Black Box LGB6026A Management Manual Download Page 262 | Manualshive

Page: 262 / 1289

background image

C

HAPTER

14

| Security Measures

AAA Authorization and Accounting

– 260 –

◆

DHCP Snooping

– Filter IP traffic on insecure ports for which the source

address cannot be identified via DHCP snooping.

N

OTE

:

The priority of execution for the filtering commands is Port Security,

Port Authentication, Network Access, Web Authentication, Access Control
Lists, IP Source Guard, and then DHCP Snooping.

AAA A

UTHORIZATION AND

A

CCOUNTING

The Authentication, authorization, and accounting (AAA) feature provides
the main framework for configuring access control on the switch. The three
security functions can be summarized as follows:

◆

Authentication — Identifies users that request access to the network.

◆

Authorization — Determines if users can access specific services.

◆

Accounting — Provides reports, auditing, and billing for services that
users have accessed on the network.

The AAA functions require the use of configured RADIUS or
servers in the network. The security servers can be defined as sequential
groups that are applied as a method for controlling user access to specified
services. For example, when the switch attempts to authenticate a user, a
request is sent to the first server in the defined group, if there is no
response the second server will be tried, and so on. If at any point a pass
or fail is returned, the process stops.

The switch supports the following AAA features:

◆

Accounting for IEEE 802.1X authenticated users that access the
network through the switch.

◆

Accounting for users that access management interfaces on the switch
through the console and Telnet.

◆

Accounting for commands that users enter at specific CLI privilege
levels.

◆

Authorization of users that access management interfaces on the
switch through the console and Telnet.

To configure AAA on the switch, you need to follow this general process:

1.

Configure RADIUS and server access parameters. See

"Configuring Local/Remote Logon Authentication" on page 261

.

2.

Define RADIUS and server groups to support the accounting
and authorization of services.

«
...
260
261
262
263
264
...
»

Summary of Contents for LGB6026A

Page 1: ...Port or 48 Port LGB6026A LGB6050A Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746...

Page 2: ...Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any other trademarks mentioned in this manual are acknowledged to be the property...

Page 3: ...rts 4 Gigabit Combination Ports RJ 45 SFP 4 Gigabit Combination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots 2 10 Gigabit Extender Module Slots and 2 Stacking Ports and 2 Stacking Ports We re he...

Page 4: ...ombination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots and 2 Stacking Ports LGB6050A GIGABIT ETHERNET SWITCH Layer 3 Switch with 44 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports...

Page 5: ...your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard tha...

Page 6: ...ABOUT THIS GUIDE 4...

Page 7: ...tion 60 Access Control Lists 61 DHCP 61 Port Configuration 61 Port Mirroring 61 Port Trunking 61 Rate Limiting 62 Broadcast Storm Control 62 Static Addresses 62 IEEE 802 1D Bridge 62 Store and Forward...

Page 8: ...80 Saving or Restoring Configuration Settings 81 SECTION II WEB CONFIGURATION 83 3 USING THE WEB INTERFACE 85 Connecting to the Web Interface 85 Navigating the Web Browser Interface 86 Home Page 86 C...

Page 9: ...atus 133 Configuring Port Mirroring 134 Showing Port or Trunk Statistics 136 Trunk Configuration 140 Configuring a Static Trunk 141 Configuring a Dynamic Trunk 144 Displaying LACP Port Counters 149 Di...

Page 10: ...hanging the Aging Time 198 Displaying the Dynamic Address Table 199 Clearing the Dynamic Address Table 200 8 SPANNING TREE ALGORITHM 203 Overview 203 Configuring Loopback Detection 206 Configuring Glo...

Page 11: ...7 Configuring Interface Settings for Web Authentication 278 Network Access MAC Address Authentication 279 Configuring Global Settings for Network Access 281 Configuring Network Access for Ports 282 Co...

Page 12: ...332 Displaying 802 1X Statistics 336 IP Source Guard 337 Configuring Ports for IP Source Guard 337 Configuring Static Bindings for IP Source Guard 339 Displaying Information for Dynamic IP Source Guar...

Page 13: ...ping and Query 405 Configuring IGMP Snooping and Query Parameters 407 Specifying Static Interfaces for a Multicast Router 411 Assigning Interfaces to Multicast Services 413 Setting IGMP Snooping Statu...

Page 14: ...estinations 466 18 GENERAL IP ROUTING 469 Overview 469 Initial Configuration 469 IP Routing and Switching 470 Routing Path Management 471 Routing Protocols 472 Configuring IP Routing Interfaces 472 Co...

Page 15: ...rmation Protocol 518 Configuring General Protocol Settings 519 Clearing Entries from the Routing Table 522 Specifying Network Interfaces 523 Specifying Passive Interfaces 525 Specifying Static Neighbo...

Page 16: ...splaying the Multicast Routing Table 578 Configuring PIM for IPv4 582 Enabling PIM Globally 582 Configuring PIM Interface Settings 582 Displaying Neighbor Information 588 Configuring Global PIM SM Set...

Page 17: ...ssing 615 CLI Command Groups 616 24 GENERAL COMMANDS 619 prompt 619 reload Global Configuration 620 enable 621 quit 622 show history 622 configure 623 disable 624 reload Privileged Exec 624 show reloa...

Page 18: ...word 646 password thresh 647 silent time 648 speed 648 stopbits 649 timeout login response 650 disconnect 650 show line 651 Event Logging 652 logging facility 652 logging history 653 logging host 654...

Page 19: ...w time range 669 26 SNMP COMMANDS 671 snmp server 672 snmp server community 672 snmp server contact 673 snmp server location 673 show snmp 674 snmp server enable traps 675 snmp server host 676 snmp se...

Page 20: ...er size 701 sflow owner 701 sflow sample 702 sflow source 702 sflow timeout 703 show sflow 703 29 AUTHENTICATION COMMANDS 705 User Accounts 705 enable password 706 username 707 Authentication Sequence...

Page 21: ...ation exec 724 show accounting 725 Web Server 726 ip http port 726 ip http server 727 ip http secure server 727 ip http secure port 729 Telnet Server 729 ip telnet max sessions 730 ip telnet port 730...

Page 22: ...Management IP Filter 752 management 753 show management 754 30 GENERAL SECURITY MEASURES 755 Port Security 756 mac learning 756 port security 757 Network Access MAC Address Authentication 759 network...

Page 23: ...cate IP 776 show web auth 777 show web auth interface 777 show web auth summary 778 DHCP Snooping 778 ip dhcp snooping 779 ip dhcp snooping database flash 781 ip dhcp snooping information option 781 i...

Page 24: ...ESS CONTROL LISTS 801 IPv4 ACLs 801 access list ip 802 permit deny Standard IP ACL 803 permit deny Extended IPv4 ACL 804 ip access group 806 show ip access group 807 show ip access list 807 IPv6 ACLs...

Page 25: ...faces counters 832 show interfaces status 834 show interfaces switchport 835 show interfaces transceiver 836 test loop internal 837 show loop internal 838 33 LINK AGGREGATION COMMANDS 839 channel grou...

Page 26: ...nning tree priority 867 spanning tree mst configuration 867 spanning tree transmission limit 868 max hops 868 mst priority 869 mst vlan 870 name 870 revision 871 spanning tree bpdu filter 872 spanning...

Page 27: ...LAN Interfaces 892 interface vlan 893 switchport acceptable frame types 893 switchport allowed vlan 894 switchport ingress filtering 895 switchport mode 896 switchport native vlan 897 vlan trunking 89...

Page 28: ...subnet vlan 916 Configuring MAC Based VLANs 917 mac vlan 917 show mac vlan 918 Configuring Voice VLANs 918 voice vlan 919 voice vlan aging 920 voice vlan mac address 920 switchport voice vlan 921 swi...

Page 29: ...police trtcm color 949 set cos 951 set phb 952 service policy 953 show class map 954 show policy map 954 show policy map interface 955 41 MULTICAST FILTERING COMMANDS 957 IGMP Snooping 958 ip igmp sn...

Page 30: ...74 show mac address table multicast 975 Static Multicast Routing 976 ip igmp snooping vlan mrouter 976 show ip igmp snooping mrouter 977 IGMP Filtering and Throttling 977 ip igmp filter Global Configu...

Page 31: ...nterval 1006 ipv6 mld robustval 1006 ipv6 mld static group 1007 ipv6 mld version 1008 clear ipv6 mld group 1009 show ipv6 mld groups 1009 show ipv6 mld interface 1011 MLD Proxy Routing 1012 ipv6 mld p...

Page 32: ...te device 1029 show lldp info statistics 1030 43 DOMAIN NAME SERVICE COMMANDS 1033 ip domain list 1033 ip domain lookup 1034 ip domain name 1035 ip host 1036 ip name server 1037 ipv6 host 1038 clear d...

Page 33: ...w ip dhcp 1059 45 VRRP COMMANDS 1061 vrrp authentication 1062 vrrp ip 1062 vrrp preempt 1063 vrrp priority 1064 vrrp timers advertise 1065 clear vrrp interface counters 1066 clear vrrp router counters...

Page 34: ...pv6 address eui 64 1088 ipv6 address link local 1090 ipv6 enable 1091 ipv6 mtu 1092 show ipv6 interface 1093 show ipv6 mtu 1095 show ipv6 traffic 1095 clear ipv6 traffic 1099 ping6 1100 ipv6 neighbor...

Page 35: ...uthentication mode 1127 ip rip authentication string 1128 ip rip receive version 1128 ip rip receive packet 1129 ip rip send version 1130 ip rip send packet 1131 ip rip split horizon 1131 clear ip rip...

Page 36: ...mit interval 1160 ip ospf transmit delay 1161 passive interface 1162 show ip ospf 1162 show ip ospf border routers 1164 show ip ospf database 1165 show ip ospf interface 1171 show ip ospf neighbor 117...

Page 37: ...ipv6 ospf virtual links 1202 48 MULTICAST ROUTING COMMANDS 1205 General Multicast Routing 1205 ip multicast routing 1205 show ip mroute 1206 ipv6 multicast routing 1208 show ipv6 mroute 1209 Static Mu...

Page 38: ...sr router 1233 show ip pim rp mapping 1234 show ip pim rp hash 1235 IPv6 PIM Commands 1236 router pim6 1236 ipv6 pim dense mode 1237 ipv6 pim graft retry interval 1238 ipv6 pim hello holdtime 1238 ipv...

Page 39: ...rds 1251 Management Information Bases 1252 B TROUBLESHOOTING 1255 Problems Accessing the Management Interface 1255 Using System Logs 1256 C LICENSE INFORMATION 1257 The GNU General Public License 1257...

Page 40: ...38 CONTENTS...

Page 41: ...Zone 119 Figure 15 Console Port Settings 121 Figure 16 Telnet Connection Settings 123 Figure 17 Displaying CPU Utilization 124 Figure 18 Displaying Memory Utilization 124 Figure 19 Restarting the Swi...

Page 42: ...gure 47 Enabling Traffic Segmentation 156 Figure 48 Configuring Members for Traffic Segmentation 157 Figure 49 Configuring VLAN Trunking 158 Figure 50 Configuring VLAN Trunking 159 Figure 51 VLAN Comp...

Page 43: ...gure 85 STP Root Ports and Designated Ports 204 Figure 86 MSTP Region Internal Spanning Tree Multiple Spanning Tree 205 Figure 87 Common Internal Spanning Tree Common Spanning Tree Internal Spanning T...

Page 44: ...figuring Port Settings for a Voice VLAN 258 Figure 123 Configuring the Authentication Sequence 262 Figure 124 Authentication Server Operation 262 Figure 125 Configuring Remote Authentication Server RA...

Page 45: ...ir 297 Figure 155 Copying the SSH User s Public Key 298 Figure 156 Showing the SSH User s Public Key 299 Figure 157 Setting the Name of a Time Range 301 Figure 158 Showing a List of Time Ranges 301 Fi...

Page 46: ...g Error Messages Looged to System Memory 353 Figure 192 Configuring Settings for Remote Logging of Error Messages 354 Figure 193 Configuring SMTP Alert Messages 356 Figure 194 Configuring LLDP Timing...

Page 47: ...howing Configured RMON Statistical Samples 402 Figure 231 Showing Collected RMON Statistical Samples 402 Figure 232 Multicast Filtering Concept 403 Figure 233 IGMP Protocol 405 Figure 234 Configuring...

Page 48: ...e 263 Showing the Static MVR Groups Assigned to a Port 445 Figure 264 Showing All MVR Groups Assigned to a Port 446 Figure 265 Configuring a Static IPv4 Address 449 Figure 266 Configuring a Dynamic IP...

Page 49: ...ackets 495 Figure 300 Showing Counters for Errors Found in a VRRP Group 496 Figure 301 Configuring General Settings for DNS 498 Figure 302 Configuring a List of Domain Names for DNS 499 Figure 303 Sho...

Page 50: ...uted into RIP 529 Figure 335 Setting the Distance Assigned to External Routes 530 Figure 336 Showing the Distance Assigned to External Routes 530 Figure 337 Configuring a Network Interface for RIP 534...

Page 51: ...ettings for a Virtual Link 567 Figure 373 Showing MD5 Authentication Keys 568 Figure 374 Displaying Information in the Link State Database 570 Figure 375 Displaying Virtual Links Stored in the Link St...

Page 52: ...50 FIGURES Figure 392 Enabling PIMv6 Multicast Routing 598 Figure 393 Configuring PIMv6 Interface Settings Dense Mode 602 Figure 394 Showing PIMv6 Neighbors 603...

Page 53: ...ection Log 324 Table 15 802 1X Statistics 336 Table 16 Logging Levels 352 Table 17 Chassis ID Subtype 361 Table 18 System Capabilities 362 Table 19 Port ID Subtype 364 Table 20 Remote Port Auto Negoti...

Page 54: ...ble 47 Event Logging Commands 658 Table 48 Time Commands 662 Table 49 Time Range Commands 667 Table 50 SNMP Commands 671 Table 51 show snmp engine id display description 683 Table 52 show snmp group d...

Page 55: ...nds 822 Table 85 Interface Commands 823 Table 86 show interfaces switchport display description 836 Table 87 Link Aggregation Commands 839 Table 88 show lacp counters display description 846 Table 89...

Page 56: ...Table 120 Static Multicast Interface Commands 976 Table 121 IGMP Filtering and Throttling Commands 977 Table 122 Multicast VLAN Registration Commands 984 Table 123 show mvr display description 989 Tab...

Page 57: ...58 show ip ospf display description 1163 Table 159 show ip ospf database display description 1166 Table 160 show ip ospf database summary display description 1167 Table 161 show ip ospf database exter...

Page 58: ...1213 Table 181 PIM DM and PIM SM Multicast Routing Commands 1213 Table 182 show ip pim neighbor display description 1222 Table 183 show ip pim bsr router display description 1234 Table 184 show ip pim...

Page 59: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 60: ...58 SECTION I Getting Started...

Page 61: ...MAC address filtering General Security Measures Private VLANs Port Authentication Port Security DHCP Snooping IP Source Guard Access Control Lists Supports up to 256 ACLs 96 MAC rules 96 IP rules and...

Page 62: ...uery for Layer 2 IGMP for Layer 3 and Multicast VLAN Registration Multicast Routing Supports PIM DM and PIM SM for IPv4 and PIM SM for IPv6 DESCRIPTION OF SOFTWARE FEATURES The switch provides a wide...

Page 63: ...client must physically reside on the same subnet Since it is not practical to have a DHCP server on every subnet DHCP Relay is also supported to allow dynamic configuration of local clients from a DH...

Page 64: ...ransparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses...

Page 65: ...restrict traffic to the VLAN groups to which a user has been assigned By segmenting your network into VLANs you can Eliminate broadcast storms which severely degrade performance in a flat network Sim...

Page 66: ...ormation contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding IP ROUTING The switch provides Layer 3 IP routing To maintain a h...

Page 67: ...hop to the next Either static or dynamic entries can be configured in the ARP cache Proxy ARP allows hosts that do not support routing to determine the MAC address of a device on another network or s...

Page 68: ...omer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network SYSTEM DEFAULTS The switch s system defaults are provided in the configuratio...

Page 69: ...d only private read write Port Configuration Admin Status Enabled Auto negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiti...

Page 70: ...s IP Address DHCP assigned Default Gateway 0 0 0 0 DHCP Client Enabled Relay Disabled Server Disabled DNS Client Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabl...

Page 71: ...andard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to...

Page 72: ...storm control on any port for excessive broadcast traffic Display system information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or...

Page 73: ...sk and default gateway using a console connection or DHCP protocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignme...

Page 74: ...er admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have a...

Page 75: ...ess allocation servers on the network An IPv6 link local address for use in a local network can be dynamically generated as described in Obtaining an IPv6 Address on page 77 The current software does...

Page 76: ...e address An IPv6 prefix or address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the...

Page 77: ...luding a network prefix and the host address for the switch You can specify either the full IPv6 address or the IPv6 address and prefix length The prefix length for an IPv6 network is the number of bi...

Page 78: ...equests IP will be enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast every few minutes using exponential backoff until IP configuration information is...

Page 79: ...VLAN 1 and address mode DHCP Console copy running config startup config Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success OBTAINING AN IPV6 ADDRESS Link...

Page 80: ...The switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a defa...

Page 81: ...SNMP v1 and v2c clients is disabled TRAP RECEIVERS You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the P...

Page 82: ...ol on page 370 or refer to the specific CLI commands for SNMP starting on page 671 MANAGING SYSTEM FILES The switch s flash memory supports three types of system files that can be managed by the CLI p...

Page 83: ...save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command New startup configuration files must...

Page 84: ...tftp startup config and press Enter 2 Enter the address of the TFTP server Press Enter 3 Enter the name of the startup file stored on the server Press Enter 4 Enter the name for the startup file on t...

Page 85: ...VLAN Configuration on page 161 Address Table Settings on page 195 Spanning Tree Algorithm on page 203 Rate Limit Configuration on page 227 Storm Control Configuration on page 229 Class of Service on...

Page 86: ...84 SECTION II Web Configuration Unicast Routing on page 517 Multicast Routing on page 575...

Page 87: ...ateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 73 2 Set user names and passwords using an out of band serial connection Access to the web agent...

Page 88: ...your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right...

Page 89: ...values and restores current values prior to pressing Apply Help Links directly to web help NOTE To ensure proper screen refresh be sure that Internet Explorer 5 x is configured as follows Under the me...

Page 90: ...nual Manually sets the current time 116 SNTP Configures SNTP polling interval 117 Configure Time Server Configures a list of SNTP servers 118 Configure Time Zone Sets the local time zone for the syste...

Page 91: ...arameters for link aggregation group members on the remote side 144 Show Information Counters Displays statistics for LACP protocol messages 149 Internal Displays configuration settings and operationa...

Page 92: ...ws the interfaces assigned to a VLAN through GVRP 171 Private Configure VLAN Add Creates primary or community VLANs 175 Show Display configured primary and community VLANs 175 Add Community VLAN Assoc...

Page 93: ...on parameters 206 STA Spanning Tree Algorithm Configure Global Configure Configures global bridge settings for STP RSTP and MSTP 207 Show Informaton Displays STA values used for the bridge 212 Configu...

Page 94: ...on conforming traffic 241 Show Rule Shows the rules used to enforce bandwidth policing for a policy map 241 Configure Interface Applies a policy map to an ingress port 251 VoIP Voice over IP 253 Confi...

Page 95: ...gure Service Sets the authorization method applied used for the console port and for Telnet 272 Show Information Shows the configured authorization methods and the methods applied to specific interfac...

Page 96: ...dd Specifies the name of a time range 300 Show Shows the name of configured time ranges 300 Add Rule 300 Absolute Sets exact time or time range 300 Periodic Sets a recurrent time 300 Show Rule Shows t...

Page 97: ...dresses in the source guard binding table 339 Dynamic Binding Displays the source guard binding table for a selected interface 342 Administration 351 Log 351 System 351 Configure Global Stores error m...

Page 98: ...ccess policies for assigned users 379 Show Shows configured groups and access policies 379 Configure User Add Community Configures community strings and access mode 382 Show Community Shows community...

Page 99: ...e network 473 Trace Route Shows the route packets take to the specified destination 474 ARP Address Resolution Protocol 475 Configure General Sets the protocol timeout and enables or disables proxy AR...

Page 100: ...link 452 local address and sets related protocol settings Add IPv6 Address Adds an global unicast EUI 64 or link local IPv6 address to an interface 455 Show IPv6 Address Show the IPv6 addresses assign...

Page 101: ...nooping binding information 349 Server 505 Configure Global Enables DHCP service on this switch 505 Configure Excluded Address 506 Add Adds excluded addresses 506 Show Shows excluded addresses 506 Con...

Page 102: ...erface 415 Configure Configures IGMP snooping per VLAN interface 415 Show Shows IGMP snooping settings per VLAN interface 415 Forwarding Entry Displays the current multicast groups learned through IGM...

Page 103: ...1 Configure Static Group Member 444 Add Statically assigns MVR multicast streams to an interface 444 Show Show MVR multicast streams statically assigned to an interface 444 Show Member Shows informati...

Page 104: ...RIP settings and statistics on RIP protocol messages 534 Show Peer Information Displays information on neighboring RIP routers 535 Reset Statistics Clears statistics for RIP protocol messages 536 OSPF...

Page 105: ...9 Virtual Link 565 Add Configures a virtual link through a transit area to the backbone 565 Show Shows virtual links neighbor address and state 565 Configure Detailed Settings Configures detailed prot...

Page 106: ...the multicast groups for which this switch is advertising itself as an RP candidate to the BSR 593 Show Information Show BSR Router Displays information about the BSR 595 Show RP Mapping Displays the...

Page 107: ...system start up files Setting the System Clock Sets the current time manually or through specified SNTP servers Console Port Settings Sets console port connection parameters Telnet Settings Sets Teln...

Page 108: ...e management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To con...

Page 109: ...ain board Internal Power Status Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number...

Page 110: ...o process protocol encapsulation fields CLI REFERENCES System Management Commands on page 627 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or serve...

Page 111: ...based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service on page 231 Static Entry Indivi...

Page 112: ...st filtering WEB INTERFACE To view Bridge Extension information 1 Click System then Capability Figure 6 Displaying Bridge Extension Configuration MANAGING SYSTEM FILES This section describes how to up...

Page 113: ...e Copies a file from a TFTP server to the switch TFTP Download Copies a file from the switch to a TFTP server FTP TFTP Server IP Address IP address of an FTP or TFTP server User Name The user name for...

Page 114: ...s used enter the IP address of the file server 5 If FTP Upgrade is used enter the user name and password for your account on the FTP server 6 Set the file type to Operation Code 7 Enter the name of th...

Page 115: ...n Running Config Copies the current configuration settings to a local file on the switch Destination File Name Copy to the currently designated startup file or to a new file The file name should not c...

Page 116: ...mware or configuration file to use for system initialization CLI REFERENCES whichboot on page 641 boot system on page 636 WEB INTERFACE To set a file to use for system initialization 1 Click System th...

Page 117: ...stem Files SETTING THE SYSTEM CLOCK Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time...

Page 118: ...e set on the switch Hours Sets the hour Range 0 23 Default 0 Minutes Sets the minute value Range 0 59 Default 0 Seconds Sets the second value Range 0 59 Default 0 Month Sets the month Range 1 12 Defau...

Page 119: ...switch will query the time servers PARAMETERS The following parameters are displayed in the web interface Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval...

Page 120: ...are displayed in the web interface SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three time servers The switch attempts to update the time from the first server if this fails it attem...

Page 121: ...0 predefined time zone definitions or your can manually configure the parameters for your local time zone PARAMETERS The following parameters are displayed in the web interface Direction Configures th...

Page 122: ...35 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interfac...

Page 123: ...the console connection see login on page 645 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts The...

Page 124: ...300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is term...

Page 125: ...play information on CPU utilization CLI REFERENCES show process cpu on page 629 PARAMETERS The following parameters are displayed in the web interface Time Interval The interval at which to update the...

Page 126: ...on parameters CLI REFERENCES show memory on page 628 PARAMETERS The following parameters are displayed in the web interface Free Size The amount of memory currently free for use Used Size The amount o...

Page 127: ...ETERS The following parameters are displayed in the web interface System Reload Configuration Reset Mode Restarts the switch immediately or at the specified time s Immediately Restarts the system imme...

Page 128: ...d Daily Every day Weekly Day of the week at which to reload Range Sunday Saturday Monthly Day of the month at which to reload Range 1 31 WEB INTERFACE To restart the switch 1 Click System then Reset 2...

Page 129: ...127 CHAPTER 4 Basic Management Tasks Resetting the System Figure 20 Restarting the Switch In Figure 21 Restarting the Switch At...

Page 130: ...ly System Reset System Reload Information No configured sett ngs for reloading Refresh Cancel System Reload Configuration Reset Mode IRegularly Time ios 30 I HH M I Period 0 Daily 0 Weekly S nday 0 f...

Page 131: ...ross one or more intermediate switches which pass traffic for VLAN groups to which they do not belong PORT CONFIGURATION This section describes how to configure port connections mirror traffic from on...

Page 132: ...n Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the problem has been resolved You may also disa...

Page 133: ...a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled on G...

Page 134: ...e or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 129 CLI REFERENCES Interfac...

Page 135: ...yed in the web interface Port Port identifier Type Indicates the port type 1000Base T 1000Base SFP or 10G Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indicates if t...

Page 136: ...e to the target port and study the traffic crossing the source port in a completely unobtrusive manner Figure 26 Configuring Local Port Mirroring Source port s Single target port CLI REFERENCES Local...

Page 137: ...lows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Rx WEB INTERFACE To configure a local mirror session 1 Click Interface Port Mirror 2 Select Add fro...

Page 138: ...d have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default NOTE RMON groups 2 3 and 9 can only be accessed using SNMP...

Page 139: ...ose that were discarded or not sent Received Unknown Packets The number of packets received via the interface which were discarded because of an unknown or unsupported protocol Etherlike Statistics Si...

Page 140: ...s Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long exc...

Page 141: ...wn list 4 Use the Refresh button at the bottom of the page if you need to update the screen Figure 29 Showing Port Statistics Table To show a chart of port statistics 1 Click Interface Port Chart 2 Se...

Page 142: ...s must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any...

Page 143: ...settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added o...

Page 144: ...e 1 Port Port identifier Range 1 26 50 WEB INTERFACE To create a static trunk 1 Click Interface Trunk Static 2 Select Configure Trunk from the Step list 3 Select Add from the Action list 4 Enter a tru...

Page 145: ...from the Step list 3 Select Configure from the Action list 4 Modify the required interface settings Refer to Configuring by Port List on page 129 for a description of the parameters 5 Click Apply Fig...

Page 146: ...re disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assign...

Page 147: ...lt 1 By default the Actor Admin Key is determined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the P...

Page 148: ...om the Step list 3 Set the Admin Key for the required LACP group 4 Click Apply Figure 37 Configuring the LACP Aggregator Admin Key To enable LACP for a port 1 Click Interface Trunk Dynamic 2 Select Co...

Page 149: ...st 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 39 Configuring LACP Parameters on a Port To show the active members of a dyna...

Page 150: ...t 4 Modify the required interface settings See Configuring by Port List on page 129 for a description of the interface settings 5 Click Apply Figure 41 Configuring Connection Settings for Dynamic Trun...

Page 151: ...r PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protoco...

Page 152: ...RENCES show lacp on page 845 PARAMETERS These parameters are displayed in the web interface Table 7 LACP Internal Configuration Information Parameter Description LACP System Priority LACP system prior...

Page 153: ...bled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has bee...

Page 154: ...e user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port...

Page 155: ...twork administrators with an accurate detailed and real time overview of the types and levels of traffic present on their network The sFlow Agent samples 1 out of n packets from all data traversing th...

Page 156: ...ampling Commands on page 699 PARAMETERS These parameters are displayed in the web interface Port Choose the port to configure Range 1 26 50 Default 1 Status Enables sFlow on the selected port Receiver...

Page 157: ...00 bytes Sample Rate The number of packets out of which one sample will be taken Range 256 16777215 packets or 0 to disable sampling Default Disabled WEB INTERFACE To configure flow sampling 1 Click I...

Page 158: ...orts is only forwarded to and from uplink ports ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation CLI REFERENCES Configuring Por...

Page 159: ...rt based Traffic Segmentation on page 904 PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifier Range 1 26 50 Trunk Trunk Ide...

Page 160: ...N group tags However by enabling VLAN trunking on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A and B Switches C D and E...

Page 161: ...only be enabled on Gigabit ports Trunk Trunk Identifier Range 1 32 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Clic...

Page 162: ...160 CHAPTER 5 Interface Configuration VLAN Trunking...

Page 163: ...mapping table IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs t...

Page 164: ...LAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports V...

Page 165: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Page 166: ...oes not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this...

Page 167: ...of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN WEB INTERFACE To create VLAN groups 1 Click VLAN Static 2 Select Add from the Action list 3 Enter a VLAN ID...

Page 168: ...tatic 2 Select Show from the Action list Figure 55 Showing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a ran...

Page 169: ...ts tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames PVID VLAN ID assigned to untagge...

Page 170: ...AN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an unta...

Page 171: ...y VLAN from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the settings for any interface as required Remember that Membership Type cannot be changed until an interface ha...

Page 172: ...the Step list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress filterin...

Page 173: ...Status Enables disables GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets receive...

Page 174: ...tch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch 1 Click VLAN Dynamic 2 Select Co...

Page 175: ...this switch 1 Click VLAN Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 61 Showing Dynamic VLANs Registered on the Switch To show the members of...

Page 176: ...t while the community ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN Note...

Page 177: ...to community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN WEB INTERFACE To configure privat...

Page 178: ...S These parameters are displayed in the web interface Primary VLAN ID of primary VLAN 2 4093 Community VLAN VLAN associated with the selected primary VLAN WEB INTERFACE To associate a community VLAN w...

Page 179: ...ng Associated VLANs CONFIGURING PRIVATE VLAN INTERFACES Use the VLAN Private Configure Interface page to set the private VLAN interface type and assign the interfaces to a private VLAN CLI REFERENCES...

Page 180: ...iscuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set Port Mode to...

Page 181: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Page 182: ...AN tags are added to all incoming packets no matter how many tags they already have The ingress process constructs and inserts the outer tag SPVLAN into the packet based on the default VLAN ID and Tag...

Page 183: ...al to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled I...

Page 184: ...nformation are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tunnel...

Page 185: ...port Range hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value This feature allows the switch to interoperate with third party switches that do not use the standar...

Page 186: ...d client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Tunnel mode and set the uplink...

Page 187: ...e easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind o...

Page 188: ...ocol groups CLI REFERENCES protocol vlan protocol group Configuring Groups on page 912 PARAMETERS These parameters are displayed in the web interface Frame Type Choose either Ethernet RFC 1042 or LLC...

Page 189: ...from the Action list 4 Select an entry from the Frame Type list 5 Select an entry from the Protocol Type list 6 Enter an identifier for the protocol group 7 Click Apply Figure 71 Configuring Protocol...

Page 190: ...e frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If...

Page 191: ...affic will be forwarded 7 Click Apply Figure 73 Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the...

Page 192: ...e VLAN ID An IP subnet consists of an IP address and a mask When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if an entry is...

Page 193: ...s field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Page 194: ...ses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last PA...

Page 195: ...iguration Configuring MAC based VLANs 6 Click Apply Figure 77 Configuring MAC Based VLANs To show the MAC addresses mapped to a VLAN 1 Click VLAN MAC Based 2 Select Show from the Action list Figure 78...

Page 196: ...194 CHAPTER 6 VLAN Configuration Configuring MAC based VLANs...

Page 197: ...MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on page 756 COMMAND USAGE When MAC address learning...

Page 198: ...ee Configuring Port Security on page 327 is enabled on the same interface PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifi...

Page 199: ...en on another interface the address will be ignored and will not be written to the address table Static addresses will not be removed from the address table when a given interface link is down A stati...

Page 200: ...GING THE AGING TIME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding inf...

Page 201: ...dress for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Othe...

Page 202: ...EARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from the forwarding database CLI REFERENCES clear mac address table dynamic on page 85...

Page 203: ...3 Select the method by which to clear the entries i e All MAC Address VLAN or Interface 4 Enter information in the additional fields required for clearing entries by MAC Address VLAN or Interface 5 C...

Page 204: ...CHAPTER 7 Address Table Settings Clearing the Dynamic Address Table 202...

Page 205: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Page 206: ...into MSTP RSTP achieves much faster reconfiguration i e around 1 to 3 seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefi...

Page 207: ...idge node for communications with STP or RSTP nodes in the global network Figure 87 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree Region 1 Region 1 CIST CST IST Region 4 Re...

Page 208: ...s own BPDUs in a forward delay interval NOTE If loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802...

Page 209: ...MMAND USAGE Spanning Tree Protocol2 Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemente...

Page 210: ...spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances f...

Page 211: ...is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 When the Switch Becomes Root Hello Time Interval in seconds at which the ro...

Page 212: ...pping table In other words this key is a mapping of all VLANs to the CIST Region Revision3 The revision for this MSTI Range 0 65535 Default 0 Region Name3 The name for this MSTI Maximum length 32 char...

Page 213: ...211 CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA Figure 89 Configuring Global Settings for STA STP Figure 90 Configuring Global Settings for STA RSTP...

Page 214: ...on page 883 show spanning tree mst configuration on page 884 PARAMETERS The parameters displayed in the web interface are described in the preceding section except for the following items Bridge ID A...

Page 215: ...ACE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 92 Displaying Global Settings for STA CO...

Page 216: ...between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Also not that path cost takes precedence over port pri...

Page 217: ...servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate re...

Page 218: ...PDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled BPDU Filter BPDU filtering allows you to avoid transmitti...

Page 219: ...g Tree Shows if STA has been enabled on this interface STA Status Displays current state of this port within the Spanning Tree Discarding Port receives STA configuration messages but does not forward...

Page 220: ...mmunicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operationa...

Page 221: ...R A D B x R Root Port A Alternate Port D Designated Port B Backup Port R R A D B x Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port WEB...

Page 222: ...ithin the same MSTI Region page 207 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecti...

Page 223: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Page 224: ...the priority for an MSTP Instance 5 Click Apply Figure 98 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the S...

Page 225: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 10...

Page 226: ...d for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Sp...

Page 227: ...rameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Cl...

Page 228: ...ona Totat 26 I DnlgnMedBrldge II 0 mrn 1 TJpelir I PortEdgeIPortAc l 1 Forwardilg 3 0 32768 0 0000E89382AO 128 1 100000 Point ta Disabled Oesignated Point Point ta 2 Discard11g 0 0 32768 0 0000ES9382A...

Page 229: ...fic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes CLI REFERENCES Rate Limit Commands on page 853 PAR...

Page 230: ...I Slalue I ble 1 1OOOBase TX 0 Enabled 11000000 1 64 1oooooo 0Enabled 11000000 64 1000000 2 1OOOBase TX 0 Enabled 11000000 1 64 1oooooo 0Enabled 11000000 64 1000000 3 1OOOBase TX 0Enabled lsooooo 1 6...

Page 231: ...ERENCES switchport packet rate on page 831 COMMAND USAGE Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic PARAMETERS These parameters are displayed...

Page 232: ...fic Storm Control Interface 0 Port O Trunk Port Storm ContrOIList Mox 26 Total 26 EJ mrn I I Port I Type I llroedceat 1 t OOOBose TX Enobled 500 262143 2 1000Bose TX Enobled lj2ooo l 500 262143 3 1000...

Page 233: ...ority page to specify the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the a...

Page 234: ...eue mode for the egress queues on any interface The switch can be set to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before the lower...

Page 235: ...These parameters are displayed in the web interface Interface Displays a list of ports or trunks Queue Mode Strict Services the egress queues in sequential order transmitting all traffic in the higher...

Page 236: ...eue mode 4 If any of the weighted queue modes is selected the queue weight can be modified if required 5 If any of the queue modes that use a combination of strict and weighted queueing are selected t...

Page 237: ...nd WRR Traffic Priority Queue Interface r Port f i 3 r Trunk Queue Mode I S lrict and WRR iJ Queue SettingTable l lax 8 Totat 8 QI ID l Sirlet llode 1 Weight 1 ti 0 IEnabled iJ r 1 IEnabled iJ r 2 loi...

Page 238: ...CHAPTER 11 Class of Service Layer 2 Queue Settings 236...

Page 239: ...t kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the...

Page 240: ...nitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a policy ma...

Page 241: ...e of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSC...

Page 242: ...aps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of tra...

Page 243: ...ich indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value or a member of specific VLAN A policy map is then configured which indicates the boundary param...

Page 244: ...lors as described below A packet is marked green if it doesn t exceed the committed information rate and committed burst size yellow if it does exceed the committed information rate and committed burs...

Page 245: ...peak information rate PIR and their associated burst sizes committed burst size BC or burst rate and peak burst size BP Action may taken for traffic conforming to the maximum throughput exceeding the...

Page 246: ...red as red or if Tp t B 0 the packet is red else if the packet has been precolored as yellow or if Tc t B 0 the packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc...

Page 247: ...t committed burst size BC or burst rate and the action to take for conforming and non conforming traffic Policing is based on a token bucket where bucket depth that is the maximum burst before the buc...

Page 248: ...colors The color modes include Color Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional differences between...

Page 249: ...oughput exceeding the maximum throughput but within the peak information rate or exceeding the peak information rate In addition to the actions defined by this command to transmit remark the DSCP serv...

Page 250: ...ether traffic that exceeds the maximum rate CIR but is within the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority for out of con...

Page 251: ...Policy from the Step list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assign...

Page 252: ...QoS Policies Figure 116 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Page 253: ...one policy map can be bound to an interface The switch does not allow a policy map to be bound to an interface for egress traffic PARAMETERS These parameters are displayed in the web interface Port Sp...

Page 254: ...252 CHAPTER 12 Quality of Service Attaching a Policy Map to a Port...

Page 255: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Page 256: ...ady be created on the switch Range 1 4093 Voice VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 5 43200 minutes Def...

Page 257: ...played in the web interface Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 89 AB Mask Identifies a range of MAC addresses Selecting a mask o...

Page 258: ...age to configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that o...

Page 259: ...the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to manufacturers and form the first thr...

Page 260: ...affi c VoiP Step 13 Conf gureInterface v I VoiPPortList Max 26 Total 26 Port i llocle I s rtty I _ _ I Prtorttr I AernM IgAge _ 1 IAuto v J 0Enabled 0OUI 0LLDP ls I NA 2 IAuto v J 0Enabled 0OUI 0LLDP...

Page 261: ...uthentication methods are infeasible or impractical Network Access Configure MAC authentication and dynamic VLAN assignment HTTPS Provide a secure web connection SSH Provide a secure shell for secure...

Page 262: ...ers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified services For example when the switch attempts to authe...

Page 263: ...08 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentica...

Page 264: ...e logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of...

Page 265: ...Transport Layer Security or TTLS Tunneled Transport Layer Security PARAMETERS These parameters are displayed in the web interface Configure Server RADIUS Global Provides globally applicable RADIUS se...

Page 266: ...CS server used for authentication messages Range 1 65535 Default 49 Set Key Mark this box to set or modify the encryption key Authentication Key Encryption key used to authenticate logon access for cl...

Page 267: ...the parameters that apply to a specific server 5 To set or modify the authentication key mark the Set Key box enter the key and then confirm it 6 Click Apply Figure 125 Configuring Remote Authenticati...

Page 268: ...p name followed by the index of the server to use for each priority level 6 Click Apply Figure 127 Configuring AAA Server Groups To show the RADIUS or TACACS server groups used for accounting and auth...

Page 269: ...nutes where 0 means disabled Configure Method Accounting Type Specifies the service as 802 1X Accounting for end users Exec Administrative accounting for local console Telnet or SSH connections Method...

Page 270: ...unting service Method Name Displays the user defined or default accounting method Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface to whic...

Page 271: ...g method applied to various service types and the assigned server group 1 Click Security AAA Accounting 2 Select Configure Method from the Step list 3 Select Add from the Action list 4 Select the acco...

Page 272: ...e Action list Figure 131 Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet...

Page 273: ...ecified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Summary Figure 134 Displaying a Summary of Applied AAA Accounting Methods To display basic ac...

Page 274: ...onnections Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 255 characters Server Gro...

Page 275: ...the Exec service type and the assigned server group 1 Click Security AAA Authorization 2 Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name...

Page 276: ...Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 138 Configuring AAA Authorization Methods for Exec Service To display a the configured authorization...

Page 277: ...are displayed in the web interface User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Normal pri...

Page 278: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Page 279: ...must also be enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Rang...

Page 280: ...Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply Enables web auth...

Page 281: ...TE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on page 759 COMMAND USAGE MAC address authentication controls access to the network b...

Page 282: ...nnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list can contain multiple VLAN identifiers in the format 1u 2t 3u...

Page 283: ...d profiles on the authenticated port When the last user logs off on a port with a dynamic QoS assignment the switch restores the original QoS configuration for the port When a user attempts to log int...

Page 284: ...rver During the reauthentication process traffic through the port remains unaffected Default 1800 seconds Range 120 1000000 seconds WEB INTERFACE To configure aging status and reauthentication time fo...

Page 285: ...hentication intrusion action must be set for Guest VLAN see Configuring Port Settings for 802 1X on page 332 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When enabled any VLA...

Page 286: ...LAN and QoS assignments 5 Click Apply Figure 145 Configuring Interface Settings for Network Access CONFIGURING PORT LINK DETECTION Use the Security Network Access Configure Interface Link Detection pa...

Page 287: ...onfigure Interface from the Step list 3 Click the Link Detection button 4 Modify the link detection status trigger condition and the response for any port 5 Click Apply Figure 146 Configuring Link Det...

Page 288: ...ill check for the range of MAC addresses defined by the MAC bit mask If you omit the mask the system will assign the default mask of an exact match Range 000000000000 FFFFFFFFFFFF Default FFFFFFFFFFFF...

Page 289: ...interface Query By Specifies parameters to use in the MAC address query Sort Key Sorts the information displayed based on MAC address port interface or attribute MAC Address Specifies a specific MAC a...

Page 290: ...GURING HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s we...

Page 291: ...ng systems currently support HTTPS Table 12 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Windows...

Page 292: ...ue certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest o...

Page 293: ...ng the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Page 294: ...rts both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authent...

Page 295: ...Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Setti...

Page 296: ...he authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether the su...

Page 297: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Page 298: ...the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with th...

Page 299: ...Click Show Figure 154 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Page 300: ...establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and...

Page 301: ...rotocol port number or TCP control code IPv6 frames based on address next header type or flow label or any frames based on MAC address or Ethernet type To filter incoming packets first create an acces...

Page 302: ...ess ports are checked in parallel 2 Rules within an ACL are checked in the configured order from top to bottom 3 If the result of checking an IP ACL is to permit a packet but the result of a MAC ACL o...

Page 303: ...onfigure Time Range from the Step list 3 Select Add from the Action list 4 Enter the name of a time range 5 Click Apply Figure 157 Setting the Name of a Time Range To show a list of time ranges 1 Clic...

Page 304: ...a mode option of Absolute or Periodic 6 Fill in the required parameters for the selected mode 7 Click Apply Figure 159 Add a Rule to a Time Range To show the rules configured for a time range 1 Click...

Page 305: ...P protocol is specified then you can also filter packets based on the TCP control code IPv6 Standard IPv6 ACL mode filters packets based on the source IPv6 address IPv6 Extended IPv6 ACL mode filters...

Page 306: ...eny Standard IP ACL on page 803 show ip access list on page 807 Time Range on page 667 PARAMETERS These parameters are displayed in the web interface Type Selects the type of ACLs to show in the Name...

Page 307: ...g the port s to which this ACL has been assigned Time Range Name of a time range WEB INTERFACE To add rules to a Standard IPv4 ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Sele...

Page 308: ...P Address Source or destination IP address Source Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 304 Source Destination Port Source d...

Page 309: ...control bit mask 18 SYN valid and ACK invalid use control code 2 control bit mask 18 Time Range Name of a time range WEB INTERFACE To add rules to an Extended IPv4 ACL 1 Click Security ACL 2 Select C...

Page 310: ...tion of permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 prefix t...

Page 311: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Page 312: ...ues One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The switch only checks the first 64 bits of the destination address De...

Page 313: ...e routers by a control protocol such as a resource reservation protocol or by information within the flow s packets themselves e g in a hop by hop option A flow is uniquely identified by the combinati...

Page 314: ...ers are displayed in the web interface Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permi...

Page 315: ...can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bit mask Range 600 ffff hex Time Range Name of a time range WEB INTERFACE To...

Page 316: ...are displayed in the web interface Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or...

Page 317: ...tion MAC Bit Mask Hexadecimal mask for source or destination MAC address Log Logs a packet when it matches the access control entry WEB INTERFACE To add rules to an ARP ACL 1 Click Security ACL 2 Sele...

Page 318: ...EFERENCES ip access group on page 806 ipv6 access group on page 813 show ip access group on page 807 show ipv6 access group on page 813 mac access group on page 817 show mac access group on page 818 T...

Page 319: ...e middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropr...

Page 320: ...not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes wil...

Page 321: ...ed basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and destination I...

Page 322: ...y ARP Inspection 2 Select Configure General from the Step list 3 Enable ARP inspection globally enable any of the address validation options and adjust any of the logging parameters if required 4 Clic...

Page 323: ...arameters are displayed in the web interface ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the selected VLAN Default Disabled ARP I...

Page 324: ...are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untr...

Page 325: ...ount of ARP packets received but not exceeding the ARP Inspection rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limi...

Page 326: ...to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 799 PARAMETERS These parameters are disp...

Page 327: ...lt Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the s...

Page 328: ...e SNMP group Telnet Configures IP address es for the Telnet group Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFACE To cre...

Page 329: ...ress table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can aut...

Page 330: ...e taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap messa...

Page 331: ...enticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verif...

Page 332: ...enabled globally for the switch Each switch port that will be used must be set to dot1X Auto mode Each client that needs to be authenticated must have dot1X client software installed and properly con...

Page 333: ...tches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is functioning as an edge swi...

Page 334: ...he web interface Port Port number Status Indicates if authentication is enabled or disabled on the port The status is disabled if the control mode is set to Force Authorized Authorized Displays the 80...

Page 335: ...x Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Supplicant Timeout Sets the time that a switc...

Page 336: ...unt Number of times connecting state is re entered Current Identifier Identifier sent in each EAP Success Failure or Request packet by the Authentication Server Backend State Machine State Current sta...

Page 337: ...ion Mode J Single Host vJ Max MAC Count 1 1024 Max Request 1 10 EJ Quiet Period 1 65535 EJsec Tx Period 1 65535 sec Supplicant Timeout 1 65535 sec Server Timeout 10 sec Re authentication Status O Enab...

Page 338: ...pe that have been received by this Authenticator Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Authenticator Rx Last EAPOLSrc The source MAC addr...

Page 339: ...d see DHCP Snooping on page 343 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes command...

Page 340: ...46 IP source guard will check the VLAN ID source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is static IP...

Page 341: ...Configuring Static Bindings for IP Source Guard on page 339 WEB INTERFACE To set the IP Source Guard filter for ports 1 Click Security IP Source Guard Port Configuration 2 Set the required filtering...

Page 342: ...same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the same VLAN ID and MAC address and the typ...

Page 343: ...figuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 183 Configuring Static Bindings for IP Source Guard To display static bindings for IP Sour...

Page 344: ...ayed in the web interface Query by Port A port on this switch VLAN ID of a configured VLAN Range 1 4093 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful...

Page 345: ...ion to a DHCP server This information can be useful in tracking an IP address back to a physical port COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messages...

Page 346: ...only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address ve...

Page 347: ...by the switch and in reply packets sent back from the DHCP server This information may specify the MAC address or IP address of the requesting device that is the switch in this context By default the...

Page 348: ...Option 82 information relay Default Disabled DHCP Snooping Information Option Policy Specifies how to handle DHCP client request packets which already contain Option 82 information Drop Drops the cli...

Page 349: ...c VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned...

Page 350: ...de the network or fire wall When DHCP snooping is enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed t...

Page 351: ...g to the client Lease Time seconds The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN...

Page 352: ...INTERFACE To display the binding table for DHCP Snooping 1 Click Security IP Source Guard DHCP Snooping 2 Select Show Information from the Step list 3 Use the Store or Clear function if required Figur...

Page 353: ...ONFIGURING EVENT LOGGING The switch allows you to control the logging of error messages including the type of events that are recorded in switch memory logging to a remote System Log syslog server and...

Page 354: ...itions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert I...

Page 355: ...ss memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Figure 191 Showing Error Messages Looged to System Memory REMOTE LOG CONFIGURATION Use the Administrati...

Page 356: ...r storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Level Limits log messages that are sent to the remote syslog server for all levels up to the specified level For ex...

Page 357: ...ents at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 Email Source Address Sets the emai...

Page 358: ...capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers SETTING LLDP TIMING ATTRIBUTES Use the Adminis...

Page 359: ...anges are reported in each transmission This attribute must comply with the rule 4 Delay Interval Transmission Interval Reinitialization Delay Configures the delay before attempting to re initialize a...

Page 360: ...the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the...

Page 361: ...by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Port Description The port description is taken from the ifDescr objec...

Page 362: ...ggregation capabilities aggregation status of the link and the IEEE 802 3 aggregated port identifier if this interface is currently a link aggregation member Max Frame Size The maximum frame size See...

Page 363: ...e Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to...

Page 364: ...CSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 System Capabilities Enabled The primary function s of the system which are currently enabled Refer to the preceding tab...

Page 365: ...tion about devices connected directly to the switch s ports which are advertising information through LLDP or to display detailed information about an LLDP enabled device connected to a specific port...

Page 366: ...stem Description A textual description of the network entity Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for th...

Page 367: ...Identity List Information about particular protocols that are accessible through a port This object represents an arbitrary local integer value used by this agent to identify a particular protocol ide...

Page 368: ...te system PSE Power Sourcing Equipment or PD Powered Device Remote Power MDI Status Shows whether MDI power is enabled on the given port associated with the remote system Remote Power Pairs Signal mea...

Page 369: ...aggregation state and or it does not support link aggregation this value should be zero Port Details 802 3 Extension Frame Information Remote Max Frame Size An integer value indicating the maximum sup...

Page 370: ...capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1030 PARAMETERS These parameters...

Page 371: ...es as well as any specific usage rules defined for the particular TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Fra...

Page 372: ...d to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain softw...

Page 373: ...n as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system def...

Page 374: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Page 375: ...required trap types 4 Click Apply Figure 202 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engin...

Page 376: ...decimal characters 5 Click Apply Figure 203 Configuring the Local Engine ID for SNMP SPECIFYING A REMOTE ENGINE ID Use the Administration SNMP Configure Engine Add Remote Engine page to configure a en...

Page 377: ...9 is equivalent to 1234567890 Remote IP Host The IP address of a remote management station which is using the specified engine ID WEB INTERFACE To configure a remote SNMP engine ID 1 Click Administrat...

Page 378: ...er of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the obj...

Page 379: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 207 Showing SNMP...

Page 380: ...o an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Page 381: ...ations This is the default security level AuthNoPriv SNMP communications use authentication but the data is not encrypted AuthPriv SNMP communications use both authentication and encryption Read View...

Page 382: ...message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generate...

Page 383: ...Notification 1 3 6 1 4 1 259 10 1 1 2 1 0 108 This notification indicates that the CPU utilization crossed cpuUtiFallingThreshold swMemoryUtiRisingThresholdNotification 1 3 6 1 4 1 259 10 1 1 2 1 0 10...

Page 384: ...g SNMP v1 and v2c For security reasons you should consider removing the default strings CLI REFERENCES snmp server community on page 672 PARAMETERS These parameters are displayed in the web interface...

Page 385: ...lect Add Community from the Action list 4 Add new community strings as required and select the corresponding access rights from the Access Mode list 5 Click Apply Figure 212 Setting Community Access S...

Page 386: ...ange 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups assigned to the SNMP security model noAuthNoPriv...

Page 387: ...or authPriv then an authentication protocol and password must be specified If the security level is authPriv a privacy password must also be specified 5 Click Apply Figure 214 Configuring Local SNMPv...

Page 388: ...age 388 and Specifying a Remote Engine ID on page 374 PARAMETERS These parameters are displayed in the web interface User Name The name of user connecting to the SNMP agent Range 1 32 characters Group...

Page 389: ...it to a group Enter the IP address to identify the source of SNMPv3 inform messages sent from the local switch If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv...

Page 390: ...which include a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because...

Page 391: ...defining it in the Configure User Add Community page UDP Port Specifies the UDP port number used by the trap manager Default 162 SNMP Version 2c IP Address IP address of a new management station to re...

Page 392: ...Range 0 2147483647 centiseconds Default 1500 centiseconds Retry times The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 Local...

Page 393: ...P communications use both authentication and encryption WEB INTERFACE To configure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action lis...

Page 394: ...o specified events on an independent basis This switch is an RMON capable device which can independently perform a wide range of tasks significantly reducing network management traffic It can continuo...

Page 395: ...arm is triggered it will not be triggered again until the statistical value crosses the opposite bounding threshold and then back across the trigger threshold CLI REFERENCES Remote Monitoring Commands...

Page 396: ...alling threshold and the last sample value was greater than this threshold then an alarm will be generated After a falling event has been generated another such event will not be generated until the s...

Page 397: ...emote Monitoring Figure 222 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Page 398: ...the web interface Index Index to this entry Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messag...

Page 399: ...list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the name of the person who created this event and a brief description of the ev...

Page 400: ...nds on page 691 COMMAND USAGE Each index number equates to a port on the switch If history collection is already enabled on an interface the entry must be deleted before any changes can be made The in...

Page 401: ...Select Add from the Action list 4 Click History 5 Select a port from the list as the data source 6 Enter an index number the sampling interval the number of buckets to use and the name of the owner f...

Page 402: ...the list 5 Click History Figure 228 Showing Collected RMON History Samples CONFIGURING RMON STATISTICAL SAMPLES Use the Administration RMON Configure Interface Add Statistics page to collect statistic...

Page 403: ...ntry Range 1 65535 Owner Name of the person who created this entry Range 1 127 characters WEB INTERFACE To enable regular sampling of statistics on a port 1 Click Administration RMON 2 Select Configur...

Page 404: ...ure 230 Showing Configured RMON Statistical Samples To show collected RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from th...

Page 405: ...security and data isolation OVERVIEW Multicasting is used to support real time applications such as video conferencing or streaming audio A multicast server does not have to establish a separate conn...

Page 406: ...embers but also supports the Protocol Independent Multicasting PIM routing protocol required to forward multicast traffic to other subnets page 1213 You can also configure a single network wide multic...

Page 407: ...ersion 1 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports The primary enhancement provided by IGMPv3 snooping is in keeping track of information about the specific multicast sou...

Page 408: ...ached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 407 Static IGMP Router Interface If IGMP snooping cannot locate...

Page 409: ...ut the VLAN if unregistered flooding is enabled see Unregistered Data Flood in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they...

Page 410: ...nd all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolicited re...

Page 411: ...queries that do not contain the Router Alert option Unregistered Data Flooding Floods unregistered multicast traffic into the attached VLAN Default Disabled Once the table used to store multicast ent...

Page 412: ...dless of the snooping version employed Querier Status When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic This feature is n...

Page 413: ...ate interfaces within the switch CLI REFERENCES Static Multicast Routing on page 976 PARAMETERS These parameters are displayed in the web interface VLAN Selects the VLAN which is to propagate all mult...

Page 414: ...ting protocol such as PIM to support IP multicasting across the Internet These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch To show all the...

Page 415: ...973 COMMAND USAGE Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within...

Page 416: ...Select the VLAN for which to display this information Figure 239 Showing Static Interfaces Assigned to a Multicast Service To display information about all multicast groups IGMP Snooping or multicast...

Page 417: ...st routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast source and group membership messages MR...

Page 418: ...acefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Routers multicast address NOTE MRD messages are flood...

Page 419: ...iable fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interfa...

Page 420: ...o proxy general queries Range 10 31744 tenths of a second Default 10 seconds This attribute applies when the switch is serving as the querier page 407 or as a proxy host when IGMP snooping proxy repor...

Page 421: ...dress in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not reply...

Page 422: ...AMETERS These parameters are displayed in the web interface VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP mu...

Page 423: ...or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast gro...

Page 424: ...nooping Filter Add page to create an IGMP profile and set its access mode Then use the Add Multicast Group Range page to configure the multicast groups to filter CLI REFERENCES IGMP Filtering and Thro...

Page 425: ...range of multicast groups End Multicast IP Address Specifies the ending address of a range of multicast groups WEB INTERFACE To create an IGMP filter profile and set its access mode 1 Click Multicast...

Page 426: ...rofile to configure and add a multicast group address or range of addresses 4 Click Apply Figure 247 Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an...

Page 427: ...s are displayed in the web interface Interface Port or trunk identifier An IGMP profile or throttling setting can be applied to a port or trunk When ports are configured as trunk members the trunk use...

Page 428: ...which need to forward multicast traffic Layer 3 IGMP Query as described below is used in conjunction with both Layer 2 IGMP Snooping and multicast routing IGMP This protocol includes a form of multica...

Page 429: ...168 1 3 IP IGMP Proxy Layer3 Switch Router Downstream Interfaces 192 168 2 1 192 168 3 1 192 168 4 1 PC PC PC PC PC Using IGMP proxy routing to forward multicast traffic on edge switches greatly reduc...

Page 430: ...oxy settings described in this section 4 Optional Indicate how often the system will send unsolicited reports to the upstream router using the Multicast IGMP Proxy page as described later in this sect...

Page 431: ...hould transmit unsolicited IGMP reports Range 1 65535 seconds Default 400 seconds WEB INTERFACE To configure IGMP Proxy Routing 1 Click Multicast IGMP Proxy 2 Select the upstream interface enable the...

Page 432: ...web interface VLAN VLAN interface bound to a primary IP address Range 1 4093 IGMP Protocol Status Enables IGMP including IGMP query functions on a VLAN interface Default Disabled When a multicast rou...

Page 433: ...s bursty as host responses are spread out over a larger interval The number of seconds represented by the maximum response interval must be less than the Query Interval Last Member Query Interval The...

Page 434: ...tatically mapped this group to a specific source address Also if an address outside of the SSM address range is specified and a specific source address is included in the command the request to join t...

Page 435: ...1 Click Multicast IGMP Static Group 2 Select Add from the Action list 3 Select a VLAN interface to be assigned as a static multicast group member and then specify the multicast group If source specif...

Page 436: ...AN identifier The selected entry must be a configured IP interface Range 1 4093 Group Address IP multicast group address with subscribers directly attached or downstream from the switch Last Reporter...

Page 437: ...ticast address is requested from all IP source addresses except for those listed in the source list parameter and for any other sources where the source timer status has expired Group Source List A li...

Page 438: ...for transmitting multicast traffic such as television channels or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers Th...

Page 439: ...ports or receiver ports see Configuring MVR Interface Status on page 441 3 For multicast streams that will run for a long term and be associated with a stable set of hosts you can statically bind the...

Page 440: ...members of the MVR VLAN see Adding Static Members to VLANs on page 166 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether o...

Page 441: ...ayed in the web interface MVR Group IP IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default no groups are assigned to the MVR VLAN Any multicast data sent to this address is s...

Page 442: ...multicast groups assigned to the MVR VLAN 1 Click Multicast MVR 2 Select Configure Group Range from the Step list 3 Select Show from the Action list Figure 260 Showing the Configured Group Range for M...

Page 443: ...e ports Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled t...

Page 444: ...e switch MVR status for receiver ports is Active only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface...

Page 445: ...ress Defines a multicast service sent to the selected port Multicast groups must be assigned from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR grou...

Page 446: ...b interface Group IP Address Multicast groups assigned to the MVR VLAN Source IP Address Indicates the source address of the multicast service or displays an asterisk if the group address has been sta...

Page 447: ...egistration Figure 264 Showing All MVR Groups Assigned to a Port Multicast MVR Step 14 Show l lember _ MVR l lember List Total 3 224 1 1 1 Uno1 Port 5 VlAN2 I SourceiP a I VlAII I focw nlngPort 2 224...

Page 448: ...446 CHAPTER 16 Multicast Filtering Multicast VLAN Registration...

Page 449: ...to configure an IPv4 address for the switch An IPv4 address is obtained via DHCP by default for VLAN 1 To configure a static address you need to change the switch s default settings to values that ar...

Page 450: ...y by the switch for an IP address DHCP BOOTP responses can include the IP address subnet mask and default gateway Default DHCP IP Address Type Specfies a primary or seconday IP address An interface ca...

Page 451: ...enter the IP address and subnet mask 4 Click Apply Figure 265 Configuring a Static IPv4 Address To obtain an dynamic address through DHCP BOOTP for the switch 1 Click IP General Routing Interface 2 Se...

Page 452: ...r for a specific period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit...

Page 453: ...ess cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to connect to a larger netw...

Page 454: ...explicit configuration of a link local interface address the MTU size and neighbor discovery protocol settings for duplicate address detection and the neighbor solicitation interval CLI REFERENCES IPv...

Page 455: ...1280 65535 bytes Default 1500 bytes The maximum value set by this command cannot exceed the MTU of the physical interface which is currently fixed at 1500 bytes If a non default value is configured an...

Page 456: ...not for any of the IPv6 global unicast addresses already associated with the interface ND NS Interval The interval between transmitting IPv6 neighbor solicitation messages on an interface Range 1000...

Page 457: ...r of zeros required to fill the undefined fields The switch must always be configured with a link local address Therefore explicitly enabling IPv6 see Configuring IPv6 Interface Settings on page 452 o...

Page 458: ...ddress Range 1 4093 Address Type Defines the address type configured for this interface Global Configures an IPv6 global unicast address with a full IPv6 address including the network prefix and host...

Page 459: ...nd the rest of the address resulting in a modified EUI 64 interface identifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP int...

Page 460: ...l attached IPv6 nodes The interface local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicas...

Page 461: ...R CACHE Use the IP IPv6 Configuration Show IPv6 Neighbor Cache page to display the IPv6 addresses detected for neighbor devices CLI REFERENCES show ipv6 neighbors on page 1106 PARAMETERS These paramet...

Page 462: ...ile in Stale state the device takes no action until a packet is sent Delay More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward path was...

Page 463: ...capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes that is the...

Page 464: ...fragments were addressed which might not be necessarily the input interface for some of the fragments Reassembled Succeeded The number of IPv6 datagrams successfully reassembled Note that this counter...

Page 465: ...d Messages The number of ICMP Time Exceeded messages received by the interface Parameter Problem Messages The number of ICMP Parameter Problem messages received by the interface Echo Request Messages...

Page 466: ...mber of ICMP Router Advertisement messages sent by the interface Redirect Messages The number of Redirect messages sent For a host this object will always be zero since hosts do not send redirects Gro...

Page 467: ...465 CHAPTER 17 IP Configuration Setting the Switch s IP Address IP Version 6 Figure 273 Showing IPv6 Statistics IPv6 Figure 274 Showing IPv6 Statistics ICMPv6...

Page 468: ...RENCES show ipv6 mtu on page 1095 PARAMETERS These parameters are displayed in the web interface Table 25 Show MTU display description Field Description MTU Adjusted MTU contained in the ICMP packet t...

Page 469: ...figuration Setting the Switch s IP Address IP Version 6 Figure 276 Showing Reported MTU Values IP 1Pv6 Action lshowloiTU v l MTUTable l lax 10 Totat 2 IITU I Slnce I 1400 00 04 21 5000 1 3 1280 00 04...

Page 470: ...468 CHAPTER 17 IP Configuration Setting the Switch s IP Address IP Version 6...

Page 471: ...g traffic between VLANs with different IP interfaces and routing traffic to external IP networks However when the switch is first booted default routing can only forward traffic between local IP inter...

Page 472: ...r 3 as well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing Based on the Layer 3 destination address...

Page 473: ...ready there the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address After the MAC address is discovered the packet is reformatted and sent...

Page 474: ...router s host number on that network In other words a router interface address defines the network segment that is connected to that interface and allows you to send IP packets to or from the router...

Page 475: ...parameters are displayed in the web interface IP Address IP address of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 512 bytes The actual...

Page 476: ...s when the maximum timeout TTL is exceeded or the maximum number of hops is exceeded The trace route function first sends probe datagrams with the TTL value set at one This causes the first router to...

Page 477: ...hop to the next ARP is used to map an IP address to a physical layer i e MAC address When an IP frame is received by this router or any standards based router it first looks up the MAC address corres...

Page 478: ...er will be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request Also if the switch receives a request for its own IP address it will send...

Page 479: ...r specified VLAN interfaces allowing a non routing device to determine the MAC address of a host on another subnet or network Default Disabled End stations that require Proxy ARP must view the entire...

Page 480: ...used if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Static e...

Page 481: ...YNAMIC OR LOCAL ARP ENTRIES The ARP cache contains static entries and entries for local interfaces including subnet host and broadcast addresses However most entries will be dynamically learned throug...

Page 482: ...RP Show Information page to display statistics for ARP messages crossing all interfaces on this router CLI REFERENCES show ip traffic on page 1113 PARAMETERS These parameters are displayed in the web...

Page 483: ...to a subnet rather than using dynamic routing Static routes do not automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensur...

Page 484: ...IP address of the next router hop used for this route Distance An administrative distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic rou...

Page 485: ...e interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When routing or topology changes occur in the network the routing table is u...

Page 486: ...isplay the routing table 1 Click IP Routing Routing Table 2 Select Show Information from the Action List Figure 289 Displaying the Routing Table EQUAL COST MULTIPATH ROUTING Use the IP Routing Routing...

Page 487: ...paths have the same lowest cost the static paths have precedence over dynamic paths Each path toward the same destination with equal cost takes up one entry in the routing table to record routing inf...

Page 488: ...he maximum ECMP number 1 Click IP Routing Routing Table 2 Select Configure ECMP Number from the Action List 3 Enter the maximum number of equal cost paths used to route traffic to the same destination...

Page 489: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Page 490: ...p router To select a specific device as the master router set the address of this interface as the virtual router address for the group Now set the same virtual address and a priority on the backup ro...

Page 491: ...he virtual IP address Owner is the highest the original master router will always become the active master router when it recovers If two or more routers are configured with the same VRRP priority the...

Page 492: ...ormation about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be proce...

Page 493: ...n the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded State VRRP router role Values M...

Page 494: ...nfigure Group ID from the Step List 3 Select Show from the Action List Figure 295 Showing Configured VRRP Groups To configure the virtual router address for a VRRP group 1 Click IP VRRP 2 Select Confi...

Page 495: ...Configure Group ID from the Step List 3 Select Show IP Addresses from the Action List Figure 297 Showing the Virtual Addresses Assigned to VRRP Groups To configure detailed settings for a VRRP group...

Page 496: ...e parameters are displayed in the web interface VRRP Packets with Invalid Checksum The total number of VRRP packets received with an invalid VRRP checksum value VRRP Packets with Unknown Error The tot...

Page 497: ...to master Received Advertisement Packets Number of VRRP advertisements received by this router Received Error Advertisement Interval Packets Number of VRRP advertisements received for which the adver...

Page 498: ...ived Invalid Authentication Type VRRP Packets Number of packets received with an unknown authentication type Received Mismatch Authentication Type VRRP Packets Number of packets received with Auth Typ...

Page 499: ...ion to other name servers on the network When a client device designates this switch as a DNS server the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the sw...

Page 500: ...the default domain name 4 Click Apply Figure 301 Configuring General Settings for DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of doma...

Page 501: ...500 PARAMETERS These parameters are displayed in the web interface Domain Name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters...

Page 502: ...il a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status PARAM...

Page 503: ...E Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are displayed in t...

Page 504: ...ACHE Use the IP Service DNS Cache page to display entries in the DNS cache that have been learned via the designated name servers CLI REFERENCES show dns cache on page 1040 COMMAND USAGE Servers or ot...

Page 505: ...N PROTOCOL Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they boot up If a subnet does not already include...

Page 506: ...erver to the client Figure 309 Layer 3 DHCP Relay Service Provides IP address compatible with switch segment to which client is attached DHCP Server CLI REFERENCES ip dhcp relay server on page 1045 ip...

Page 507: ...er code or MAC address Figure 311 DHCP Server Address Pool 8 network address pools Static Addresses 32 static addresses all within the confines of configured network address pools COMMAND USAGE First...

Page 508: ...bling the DHCP Server SETTING EXCLUDED ADDRESSES Use the IP Service DHCP Server Configure Excluded Addresses Add page to specify the IP addresses that should not be assigned to clients CLI REFERENCES...

Page 509: ...3 Configuring Excluded Addresses on the DHCP Server To show the IP addresses excluded for DHCP clients 1 Click IP Service DHCP Server 2 Select Configure Excluded Addresses from the Step list 3 Select...

Page 510: ...ddress pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for DHCP cli...

Page 511: ...WINS name server used for Microsoft DHCP clients Netbios Type NetBIOS node type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the...

Page 512: ...on Protocol 6 Click Apply Figure 315 Configuring DHCP Server Address Pools Network Figure 316 Configuring DHCP Server Address Pools Host To show the configured DHCP address pools 1 Click IP Service DH...

Page 513: ...s DHCP server CLI REFERENCES show ip dhcp binding on page 1058 PARAMETERS These parameters are displayed in the web interface IP Address IP address assigned to host MAC Address MAC address of host Le...

Page 514: ...o forward broadcast packets for specified UDP application ports to remote servers located in another network segment To configure UDP helper enable it globally see Configuring General DNS Service Para...

Page 515: ...ace Destination UDP Port UDP application port for which UDP service requests are forwarded Range 1 65535 The following UDP ports are inlcuded in the forwarding list when the UDP helper is enabled and...

Page 516: ...ed UDP broadcast packets are forwarded CLI REFERENCES ip helper address on page 1083 COMMAND USAGE Up to 20 helper addresses can be specified To forward UDP packets with the UDP helper the clients mus...

Page 517: ...by default as described on page 513 PARAMETERS These parameters are displayed in the web interface VLAN ID VLAN identifier Range 1 4093 IP Address Host address or directed broadcast address to which U...

Page 518: ...vices Forwarding UDP Service Requests Figure 323 Showing the Target Server or Subnet for UDP Requests IP Service UOP Helper Address Act on IShow v I VLAII ID UDP Helper Address List l lax 1024 Total 1...

Page 519: ...ate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of n...

Page 520: ...s Figure 324 Configuring RIP A 1 B 2 C 3 4 5 D 6 E Cost 1 for all links Routing table for node A COMMAND USAGE Just as Layer 2 switches use the Spanning Tree Algorithm to prevent loops routers also us...

Page 521: ...mation Protocol RIP on page 1117 COMMAND USAGE RIP is used to specify how routers exchange routing information When RIP is enabled on this router it sends RIP messages to all devices in the network ev...

Page 522: ...and the router learns about the same external network with a better metric from a redistribution point other than that derived from the original source The default metric does not override the metric...

Page 523: ...outing protocol less sensitive to changes in the network configuration Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessib...

Page 524: ...ntire RIP network redistribute connected routes using the Routing Protocol RIP Redistribute screen page 527 to make the RIP network a connected route To delete the RIP routes learned from neighbors bu...

Page 525: ...l 2 Select Clear Route from the Action list 3 When clearing routes by type select the required type from the drop down list When clearing routes by network enter a valid network address and prefix len...

Page 526: ...the network portion of the address This mask identifies the network address bits used for the associated routing entries By VLAN Adds a Layer 3 VLAN to the RIP routing process The VLAN must be config...

Page 527: ...n interface the attached subnet will still continue to be advertised to other interfaces and updates from other routers on the specified interface will continue to be received and processed This featu...

Page 528: ...h a static neighbor specifically for point to point links rather than relying on broadcast or multicast messages generated by the RIP protocol This feature can be used in conjunction with the passive...

Page 529: ...ing Protocol RIP Redistribute Add page to import external routing information from other routing domains that is directly connected routes protocols or static routes into this autonomous system CLI RE...

Page 530: ...ed to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow an imported route the maximum number of hops allowed with...

Page 531: ...rding to the IP address of the router supplying the routing information For example to filter out unreliable routing information from routers not under your administrative control The administrative d...

Page 532: ...ion 4 Click Apply Figure 335 Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols 1 Click Routing Protocol RIP Distanc...

Page 533: ...d by RIPv2 including subnet mask next hop and authentication information This is the default setting Use Do Not Send to passively monitor route information advertised by other routers attached to the...

Page 534: ...se parameters are displayed in the web interface VLAN ID Layer 3 VLAN interface This interface must be configured with an IP address and have an active link Range 1 4093 Send Version The RIP version t...

Page 535: ...ame password Range 1 16 characters case sensitive Instability Prevention Specifies the method used to reduce the convergence time when the network topology changes and to prevent RIP protocol messages...

Page 536: ...S Use the Routing Protocol RIP Statistics Show Interface Information page to display information about RIP interface configuration settings CLI REFERENCES show ip rip on page 1134 PARAMETERS These par...

Page 537: ...rmation page to display information on neighboring RIP routers CLI REFERENCES show ip protocols rip on page 1133 PARAMETERS These parameters are displayed in the web interface Peer Address IP address...

Page 538: ...OSPF is more suited for large area networks which experience frequent changes in the links It also handles subnets much better than RIP OSPF protocol actively tests the status of each link to its neig...

Page 539: ...ly the OSPF algorithms have been tailored for efficient operation in TCP IP Internets OSPFv2 is a compatible upgrade to OSPF It involves enhancements to protocol message authentication and the additio...

Page 540: ...d areas and external links to other areas Use the Routing Protocol OSPF Network Area Add page to define an OSPF area and the interfaces that operate within this area An autonomous system must be confi...

Page 541: ...rresponding address range forms a routing interface and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the network as desc...

Page 542: ...hat is contiguous with all the other areas in the network and configure an area for all of the other OSPF interfaces 4 Click Apply Figure 344 Defining OSPF Network Areas Based on Addresses To to show...

Page 543: ...ers are using the same RFC for calculating summary route costs Enable this field to force the router to calculate summary route costs using RFC 1583 Default Disabled When RFC 1583 compatibility is ena...

Page 544: ...ported from other protocols Range 0 16777214 Default 20 A default metric must be used to resolve the problem of redistributing external routes from other protocols that use incompatible metrics This d...

Page 545: ...route Type 1 route advertisements add the internal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a...

Page 546: ...eter Description Router ID Type Indicates if the router ID was manually configured or automatically generated by the system Rx LSAs The number of link state advertisements that have been received Orig...

Page 547: ...mous systems to which it may be attached If a router is enabled as an ASBR then every other router in the autonomous system can learn about external routes from this device Restart Status Indicates if...

Page 548: ...col OSPF Network Area Add page Range 1 65535 Area ID Identifier for a not so stubby area NSSA or stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from...

Page 549: ...BR An NSSA is similar to a stub It blocks most external routing information and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the au...

Page 550: ...s own area and then leaked to adjacent areas Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned through OSPF the default route static routes rout...

Page 551: ...BR it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using this option Metric Type Type 1 or Type 2 external routes W...

Page 552: ...icantly reduce the amount of topology data that has to be exchanged over the network Figure 354 OSPF Stub Area backbone ABR default external route stub By default a stub can only pass traffic to other...

Page 553: ...ched stub Summary Controls the use of summary routes Summary Allows an Area Border Router ABR to send a summary link advertisement into the stub area No Summary Stops an ABR from sending a summary lin...

Page 554: ...een see page 538 Area ID Identifier for a not so stubby area NSSA or stub SPF Runs The number of times the Shortest Path First algorithim has been run for this area ABR Count The number of Area Border...

Page 555: ...Route Summarization for ABRs area ABR area summary route CLI REFERENCES router ospf on page 1136 area range on page 1142 COMMAND USAGE Use the Area Range configuration page to summarize intra area ro...

Page 556: ...es whether or not to advertise the summary route If the routes are set to be advertised the router will issue a Type 3 summary LSA for each specified address range If the summary is not advertised the...

Page 557: ...page 1185 COMMAND USAGE This router supports redistribution for all currently connected routes entries learned through RIP and static routes When you redistribute external routes into an OSPF autonom...

Page 558: ...signed to all external routes for the specified protocol Range 1 65535 Default 10 The metric value specified for redistributed routes supersedes the Default External Metric specified in the Routing Pr...

Page 559: ...oute individually in an external LSA as described in the preceding section The reduce the numer of protocol messages required to redistribute these external routes an Autonomous System Boundary Router...

Page 560: ...ertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 553 This router supports up 20 Type 5 summary routes PARAMETERS These parameters...

Page 561: ...assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area use the Routing Protocol OSPF Interface Configure by VLAN or Configure by Address page to configur...

Page 562: ...to prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority becomes the DR and the router with the next highest priority becomes the...

Page 563: ...d trip delay between any two routers on the attached network to avoid unnecessary retransmissions Authentication Type Specifies the authentication type used for an interface Options None Simple MD5 De...

Page 564: ...e incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and ano...

Page 565: ...s for All Interfaces Assigned to a VLAN To configure interface settings for a specific area assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by Address from the Action lis...

Page 566: ...VLAN To show the configuration settings for OSPF interfaces 1 Click Routing Protocol OSPF Interface 2 Select Show from the Action list 3 Select the VLAN ID Figure 367 Showing OSPF Interfaces To show t...

Page 567: ...ckbone area i e transit area to reach the backbone To define this path you must configure an ABR that serves as an endpoint connecting the isolated area to the common transit area and specify a neighb...

Page 568: ...see page 538 Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IPv4 address or also as a four octet unsigned integer ranging from 0 4294967295 Neighbor Rou...

Page 569: ...settings for a virtual link 1 Click Routing Protocol OSPF Virtual Link 2 Select Configure Detailed Settings from the Action list 3 Specify the process ID then modify the protocol timers and authentic...

Page 570: ...zed with neighboring routers through a process called reliable flooding You can show information about different LSAs stored in this router s database which may include any of the following types Rout...

Page 571: ...is to be displayed Link ID Network portion described by an LSA The Link ID is either An IP network number for Type 3 Summary and Type 5 AS External LSAs When an Type 5 AS External LSA is describing a...

Page 572: ...e to show the Link State Advertisements LSAs stored in the link state database for virtual links CLI REFERENCES show ip ospf virtual links on page 1174 PARAMETERS These parameters are displayed in the...

Page 573: ...lo message is due This time is determined by the Hello Interval which must be the same for all router attached to a common network Adjacency State The state of the virtual neighbor relationship Down C...

Page 574: ...es include Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional commu...

Page 575: ...ier Figure 376 Displaying Neighbor Routers Stored in the Link State Database Routing Protocol OSPF Information Type Q LSOB O Virtuallink 0 Neighbor Proeess 10 tJelghborInformation Ust Max s Totat 2 I...

Page 576: ...574 CHAPTER 21 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2...

Page 577: ...s designed for networks where the probability of multicast group members is high such as a local network PIM SM is designed for networks where the probability of multicast group members is low such as...

Page 578: ...a Reverse Path Tree RPT that channels the multicast traffic from each source through a single Rendezvous Point RP within the local PIM SM domain and then forwards this traffic to the Designated Route...

Page 579: ...uters along the RP Tree are replicated wherever the RP Tree branches and eventually reach all the receivers for that multicast group Because all routers along the shared tree are using PIM SM the mult...

Page 580: ...terface ENABLING MULTICAST ROUTING GLOBALLY Use the Multicast Multicast Routing General page to enable IP multicast routing globally on the switch CLI REFERENCES ip multicast routing on page 1205 PARA...

Page 581: ...ticast routing tree based on the unicast routing table If the related unicast routing table does not exist PIM will still create a multicast routing entry displaying the upstream interface to indicate...

Page 582: ...tes a pruned state along the shared tree for a particular source SPT bit set Multicast packets have been received from a source on shortest path tree Join SPT The rate of traffic arriving over the sha...

Page 583: ...2 Select Show Summary from the Action List Figure 378 Displaying the Multicast Routing Table To display detailed information on a specific flow in multicast routing table 1 Click Multicast Multicast R...

Page 584: ...ary to the multicast protocol parameters To use PIM multicast routing must be enabled on the switch see Enabling Multicast Routing Globally on page 578 WEB INTERFACE To enable PIM multicast routing 1...

Page 585: ...received from a downstream router or if group members are directly connected to the interface When routers want to receive a multicast flow they periodically send join messages to the RP and are subs...

Page 586: ...prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry PIM SM The multicast interface that first receives a multicast stream fro...

Page 587: ...e hello delay is set to random value between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also...

Page 588: ...a priority in its hello messages it is assumed to have the highest priority and is elected as the DR If more than one router is not advertising its priority then the router with the highest IP addres...

Page 589: ...587 CHAPTER 22 Multicast Routing Configuring PIM for IPv4 Figure 381 Configuring PIM Interface Settings Dense Mode Figure 382 Configuring PIM Interface Settings Sparse Mode...

Page 590: ...GLOBAL PIM SM SETTINGS Use the Routing Protocol PIM SM Configure Global page to configure the rate at which register messages are sent the source of register messages and switchover to the Shortest Pa...

Page 591: ...gh the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree...

Page 592: ...age This router will continue to be the BSR until it receives a bootstrap message from another candidate with a higher priority or a higher IP address if the priorities are the same To improve failove...

Page 593: ...ge 0 255 Default 0 WEB INTERFACE To configure the switch as a BSR candidate 1 Click Multicast Multicast Routing SM 2 Select BSR Candidate from the Step list 3 Specify the VLAN interface for which this...

Page 594: ...over the one statically configured All routers within the same PIM SM domain must be configured with the same RP s Selecting an RP through the dynamic election process is therefore preferable for mos...

Page 595: ...RENCES ip pim rp candidate on page 1228 COMMAND USAGE When this router is configured as an RP candidate it periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for the spe...

Page 596: ...p one of these routers as both the primary BSR and RP PARAMETERS These parameters are displayed in the web interface VLAN Identifier of configured VLAN interface Range 1 4093 Interval The interval at...

Page 597: ...Select an interface from the VLAN list Figure 389 Showing Settings for an RP Candidate DISPLAYING THE BSR ROUTER Use the Routing Protocol PIM SM Show Information Show BSR Router page to display Infor...

Page 598: ...the new BSR s identity and the RP set Accept Preferred The router knows the identity of the current BSR and is using the RP set provided by that BSR Only bootstrap messages from that BSR or from a C...

Page 599: ...yed in the web interface Groups A multicast group address RP Address IP address of the RP for the listed multicast group Information Source RP that advertised the mapping how the RP was selected Stati...

Page 600: ...y on the router You also need to enable PIM DM for each interface that will support multicast routing see page 599 and make any changes necessary to the multicast protocol parameters To use PIMv6 mult...

Page 601: ...LD proxy is enabled on an interface PIMv6 cannot be enabled on any interface PARAMETERS These parameters are displayed in the web interface VLAN Layer 3 VLAN interface Range 1 4093 Mode PIMv6 routing...

Page 602: ...am The protocol maintains both the current join state and the pending RPT prune state for this source group pair until the join prune interval timer expires LAN Prune Delay Causes this device to infor...

Page 603: ...n 0 and the trigger hello delay Graft Retry Interval The time to wait for a Graft acknowledgement before resending a Graft message Range 1 10 seconds Default 3 seconds A graft message is sent by a rou...

Page 604: ...v6 Interface Settings Dense Mode DISPLAYING NEIGHBOR INFORMATION Use the Routing Protocol PIM6 Neighbor page to display all neighboring PIMv6 routers CLI REFERENCES show ip pim neighbor on page 1222 P...

Page 605: ...RFACE To display neighboring PIMv6 routers 1 Click Routing Protocol PIM6 Neighbor Figure 394 Showing PIMv6 Neighbors Routing Protocol PIM6 Neighbor NeighborInformation r rax 128 Total 2 I Vl AII I Upl...

Page 606: ...604 CHAPTER 22 Multicast Routing Configuring PIMv6 for IPv6...

Page 607: ...mands on page 691 Flow Sampling Commands on page 699 Authentication Commands on page 705 General Security Measures on page 755 Access Control Lists on page 801 Interface Commands on page 823 Link Aggr...

Page 608: ...face LLDP Commands on page 1015 Domain Name Service Commands on page 1033 DHCP Commands on page 1043 VRRP Commands on page 1061 IP Interface Commands on page 1071 IP Routing Commands on page 1109 Mult...

Page 609: ...le prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI d...

Page 610: ...Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated...

Page 611: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Page 612: ...tion hosts Host information interfaces Shows interface information ip IP information ipv6 IPv6 information lacp LACP statistics line TTY line information lldp LLDP log Log records logging Logging sett...

Page 613: ...keyword with a question mark alternatives that match the initial letters are provided Remember not to leave a space between the command and question mark For example s shows all the keywords starting...

Page 614: ...nge VLAN Database You must be in Privileged Exec mode to access the Global configuration mode You must be in Global Configuration mode to access any of the other configuration modes EXEC COMMANDS When...

Page 615: ...er community Access Control List Configuration These commands are used for packet filtering Class Map Configuration Creates a DiffServ class map for a specified traffic type IGMP Profile Sets a profil...

Page 616: ...config std acl Console config ext acl Console config mac acl 802 802 814 access list ipv6 standard access list ipv6 extended Console config std ipv6 acl 809 Console config ext ipv6 acl 810 Class Map c...

Page 617: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Page 618: ...lid static or dynamic addresses web authentication MAC address authentication filtering DHCP requests and replies and discarding invalid ARP responses 755 Access Control List Provides filtering for IP...

Page 619: ...relay and server functions 1043 Router Redundancy Configures router redundancy to create primary and backup routers 1061 IP Interface Configures IP address for the switch interfaces also configures A...

Page 620: ...618 CHAPTER 23 Using the Command Line Interface CLI Command Groups...

Page 621: ...urns to normal mode from privileged mode PE reload Restarts the system immediately PE show reload Displays the current reload settings and the time at which PE next scheduled reload will take place en...

Page 622: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Page 623: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Page 624: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifi...

Page 625: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Page 626: ...ded to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 621 reload Privileged Exec This command restarts the system NO...

Page 627: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Page 628: ...s EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Us...

Page 629: ...or switch configuration files Line Sets communication parameters for the serial port including baud rate and console time out Event Logging Controls logging of error messages SMTP Alerts Configures SM...

Page 630: ...Commands Command Function Mode show memory Shows memory utilization parameters NE PE show process cpu Shows CPU utilization parameters NE PE show running config Displays the configuration data curren...

Page 631: ...onfiguration information currently in use COMMAND MODE Privileged Exec COMMAND USAGE Use this command in conjunction with the show startup config command to compare the information in running memory t...

Page 632: ...kingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac snmp server community public ro snmp server community private rw snmp server enable traps authen...

Page 633: ...vels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs La...

Page 634: ...formation System Up Time 0 days 0 hours 21 minutes and 47 6 seconds System Name System Location System Contact MAC Address Unit 1 00 00 E8 93 82 A0 Web Server Enabled Web Server Port 80 Web Secure Ser...

Page 635: ...4 192 168 0 61 Console show version This command displays hardware and software version information for the system COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE See Displaying Switch Hardware...

Page 636: ...mes on Gigabit Ethernet ports up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process prot...

Page 637: ...LE MANAGEMENT Managing Firmware Firmware can be uploaded and downloaded to or from an FTP TFTP server By saving runtime code to a file on an FTP TFTP server that file can later be downloaded to the sw...

Page 638: ...onfiguration to or PE from flash memory or an FTP TFTP server delete Deletes a file or code image PE dir Displays a list of files in flash memory PE whichboot Displays the files booted PE boot system...

Page 639: ...certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See Secure Shell on page 732 running config Keywo...

Page 640: ...et as the default user name EXAMPLE The following example shows how to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opco...

Page 641: ...certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP se...

Page 642: ...LE This example shows how to delete the test2 cfg configuration file from flash memory Console delete test2 cfg Console RELATED COMMANDS dir 640 delete public key 737 dir This command displays a list...

Page 643: ...file was last modified Size The length of the file in bytes EXAMPLE The following example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes Unit 1 EC...

Page 644: ...H connections authorization exec Applies an authorization method to local console LC Telnet or SSH connections databits Sets the number of data bits per character that are LC interpreted and generated...

Page 645: ...own as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections EXAMPLE To enter console line mode enter the following comman...

Page 646: ...input is detected Use the no form to restore the default SYNTAX exec timeout seconds no exec timeout seconds Integer that specifies the timeout interval Range 0 65535 seconds 0 no timeout DEFAULT SETT...

Page 647: ...mmand When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default sett...

Page 648: ...h as terminals and modems often require a specific parity bit setting EXAMPLE To specify no parity enter this command Console config line parity none Console config line password This command specifie...

Page 649: ...There is no need for you to manually configure encrypted passwords EXAMPLE Console config line password 0 secret Console config line RELATED COMMANDS login 645 password thresh 647 password thresh Thi...

Page 650: ...ilent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 30 seconds DEFAULT SETTING The default value is no silent time COMMAND MODE Line Configurati...

Page 651: ...ption the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly EXAMPLE To specify 57600 bps enter this command Console config line speed...

Page 652: ...minated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the defa...

Page 653: ...nal for remote console access i e Telnet DEFAULT SETTING Shows all lines COMMAND MODE Normal Exec Privileged Exec EXAMPLE To show all lines enter this command Console show line Console Configuration P...

Page 654: ...om the logging buffer PE show log Displays log messages PE show logging Displays the state of logging PE logging facility This command sets the facility type for remote logging of syslog messages Use...

Page 655: ...Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning...

Page 656: ...wed is five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disa...

Page 657: ...le on page 653 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Page 658: ...ry stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following examp...

Page 659: ...ging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled Hi...

Page 660: ...threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog servers as specified in the logging host command RELATE...

Page 661: ...ng DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server To s...

Page 662: ...ND MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Page 663: ...default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING N...

Page 664: ...mmands Command Function Mode SNTP Commands sntp client Accepts time from specified time servers GC sntp poll Sets the interval at which the client polls for time GC sntp server Specifies one or more t...

Page 665: ...erver 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Current Mode unicast SNTP Status Enabled...

Page 666: ...command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received I...

Page 667: ...13 hours after UTC minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of UTC DEFAULT SET...

Page 668: ...Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE...

Page 669: ...he time range for the periodic execution of a TR command show time range Shows configured time ranges PE time range This command specifies the name of a time range and enters time range configuration...

Page 670: ...me Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the current entry prior to configuring a new time range EXAMPLE This examp...

Page 671: ...ple configures a time range for the periodic occurrence of an event Console config time range sales Console config time range periodic daily 1 1 to 2 1 Console config time range show time range This c...

Page 672: ...670 CHAPTER 25 System Management Commands Time Range...

Page 673: ...Command Function Mode General SNMP Commands snmp server Enables the SNMP agent GC snmp server community Sets up the community access string to permit GC access to SNMP commands snmp server contact Se...

Page 674: ...server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config snmp server Console config snmp server community This command defines community access strings used to authoriz...

Page 675: ...Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 charac...

Page 676: ...t and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabl...

Page 677: ...In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down...

Page 678: ...econds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string...

Page 679: ...at informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to...

Page 680: ...ies an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters DEFAULT SETTING A unique e...

Page 681: ...gineID remote 9876543210 192 168 1 19 Console config RELATED COMMANDS snmp server host 676 snmp server group This command adds an SNMP group mapping SNMP users to SNMP views Use the no form to remove...

Page 682: ...rithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages support...

Page 683: ...password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with pri...

Page 684: ...onfig snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien Console...

Page 685: ...show snmp engine id This command shows the SNMP engine ID COMMAND MODE Privileged Exec EXAMPLE This example shows the default engine ID Console show snmp engine id Local SNMP EngineID 8000002a8000000...

Page 686: ...latile Row Status active Group Name public Security Model v2c Read View defaultview Write View No writeview specified Notify View No notifyview specified Storage Type volatile Row Status active Group...

Page 687: ...torage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status act...

Page 688: ...n View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included or excluded Storage Type The storage type for this entry Row Status The row status of...

Page 689: ...rameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a mechanism...

Page 690: ...ntain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network management station...

Page 691: ...s command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured notification logs and associated target hosts Console show snmp notify fil...

Page 692: ...690 CHAPTER 26 SNMP Commands...

Page 693: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Page 694: ...ue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 1 65535 event index The index of the event to use if an alarm is triggered If there...

Page 695: ...Log messages are processed based on the current configuration settings for event logging see Event Logging on page 652 trap Sends a trap message to all configured trap managers see snmp server host o...

Page 696: ...o rmon collection history index index Index to this entry Range 1 65535 number The number of buckets requested for this entry Range 1 65536 seconds The polling interval Range 1 3600 seconds name Name...

Page 697: ...on who created this entry Range 1 127 characters DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE By default each index number equates to a port on the swich but can...

Page 698: ...ed by steve Description is for r d Event firing causes log and trap to community public last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each ent...

Page 699: ...atistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0...

Page 700: ...698 CHAPTER 27 Remote Monitoring Commands...

Page 701: ...ze of the sFlow datagram IC payload sflow max header size Configures the maximum size of the sFlow datagram IC header sflow owner Configures the name of the receiver IC sflow sample Configures the pac...

Page 702: ...the default UDP port Console config interface ethernet 1 9 Console config if sflow destination ipv4 192 168 0 4 Console config if sflow max datagram size This command configures the maximum size of th...

Page 703: ...Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 9 Console config if sflow max header size 256 Console config if sflow owner This command configures the name of the receiv...

Page 704: ...guration Ethernet EXAMPLE This example sets the sample rate to 1 out of every 100 packets Console config interface ethernet 1 9 Console config if sflow sample 100 Console config if sflow source This c...

Page 705: ...cates no time out DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE The sFlow parameters affected by this command include the sampling interval the receiver s name a...

Page 706: ...ec EXAMPLE Console show sflow interface ethernet 1 9 Interface of Ethernet 1 9 Interface status Enabled Owner name Lamar Owner destination 192 168 0 4 Owner socket port 6343 Time out 9994 Maximum head...

Page 707: ...ork access Web Server Enables management access via a web browser Telnet Server Enables management access via Telnet Secure Shell Provides secure replacement for Telnet 802 1X Port Authentication Conf...

Page 708: ...el Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default is level 15 The default password is super COMMAND MODE Global Configuration COMMAND USAGE You cannot s...

Page 709: ...s encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default access level is Normal Ex...

Page 710: ...hentication enable local Use local password only radius Use RADIUS server password only tacacs Use TACACS server password DEFAULT SETTING Local COMMAND MODE Global Configuration COMMAND USAGE RADIUS u...

Page 711: ...le TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client t...

Page 712: ...lient Commands Command Function Mode radius server acct port Sets the RADIUS server network port GC radius server auth port Sets the RADIUS server network port GC radius server host Specifies the RADI...

Page 713: ...RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a specified server or to restore the default values SYNTAX no radius server index host h...

Page 714: ...Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console config radius server key This command sets the RADIUS encryption key Us...

Page 715: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Page 716: ...e TACACS CLIENT Terminal Access Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on t...

Page 717: ...ess for the client Do not use blank spaces in the string Maximum length 48 characters port number TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 10 11 12 13 COMM...

Page 718: ...tring Maximum length 48 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config tacacs server key green Console config tacacs server port This command specifies the TA...

Page 719: ...quire the use of configured RADIUS or TACACS servers in the network Table 63 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x...

Page 720: ...ng method for service requests method name Specifies an accounting method for service requests Range 1 255 characters start stop Records accounting from starting point and stopping point group Specifi...

Page 721: ...s accounting from starting point and stopping point group Specifies the server group to use radius Specifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS...

Page 722: ...pecifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS hosts configure with the tacacs server host command server group Specifies the name of a server grou...

Page 723: ...interim interval enables updates but does not change the current interval setting EXAMPLE Console config aaa accounting update periodic 30 Console config aaa authorization exec This command enables t...

Page 724: ...zation type applies except those that have a named method explicitly defined EXAMPLE Console config aaa authorization exec default group tacacs Console config aaa group server Use this command to name...

Page 725: ...host command When specifying the index for a TACACS server that server index must already be defined by the tacacs server host command EXAMPLE Console config aaa group server radius tps Console confi...

Page 726: ...the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console config line exit Console config...

Page 727: ...me interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable command level dot1x Displays dot1x ac...

Page 728: ...nterface ip http server Allows the switch to be monitored or configured from GC a browser ip http secure server Enables HTTPS HTTP SSL for encrypted GC communications ip http secure port Specifies the...

Page 729: ...631 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web in...

Page 730: ...Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS Table 65 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98...

Page 731: ...nnect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Console config ip http secure port 1000 Console config RELATED COMMANDS ip http secure...

Page 732: ...on count no ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 4 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of four ses...

Page 733: ...Use the no form to disable this function SYNTAX no ip telnet server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip telnet server Console config show ip telnet This...

Page 734: ...rypto zeroize Clear the host key from RAM PE ip ssh save host key Saves the host key from RAM to flash memory PE show ip ssh Displays the status of the SSH server and the PE configured values for auth...

Page 735: ...he public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch with the username command The clients are subsequently a...

Page 736: ...he challenge string computes the MD5 checksum and sends the checksum back to the switch e The switch compares the checksum sent from the client against that computed for the original string it sent If...

Page 737: ...tires 2 Console config RELATED COMMANDS show ip ssh 739 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service SYNTAX no ip ssh server DE...

Page 738: ...y size key size The size of server key Range 512 896 bits DEFAULT SETTING 768 bits COMMAND MODE Global Configuration COMMAND USAGE The server key is a private key that is never shared outside the swit...

Page 739: ...config RELATED COMMANDS exec timeout 644 show ip ssh 739 delete public key This command deletes the specified user s public key SYNTAX delete public key username dsa rsa username Name of an SSH user...

Page 740: ...you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to...

Page 741: ...ey from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console ip ssh save host key dsa Console RELATED COMMANDS ip...

Page 742: ...last string is the encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 071942106165575942459093923609695405036277525...

Page 743: ...submit credentials for authentication Client authentication is controlled centrally by a RADIUS server using EAP Extensible Authentication Protocol Table 69 802 1X Port Authentication Commands Comman...

Page 744: ...dot1x Shows all dot1x related information PE dot1x default This command sets all configurable dot1x global and port settings to their default values COMMAND MODE Global Configuration EXAMPLE Console...

Page 745: ...E 802 1X port authentication globally on the switch Use the no form to restore the default SYNTAX no dot1x system auth control DEFAULT SETTING Disabled COMMAND MODE Global Configuration EXAMPLE Consol...

Page 746: ...Console config if dot1x intrusion action guest vlan Console config if dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the...

Page 747: ...ws multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this co...

Page 748: ...T force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enable...

Page 749: ...fault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console config...

Page 750: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Page 751: ...ce SYNTAX dot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 port Port number EC S4626F 1 26 EC S4650F 1 50 COMMAND MODE Privileged Exec COMMAND USAGE The re authenti...

Page 752: ...Type Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 745 Control Mode Dot1x port control mode page 746 Authorized A...

Page 753: ...ackend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response...

Page 754: ...tifier 0 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 Identifier Server 2 Reauthentication State Machine Sta...

Page 755: ...invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access r...

Page 756: ...resses for all groups http client Displays IP addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Pri...

Page 757: ...secure addresses for a port 802 1X Port Authentication Configures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authen...

Page 758: ...cally take action by disabling the port and sending a trap message Table 72 Management IP Filter Commands Command Function Mode mac address table static Maps a static address to a port in a VLAN GC ma...

Page 759: ...to restore the default settings for a response to security violation or for the maximum number of allowed addresses SYNTAX port security action shutdown trap trap and shutdown max mac count address co...

Page 760: ...mmand to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the follo...

Page 761: ...s guest vlan Specifies the guest VLAN IC network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and...

Page 762: ...ured by the MAC Address Authenticataion process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host...

Page 763: ...g network access mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authent...

Page 764: ...p name service policy in p1 Rate Limit rate limit input rate rate limit input 100 Kbps 802 1p switchport priority default value switchport priority default 2 When the last user logs off of a port with...

Page 765: ...VLAN configuration or they are treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still tre...

Page 766: ...be effective see the dot1x intrusion action command EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detection Use thi...

Page 767: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Page 768: ...ponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAN...

Page 769: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Page 770: ...Type attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter...

Page 771: ...ce Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addre...

Page 772: ...it port unit Stack unit Range 1 port Port number Range 1 26 50 DEFAULT SETTING Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ether...

Page 773: ...e 1 port Port number Range 1 26 50 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask...

Page 774: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Page 775: ...uth Displays global web authentication parameters PE show web auth interface Displays interface specific web authentication PE parameters and statistics show web auth summary Displays a summary of web...

Page 776: ...D MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid...

Page 777: ...h and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web aut...

Page 778: ...ged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Failed to reauth Console web auth re authenticate IP This command ends the web authentication session associated with the desig...

Page 779: ...pts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfac...

Page 780: ...nction Mode ip dhcp snooping Enables DHCP snooping globally GC ip dhcp snooping database flash Writes all dynamically learned snooping entries to GC flash memory ip dhcp snooping information option En...

Page 781: ...ltered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port ident...

Page 782: ...trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally...

Page 783: ...n option DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known...

Page 784: ...aying it keep Retains the Option 82 information in the client request and forwards the packets to trusted ports replace Replaces the Option 82 information circuit id and remote id fields in the client...

Page 785: ...packet is dropped EXAMPLE This example enables MAC address verification Console config ip dhcp snooping verify mac address Console config RELATED COMMANDS ip dhcp snooping 779 ip dhcp snooping vlan 78...

Page 786: ...ed Use the no form to restore the default setting SYNTAX no ip dhcp snooping trust DEFAULT SETTING All interfaces are untrusted COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE...

Page 787: ...lient request to the DHCP server must be configured as trusted EXAMPLE This example sets port 5 to untrusted Console config interface ethernet 1 5 Console config if no ip dhcp snooping trust Console c...

Page 788: ...le DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enable Interface Trusted Eth 1 1 No Eth 1 2 No Eth 1 3 No Eth 1 4 No Eth 1 5...

Page 789: ...raffic based IC on source IP address or source IP address and corresponding MAC address ip source guard max binding Sets the maximum number of entries that can be IC bound to an interface show ip sour...

Page 790: ...ed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and M...

Page 791: ...d port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC addr...

Page 792: ...uard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except...

Page 793: ...inding 1 Console config if show ip source guard This command shows whether source guard is enabled or disabled on each interface COMMAND MODE Privileged Exec EXAMPLE Console show ip source guard Inter...

Page 794: ...hosts with statically configured IP addresses This section describes commands used to configure ARP Inspection Table 78 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Ins...

Page 795: ...ose VLANs where it has been enabled with the ip arp inspection vlan command When ARP Inspection is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are r...

Page 796: ...not checked DEFAULT SETTING ARP ACLs are not bound to any VLAN Static mode is not enabled COMMAND MODE Global Configuration COMMAND USAGE ARP ACLs are configured with the commands described on page 3...

Page 797: ...logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port...

Page 798: ...e target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP...

Page 799: ...gine and their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspec...

Page 800: ...pted from ARP Inspection Use the no form to restore the default setting SYNTAX no ip arp inspection trust DEFAULT SETTING Untrusted COMMAND MODE Interface Configuration Port COMMAND USAGE Packets arri...

Page 801: ...interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 COMMAND MODE Privileged Exec EXAMPLE Console show ip arp inspection interface ethernet 1 1 Port...

Page 802: ...AC address 0 ARP packets dropped by additional validation destination MAC address 0 ARP packets dropped by additional validation IP address 0 ARP packets dropped by ARP ACLs 0 ARP packets dropped by D...

Page 803: ...CLs Configures ACLs based on ARP messages addresses ACL Information Displays ACLs and associated rules shows ACLs assigned to each port IPV4 ACLS The commands in this section configure ACLs based on I...

Page 804: ...er more specific criteria acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you crea...

Page 805: ...one COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated by a...

Page 806: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Page 807: ...tmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedenc...

Page 808: ...0 255 255 255 0 any destination port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 1...

Page 809: ...ccess list 807 Time Range 667 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Page 810: ...ackets matching a specified source IPv6 address IPv6 STD ACL permit deny Filters packets meeting the specified criteria including destination IPv6 address DSCP traffic class next header type and flow...

Page 811: ...dard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address pref...

Page 812: ...rmit deny any destination ipv6 address prefix length dscp dscp flow label flow label next header next header time range time range name any Any IP address an abbreviation for the IPv6 prefix 0 destina...

Page 813: ...handling might be conveyed to the routers by a control protocol such as a resource reservation protocol or by information within the flow s packets themselves e g in a hop by hop option A flow is uni...

Page 814: ...ext ipv6 acl permit 2009 DB9 2229 79 48 flow label 43 Console config ext ipv6 acl RELATED COMMANDS access list ipv6 808 Time Range 667 show ipv6 access list This command displays the rules for config...

Page 815: ...DE Interface Configuration Ethernet COMMAND USAGE A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding wi...

Page 816: ...group Binds a MAC ACL to a port IC show mac access group Shows port assignments for MAC ACLs PE show mac access list Displays the rules for configured MAC ACLs PE access list mac This command adds a...

Page 817: ...bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask NOTE The default is for Ethernet II packets permit deny tagged eth2 any host source sou...

Page 818: ...s bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source...

Page 819: ...MANDS access list mac 814 Time Range 667 mac access group This command binds a MAC ACL to a port Use the no form to remove the port SYNTAX mac access group acl name in time range time range name acl n...

Page 820: ...face ethernet 1 5 MAC access list M5 in Console RELATED COMMANDS mac access group 817 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name...

Page 821: ...ccess list Displays the rules for configured ARP ACLs PE access list arp This command adds an ARP access list and enters ARP ACL configuration mode Use the no form to remove the specified ACL SYNTAX n...

Page 822: ...response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac de...

Page 823: ...mac any any Console config mac acl RELATED COMMANDS access list arp 819 show arp access list This command displays the rules for configured ARP ACLs SYNTAX show arp access list acl name acl name Name...

Page 824: ...XAMPLE Console show access group Interface ethernet 1 2 IP access list david MAC access list jerry Console show access list This command shows all ACLs and associated rules COMMAND MODE Privileged Exe...

Page 825: ...ombination ports IC negotiation Enables autonegotiation of a given interface IC shutdown Disables an interface IC speed duplex Configures the speed and duplex operation of a given IC interface when au...

Page 826: ...Port number Range 1 26 50 port channel channel id Range 1 32 vlan vlan id Range 1 4093 DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE To specify port 4 enter the following command Cons...

Page 827: ...s 1 Gbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps hal...

Page 828: ...ntrol 827 description This command adds a description to an interface Use the no form to remove the description SYNTAX description string no description string Comment or a description to help you rem...

Page 829: ...low control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable a...

Page 830: ...MMAND MODE Interface Configuration Ethernet Ports 21 24 on the EC S4626F and 45 48 on the EC S4650F EXAMPLE This forces the switch to use the built in RJ 45 port for the combination port 25 Console co...

Page 831: ...interface ethernet 1 11 Console config if negotiation Console config if RELATED COMMANDS capabilities 825 speed duplex 830 shutdown This command disables an interface To restart a disabled interface u...

Page 832: ...for auto negotiation COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish...

Page 833: ...rate falls back down beneath the threshold Using both rate limiting and storm control on the same interface may lead to unexpected results For example suppose broadcast storm control is set to 500 pps...

Page 834: ...played statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the l...

Page 835: ...ti cast Input 1342 Multi cast Output 210 Broadcast Input 2 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 D...

Page 836: ...ws the status for all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed For a description of the items displayed...

Page 837: ...OMMAND USAGE If no interface is specified information on all interfaces is displayed EXAMPLE This example shows the configuration setting for port 21 Console show interfaces switchport ethernet 1 21 I...

Page 838: ...col is enabled or disabled page 888 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged page 894 Forbidden VLAN Shows the VLANs this interface can...

Page 839: ...al Wavelength 1310 nm Baud Rate 1300 MBd Vendor OUI 00 00 00 Vendor Name DELTA Vendor PN LCP 1250B4QDRT Vendor Rev 000 Vendor SN 0000070904100004 Date Code 07 03 02 Temperature 56 degrees C Vcc 3 33 V...

Page 840: ...Internal loopback test succeeded Console show loop internal This command shows the results of a loop back test SYNTAX show loop internal interface interface interface ethernet unit port unit Stack un...

Page 841: ...r the trunk channel group Adds a port to a trunk IC Ethernet Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet lacp admin key Configures a port s administration...

Page 842: ...it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key...

Page 843: ...ssigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same tar...

Page 844: ...f an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 DEFAULT SETTING 0 COMMAND MODE Interface Configurati...

Page 845: ...guration Ethernet COMMAND USAGE Setting a lower value indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed...

Page 846: ...switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP...

Page 847: ...he interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3...

Page 848: ...low Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU...

Page 849: ...ciated with a compatible Aggregator and the identity of the Link Aggregation Group is consistent with the System ID and operational Key information transmitted Aggregation The system considers this li...

Page 850: ...s of the partner s state parameters See preceding table Console show lacp sysid Port Channel System Priority System MAC Address 1 32768 00 30 F1 8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F...

Page 851: ...T MIRRORING COMMANDS This section describes how to mirror traffic from a source port to a target port Table 93 Mirror Port Commands Command Function Mode port monitor show port monitor Configures a mi...

Page 852: ...nitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor p...

Page 853: ...ation port and mirror mode i e RX TX RX TX EXAMPLE The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Co...

Page 854: ...CHAPTER 34 Port Mirroring Commands Local Port Mirroring Commands 852...

Page 855: ...defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled SYNTAX rate limit inpu...

Page 856: ...therefore not advisable to use both of these commands on the same interface Rate limits are not supported for the 10 Gigabit Ethernet ports EXAMPLE Console config interface ethernet 1 1 Console config...

Page 857: ...ess table Displays entries in the bridge forwarding PE database show mac address table aging time Shows the aging time for the address table PE show mac address table count Shows the number of MAC add...

Page 858: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Page 859: ...classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask B...

Page 860: ...face MAC Address VLAN Type Life Time Eth 1 1 00 E0 29 94 34 DE 1 Config Delete on Reset Eth 1 21 00 01 EC F8 D8 D9 1 Learn Delete on Timeout Console show mac address table aging time This command show...

Page 861: ...d in the system Total Number of MAC Address 16384 Number of Static MAC Address 1024 Current number of entries which have been created in the system Total Number of MAC Address 2 Number of Static MAC A...

Page 862: ...860 CHAPTER 36 Address Table Commands...

Page 863: ...e maximum number of hops allowed in the region before a BPDU is discarded MST mst priority Configures the priority of a spanning tree instance MST mst vlan Adds VLANs to a spanning tree instance MST n...

Page 864: ...le spanning tree show spanning tree mst configuration Shows the multiple spanning tree configuration PE spanning tree This command enables the Spanning Tree Algorithm globally for the switch Use the n...

Page 865: ...evice must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discard...

Page 866: ...of 40 or 2 x forward time 1 DEFAULT SETTING 20 seconds COMMAND MODE Global Configuration COMMAND USAGE This command sets the maximum time in seconds a device can wait without receiving a configuration...

Page 867: ...P supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP M...

Page 868: ...method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535...

Page 869: ...selecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the devic...

Page 870: ...ole config spanning tree transmission limit 4 Console config max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default...

Page 871: ...panning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 DEFAULT SETTING 32768 COMMAND MODE MST Configurat...

Page 872: ...allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST regi...

Page 873: ...on This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default SYNTAX revision number number Revision number of the...

Page 874: ...ng port connected to another switch or bridging device is mistakenly configured as an edge port and BPDU filtering is enabled on this port this might cause a loop in the spanning tree Before enabling...

Page 875: ...thernet ethernet 1 5 Console config if spanning tree edge port Console config if spanning tree bpdu guard Console config if RELATED COMMANDS spanning tree edge port 874 spanning tree spanning disabled...

Page 876: ...et 1 000 1 000 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower v...

Page 877: ...panning tree edge port Console config if spanning tree link type This command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree Use the no form to restore the default SYNTAX...

Page 878: ...BPDU according to IEEE Standard 802 1W 2001 9 3 4 Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch EXAMPLE Console config interface ethernet 1 5 Console co...

Page 879: ...Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch When configured for manual release mode then a link down up event will not release the port from the discar...

Page 880: ...auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The default path costs...

Page 881: ...ple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Wh...

Page 882: ...ort Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch receiv...

Page 883: ...PLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree loopback detect...

Page 884: ...rt number Range 1 26 50 port channel channel id Range 1 32 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notificatio...

Page 885: ...d for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tre...

Page 886: ...1 Designated Root 32768 0 0001ECF8D8C6 Designated Bridge 32768 0 123412341234 Fast Forwarding Disabled Forward Transitions 4 Admin Edge Port Disabled Oper Edge Port Disabled Admin Link Type Auto Oper...

Page 887: ...rfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addre...

Page 888: ...chport forbidden vlan Configures forbidden VLANs for an interface IC switchport gvrp Enables GVRP for an interface IC show bridge ext Shows the global bridge extension configuration PE show garp timer...

Page 889: ...SAGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepe...

Page 890: ...ING No VLANs are included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified in...

Page 891: ...onsole show bridge ext Maximum Supported VLAN Numbers 4093 Maximum Supported VLAN ID 4093 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID...

Page 892: ...rface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING Shows both global and interface specific configuration COMM...

Page 893: ...ou can display this file by entering the show running config command EXAMPLE Console config vlan database Console config vlan RELATED COMMANDS show vlan 899 vlan This command configures a VLAN Use the...

Page 894: ...URING VLAN INTERFACES Table 102 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified GC VLAN switchport acceptable frame ty...

Page 895: ...configuration for the desired VLAN enter any Layer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command EXAM...

Page 896: ...ace Use the no form to restore the default SYNTAX switchport allowed vlan add vlan list tagged untagged remove vlan list no switchport allowed vlan add vlan list List of VLAN identifiers to add remove...

Page 897: ...and 6 to the allowed list as tagged VLANs for port 1 Console config interface ethernet 1 1 Console config if switchport allowed vlan add 1 2 5 6 tagged Console config if switchport ingress filtering...

Page 898: ...or untagged frames trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that fra...

Page 899: ...d to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all o...

Page 900: ...AN trunking ports The following restrictions apply to this feature VLAN trunking can only be enabled on Gigabit Ethernet ports or trunks VLAN trunking is mutually exclusive with the access switchport...

Page 901: ...SYNTAX show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan n...

Page 902: ...id Sets the Tag Protocol Identifier TPID value of a IC tunnel port show dot1q tunnel Displays the configuration of QinQ tunnel ports PE show interfaces switchport Displays port QinQ operational status...

Page 903: ...nnel control This command sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode SYNTAX no dot1q tunnel system tunnel control DEFAULT SETTING Disabled COMMAND MODE Glob...

Page 904: ...d the packet passed on to the VLAN indicated by the inner tag If no inner tag is found the packet is passed onto the native VLAN defined for the uplink port EXAMPLE Console config interface ethernet 1...

Page 905: ...itch will be set to the same ethertype EXAMPLE Console config interface ethernet 1 1 Console config if switchport dot1q tunnel tpid 9100 Console config if RELATED COMMANDS show interfaces switchport 8...

Page 906: ...traffic segmentation uplink interface list downlink interface list uplink Specifies an uplink interface downlink Specifies a downlink interface DEFAULT SETTING Disabled globally No segmented port grou...

Page 907: ...vide port based security and isolation of local ports contained within different private VLAN groups This switch supports two types of private VLANs primary and community groups A primary VLAN contain...

Page 908: ...mation show vlan private vlan Shows private VLAN information NE PE To configure private VLANs follow these steps 1 Use the private vlan command to designate one or more community VLANs and the primary...

Page 909: ...etween community VLANs and other locations DEFAULT SETTING None COMMAND MODE VLAN Configuration COMMAND USAGE Private VLANs are used to restrict traffic to ports within the same community and channel...

Page 910: ...provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports...

Page 911: ...itchport private vlan host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association SYNTAX switchport private vlan host association secon...

Page 912: ...o a primary VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs EXAMPLE Console config interface ethernet 1 2 Consol...

Page 913: ...on the protocol type in use by the inbound packets Table 107 Protocol based VLAN Commands Command Function Mode protocol vlan protocol group Create a protocol group specifying the supported GC protoc...

Page 914: ...MMAND MODE Global Configuration EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type...

Page 915: ...ames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the d...

Page 916: ...for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Stack unit Range 1 port Port number ES3526MA 1 26 ES4524MA 1 24 port channe...

Page 917: ...vlan This command configures IP Subnet VLAN assignments Use the no form to remove an IP subnet to VLAN assignment SYNTAX subnet vlan subnet ip address mask vlan vlan id priority priority no subnet vla...

Page 918: ...24 vlan 4 Console config show subnet vlan This command displays IP Subnet VLAN assignments COMMAND MODE Privileged Exec COMMAND USAGE Use this command to display subnet to VLAN mappings The last match...

Page 919: ...Defines the IP Subnet VLANs Displays IP Subnet VLAN settings GC PE mac vlan This command configures MAC address to VLAN mapping Use the no form to remove an assignment SYNTAX mac vlan mac address mac...

Page 920: ...ddress VLAN ID Priority 00 00 00 11 22 33 10 0 Console CONFIGURING VOICE VLANS The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic ca...

Page 921: ...e over IP VoIP network traffic from other data traffic Traffic isolation helps prevent excessive packet delays packet loss and jitter which results in higher voice quality This is best achieved by ass...

Page 922: ...gures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Us...

Page 923: ...Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN mode fo...

Page 924: ...MMAND USAGE Specifies a CoS priority to apply to the port VoIP traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is ac...

Page 925: ...ting VoIP traffic Console config interface ethernet 1 1 Console config if switchport voice vlan rule oui Console config if switchport voice vlan security This command enables security filtering for Vo...

Page 926: ...tatus Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Au...

Page 927: ...Priority Commands Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values PRIORITY COMMANDS LAYER 2 This section describes commands used to configure Layer 2 traffic...

Page 928: ...queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Table 1...

Page 929: ...hted Round Robin for the rest of the queues queue type list Indicates if the queue is a normal or strict type Options 0 indicates a normal queue 1 indicates a strict queue DEFAULT SETTING Weighted Rou...

Page 930: ...queue mode strict Console config if RELATED COMMANDS queue weight 928 show queue mode 930 queue weight This command assigns weights to the eight class of service CoS priority queues when using weighte...

Page 931: ...r priority mapping is IP Port IP Precedence or IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e rece...

Page 932: ...ce priority map SYNTAX show queue cos map interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING None COMMAND MODE Privi...

Page 933: ...le show queue weight This command displays the weights used for the weighted queues SYNTAX show queue mode interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50...

Page 934: ...IP precedence value to a class of service IC show map ip dscp Shows the IP DSCP map PE show map ip port Shows the IP port map PE show map ip precedence Shows the IP precedence map PE map ip dscp Glob...

Page 935: ...ort priority EXAMPLE The following example shows how to enable TCP UDP port mapping globally Console config map ip port Console config map ip precedence Global Configuration This command enables IP pr...

Page 936: ...SETTING The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Table 115 Mapping IP DSCP to CoS Values IP DSCP Value...

Page 937: ...cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet...

Page 938: ...to CoS Values IP Precedence Value 0 1 2 3 4 5 6 7 CoS Value 0 1 2 3 4 5 6 7 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The precedence for priority mapping is IP Port IP P...

Page 939: ...1 32 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show map ip dscp ethernet 1 1 DSCP mapping status Disabled Port DSCP CoS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1...

Page 940: ...precedence This command shows the IP precedence priority map SYNTAX show map ip precedence interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel ch...

Page 941: ...olicy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color m...

Page 942: ...he matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP...

Page 943: ...ommands EXAMPLE This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd class match any Console config cmap match ip dsc...

Page 944: ...map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qualify for this class map If a...

Page 945: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 16 characters COMMAND MODE Class Map Configur...

Page 946: ...to drop any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set ip dscp 3 Console config pmap c police flow 10000 4000 conform action tra...

Page 947: ...lice flow 10000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no for...

Page 948: ...d Burst Size The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by on...

Page 949: ...s burst Excess burst size BE in bytes Range 4000 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service t...

Page 950: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Page 951: ...olor blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit new dscp exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate th...

Page 952: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Page 953: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service tha...

Page 954: ...op any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set cos 3 Console config pmap c police flow 10000 4000 conform action transmit vio...

Page 955: ...licy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the input...

Page 956: ...ess list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps wh...

Page 957: ...ole show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Stack unit Range 1...

Page 958: ...956 CHAPTER 40 Quality of Service Commands...

Page 959: ...service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffic to the attached VLANs IGMP Filtering and Throttling Configures I...

Page 960: ...n Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a version GC different to that currently configured ip igmp snooping vlan gen...

Page 961: ...ble multicast Shows known multicast addresses PE ip igmp snooping This command enables IGMP snooping globally on the switch or on a selected VLAN interface Use the no form to disable it SYNTAX no ip i...

Page 962: ...s IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including report suppression last leave and query suppression Report suppression intercepts absorbs and summarizes IGMP r...

Page 963: ...TING Disabled COMMAND MODE Global Configuration COMMAND USAGE As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common m...

Page 964: ...flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding SYNTAX no ip igmp snooping tcn flood DEFAULT SE...

Page 965: ...ot bridge sends a proxy query to quickly re learn the host membership port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly l...

Page 966: ...p igmp snooping tcn query solicit Console config ip igmp snooping unregistered data flood This command floods unregistered multicast traffic into the attached VLAN Use the no form to drop unregistered...

Page 967: ...l Configuration COMMAND USAGE When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels out through the new upstream...

Page 968: ...xclusive This command discards any received IGMP messages except for multicast protocol packets which use a version different to that currently configured by the ip igmp snooping version command Use t...

Page 969: ...ges are forwarded only to downstream ports which have joined a multicast service EXAMPLE Console config ip igmp snooping vlan 1 general query suppression Console config ip igmp snooping vlan immediate...

Page 970: ...ediate leave Console config ip igmp snooping vlan last memb query count This command configures the number of IGMP proxy group specific or group and source specific query messages that are sent out be...

Page 971: ...ved by the switch it checks to see if this host is the last to leave the group by sending out an IGMP group specific or group and source specific query message and starts a timer If no reports are rec...

Page 972: ...timer as a part of a router s start up procedure during the restart of a multicast forwarding interface and on receipt of a solicitation message When the multicast services provided to a VLAN is relat...

Page 973: ...placed with any valid unicast address other than the router s own address using this command EXAMPLE The following example sets the source address for proxied IGMP query messages to 10 0 1 8 Console c...

Page 974: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4093 interval T...

Page 975: ...AND USAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EX...

Page 976: ...ng global status Disabled Immediate leave Disabled Last member query interval 10 1 10s Last member query count 2 General query suppression Disabled Query interval 125 Query response interval 100 1 10s...

Page 977: ...mmand shows known multicast addresses SYNTAX show mac address table multicast vlan vlan id user igmp snp user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast en...

Page 978: ...id mrouter interface vlan id VLAN ID Range 1 4093 interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING No static multi...

Page 979: ...In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The IGMP...

Page 980: ...MODE Global Configuration COMMAND USAGE IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile...

Page 981: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Page 982: ...up range DEFAULT SETTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE...

Page 983: ...p max groups number no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 DEFAULT SETTING 64 COMMAND MODE Interface Configuration Ethern...

Page 984: ...itch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing g...

Page 985: ...p profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ip igmp profile IGMP Profile 19...

Page 986: ...ocessing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN seg...

Page 987: ...must be assigned vlan id MVR VLAN ID Range 1 4093 DEFAULT SETTING MVR is disabled No MVR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 COMMAND MODE Global...

Page 988: ...et Port Channel COMMAND USAGE Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immedia...

Page 989: ...used to allow a receiver port to dynamically join or leave multicast groups sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to trunk mode see the switc...

Page 990: ...FAULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a r...

Page 991: ...Privileged Exec COMMAND USAGE Enter this command without any keywords to display the global settings for MVR Use the interface keyword to display information about interfaces attached to the MVR VLAN...

Page 992: ...MVR status and interface status MVR status for source ports is ACTIVE if MVR is globally enabled on the switch MVR status for receiver ports is ACTIVE only if there are subscribers receiving multicast...

Page 993: ...ables IGMP for the specified interface IC ip igmp last member query interval Configures the frequency at which to send query IC messages in response to receiving a leave message ip igmp max resp inter...

Page 994: ...sec Last Member Query Interval 10 resolution in 0 1 sec Querier 0 0 0 0 Joined Groups Static Groups Console RELATED COMMANDS ip igmp snooping 959 show ip igmp snooping 973 ip igmp last member query in...

Page 995: ...d to restore the default SYNTAX ip igmp max resp interval seconds no ip igmp max resp interval seconds The report delay advertised in IGMP queries Range 0 255 tenths of a second DEFAULT SETTING 100 10...

Page 996: ...send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query...

Page 997: ...o indicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the max...

Page 998: ...multicast group will also fail if the next node up the reverse path tree has enabled the PIM SSM protocol If a static group is configured for an any source multicast G a source address cannot subseque...

Page 999: ...he IGMP versions 1 3 If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts which are members of the group for which it heard the report If t...

Page 1000: ...ticast group address interface vlan vlan id VLAN ID Range 1 4093 detail Displays detailed information about the multicast process and source addresses when available COMMAND MODE Privileged Exec COMMA...

Page 1001: ...P Version 1 members on the IP subnet attached to this interface If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts present which are memb...

Page 1002: ...one of the multicast servers transmitting traffic to the specified group Uptime The time elapsed since this entry was created v3 Exp The time remaining before this entry will be aged out The V3 label...

Page 1003: ...ip multicast routing command to enable IP multicasting globally on the router 2 Use the ip igmp proxy command to enable IGMP proxy on the upstream interface that is attached to an upstream multicast r...

Page 1004: ...rk then the proxy device will act as an IGMPv1 or IGMPv2 host on the upstream interface accordingly Otherwise it will act as an IGMPv3 host Multicast routing protocols are not supported on interfaces...

Page 1005: ...es the frequency at which to send query IC messages in response to receiving a leave message ipv6 mld max resp interval Configures the maximum host response time IC ipv6 mld query interval Configures...

Page 1006: ...al This command configures the frequency at which to send MLD group specific or MLDv2 group source specific query messages in response to receiving a group specific or group source specific leave mess...

Page 1007: ...nds no ipv6 mld max resp interval seconds The report delay advertised in MLD queries Range 0 255 tenths of a second DEFAULT SETTING 100 10 seconds COMMAND MODE Interface Configuration VLAN COMMAND USA...

Page 1008: ...ulticast service Only the designated multicast router for a subnet sends host query messages which are addressed to the link scope all nodes multicast address FF02 1 and uses a time to live TTL value...

Page 1009: ...ends EXAMPLE Console config if ipv6 mld robustval 3 Console config if ipv6 mld static group This command statically binds multicast groups to a VLAN interface Use the no form to remove the static mapp...

Page 1010: ...d on an interface Use the no form of this command to restore the default setting SYNTAX ipv6 mld version 1 2 no ipv6 mld version 1 MLD Version 1 2 MLD Version 2 DEFAULT SETTING MLD Version 2 COMMAND M...

Page 1011: ...for the specified group Enter the interface option to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache EXAMPLE The following exampl...

Page 1012: ...tly attached or downstream from the switch Interface VLAN The interface on the switch that has received traffic directed to the multicast group address Uptime The time elapsed since this entry was cre...

Page 1013: ...w ipv6 mld interface interface interface vlan vlan id VLAN ID Range 1 4093 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following example shows the MLD configuration for VLAN 1 as wel...

Page 1014: ...rface that is attached to an upstream multicast router 3 Use the ipv6 mld command to enable MLD on the downstream interfaces from which to forward MLD membership reports 4 Optional Use the ipv6 mld pr...

Page 1015: ...on interfaces where MLD proxy service is enabled Only one upstream interface is supported on the system MLD and MLD proxy cannot be enabled on the same interface A maximum of 1024 multicast streams a...

Page 1016: ...port interval only applies to the interface where MLD proxy has been enabled MLD and MLD proxy cannot be enabled on the same interface EXAMPLE The following example sets the interval for sending unsol...

Page 1017: ...ng to re GC initialize after LLDP ports are disabled or the link goes down lldp tx delay Configures a delay between the successive GC transmission of advertisements initiated by a change in local LLDP...

Page 1018: ...nfiguration settings for this device show lldp info remote device Shows LLDP global and interface specific PE configuration settings for remote devices show lldp info statistics Shows statistical coun...

Page 1019: ...nds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds DEFAULT SETTING 5 seconds COMMAND MODE Global Configuration COMMAND...

Page 1020: ...he following rule refresh interval holdtime multiplier 65536 EXAMPLE Console config lldp refresh interval 60 Console config lldp reinit delay This command configures the delay before attempting to re...

Page 1021: ...vent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in...

Page 1022: ...port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardw...

Page 1023: ...udes information about the manufacturer the product name and the version of the interface hardware software EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv port descript...

Page 1024: ...n RFC 3418 which includes the full name and version identification of the system s hardware type software operating system and networking software EXAMPLE Console config interface ethernet 1 1 Console...

Page 1025: ...ses the protocols that are accessible through this interface EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto ident Console config if lldp dot1 tlv proto vid This...

Page 1026: ...th which untagged or priority tagged frames are associated see the switchport native vlan command EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv pvid Console config i...

Page 1027: ...status of the link and the 802 3 aggregated port identifier if this interface is currently a link aggregation member EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv li...

Page 1028: ...size for this switch EXAMPLE Console config interface ethernet 1 1 Console config if lldp dot3 tlv max frame Console config if lldp notification This command enables the transmission of SNMP trap not...

Page 1029: ...ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP configuration settings for all ports SYNTAX show lldp config detail interface detail Shows c...

Page 1030: ...max frame Console show lldp info local device This command shows LLDP global and interface specific configuration settings for this device SYNTAX show lldp info local device detail interface detail S...

Page 1031: ...Ethernet Port on unit 1 port 1 Console show lldp info remote device This command shows LLDP global and interface specific configuration settings for remote devices attached to an LLDP enabled port SYN...

Page 1032: ...Aggregation Remote link aggregation capable Yes Remote link aggragation enable No Remote link aggragation port id 0 Remote Max Frame Size 1518 Console show lldp info statistics This command shows stat...

Page 1033: ...10 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invalid 0 F...

Page 1034: ...1032 CHAPTER 42 LLDP Commands...

Page 1035: ...for incomplete host GC names ip host Creates a static IPv4 host name to address mapping GC ip name server Specifies the address of one or more name servers to GC use for host name to address translati...

Page 1036: ...omain name command is used If there is a domain list the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip dom...

Page 1037: ...192 168 1 55 10 1 0 55 Console RELATED COMMANDS ip domain name 1035 ip name server 1037 ip domain name This command defines the default domain name appended to incomplete host names i e host names pa...

Page 1038: ...emove an entry SYNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration CO...

Page 1039: ...servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list is reach...

Page 1040: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuratio...

Page 1041: ...lear host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all static entries from the DNS table Console config clear host Console config...

Page 1042: ...name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address as an existing entry IP Address The IP address associated with this record TTL The...

Page 1043: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Page 1044: ...1042 CHAPTER 43 Domain Name Service Commands...

Page 1045: ...amically acquire IPv4 address information DHCP Relay Relays DHCP requests from local hosts to a remote DHCP server DHCP Server Configures DHCP service using address pools or static bindings DHCP CLIEN...

Page 1046: ...rative Up Link Up Address is 12 34 12 34 12 34 bia 12 34 12 34 12 34 Index 1001 MTU 1500 Bandwidth 1g Address Mode is DHCP IP Address 192 168 0 9 Mask 255 255 255 0 Proxy ARP is disabled Console RELAT...

Page 1047: ...ces attached to the switch Table 139 DHCP Relay Commands Command Function Mode ip dhcp relay server Specifies DHCP server addresses for relay IC ip dhcp restart relay Enables DHCP relay agent PE ip dh...

Page 1048: ...erver will know the subnet where the client is located Then the switch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP addres...

Page 1049: ...t domain name Specifies the domain name for a DHCP client DC hardware address Specifies the hardware address of a DHCP client DC host Specifies the IP address and network mask to DC manually bind to a...

Page 1050: ...ss pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool SYNTAX no ip dhcp pool name name A string or integer Range 1 8 characters DEFAULT SETTING DHCP address pools a...

Page 1051: ...E If the DHCP server is running you must restart it to implement any configuration changes EXAMPLE Console config service dhcp Console config bootfile This command specifies the name of the default bo...

Page 1052: ...al value DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration COMMAND USAGE This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier a...

Page 1053: ...to two routers Routers are listed in order of preference starting with address1 as the most preferred router EXAMPLE Console config dhcp default router 10 1 0 54 10 1 0 64 Console config dhcp dns ser...

Page 1054: ...ent Range 1 32 characters DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration EXAMPLE Console config dhcp domain name sample com Console config dhcp hardware address This command specifies the h...

Page 1055: ...dress for the client SYNTAX host address mask no host address Specifies the IP address of a client mask Specifies the network mask of the client DEFAULT SETTING None COMMAND MODE DHCP Pool Configurati...

Page 1056: ...currently in use by the host EXAMPLE Console config dhcp host 10 1 0 21 255 255 255 0 Console config dhcp RELATED COMMANDS client identifier 1050 hardware address 1052 lease This command configures th...

Page 1057: ...to remove the NetBIOS name server list SYNTAX netbios name server address1 address2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP addr...

Page 1058: ...er 1055 network This command configures the subnet number and mask for a DHCP address pool Use the no form to remove the subnet number and mask SYNTAX network network number mask no network network nu...

Page 1059: ...rst field nnn determines the class 0 127 is class A only uses the first field in the network address 128 191 is class B uses the first two fields in the network address 192 223 is class C uses the fir...

Page 1060: ...d as the address parameter the DHCP server clears all automatic bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after movi...

Page 1061: ...2 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console show ip dhcp This command displays DHCP address pools configured on the switch COMMAND MODE Privileged Exec EXAMPLE Console show ip dhcp N...

Page 1062: ...1060 CHAPTER 44 DHCP Commands DHCP Server...

Page 1063: ...ich allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Table 141 VRRP Commands Command Function Mode vrrp authe...

Page 1064: ...the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to p...

Page 1065: ...customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP EXAMPLE This example creates VRRP g...

Page 1066: ...p priority 1064 vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting SYNTAX vrrp group priority level no vrrp group priority group...

Page 1067: ...interval at which the master virtual router sends advertisements communicating its state as the master Use the no form to restore the default interval SYNTAX vrrp group timers advertise interval no vr...

Page 1068: ...group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console clear vrrp 1 interface 1 counters Co...

Page 1069: ...Authentication SimpleText Authentication Key bluebird Master Router 192 168 1 6 Master Priority 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 142 show vrrp display desc...

Page 1070: ...te Virtual Addr Interval Preempt Priority VLAN 1 1 Master 192 168 0 3 1 E 255 Console Table 143 show vrrp brief display description Field Description Interface VLAN interface Grp VRRP group State VRRP...

Page 1071: ...fies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console show vrrp 1 interface vlan 1 counters Total Numb...

Page 1072: ...OMMAND MODE Privileged Exec EXAMPLE Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Page 1073: ...p Function IPv4 Interface Configures an IPv4 address for the switch IPv6 Interface Configures an IPv6 address for the switch IPV4 INTERFACE There are no IP addresses assigned to this switch by default...

Page 1074: ...ress ip address netmask bootp dhcp secondary no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specif...

Page 1075: ...not be removed if a secondary address is still present Also if any router in a network segment uses a secondary address all other routers in that segment must also use a secondary address from the sam...

Page 1076: ...tly connects to the gateway has been configured on the router The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local a...

Page 1077: ...00 E8 93 82 A0 via 00 00 E8 93 82 A0 Index 1001 MTU 1280 Bandwidth 1g Address Mode is User specified IP Address 192 168 1 3 Mask 255 255 255 0 Proxy ARP is disabled Console RELATED COMMANDS ip addres...

Page 1078: ...aximum timeout has been reached may indicate this problem with the target device EXAMPLE Console traceroute 192 168 0 1 Press ESC to abort Source address 192 168 0 9 Destination address 192 168 0 1 Ho...

Page 1079: ...ole ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response tim...

Page 1080: ...P addresses into 48 bit hardware i e Media Access Control addresses This cache includes entries for hosts and other routers on local network interfaces defined on this router The maximum number of sta...

Page 1081: ...P request packet is sent to re establish the MAC address The aging time determines how long dynamic entries remain in the cache If the timeout is too short the router may tie up resources by repeating...

Page 1082: ...and deletes all dynamic entries from the Address Resolution Protocol ARP cache COMMAND MODE Privileged Exec EXAMPLE This example clears all dynamic entries in the ARP cache Console clear arp cache Thi...

Page 1083: ...UDP destination ports for which GC broadcast traffic will be forwarded ip helper Enables UDP helper globally on the switch GC ip helper address Specifies the servers to which designated UDP protocol...

Page 1084: ...asionally use UDP broadcasts to determine information such as address configuration and domain name mapping These broadcasts are confined to the local subnet either as an all hosts broadcast all ones...

Page 1085: ...forward UDP packets with the UDP helper the clients must be connected to the selected interface and the interface configured with an IP address The UDP packets to be forwarded must be specifed by the...

Page 1086: ...onsole config if show ip helper This command displays configuration settings for UDP helper COMMAND MODE Privileged Exec COMMAND USAGE This command displays all configuration settings for UDP helper i...

Page 1087: ...and configured settings for IPv6 interfaces NE PE show ipv6 mtu Displays maximum transmission unit MTU information for IPv6 interfaces NE PE show ipv6 traffic Displays statistics about IPv6 traffic N...

Page 1088: ...mal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The same link local address may be used by different interfaces...

Page 1089: ...using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields To connect to a larger...

Page 1090: ...ix prefix length eui 64 no ipv6 address ipv6 prefix prefix length eui 64 ipv6 prefix The IPv6 network portion of the address assigned to the interface prefix length A decimal value indicating how many...

Page 1091: ...first be inverted to meet EUI 64 requirements i e 1 for globally defined addresses and 0 for locally defined addresses changing 28 to 2A Then the two bytes FFFE are inserted between the OUI i e compan...

Page 1092: ...imal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields And the address prefix must be FE80 The address specified with...

Page 1093: ...COMMAND MODE Interface Configuration VLAN COMMAND USAGE This command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 an...

Page 1094: ...transmission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Specifies the MTU size Range 1280 65535 bytes DEFAULT S...

Page 1095: ...v6 network portion of the address assigned to the interface The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double...

Page 1096: ...e local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF...

Page 1097: ...ption Field Description MTU Adjusted MTU contained in the ICMP packet too big message returned from this destination and now used for all traffic sent along this path Since Time since an ICMP packet t...

Page 1098: ...group membership reduction messages router solicit messages router advertisement messages neighbor solicit messages neighbor advertisement messages redirect messages UDP Statistics Console 15 output...

Page 1099: ...total number of datagrams successfully delivered to IPv6 user protocols including ICMP This counter is incremented at the interface to which these datagrams were addressed which might not be necessari...

Page 1100: ...put interface for the messages errors The number of ICMP messages which the interface received but determined as having ICMP specific errors bad ICMP checksums bad length etc destination unreachable m...

Page 1101: ...rface router solicit messages The number of ICMP Router Solicitation messages sent by the interface neighbor advertisement messages The number of ICMP Router Advertisement messages sent by the interfa...

Page 1102: ...et Range 48 18024 bytes The actual packet size will be eight bytes larger than the size specified because the router adds header information DEFAULT SETTING count 5 size 100 bytes COMMAND MODE Privile...

Page 1103: ...bor ipv6 address vlan vlan id hardware address no ipv6 mtu ipv6 address The IPv6 address of a neighbor device that can be reached through one of the network interfaces configured on this switch You ca...

Page 1104: ...e no ipv6 enable command see page 1091 deletes all dynamically learned entries in the IPv6 neighbor discovery cache for that interface but does not delete static entries EXAMPLE The following maps a s...

Page 1105: ...e Duplicate address detection is stopped on any interface that has been suspended see the vlan command While an interface is suspended all unicast IPv6 addresses assigned to that interface are placed...

Page 1106: ...unicast address es 2001 DB8 2222 7272 64 subnet is 2001 DB8 2222 7272 64 2009 DB9 2229 79 subnet is Joined group address es FF02 2 FF02 1 FF00 0 FF02 1 2 FF02 1 FF9C CA10 FF02 1 IPv6 link MTU is 1500...

Page 1107: ...end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 2E0 CFF FE9C CA10 64 Global unicast address es 2001 DB8 2222 7272 64 subnet is 2001 DB8 2222 7272 64 2009 DB9 2229 7...

Page 1108: ...s unspecified by this router EXAMPLE The following sets the reachable time for a remote node to 1000 milliseconds Console config interface vlan 1 Console config pv6 nd reachable time 1000 Console conf...

Page 1109: ...fined fields DEFAULT SETTING All IPv6 neighbor discovery cache entries are displayed COMMAND MODE Privileged Exec EXAMPLE The following shows all known IPv6 neighbors for this switch Console show ipv6...

Page 1110: ...that the forward path was functioning While in STALE state the device takes no action until a packet is sent D Delay More than the ReachableTime interval has elapsed since the last positive confirmat...

Page 1111: ...uting Commands Command Group Function Global Routing Configuration Configures global parameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange...

Page 1112: ...s route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route Note that the default administrative distances used by t...

Page 1113: ...rm to restore the default settings SYNTAX maximum paths path count no maximum paths path count The maximum number of equal cost paths to the same destination that can be installed in the routing table...

Page 1114: ...ding information base contains unique paths only It does not contain any secondary paths A FIB entry consists of the minimum amount of information necessary to make a forwarding decision on a particul...

Page 1115: ...ected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2...

Page 1116: ...es timestamp reply messages source quench messages address mask request messages address mask reply messages 2 input no port errors other errors output 4698 input input errors 5867 output Console ipv6...

Page 1117: ...routing using the maximum paths command If an administrative distance is defined for a static route and the same destination can be reached through a dynamic route at a lower administration distance t...

Page 1118: ...rivileged Exec COMMAND USAGE The FIB contains information required to forward IP traffic It contains the interface identifier and next hop information for each reachable destination network prefix bas...

Page 1119: ...om other routing protocols maximum prefix Sets the maximum number of RIP routes allowed RC neighbor Defines a neighboring router with which to exchange RC information network Specifies the network int...

Page 1120: ...guration settings router rip This command enables Routing Information Protocol RIP routing for all IP interfaces on the router Use the no form to disable it SYNTAX no router rip COMMAND MODE Global Co...

Page 1121: ...MODE Router Configuration COMMAND USAGE This command does not override the metric value set by the redistribute command When a metric value has not been configured by the redistribute command the defa...

Page 1122: ...e routes for which the best path is learned from a neighbor external to the local RIP autonomous system Routes with a distance of 255 are not installed in the routing table Range 1 255 network address...

Page 1123: ...fix maximum routes no maximum prefix maximum routes The maximum number of RIP routes which can be installed in the routing table Range 1 7168 DEFAULT SETTING 1024 COMMAND MODE Router Configuration COM...

Page 1124: ...ole config router RELATED COMMANDS passive interface 1123 network This command specifies the network interfaces that will be included in the RIP routing process Use the no form to remove an entry SYNT...

Page 1125: ...assive interface vlan vlan id vlan id VLAN ID Range 1 4093 DEFAULT SETTING Disabled COMMAND MODE Router Configuration COMMAND USAGE If this command is used to stop sending routing updates on an interf...

Page 1126: ...ic value to be used for all imported external routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric...

Page 1127: ...240 seconds DEFAULT SETTING Update 30 seconds Timeout 180 seconds Garbage collection 120 seconds COMMAND MODE Router Configuration COMMAND USAGE The update timer sets the rate at which updates are sen...

Page 1128: ...RIPv1 or RIPv2 packets Send Route information is broadcast to other routers with RIPv2 COMMAND MODE Router Configuration COMMAND USAGE When this command is used to specify a global RIP version any VL...

Page 1129: ...n string command This command requires the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication...

Page 1130: ...at this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password and authentication enabled by the ip...

Page 1131: ...e are still some older routers using RIPv1 EXAMPLE This example sets the interface version for VLAN 1 to receive RIPv1 packets Console config interface vlan 1 Console config if ip rip receive version...

Page 1132: ...TING 1 compatible Route information is broadcast to other routers with RIPv2 COMMAND MODE Interface Configuration VLAN COMMAND USAGE Use this command to override the global setting specified by the RI...

Page 1133: ...DE Interface Configuration VLAN DEFAULT SETTING Enabled COMMAND USAGE The no form of this command allows the router to passively monitor route information advertised by other routers attached to the n...

Page 1134: ...med unreachable EXAMPLE This example propagates routes back to the source using poison reverse Console config interface vlan 1 Console config if ip split horizon poison reverse Console config if clear...

Page 1135: ...ip protocols rip This command displays RIP process parameters COMMAND MODE Privileged Exec EXAMPLE Console show ip protocols rip Routing Protocol is rip Sending updates every 30 seconds with 5 seconds...

Page 1136: ...ied interface vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPLE Console show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPF Network Next Hop Metric From...

Page 1137: ...ault metric for external routes imported RC from other protocols redistribute Redistribute routes from one routing domain to RC another summary address Summarizes routes advertised by an ASBR RC Area...

Page 1138: ...e Displays interface information PE show ip ospf neighbor Displays neighbor information PE show ip ospf route Displays the OSPF routing table PE show ip ospf virtual links Displays parameters and the...

Page 1139: ...me destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF rout...

Page 1140: ...vertise a default external route into the AS if it has been configured to import external routes through other routing protocols or static routing and such a route is known See the redistribute comman...

Page 1141: ...efault information originate metric 20 metric type 2 Console config router RELATED COMMANDS ip route 1110 redistribute 1185 router id This command assigns a unique router ID for this device within the...

Page 1142: ...nge and starting the shortest path first SPF calculation and the hold time between making two consecutive SPF calculations Use the no form to restore the default values SYNTAX timers spf spf delay spf...

Page 1143: ...command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assigned default cost SYNTAX area area id default cost cost...

Page 1144: ...es remain hidden from the rest of the network COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command can be used to summarize intra area routes and advertise this inform...

Page 1145: ...lculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By default the cost is 1 Mbps for all port types including 100 Mbps ports 1 Gigabit ports and 10 Gigab...

Page 1146: ...cols Range 0 16777214 COMMAND MODE Router Configuration DEFAULT SETTING 20 COMMAND USAGE The default metric must be used to resolve the problem of redistributing external routes from other protocols t...

Page 1147: ...xternal route metric tag value A tag placed in the AS external LSA to identify a specific external routing domain or to pass additional information between routers Range 0 4294967295 COMMAND MODE Rout...

Page 1148: ...earned from RIP as Type 1 external routes Console config router redistribute rip metric type 1 Console config router RELATED COMMANDS default information originate 1138 summary address This command ag...

Page 1149: ...ates NSSA ABR translator role for Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never translates NSSA LSAs to Type 5 external LSAs always R...

Page 1150: ...eyword External routes advertised into an NSSA can include network destinations outside the AS learned via OSPF the default route static routes routes imported from other routing protocols such as RIP...

Page 1151: ...able space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that adverti...

Page 1152: ...or as a four octet unsigned integer ranging from 0 4294967295 router id Router ID of the virtual link neighbor This specifies the Area Border Router ABR at the other end of the virtual link To create...

Page 1153: ...Specifies message digest MD5 authentication null Indicates that no authentication is used authentication key key Sets a plain text password up to 8 characters that is used by neighboring routers on a...

Page 1154: ...mple creates a virtual link using the defaults for all optional parameters Console config router network 10 4 0 0 0 255 255 0 0 area 10 4 0 0 Console config router area 10 4 0 0 virtual link 10 4 3 25...

Page 1155: ...has been specified EXAMPLE This example creates the backbone 0 0 0 0 covering class B addresses 10 1 x x and a normal transit area 10 2 9 0 covering the class C addresses 10 2 9 x Console config route...

Page 1156: ...earn the authentication key by snooping on routing protocol packets When using Message Digest 5 MD5 authentication the router uses the MD5 algorithm to verify data integrity by creating a 128 bit mess...

Page 1157: ...No password COMMAND USAGE Before specifying plain text password authentication for an interface with the ip ospf authentication command configure a password with this command This command creates a pa...

Page 1158: ...etric for this interface Use higher values to indicate slower ports Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 1 COMMAND USAGE The interface cost indicates the overhead re...

Page 1159: ...ted to the current interface seconds The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down This interval must be set to the same value for al...

Page 1160: ...that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic EXAMPLE Console config int...

Page 1161: ...administrator time to update all the routers on the network without affecting the network connectivity Once all the network routers have been updated with the new key the old key should be removed for...

Page 1162: ...segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the election process is initiated Configure ro...

Page 1163: ...SYNTAX ip ospf ip address transmit delay seconds no ip ospf ip address transmit delay ip address This parameter can be used to indicate a specific IP address connected to the current interface If not...

Page 1164: ...NG None COMMAND USAGE You can configure an OSPF interface as passive to prevent OSPF routing traffic from exiting or entering that interface No OSPF adjacency can be formed if one of the interfaces in...

Page 1165: ...OSPF process ID and router ID The router ID uniquely identifies the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The...

Page 1166: ...f interfaces in this area is The number of interfaces attached to this area Number of fully adjacent neighbors in this area is The number of neighbors for which the exchange of recognition protocol me...

Page 1167: ...ation about all advertising routers is displayed ip address IP address of the specified router If no address is entered information about the local router is displayed link state id The network portio...

Page 1168: ...scription OSPF Router Process with ID OSPF process ID and router ID The router ID uniquely identifies the router in the autonomous system By convention this is normally set to one of the router s IP i...

Page 1169: ...equence number of LSA used to detect older duplicate LSAs Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for the network TOS Type...

Page 1170: ...for the AS Link State ID IP network number External Network Number Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs Checksum Check...

Page 1171: ...LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for...

Page 1172: ...e LSA in bytes Link connected to Link state type including transit network stub network or virtual link Link ID Link type and corresponding Router ID or network address Link Data Router ID for transit...

Page 1173: ...he link show ip ospf interface This command displays summary information for OSPF interfaces SYNTAX show ip ospf interface vlan vlan id vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPL...

Page 1174: ...face is down Loopback This is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but i...

Page 1175: ...ription Neighbor ID Neighbor s router ID Pri Neighbor s router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for...

Page 1176: ...10 11 0 24 10 is directly connected fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 vlan1 IA 172 16 10 0 24 30 via 10 10 11 50 vlan2...

Page 1177: ...l link Timer intervals Configuration settings for timer intervals including Hello Dead and Retransmit RELATED COMMANDS area virtual link 1150 show ip protocols ospf This command displays OSPF process...

Page 1178: ...hange and the RC hold time between consecutive SPF calculations Route Metrics and Summaries area default cost Sets the cost for a default summary route sent into a RC stub area range Summarizes routes...

Page 1179: ...pv6 ospf route Displays the OSPF routing table PE show ipv6 ospf virtual links Displays parameters and the adjacency state of virtual PE links General Guidelines Follow these basic steps to configure...

Page 1180: ...uting processes It should not be confused with the instance id configured with the ipv6 router ospf area command which is used to distinguish between different routing processes running on the same li...

Page 1181: ...the backbone area IBM Interpretation A router is considered to be an ABR if it has more than one actively attached area and the backbone area is configured Standard Interpretation A router is consider...

Page 1182: ...e router only advertises intra area routes into non backbone areas EXAMPLE Console config router abr type ibm Console config router max current dd This command sets the maximum number of neighbors wit...

Page 1183: ...uter ID must be unique for every router in the autonomous system Note that the router ID can also be set to 255 255 255 255 If this router already has registered neighbors the new router ID will be us...

Page 1184: ...iguration DEFAULT SETTING SPF delay 5 seconds SPF holdtime 10 seconds COMMAND USAGE Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations Using a low value for th...

Page 1185: ...not advertise area id Identifies an area for which the routes are summarized The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 ipv6 prefi...

Page 1186: ...ange 73 8 advertise Console config router default metric This command sets the default metric for external routes imported from other protocols Use the no form to remove the default metric for the sup...

Page 1187: ...te default Routers do not add internal route metric to external route metric COMMAND MODE Router Configuration DEFAULT SETTING redistribution none metric value 20 type metric 2 COMMAND USAGE This comm...

Page 1188: ...ment are sent into the stub COMMAND USAGE All routers in a stub must be configured with the same area ID Routing table space is saved by stopping an ABR from flooding Type 4 Inter Area Router and Type...

Page 1189: ...the virtual link To create a virtual link enter this command for an ABR at both ends of the link One of the ABRs must be next to the isolated area and the transit area at one end of the link while the...

Page 1190: ...bone area 0 0 0 0 to maintain routing connectivity throughout the autonomous system If it not possible to physically connect an area to the backbone you can use a virtual link A virtual link can provi...

Page 1191: ...ge 0 255 COMMAND MODE Interface Configuration DEFAULT SETTING None COMMAND USAGE An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous sy...

Page 1192: ...er Range Alphanumeric string up to 16 characters instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 COMMAND MODE Interfac...

Page 1193: ...stance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network segment attach...

Page 1194: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Page 1195: ...econds COMMAND USAGE Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Page 1196: ...d If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elec...

Page 1197: ...o send a link state update packet over an interface Use the no form to restore the default value SYNTAX ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id...

Page 1198: ...interface vlan vlan id ipv6 address vlan id VLAN ID Range 1 4093 ipv6 address A full IPv6 address including the network prefix and host address bits COMMAND MODE Router Configuration DEFAULT SETTING N...

Page 1199: ...es the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The time this process has been running Supports only single TOS T...

Page 1200: ...en executed for this area Number of LSA The total number of link state advertisements in this area s link state database excluding AS External LSA s Checksum The sum of the LS checksums of link state...

Page 1201: ...SYNTAX show ipv6 ospf interface vlan vlan id vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 ospf interface vlan 1 VLAN 1 is up line protocol is up Link local Addr...

Page 1202: ...outer Designated router ID and respective interface address Backup Designated Router Backup designated router ID and respective interface address Timer intervals Configuration settings for timer inter...

Page 1203: ...ions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic neighbor S Static neighbor DR Designated router BDR Backup...

Page 1204: ...ocal address 192 168 0 3 Remote address 192 168 0 2 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency state...

Page 1205: ...these neighbors Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectio...

Page 1206: ...CHAPTER 47 IP Routing Commands Open Shortest Path First OSPFv3 1204...

Page 1207: ...cast Routing Configures static multicast router ports PIM Multicast Routing Configures global and interface settings for PIM DM and PIM SM GENERAL MULTICAST ROUTING This section describes commands use...

Page 1208: ...command displays the IPv4 multicast routing table SYNTAX show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or downstream from...

Page 1209: ...M SSM C Connected A member of the multicast group is present on this interface P Pruned This route has been terminated F Register flag This device is registering for a multicast source R RP bit set Th...

Page 1210: ...s associated with each interface indicate F Register flag This device is registering for a multicast source P Pruned This route has been terminated L Local Downstream interface has received IGMP repor...

Page 1211: ...y in the IP multicast routing table COMMAND MODE Privileged Exec COMMAND USAGE This command displays information for multicast routing If no optional parameters are selected detailed information for e...

Page 1212: ...r immediately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a requested service source Subnetwork containing...

Page 1213: ...routes on the switch Table 179 Static Multicast Routing Commands Command Function Mode ip igmp snooping vlan mrouter Adds a multicast router port GC show ip igmp snooping mrouter Shows multicast rout...

Page 1214: ...thin VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned...

Page 1215: ...IC neighboring PIM router before declaring it dead ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune stat...

Page 1216: ...y Sets the priority value for a DR candidate IC ip pim join prune interval Sets the join prune timer IC clear ip pim bsr rp set Clears RP entries learned through the BSR PE show ip pim bsr router Disp...

Page 1217: ...e mode Enables PIM Sparse Mode DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE To fully enable PIM you need to enable multicast routing globally for the router with th...

Page 1218: ...oin messages toward the source They also send prune messages toward the RP to prune the shared path if they have already connected to the source through the SPT or if there are no longer any group mem...

Page 1219: ...lo interval seconds Interval between sending PIM hello messages Range 1 65535 DEFAULT SETTING 30 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE Hello messages are sent to neighboring...

Page 1220: ...ceiving a prune request Use the no form to disable this feature SYNTAX no ip pim lan prune delay DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When other downstream...

Page 1221: ...tinue receiving the flow referenced in the message Range 500 6000 milliseconds DEFAULT SETTING 2500 milliseconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The override interval configure...

Page 1222: ...te the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time require...

Page 1223: ...le config if show ip pim interface This command displays information about interfaces configured for PIM SYNTAX show ip pim interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Normal Exec...

Page 1224: ...ole Table 182 show ip pim neighbor display description Field Description Neighbor Address IP address of the next hop router VLAN Interface Interface number that is attached to this neighbor Uptime The...

Page 1225: ...to resend a Graft message if it has not been acknowledged Use the no form to restore the default value SYNTAX ip pim max graft retries retries no ip pim max graft retries retries The maximum number o...

Page 1226: ...outer BSR candidate Use the no form to restore the default value SYNTAX ip pim bsr candidate interface vlan vlan id hash hash mask length priority priority no ip pim bsr candidate vlan id VLAN ID Rang...

Page 1227: ...wo core routers in diverse locations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP EXAMPLE The following ex...

Page 1228: ...s back toward the rendezvous point RP Use the no form to restore the default setting SYNTAX ip pim register source interface vlan vlan id no ip pim register source vlan id VLAN ID Range 1 4094 DEFAULT...

Page 1229: ...IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by more than one entr...

Page 1230: ...ommand configures the router to advertise itself as a Rendezvous Point RP candidate to the bootstrap router BSR Use the no form to remove this router as an RP candidate SYNTAX ip pim rp candidate inte...

Page 1231: ...d on the group address RP address priority and hash mask included in the bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provide...

Page 1232: ...rce to a receiver is through the RP However the path through the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its...

Page 1233: ...ple election process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with...

Page 1234: ...ce will be adversely affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested t...

Page 1235: ...ion changes to the RP Use the show ip pim rp mapping command to display active RPs that are cached with associated multicast groups EXAMPLE This example clears the RP map Console clear ip pim bsr rp s...

Page 1236: ...ow of an active BSR and will accept the first bootstrap message it sees as giving the new BSR s identity and the RP set Accept Preferred The router knows the identity of the current BSR and is using t...

Page 1237: ...time before this entry will be removed show ip pim rp hash This command displays the RP used for the specified multicast group and the RP that advertised the mapping SYNTAX show ip pim rp hash group...

Page 1238: ...m number of times to resend a IC Graft message if it has not been acknowledged ipv6 pim override interval Specifies the time it takes a downstream router to IC respond to a lan prune delay message ipv...

Page 1239: ...ace that will participate in multicast routing with this command If you enable PIM on an interface you should also enable IGMP on that interface PIM mode selection determines how the switch populates...

Page 1240: ...OMMAND MODE Interface Configuration VLAN COMMAND USAGE A graft message is sent by a router to cancel a prune state When a router receives a graft message it must respond with an graft acknowledgement...

Page 1241: ...y at which PIM hello messages are transmitted Use the no form to restore the default value SYNTAX ipv6 pim hello interval seconds no pimv6 hello interval seconds Interval between sending PIM hello mes...

Page 1242: ...ate for this multicast stream The prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry EXAMPLE Console config if ipv6 pim join...

Page 1243: ...rride interval from those advertised by each neighbor including this switch EXAMPLE Console config if ipv6 pim lan prune delay Console config if RELATED COMMANDS ipv6 pim override interval 1242 ipv6 p...

Page 1244: ...tion delay command are used to calculate the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the overrid...

Page 1245: ...TED COMMANDS ipv6 pim override interval 1242 ipv6 pim lan prune delay 1240 ipv6 pim state refresh origination interval This command sets the interval between sending PIM DM state refresh control messa...

Page 1246: ...ce Use the no form to restore the default value SYNTAX ipv6 pim triggerr hello delay seconds no ipv6 pim triggerr hello delay seconds The maximum time before sending a triggered PIM Hello message Rang...

Page 1247: ...f neighboring PIM routers EXAMPLE Console show ip pim interface vlan 1 PIM is enabled Vlan 1 is up PIM Mode Dense Mode IPv6 Address None Hello Interval 30 sec Hello HoldTime 105 sec Triggered Hello De...

Page 1248: ...AN 1 00 01 23 00 01 23 FF80 0202 VLAN 2 1d 11h Never Console Table 187 show ipv6 pim neighbor display description Field Description Neighbor Address IP address of the next hop router VLAN Interface In...

Page 1249: ...1247 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1249 Troubleshooting on page 1255 License Information on page 1257...

Page 1250: ...1248 SECTION IV Appendices...

Page 1251: ...duplex SFP 10GBASE SR LR ER 10 Gbps at full duplex Module 10GBASE T 10 Gbps 1000 Mbps 100 Mbps at full duplex Module FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Br...

Page 1252: ...vice policies MULTICAST FILTERING IGMP Snooping Layer 2 IGMP Layer 3 IGMP Proxy Multicast VLAN Registration IP ROUTING ARP Proxy ARP Static routes CIDR Classless Inter Domain Routing RIP RIPv2 OSPFv2...

Page 1253: ...er Discovery Protocol IEEE 802 1D 2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802 1p Priority tags IEEE...

Page 1254: ...6 TFTP RFC 1350 VRRP RFC 3768 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridg...

Page 1255: ...n Client MIB RFC 2619 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP Community MIB RFC 3584 SNMP Fr...

Page 1256: ...1254 APPENDIX A Software Specifications Management Information Bases...

Page 1257: ...network must be configured with the appropriate tag If you cannot connect using Telnet you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a la...

Page 1258: ...ssages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that lead...

Page 1259: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 1260: ...notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any...

Page 1261: ...ired to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if y...

Page 1262: ...ibution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exc...

Page 1263: ...TFTP server that contains the devices system files and the name of the boot file COS Class of Service is supported by prioritizing packets based on the required level of service and then placing them...

Page 1264: ...of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues EAPOL Extensible Authentication Protocol over LAN EAPOL is a client authentication protocol u...

Page 1265: ...thod for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign endstations to...

Page 1266: ...oup membership information onto the upstream interface based on IGMP messages monitored on downstream interfaces and forwards multicast traffic based on that information There is no need for multicast...

Page 1267: ...tion meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Information Base An acronym for Management Information Base It is a set o...

Page 1268: ...ls such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Length Subnet Masks VLSM OUT OF BAND MANAGEMENT Management of the network from a station...

Page 1269: ...et alarms on a variety of traffic conditions including specific error types RSTP Rapid Spanning Tree Protocol RSTP reduces the convergence time for network topology changes to about 10 of that require...

Page 1270: ...hen TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accur...

Page 1271: ...940 clear arp cache 1080 clear counters 832 clear dns cache 1038 clear host 1039 clear ip dhcp binding 1058 clear ip dhcp snooping database flash 785 clear ip igmp group 997 clear ip ospf process 1141...

Page 1272: ...secure port 729 ip http secure server 727 ip http server 727 ip igmp 991 ip igmp filter Global Configuration 978 ip igmp filter Interface Configuration 980 ip igmp last member query interval 992 ip ig...

Page 1273: ...rver 735 ip ssh server key size 736 ip ssh timeout 736 ip telnet max sessions 730 ip telnet port 730 ip telnet server 731 ipv6 access group 813 ipv6 address 1087 ipv6 address eui 64 1088 ipv6 address...

Page 1274: ...ration 932 map ip dscp Interface Configuration 934 map ip port Global Configuration 933 map ip port Interface Configuration 935 map ip precedence Global Configuration 933 map ip precedence Interface C...

Page 1275: ...am size 700 sflow max header size 701 sflow owner 701 sflow sample 702 sflow source 702 sflow timeout 703 show access group 822 show access list 822 show accounting 725 show arp 1080 show arp access l...

Page 1276: ...ss table count 858 show mac address table multicast 975 show mac vlan 918 show management 754 show map ip dscp 937 show map ip port 937 show map ip precedence 938 show memory 628 show mvr 989 show net...

Page 1277: ...witchport acceptable frame types 893 switchport allowed vlan 894 switchport dot1q tunnel mode 901 switchport dot1q tunnel tpid 902 switchport forbidden vlan 888 switchport gvrp 888 switchport ingress...

Page 1278: ...1276 COMMAND LIST...

Page 1279: ...303 310 808 810 IPv6 Standard 303 308 808 809 MAC 303 312 814 time range 300 667 Address Resolution Protocol See ARP address table 195 855 aging time 198 855 aging time displaying 198 858 aging time s...

Page 1280: ...ferentiated Services See DiffServ DiffServ 237 939 binding policy to interface 251 953 class map 238 940 944 class map description 239 941 color blind srTCM 246 947 color blind trTCM 247 949 committed...

Page 1281: ...g throttling enabling 422 978 filtering throttling interface configuration 425 980 filtering throttling status 422 978 filtering configuring profile 979 980 filtering creating profile 423 979 filterin...

Page 1282: ...87 dynamic configuration link local 77 453 1091 EUI format 456 1088 EUI 64 setting 456 1088 explicit configuration 453 1091 global unicast 456 1087 link local 457 1090 manual configuration global unic...

Page 1283: ...MP snooping 407 959 enabling IGMP snooping per interface 415 959 router configuration 411 976 multicast groups 414 420 435 974 975 998 displaying 414 420 435 975 998 static 413 414 973 974 975 Multica...

Page 1284: ...550 565 566 571 1150 transmit delay over interface 560 1161 virtual link 565 1150 virtual links displaying 570 1174 OSPFv3 1176 ABR route summary 1183 area border router 1183 backbone 1189 1190 config...

Page 1285: ...guring interfaces 188 912 group configuration 186 912 interface configuration 188 912 proxy ARP 476 1079 proxy query address IGMP snooping 419 970 proxy query interval IGMP snooping 418 971 proxy quer...

Page 1286: ...sures 259 755 serial port configuring 120 642 sFlow flow configuration 154 699 703 target device 154 699 shared tree PIM SM 589 1207 1210 1230 shortest path tree PIM SM 589 1207 1210 1230 Simple Mail...

Page 1287: ...ing 157 904 trap manager 79 388 676 troubleshooting 1255 trTCM police meter 247 949 QoS policy 243 949 trunk configuration 140 839 LACP 144 839 841 static 141 840 tunneling unknown VLANs VLAN trunking...

Page 1288: ...8 1061 group statistics 495 1066 preemption 489 490 1063 priority 489 490 1064 protocol message statistics 494 1070 timers 490 1065 virtual address 488 1062 W web authentication 276 775 address re aut...

Page 1289: ...ch support available in 30 seconds or less Copyright 2013 Black Box Corporation All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third par...

Reviews:

No comments

Related manuals for LGB6026A

Brand: jablotron Pages: 2

Brand: 3Com Pages: 1133

Brand: Tecsis Pages: 2

OmniView Secure F1DN102Uea

Brand: Belkin Pages: 36

Brand: Holland Pages: 4

GenReady Series 005448-2

Brand: Generac Power Systems Pages: 4

Brand: ASTEK Pages: 3

Brand: Datavideo Pages: 38

Brand: Lindy Pages: 2

Brand: Fairchild Pages: 20

Brand: Unipoe Pages: 41

Brand: Canoga Perkins Pages: 7

Brand: GarrettCom Pages: 77

Brand: G&D Pages: 80

Brand: AT&T Pages: 24

Brand: Wyrestorm Pages: 2

Brand: J-Tech Digital Pages: 12

3 x 4 SWITCH PLUS

Brand: W2IIHY Pages: 28

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands