Exec Example The following is sample output from the show gvrp configuration command Console show gvrp configuration ethernet 1 7 Eth 1 7 Gvrp configuration Disabled Console 16 151 show history This command shows the contents of the command history buffer Default None Command Mode Normal Exec Privileged Exec Usage Guidelines The history buffer size is fixed at 10 Execution comma...

Page 292: ...nd repeats the second command in the Execution history buffer config Console 2 Console config Console config 16 152 show hosts This command displays the static host name to address mapping table Command Mode Privileged Exec Example The following is sample output from the show hosts command Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously co...

Page 293: ...ut 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Interna...

Page 294: ...r all interfaces is displayed Command Mode Privileged Exec Example The following is sample output from the show interfaces protocol vlan protocol group command This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID Vlan ID Eth 1 1 1 vlan2 Console 16 155 show int...

Page 295: ...ormation Port type 1000T Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status Up Operation speed duplex ...

Page 296: ... status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All frames Native VLAN 1 Priority for untagged traffic 0 Gvrp status Disabled Allowed Vlan 1 u Forbidden Vlan Console Field Description Broadcast threshold Shows if broadcast storm suppression is enabled or disable...

Page 297: ...his interface can not dynamically join via GVRP 16 157 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example The following is sample output from the show ip access group command Console show ip access group Interface ethernet 1 25 IP access list david in Console Related Commands ip access group 16 158 show ip access list This command displays th...

Page 298: ...delines See section 12 1 1 Configuring IGMP Snooping and Query Parameters for a description of the displayed items Example The following is sample output from the show ip igmp snooping command Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query interval 125 sec Query max response time 10 sec Router port expire time 300 sec IGMP snooping version Version 2...

Page 299: ...ort 11 in VLAN 1 is attached to a multicast router Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Port Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console 16 161 show ip interface This command displays the settings of an IP interface Default All interfaces Command Mode Privileged Exec Example The following is sample output from the show ip interface command Console show ip interface...

Page 300: ...show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example The following is sample output from the show ip ssh command Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console 16 164 show lacp This command displays LACP inform...

Page 301: ...g table describes fields shown in the show lacp counter display Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts N...

Page 302: ... Oper State Administrative or operational vales of the actor s parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled For example distribution is currently disabled and is ...

Page 303: ...ggregation long timeout LACP activity The following table describes fields shown in the show lacp neighbor display Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Numb...

Page 304: ...n the show lacp sysid display Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group The LACP system priority and system MAC address are concatenated to form the LAG system ID System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID 16 165 ...

Page 305: ...w logging flash ram sendmail trap Flash Event history stored in flash memory For example permanent memory Ram Event history stored in temporary RAM For example memory flushed on power reset Sendmail Displays settings for the SMTP event handler trap Displays settings for the trap function Default None Command Mode Privileged Exec Example The following is sample output from the show logging command ...

Page 306: ...0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console The following table show logging traps output Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type ...

Page 307: ...ource email address bill this company com SMTP status Enable Console 16 168 show mac access group This command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example The following is sample output from the show mac access group command Console show mac access group Interface ethernet 1 5 MAC access list M5 out Console Related Commands mac access group 16 169 show mac access list...

Page 308: ... deny mac access group 16 170 show mac address table This command shows classes of entries in the bridge forwarding database Syntax Description show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit This is device 1 port Port number port channel channel ...

Page 309: ...0 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example The following is sample output from the show mac address table command Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 e0 29 94 34 de 1 Delete on reset Console 16 171 show mac address table aging time This command shows the aging time for entries in th...

Page 310: ...is shows the multicast entries learned through IGMP snooping for VLAN 1 Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console 16 173 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax Des...

Page 311: ...ax Description show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example The following is sample output from the show map access list mac command Console show map access list mac Access list to COS of Eth 1 5 Access list M5 cos 0 Console Related Commands map access list mac 16 175 show map ip dscp This command shows ...

Page 312: ... 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Related Commands map ip dscp Global Configuration map ip dscp Interface Configuration 16 176 show map ip port This command shows the IP port priority map Syntax Description show map ip port interface interface ethernet unit port unit This is device 1 port Por...

Page 313: ...ip port Global Configuration map ip port Interface Configuration 16 177 show map ip precedence This command shows the IP precedence priority map Syntax Description show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default None Command Mode Privileged Exec Example The following is sample output from the show map ip...

Page 314: ...client http client snmp client telnet client all client Adds IP address es to the SNMP Web and Telnet groups http client Adds IP address es to the Web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example The following is sample output from the show management command Console show management all client Manag...

Page 315: ...leged Exec Example The following is sample output from the show marking command Console show marking Interface ethernet 1 12 match access list IP bill set DSCP 0 match access list MAC a set priority 0 Console Related Commands match access list ip 16 180 show port monitor This command displays mirror information Syntax Description show port monitor interface interface ethernet unit port source port...

Page 316: ... Mirroring Destination port listen port Eth1 1 Source port monitored port Eth1 6 Mode RX TX Console 16 181 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax Description show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default All protocol groups are displayed Command Mo...

Page 317: ...us Example The following is sample output from the show public key command Console show public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868544358 3616519999233297817660658309586108259132128902337654680172627257141342876294130 1196195566782595664104869574278881462065194174677298486546861571773939016477935 594230357741309802273708779454524083971...

Page 318: ... port Ethernet 1 24 Down link port Ethernet 1 1 Ethernet 1 2 Ethernet 1 3 Ethernet 1 4 Console 16 184 show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default None Command Mode Privileged Exec Example The following is sample output from the show queue bandwidth command Console show queue bandwidth Information of Eth 1 1 Queu...

Page 319: ... Command Mode Privileged Exec Example The following is sample output from the show queue cos map command Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7 Console 16 186 show queue mode This command shows the current queue mode Default None Command Mode Privileged Exec Example The following is sample output from the show queue m...

Page 320: ...ntly in use Default None Command Mode Privileged Exec Usage Guidelines Use this command in conjunction with the show startup config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands Th...

Page 321: ...ame admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca logging sendmail destination email ted logging sendmail source email bill vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configur...

Page 322: ... has been enabled with the snmp server enable traps command Example The following is sample output from the show snmp command Console show snmp System Contact Paul System Location WC 19 SNMP traps Authentication enable Link up down enable SNMP communities 1 alpha and the privilege is read write 2 private and the privilege is read write 3 public and the privilege is read only 0 SNMP packets input 0...

Page 323: ... used for sending time synchronization requests when the switch is set to SNTP client mode and the current SNTP mode For example client or broadcast Example The following is sample output from the show sntp command Console show sntp Current time Jul 10 05 13 28 2003 Poll interval 16 Current mode broadcast Console 16 191 show spanning tree This command shows the configuration for the common spannin...

Page 324: ...ning tree information see Chapter 3 Configuring Global Settings For a description of the items displayed for specific interfaces refer to section 3 1 5 Displaying Interface Settings Example The following is sample output from the show spanning tree command Console show spanning tree Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration...

Page 325: ...Tree Status enable Console 16 192 show spanning tree mst configuration This command shows the configuration of the multiple spanning tree Syntax Description show spanning tree mst configuration Command Mode Privileged Exec Example The following is sample output from the show spanning tree mst configuration command Console show spanning tree mst configuration Mstp Configuration Information Configur...

Page 326: ... negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1...

Page 327: ...ning config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID...

Page 328: ...s level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface vlan 1 ip address 10 1 0 1 255 255 255 0 no spanning tree no ip igmp snoopin...

Page 329: ...m description 44 10 100 1000 ports 4 Gigabit Combo ports L2 L4 managed standalone switch System OID string 1 3 6 1 4 1 259 6 10 51 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 30 f1 47 58 3a Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST result UA...

Page 330: ...nd IP address of Telnet client Default None Command Mode Normal Exec Privileged Exec Usage Guidelines The session used to execute this command is indicated by a symbol next to the Line For example session index number Example The following is sample output from the show users command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None Online users Line Use...

Page 331: ...A Number of ports 48 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 1 0 0 1 Boot rom version 1 0 0 1 Operation code version 1 1 0 13 Console 16 199 show vlan This command shows VLAN information Syntax Description show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4094 no leading zeroe...

Page 332: ... a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 5 Console config if shutdown Console config if 16 201 silent time This command sets the amount of time the management console is inaccessible afte...

Page 333: ...n snmp server community string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able...

Page 334: ...ation Syntax Description snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 characters Default None Command Mode Global Configuration Example The following is sample output from the snmp server contact command Console config snmp server contact Paul Console config Related Commands snmp server location 16 204 snmp server ...

Page 335: ...rver host command to specify which host or hosts receive SNMP notifications In order to send notifications you must configure at least one snmp server host command Example The following is sample output from the snmp server enable traps command Console config snmp server enable traps link up down Console config Related Commands snmp server host 16 205 snmp server host This command specifies the re...

Page 336: ...able traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP version 1 or version 2c notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host c...

Page 337: ...rs using the multicast address 224 0 1 1 Use the no form to disable SNTP broadcast client mode Syntax Description no sntp broadcast client Default Disabled Command Mode Global Configuration Example The following is sample output from the sntp broadcast client command Console config sntp broadcast client Console 16 208 sntp client This command enables SNTP client requests for time synchronization f...

Page 338: ...lient mode when the first sntp client command is issued If the sntp broadcast client command is issued then the no sntp broadcast client command must be used to return the switch to SNTP client mode Example The following is sample output from the sntp client command Console config sntp server 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Curr...

Page 339: ...time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax Description sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default None Command Mode Global Configuration Usage Guidelines This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The...

Page 340: ...kup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links that automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algori...

Page 341: ...ath between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method command is used and is set to short the maximum value for path cost is 65 535 Example The following is sample output from the spanning tree cost command Console conf...

Page 342: ... sample output from the spanning tree edge port command Console config interface ethernet ethernet 1 5 Console config if spanning tree edge port Console config if Related Commands spanning tree portfast 16 214 spanning tree forward time This command configures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax Description spanning tree forw...

Page 343: ...seconds The maximum value is the lower of 10 or max age 2 1 Default 2 seconds Command Mode Global Configuration Usage Guidelines This command sets the time interval in seconds at which the root device transmits a configuration message Example The following is sample output from the spanning tree hello time command Console config spanning tree hello time 5 Console config 16 216 spanning tree link t...

Page 344: ...t links between two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restriction applies Example The following is sample output from the spanning tree link type command Console config interface ethernet ethernet 1 5 Console config if spanning tree link type point to point 16 217 spanning tree mst cost This command configures the path c...

Page 345: ...interfaces with slower media Path cost takes precedence over interface priority Example The following is sample output from the spanning tree mst cost command Console config interface ethernet ethernet 1 5 Console config if spanning tree mst 1 cost 50 Console config if Related Commands spanning tree mst port priority 16 218 spanning tree mst port priority This command configures the interface prio...

Page 346: ... if spanning tree mst 1 port priority 0 Console config if Related Commands spanning tree mst cost 16 219 spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax Description spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum value is the higher...

Page 347: ...he internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops which isolates group members To presvent this select the MSTP option operating multiple VLANs Rapid Spanning Tree Protocol RSTP supports conne...

Page 348: ...or the previous mode and restarts the system in the new mode temporarily disrupting user traffic Example This example configures the switch to use Rapid Spanning Tree Console config spanning tree mode rstp Console config 16 221 spanning tree mst configuration Use this command to change to Multiple Spanning Tree MST configuration mode Default No VLANs are mapped to any MST instance The region name ...

Page 349: ...he path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost takes precedence over port priority Example The following is sample output from the spanning tree pathcost method command Console config spanning tree pathcost method long Console...

Page 350: ...this command may be removed for future software versions Example The following is sample output from the spanning tree portfast command Console config interface ethernet 1 5 Console config if bridge group 1 portfast Console config if Related Commands spanning tree edge port 16 224 spanning tree port priority This command configures the priority for the specified interface Use the no form to restor...

Page 351: ...92 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 Command Mode Global Configuration Usage Guidelines Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device If all devices have the same priority the device with the lowest MAC address will then become the root dev...

Page 352: ...ion limit This command configures the minimum interval between the transmissions of consecutive RSTP MSTP BPDUs Use the no form to restore the default Syntax Description spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default 3 Command Mode Global Configuration Usage Guidelines This command limits the maximum transmissio...

Page 353: ...t might not be supported The system indicates if the speed you selected is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly Example To specify 57600 bps enter this command Console config line speed 57600 Console config line 16 229 speed duplex This command configures the speed and dup...

Page 354: ...ion on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation the required mode must be specified in the capabilities list for an interface Example This example configures port 5 to 100 Mbps half duplex operation Console config interface ethernet 1 5...

Page 355: ... frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default All frame types Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following is sample output from the switchport acceptable frame types com...

Page 356: ...gned to at least one VLAN as untagged If a trunk has switchport mode set to trunk For example 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress If none of the intermediate network de...

Page 357: ...hernet Usage Guidelines When broadcast traffic exceeds the specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface The specified threshold value applies to all ports on the switch Example This shows how to configure broadcast storm control at 600 packets per second Console config interface ethernet 1 5 Conso...

Page 358: ...nterface then you cannot add it to the set of forbidden VLANs for that same interface Example The following is sample output from the switchport forbidden vlan command This example shows how to prevent port 1 from being added to VLAN 3 Console config interface ethernet 1 1 Console config if The following is sample output from the XXX command with the XXX argument Console config if 16 235 switchpor...

Page 359: ... a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA They do affect VLAN dependent BPDU frames such as GMRP Example This example shows how to set the interface to port 1 and then enable ingress filtering Console config interface ethernet 1 1 Console config if switchport ingress filtering Console config if 16 237 switchport mode...

Page 360: ...figures the PVID For example default VLAN ID for a port Use the no form to restore the default Syntax Description switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Usage Guidelines If an interface is not a member of VLAN 1 and you assign its PVID to thi...

Page 361: ...t priority The default priority applies for an untagged frame received on a port set to accept all frame types for example receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight priority queues for each port It is conf...

Page 362: ...iguration Example Console config tacacs server host 192 168 1 25 Console config 16 241 tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax Description tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters D...

Page 363: ...es or changes a user s password or specify that no password is required or specifies or changes a user s access level Use the no form to remove a user name Syntax Description username name access level level nopassword password 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 level Specifies the user level The device has two predef...

Page 364: ...et the access level and password for a user Console config username bob access level 15 Console config username bob password 0 smith Console config 16 244 vlan database This command enters VLAN database mode All commands in this mode take effect immediately Default None Command Mode Global Configuration Usage Guidelines Use the VLAN database command mode to add change and delete VLANs After finish...

Page 365: ... Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Usage Guidelines no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state For example active You ...

Page 366: ...nd Mode Privileged Exec Example This example shows the information displayed by the whichboot command See the dir command for a description of the file information displayed by this command Console whichboot file name file type startup size byte Unit1 Diag bix Boot Rom image Y 818812 ES4548C_ZZ V0 1 0 2 bix Operation Code Y 2346020 startup Config File Y 7606 Console ...

Page 367: ...xample with or without flow control Clicking on the image of a port opens the Port Configuration page as described in section 7 2 Configuring Interface Connections A 1 3 Main Menu Using the onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions This chapter describes how to use the Command Line Interface CLI and provides an ...

Page 368: ...er names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode For example Privileged Exec When the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode For example Normal Exec 2 Enter the necessary command...

Page 369: ...s mode For example Privileged Exec or Vty 0 for the guest to show that you are using normal access mode For example Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Username admin Password CLI session with the 44 10 100 1000 ports 4 Gigabit Combo ports...

Page 370: ...character to list keywords or parameters A 7 4 Showing Commands If you enter a at the command prompt the system will display the first level of keywords for the current command class Normal Exec or Privileged Exec or configuration class Global ACL Interface Line VLAN Database or MSTP You can also display a list of valid keywords for a specific command For example the command show displays a list o...

Page 371: ...For example s shows all the keywords starting with s Console show s snmp sntp spanning tree ssh startup config system console show s A 7 6 Negating the Effect of Commands For many configuration commands you can enter the prefix keyword no to cancel the effect of a command or reset the configuration to the default value For example the logging command will log system messages to a host server To di...

Page 372: ...s cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters the last command Ctrl R Repeats current command line on a new line Ctrl U Deletes from the cursor to the beginning of the line Ctrl W Deletes the last word typed Esc B Moves...

Page 373: ...s 1 stop bit no parity and set flow control to none B 1 Power Cycle the Switch When the switch initialization screen appears enter firmware download mode by pressing Ctrl and u immediately after power on or rebooting the switch Screen text similar to that shown below displays File Name S Up Type Size Create Time logfile_1 0 3 64 00 00 07 logfile_2 0 3 64 00 00 12 diag_0070 0 1 96500 00 06 37 diag_...

Page 374: ...oad loader code files Specify a name for the downloaded code file File names are case sensitive should be from 1 to 31 characters not contain slashes or and the leading letter of the file name should not be a period Valid characters A Z a z 0 9 _ For example the following screen text shows the download procedure for a runtime code file Select R Xmodem Receiving Start Image downloaded to buffer R u...

Page 375: ...ol Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Protocol Spanning Tree Protocol STP I...

Page 376: ... Snooping Layer 2 IGMP Layer 3 Multicast Routing DVMRP PIM DM IP Routing ARP Proxy ARP Static routes RIP RIPv2 and OSPFv2 dynamic routing Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet Web based HTTP or HTTPS SNMP manager or Secure Shell ...

Page 377: ...agging IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 3ad Link Aggregation Control Protocol IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1x Port Authentication ARP RFC 826 RIP RFC 1058 DHCP RFC 1541 HTTPS DVMRP RFC 1075 ICMP RFC 792 IGMP RFC 1112 IGMPv2 R...

Page 378: ...43 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 PIM MIB RFC 2934 Port Access Entity MIB IEEE 802 1x Private MIB Quality of Service MIB RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 OSPF MIB RFC 1850 RADIUS Authenticat...

Page 379: ...User s Manual 379 RMON II Probe Configuration Group RFC 2021 partial implementation TACACS Authentication Client MIB TCP MIB RFC 2013 Trap RFC 1215 UDP MIB RFC 2012 ...

Page 380: ...heck network cabling between the management station and the switch If you cannot connect using Telnet or SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop b...

Page 381: ...a bed sofa or rug This product should never be placed near or over a radiator or heat register This product should not be placed in a built in installation unless proper ventilation is provided 8 This product should be operated from the type of power source indicated on the marking label If you are not sure of the type of power available consult your dealer or local power company 9 This product is...

Page 382: ...calibration b software interfacing parts or supplies not received from Asanté c unauthorized modification or misuse d operation outside of the published environmental specifications for the product or e improper site preparation or maintenance This warranty expressly excludes problems arising from compatibility with other vendors products or future compatibility due to third party software or driv...

Page 383: ...ase register the switch online at www asante com support warranty index html By doing so you ll be entitled to special offers up to date information and important product bulletins You may also register the switch by returning the following warranty card by mail ...

Page 384: ...384 Asanté IntraCore 36000 Series ...

Page 385: ...User s Manual 385 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands