D-Link DES-3550 Command Line Interface Reference Manual Download Page 229 | Manualshive

Page: 229 / 323

D-Link DES-3550 Command Line Interface Reference Manual Download Page 229

DES-3550 Layer 2 Fast Ethernet Switch

26

IP-MAC B

INDING

The IP-MAC binding feature is a security measure that restricts access to a Switch to authorized users. Only the authorized
client can access a Switch’s port by comparing a pre-configured IP/MAC matching database to the IP/MAC match extracted
form ARP request or acknowledgement packets. If the comparison test fails, the user is not authorized, the packet is dropped
and the user is effectively blocked from access. IP-MAC binding may be enabled on a per port basis. IP-MAC binding is
useful for preventing IP spoofing and other abuses.

The IP-MAC Binding commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.

Command Parameters

create address_binding ip_mac ipaddress

<ipaddr> mac_address <macaddr>

config address_binding ip_mac ipaddress

<ipaddr> mac_address <macaddr>

config address_binding ip_mac ports

[ <portlist> | all ] state [enable | disable]

show address_binding

[ ip_mac { [ all | ipaddress<ipaddr> mac_address<macaddr> ] }
| blocked { [ all |
vlan_name <vlan_name> mac_address<macaddr> ] } | ports ]

delete address-binding

[ ip-mac [ ipaddress<ipaddr> mac_address<macaddr> | all ]
| blocked
[ all | vlan_name<vlan_name> mac_address<macaddr> ] ]

Each command is listed, in detail, in the following sections.

225

«
...
227
228
229
230
231
...
»

Summary of Contents for DES-3550

Page 1: ...DES 3550 Layer 2 Switch Command Line Interface Reference Manual Release 3 5 May 2005 651ES3550055 RECYCLABLE ...

Page 2: ......

Page 3: ...ands 109 Broadcast Storm Control Commands 121 QoS Commands 124 Port Mirroring Commands 133 VLAN Commands 138 Asymmetric VLAN Commands 147 Link Aggregation Commands 150 Basic IP Commands 158 IGMP Snooping Commands 161 Limited IP Multicast Address 172 DHCP Relay 176 802 1X Commands 184 Access Control List ACL Commands 201 Traffic Segmentation Commands 213 Time and SNTP Commands 216 IP MAC Binding 22...

Page 4: ...SSH Commands 281 SSL Commands 291 D Link Single IP Management Commands 299 Command History List 312 Technical Specifications 317 ...

Page 5: ...Port The default settings of the Switch s serial port are as follows 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above is then connected to the Switch s serial port via an RS 232 DB 9 cable With the serial port properly connected to a management computer the following screen should...

Page 6: ...naged with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows 1 Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy yyy...

Page 7: ... an IP address of 10 20 25 30 with a subnet mask of 255 0 0 0 The system message Success indicates that the command was executed successfully The Switch can now be configured and managed via Telnet SNMP MIB browser and the CLI or via the Web based management agent using the above IP address to connect to the Switch 3 ...

Page 8: ... the Switch is rebooted If the Switch is rebooted without using the save command the last configuration saved to NV RAM will be loaded Connecting to the Switch The console interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operating system using an RS 232C seri...

Page 9: ...u with a Next possible completions message Figure 2 3 Example Command Parameter Help In this case the command config account was entered with the parameter username The CLI will then prompt you to enter the username with the message Next possible completions Every command in the CLI has this feature and complex commands have several layers of parameter prompting In addition after typing any given ...

Page 10: ...ed to re enter the previous command config account at the command prompt Now the appropriate username can be entered and the config account command re executed All commands in the CLI function in this way In addition the syntax of the help prompts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice o...

Page 11: ... parameter For example if you enter the show command with no additional parameters the CLI will then display all of the possible next parameters Figure 2 6 Next possible completions Show Command In the above example all of the possible next parameters for the show command are displayed At the next command prompt the up arrow was used to re enter the show command followed by the account parameter T...

Page 12: ...if_name space a VLAN name in the vlan_name 32 space and the network address in the network_address space Do not type the angle brackets Example Command create ipif Engineering vlan Design ipaddress 10 24 22 5 255 0 0 0 square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin user Description In the above synta...

Page 13: ... line to the left Backspace Deletes the character to the left of the cursor and then shifts the remaining characters in the line to the left Insert or Ctrl R Toggle on and off When toggled on inserts text and shifts previous text to the right Left Arrow Moves the cursor to the left Right Arrow Moves the cursor to the right Up Arrow Repeats the previously entered command Each time the up arrow is p...

Page 14: ...e displayed ESC Stops the display of remaining pages when multiple pages are to be displayed n Displays the next page p Displays the previous page q Stops the display of remaining pages when multiple pages are to be displayed r Refreshes the pages currently displayed a Displays the remaining pages without pausing between pages Enter Displays the next line or table entry 10 ...

Page 15: ...g account username 15 show account delete account username 15 show session show switch show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web save reboot reset config system login logout Eac...

Page 16: ...ds can be between 0 and 15 characters Example usage To create an administrator level user account with the username dlink DES 3550 4 create account admin dlink Command create account admin dlink Enter a case sensitive new password Enter the new password again for confirmation Success DES 3550 4 config account Purpose Used to configure user accounts Syntax config account username Description The co...

Page 17: ... Success DES 3550 4 show account Purpose Used to display user accounts Syntax show account Description Displays all user accounts created on the Switch Up to 8 user accounts can exist at one time Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the accounts that have been created DES 3550 4 show account Command show account Current Account...

Page 18: ...o delete the user account System DES 3550 4 delete account System Command delete account System Success DES 3550 4 show session Purpose Used to display a list of currently logged in users Syntax show session Description This command displays a list of all the users that are logged in at the time the command is issued Parameters None Restrictions None Example usage To display the way that the users...

Page 19: ...DES 3550 Fast Ethernet Switch Combo Port 1000Base T 1000Base T MAC Address 00 01 02 03 04 00 IP Address 10 41 44 22 Manual VLAN Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 3 00 000 Firmware Version Build 2 00 B07 Hardware Version 2A1 Device S N Power Status Main Normal Redundant Not Present System Name DES 3550 System Location 7th_flr_east_cabinet System Cont...

Page 20: ...yntax show serial_port Description This command displays the current serial port settings Parameters None Restrictions None Example usage To display the serial port setting DES 3550 4 show serial_port Command show serial_port Baud Rate 9600 Data Bits 8 Parity Bits None Stop Bits 1 Auto Logout 10 mins DES 3550 4 16 ...

Page 21: ... 115200 never No time limit on the length of time the console can be open with no user input 2_minutes The console will log out the current user if there is no user input for 2 minutes 5_minutes The console will log out the current user if there is no user input for 5 minutes 10_minutes The console will log out the current user if there is no user input for 10 minutes 15_minutes The console will l...

Page 22: ...l users can issue this command Example usage To enable pausing of the screen display when the show command output reaches the end of the page DES 3550 4 enable clipaging Command enable clipaging Success DES 3550 4 disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information Syntax di...

Page 23: ...t tcp_port_number 1 65535 Description This command is used to enable the Telnet protocol on the Switch The user can specify the TCP or UDP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known TCP port for the Telnet protocol is 23 Restrictions Only administrator level users can...

Page 24: ...he Switch Syntax enable web tcp_port_number 1 65535 Description This command is used to enable the Web based management software on the Switch The user can specify the TCP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Rest...

Page 25: ...isable web Purpose Used to disable the HTTP based management software on the Switch Syntax disable web Description This command disables the Web based management software on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To disable HTTP DES 3550 4 disable web Command disable web Success DES 3550 4 21 ...

Page 26: ...ters None Restrictions Only administrator level users can issue this command Example usage To save the Switch s current configuration to non volatile RAM DES 3550 4 save Command save Saving all configurations to NV RAM Done DES 3550 4 reboot Purpose Used to restart the Switch Syntax reboot Description This command is used to restart the Switch Parameters None Restrictions None Example usage To res...

Page 27: ... system is specified all of the factory default settings are restored on the Switch The Switch will save and reboot after the settings are changed to default Rebooting will clear all entries in the Forwarding Data Base If no parameter is specified the Switch s current IP address user accounts and the switch history log are not changed All other parameters are restored to the factory default settin...

Page 28: ...e and Password Parameters None Restrictions None Example usage To initiate the login procedure DES 3550 4 login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout Description This command terminates the current user s session on the Switch s console Parameters None Restrictions None Example usage To terminate the current user s console session DES ...

Page 29: ...ith the appropriate parameters in the following table Command Parameters config ports portlist all speed auto 10_half 10_full 100_half 100_full 1000_full flow_control enable disable learning enable disable state enable disable description desc 32 show ports portlist description Each command is listed in detail in the following sections 25 ...

Page 30: ... Configures the speed in Mbps for the specified range of ports Gigabit ports are statically set to 1000 and cannot be set to slower speeds half full Configures the specified range of ports as either full duplex or half duplex flow_control enable disable Enable or disable flow control for the specified ports learning enable disable Enables or disables the MAC address learning on the specified range...

Page 31: ...abled Auto Enabled Link Down Enabled 2 Enabled Auto Enabled Link Down Enabled 3 Enabled Auto Enabled Link Down Enabled 4 Enabled Auto Enabled Link Down Enabled 5 Enabled Auto Enabled Link Down Enabled 6 Enabled Auto Enabled Link Down Enabled 7 Enabled Auto Enabled Link Down Enabled 8 Enabled Auto Enabled Link Down Enabled 9 Enabled Auto Enabled Link Down Enabled 10 Enabled Auto Enabled 100M Full N...

Page 32: ...s1 2 Enabled Auto Disabled Link Down Enabled Description 3 Enabled Auto Disabled Link Down Enabled Description 4 Enabled Auto Disabled Link Down Enabled Description 5 Enabled Auto Disabled Link Down Enabled Description 6 Enabled Auto Disabled Link Down Enabled Description 7 Enabled Auto Disabled Link Down Enabled Description 8 Enabled Auto Disabled Link Down Enabled Description 9 Enabled Auto Disa...

Page 33: ...table Command Parameters config port_security ports portlist all admin_state enable disable max_learning_addr max_lock_no 0 20 lock_address_mode Permanent DeleteOnTimeout DeleteOnReset delete port_security_entry vlan_name vlan_name 32 mac_address macaddr port port clear port_security_entry port portlist show port_security ports portlist Each command is listed in detail in the following sections 29...

Page 34: ..._addr max_lock_no 0 20 Use this to limit the number of MAC addresses dynamically listed in the FDB for the ports lock_address_mode Permanent DeleteOnTimout DeleteOnReset Indicates the method of locking addresses The user has three choices Permanent The locked addresses will not age out after the aging timer expires DeleteOnTimeout The locked addresses will age out after the aging timer expires Del...

Page 35: ... learned the previously enterd MAC address Restrictions Only administrator level users can issue this command Example usage To delete a port security entry DES 3550 4 delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Command delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Success DES 3550 4 clear port_security_entry Purpose Used to ...

Page 36: ...Switch s ports The information displayed includes port security admin state maximum number of learning address and lock mode Parameters portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display the port security configuration DES 3550 4 show port_security ports 1 5 Command show port_security ports 1 5 Port Admin State Max Learning Addr Lock Address Mode 1 ...

Page 37: ...tring is used for authentication NoAuthNoPriv v3 Username Username is used for authentication NoAuthNoPriv v3 MD5 or SHA Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthNoPriv v3 MD5 DES or SHA DES Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard Command Parameters create snmp user usernam...

Page 38: ... snmp host ipaddr v1 v2c v3 noauth_nopriv auth_nopriv auth_priv auth_string 32 delete snmp host ipaddr show snmp host ipaddr create trusted_host ipaddr delete trusted_host ipaddr show trusted_host ipaddr enable snmp traps enable snmp authenticate_traps show snmp traps disable snmp traps disable snmp authenticate_traps config snmp system contact sw_contact config snmp system location sw_location co...

Page 39: ... method is not recommended auth The user may also choose the type of authentication algorithms used to authenticate the snmp user The choices are md5 Specifies that the HMAC MD5 96 authentication level will be used md5 may be utilized by entering one of the following auth password 8 16 An alphanumeric sting of between 8 and 16 characters that will be used to authorize the agent to receive packets ...

Page 40: ...and also to delete the associated SNMP group Syntax delete snmp user username 32 Description The delete snmp user command removes an SNMP user from its SNMP group and then deletes the associated SNMP group Parameters username 32 An alphanumeric string of up to 32 characters that identifies the SNMP user that will be deleted Restrictions Only administrator level users can issue this command Example...

Page 41: ...nd displays information about each SNMP username in the SNMP group username table Parameters None Restrictions Only administrator level users can issue this command Example usage To display the SNMP users currently configured on the Switch DES 3550 4 show snmp user Command show snmp user Username Group Name SNMP Version Auth Protocol PrivProtocol initial initial V3 None None Total Entries 1 DES 35...

Page 42: ...s that identifies the SNMP view that will be created oid The object ID that identifies an object tree MIB tree that will be included or excluded from access by an SNMP manager view type Sets the view type to be included Include this object in the list of objects that an SNMP manager can access excluded Exclude this object from the list of objects that an SNMP manager can access Restrictions Only a...

Page 43: ...32 An alphanumeric string of up to 32 characters that identifies the SNMP view to be deleted all Specifies that all of the SNMP views on the Switch will be deleted oid The object ID that identifies an object tree MIB tree that will be deleted from the Switch Restrictions Only administrator level users can issue this command Example usage To delete a previously configured SNMP view from the Switch ...

Page 44: ... be displayed Restrictions None Example usage To display SNMP view configuration DES 3550 4 show snmp view Command show snmp view Vacm View Table Settings View Name Subtree View Type ReadView 1 Included WriteView 1 Included NotifyView 1 3 6 Included restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included res...

Page 45: ...ign access limiting characteristics to this community string Parameters community_string 32 An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent view_name 32 An alphanumeric string of up to 32 characters that is used to identify the group ...

Page 46: ...ring from the Switch Parameters community_string 32 An alphanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent Restrictions Only administrator level users can issue this command Example usage To delete the SNMP community string dlink DES 3550 4 ...

Page 47: ...phanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent Restrictions None Example usage To display the currently entered SNMP community strings DES 3550 4 show snmp community Command show snmp community SNMP Community Table Community Name View Nam...

Page 48: ... can issue this command Example usage To give the SNMP agent on the Switch the name 0035636666 DES 3550 4 config snmp 0035636666 Command config snmp engineID 0035636666 Success DES 3550 4 show snmp engineID Purpose Used to display the identification of the SNMP engine on the Switch Syntax show snmp engineID Description The show snmp engineID command displays the identification of the SNMP engine o...

Page 49: ...h a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity Ensures that packets have not been tampered with during transit Authentication Determines if an SNMP message is from a valid source Encryption Scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and ...

Page 50: ...ed to remove an SNMP group from the Switch Syntax delete snmp group groupname 32 Description The delete snmp group command is used to remove an SNMP group from the Switch Parameters groupname 32 An alphanumeric name of up to 32 characters that will identify the SNMP group the new SNMP user will be associated with Restrictions Only administrator level users can issue this command Example usage To d...

Page 51: ...ntly configured SNMP groups on the Switch DES 3550 4 show snmp groups Command show snmp groups Vacm Access Table Settings Group Name Group3 ReadView Name ReadView WriteView Name WriteView Notify View Name NotifyView Security Model SNMPv3 Security Level NoAuthNoPriv Group Name Group4 ReadView Name ReadView WriteView Name WriteView Notify View Name NotifyView Security Model SNMPv3 Security Level aut...

Page 52: ...e Notify View Name CommunityView Security Model SNMPv1 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model SNMPv2 Security Level NoAuthNoPriv Group Name WriteGroup ReadView Name CommunityView WriteView Name CommunityView Notify View Name CommunityView Security Model SNMPv1 Security Level NoAuthNoPriv Group Name W...

Page 53: ... some security features v3 Specifies that the SNMP version 3 will be used SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity ensures that packets have not been tampered with during transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of mess...

Page 54: ...rated by the Switch s SNMP agent Syntax delete snmp host ipaddr Description The delete snmp host command deletes a recipient of SNMP traps generated by the Switch s SNMP agent Parameters ipaddr The IP address of a remote SNMP manager that will receive SNMP traps generated by the Switch s SNMP agent Restrictions Only administrator level users can issue this command Example usage To delete an SNMP h...

Page 55: ...esignated as recipients of SNMP traps that are generated by the Switch s SNMP agent Parameters ipaddr The IP address of a remote SNMP manager that will receive SNMP traps generated by the Switch s SNMP agent Restrictions None Example usage To display the currently configured SNMP hosts on the Switch DES 3550 4 show snmp host Command show snmp host SNMP Host Table Host IP Address SNMP Version Commu...

Page 56: ... based management software These IP addresses must be members of the Management VLAN If no IP addresses are specified then there is nothing to prevent any IP address from accessing the Switch provided the user knows the Username and Password Parameters ipaddr The IP address of the trusted host to be created Restrictions Only administrator level users can issue this command Example usage To create ...

Page 57: ...ost ipaddr Description This command is used to display a list of trusted hosts entered on the Switch using the create trusted_host command above Parameters ipaddr The IP address of the trusted host Restrictions None Example Usage To display the list of trust hosts DES 3550 4 show trusted_host Command show trusted_host Management Stations IP Address 10 53 13 94 Total Entries 1 DES 3550 4 53 ...

Page 58: ... This command is used to delete a trusted host entry made using the create trusted_host command above Parameters ipaddr The IP address of the trusted host Restrictions Only administrator level users can issue this command Example Usage To delete a trusted host with an IP address 10 48 74 121 DES 3550 4 delete trusted_host 10 48 74 121 Command delete trusted_host 10 48 74 121 Success DES 3550 4 54 ...

Page 59: ...the Switch DES 3550 4 enable snmp traps Command enable snmp traps Success DES 3550 4 enable snmp authenticate_traps Purpose Used to enable SNMP authentication trap support Syntax enable snmp authenticate_traps Description This command is used to enable SNMP authentication trap support on the Switch Parameters None Restrictions Only administrator level users can issue this command Example Usage To ...

Page 60: ...on This command is used to view the SNMP trap support status currently configured on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To view the current SNMP trap support DES 3550 4 show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled DES 3550 4 56 ...

Page 61: ...om the Switch DES 3550 4 disable snmp traps Command disable snmp traps Success DES 3550 4 disable snmp authenticate_traps Purpose Used to disable SNMP authentication trap support Syntax disable snmp authenticate_traps Description This command is used to disable SNMP authentication support on the Switch Parameters None Restrictions Only administrator level users can issue this command Example Usage...

Page 62: ... administrator level users can issue this command Example usage To configure the Switch contact to MIS Department II DES 3550 4 config snmp system_contact MIS Department II Command config snmp system_contact MIS Department II Success DES 3550 4 config snmp system_location Purpose Used to enter a description of the location of the Switch Syntax config snmp system_location sw_location Description Th...

Page 63: ...Syntax config snmp system_name sw_name Description The config snmp system_name command configures the name of the Switch Parameters sw_name A maximum of 255 characters is allowed A NULL string is accepted if no name is desired Restrictions Only administrator level users can issue this command Example usage To configure the Switch name for DES 3550 Switch DES 3550 4 config snmp system_name DES 3550...

Page 64: ...cription This command is used in conjunction with the disable rmon command below to enable and disable remote monitoring RMON on the Switch Parameters None Restrictions Only administrator level users can issue this command Example Usage To enable RMON DES 3550 4 enable rmon Command enable rmon Success DES 3550 4 60 ...

Page 65: ...cription This command is used in conjunction with the enable rmon command above to enable and disable remote monitoring RMON on the Switch Parameters None Restrictions Only administrator level users can issue this command Example Usage To disable RMON DES 3550 4 disable rmon Command disable rmon Success DES 3550 4 61 ...

Page 66: ...firmware ipaddr path_filename 64 section_id int 1 2 configuration ipaddr path_filename 64 increment config firmware image_id value 1 2 delete boot_up show firmware_information show config current_config config_in_nvram upload configuration log ipaddr path_filename 64 enable autoconfig disable autoconfig show autoconfig ping ipaddr times value 1 255 timeout sec 1 99 Each command is listed in detail...

Page 67: ...FTP server ipaddr The IP address of the TFTP server path_filename The DOS path and filename of the firmware or switch configuration file on the TFTP server For example C 3226S had image_id int 1 2 Specify the working section ID The Switch can hold two firmware versions for the user to select from which are specified by section ID increment Allows the download of a partial switch configuration file...

Page 68: ...DES 3550 4 DES 3550 4 DES 3550 4 DES 3550 4 BASIC DES 3550 4 DES 3550 4 config serial_port baud_rate 9600 auto_logout 10_minutes Command config serial_port baud_rate 9600 auto_logout 10_minutes The download configuration command will inititiate the loading of the various settings in the order listed in the configuration file When the file has been successfully loaded the message End of configurati...

Page 69: ...Parameters image_id Specifies the working section The Switch can hold two firmware versions for the user to select from which are specified by image ID delete Entering this parameter will delete the specified firmware section boot_up Entering this parameter will specify the firmware image ID as a boot up section Restrictions Only administrator level users can issue this command Example usage To co...

Page 70: ...ample usage To display the current firmware information on the Switch DES 3550 4 show firmware information Command show firmware information ID Version Size B Update Time From User 1 2 00 B19 1360471 00000 days 00 00 00 Serial Port PROM Unknown 2 1 00 B20 2052372 00000 days 00 00 56 10 53 13 94 Anonymous means boot up section T means firmware update thru TELNET S means firmware update thru SNMP W ...

Page 71: ...y category in the following order Description 1 Basic serial port Telnet and web management status 2 storm control 3 IP group management 4 syslog 5 QoS 6 port mirroring 7 traffic segmentation 8 port 9 port lock 10 8021x 11 SNMPv3 12 management SNMP traps RMON 13 vlan 14 FDB forwarding data base 15 MAC address table notification 16 STP 17 SSH 18 SSL 19 ACL 20 SNTP 21 IP route 22 LACP 23 ARP 24 IP 2...

Page 72: ...0 Configuration Firmware Build 3 01 B20 Copyright C 2000 2004 D Link Corporation All rights reserved BASIC config serial_port baud_rate 9600 auto_logout 10_minutes enable telnet 23 enable web 80 STORM config traffic control 1 5 broadcast disable multicast disable dlf disable thres hold 128 GM config sim candidate CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All 68 ...

Page 73: ...tory log will be uploaded to the TFTP server ipaddr The IP address of the TFTP server The TFTP server must be on the same IP subnet as the Switch path_filename 64 Specifies the location of the Switch configuration file on the TFTP server This file will be replaced by the uploaded file from the Switch Restrictions The TFTP server must be on the same IP subnet as the Switch Only administrator level ...

Page 74: ...onfigured to deliver this information in the data field of the DHCP reply packet The TFTP server must be running and have the requested configuration file in its base directory when the request is received from the Switch Consult the DHCP server and TFTP server software instructions for information on loading a configuration file If the Switch is unable to complete the autoconfiguration process th...

Page 75: ...become the active configuration Upon booting up the autoconfig process is initiated the console screen will appear similar to the example below The configuration settings will be loaded in normal order DES 3550 Fast Ethernet Switch Command Line Interface Firmware Build 3 01 B20 Copyright C 2000 2004 D Link Corporation All rights reserved DES 3550 4 DES 3550 4 DES 3550 4 download configuration 10 4...

Page 76: ...iguration from DHCP Syntax disable autoconfig Description This instructs the Switch not to request autoconfiguration instruction from the DHCP server This does not change the IP settings of the Switch The ipif settings will continue as DHCP client until changed with the config ipif command Parameters None Restrictions None Example usage To stop the autoconfiguration function DES 3550 4 disable aut...

Page 77: ...t autoconfig status of the Switch Syntax show autoconfig Description This will list the current status of the autoconfiguration function Parameters None Restrictions None Example usage To upload a DES 3550 4 show autoconfig Command show autoconfig Autoconfig disabled Success DES 3550 4 73 ...

Page 78: ...255 The number of individual ICMP echo messages to be sent A value of 0 will send an infinite ICMP echo messages The maximum value is 255 The default is 0 timeout sec 1 99 Defines the time out period while waiting for a response from the remote device A value of 1 to 99 seconds can be specified The default is 1 second Restrictions None Example usage To ping the IP address 10 48 74 121 four times D...

Page 79: ...show syslog create syslog host index 1 4 ipaddress ipaddr severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number state enable disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable ...

Page 80: ... Specifies a port or range of ports to be displayed Restrictions None Example usage To display the packets analysis for port 7 of module 2 DES 3550 4 show packet port 2 Port number 2 Frame Size Frame Counts Frame sec Frame Type Total Total sec 64 3275 10 RX Bytes 408973 1657 65 127 755 10 RX Frames 395 19 128 255 316 1 256 511 145 0 TX Bytes 7918 178 512 1023 15 0 TX Frames 111 2 1024 1518 0 0 Uni...

Page 81: ...t Parameters portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the errors of the port 3 of module 1 DES 3550 4 show error ports 3 Command show error ports 3 Port number 1 RX Frames TX Frames CRC Error 19 Excessive Deferral 0 Undersize 0 CRC Error 0 Oversize 0 Late Collision 0 Fragment 0 Excessive Collision 0 Jabber 11 Single Collision 0 Drop Pkt...

Page 82: ...st Description This command will display the real time port and cpu utilization statistics for the Switch Parameters cpu Entering this parameter will display the current cpu utilization of the Switch ports Entering this parameter will display the current port utilization of the Switch portlist Specifies a port or range of ports to be displayed Restrictions None 78 ...

Page 83: ... 0 0 2 0 0 0 23 0 0 0 3 0 0 0 24 0 0 0 4 0 0 0 25 0 26 1 5 0 0 0 26 0 0 0 6 0 0 0 27 0 0 0 7 0 0 0 28 0 0 0 8 0 0 0 29 0 0 0 9 0 0 0 30 0 0 0 10 0 0 0 31 0 0 0 11 0 0 0 32 0 0 0 12 0 0 0 33 0 0 0 13 0 0 0 34 0 0 0 14 0 0 0 35 0 0 0 15 0 0 0 36 0 0 0 16 0 0 0 37 0 0 0 17 0 0 0 38 0 0 0 18 0 0 0 39 0 0 0 19 0 0 0 40 0 0 0 20 0 0 0 41 0 0 0 21 0 0 0 42 0 0 0 CTRL C ESC q Quit SPACE n Next Page p Prev...

Page 84: ...sed to clear the Switch s statistics counters Syntax clear counters ports portlist Description This command will clear the counters used by the Switch to compile statistics Parameters portlist Specifies a port or range of ports to be displayed Restrictions Only administrator level users can issue this command Example usage To clear the counters DES 3550 4 clear counters ports 2 9 Command clear cou...

Page 85: ...r the log information DES 3550 4 clear log Command clear log Success DES 3550 4 show log Purpose Used to display the switch history log Syntax show log index value Description This command will display the contents of the Switch s history log Parameters index value This command will display the history log beginning at 1 and ending at the value specified by the user in the value field If no parame...

Page 86: ... 2 00000 days 00 00 01 Spanning Tree Protocol is disabled 1 00000 days 00 06 31 Configuration saved to flash Username Anonymous DES 3550 4 enable syslog Purpose Used to enable the system log to be sent to a remote host Syntax enable syslog Description The enable syslog command enables the system log to be sent to a remote host Parameters None Restrictions Only administrator level users can issue t...

Page 87: ...mmand Example usage To disable the syslog function on the Switch DES 3550 4 disable syslog Command disable syslog Success DES 3550 4 show syslog Purpose Used to display the syslog protocol status as enabled or disabled Syntax show syslog Description The show syslog command displays the syslog status as enabled or disabled Parameters None Restrictions None Example usage To display the current statu...

Page 88: ...l messages will be sent to the remote host This corresponds to number 6 from the list above warning Specifies that warning messages will be sent to the remote host This corresponds to number 4 from the list above all Specifies that all of the currently supported syslog messages that are generated by the Switch will be sent to the remote host facility Some of the operating system daemons and proces...

Page 89: ...the list above local5 Specifies that local use 5 messages will be sent to the remote host This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to number 23 from the list above udp_port u...

Page 90: ... Switch Numerical Code Severity 0 1 2 3 4 5 6 7 Emergency system is unusable Alert action must be taken immediately Critical critical conditions Error error conditions Warning warning conditions Notice normal but significant condition Informational informational messages Debug debug level messages informational Specifies that informational messages will be sent to the remote host This corresponds ...

Page 91: ...responds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This corresponds to number 21 fro...

Page 92: ...yslog host index 1 4 all Description The delete syslog host command is used to remove a syslog host that has been previously configured from the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 all Specifies that the command will be applied to all hosts Restrictions Only administrator level users can i...

Page 93: ...tch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 Restrictions None Example usage To show Syslog host information DES 3550 4 show syslog host Command show syslog host Syslog Global State Disabled Host Id Host IP Address Severity Facility UDP port Status 1 10 1 1 2 All Local0 514 Disabled 2 10 40 2 3 All Lo...

Page 94: ... as hardware failures or spoofing attacks Parameters Choose one of the following to identify where severity messages are to be sent trap Entering this parameter will define which events occurring on the Switch will be sent to a SNMP agent for analysis log Entering this parameter will define which events occurring on the Switch will be sent to the Switch s log for analysis all Entering this paramet...

Page 95: ...Layer 2 Fast Ethernet Switch To log critical warnings and send critical warnings to the SNMP agent DES 3550 4 config system_severity all critical Command config system_severity all critical Success DES 3550 4 91 ...

Page 96: ...nd Internal Spanning Tree CIST The CIST will automatically determine each MSTP region its maximum possible extent and will appear as one virtual bridge that runs a single spanning tree Consequentially frames assigned to different VLANs will follow different data routes within administratively established regions on the network continuing to allow simple and full processing of frames regardless of ...

Page 97: ... auto value 1 200000000 hellotime value 1 10 migrate yes no edge true false p2p true false auto state enable disable fbpdu enable disable create stp instance_id value 1 4 config stp instance _id value 1 4 add_vlan remove_vlan vidlist delete stp instance_id value 1 4 config stp priority value 0 61440 instance_id value 0 4 config stp mst_config_id revision_level int 0 65535 name string config stp ms...

Page 98: ... command Example usage To enable STP globally on the Switch DES 3550 4 enable stp Command enable stp Success DES 3550 4 disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To d...

Page 99: ...DES 3550 Layer 2 Fast Ethernet Switch 95 ...

Page 100: ...meter will set the Multiple Spanning Tree Protocol MSTP globally on the Switch rstp Selecting this parameter will set the Rapid Spanning Tree Protocol RSTP globally on the Switch stp Selecting this parameter will set the Spanning Tree Protocol STP globally on the Switch Restrictions Only administrator level users can issue this command Example usage To set the Switch globally for the Multiple Span...

Page 101: ...re the BPDU bridge protocol data unit packet sent by the Switch will be discarded Each switch on the hop count will reduce the hop count by one until the value reaches zero The Switch will then discard the BDPU packet and the information held for the port will age out The user may set a hop count from 1 to 20 The default is 20 hellotime value 1 10 The user may set the time interval between transmi...

Page 102: ...lized on a port where an 802 1d network connects to an 802 1w or 802 1s enabled network Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802 1w RSTP or 802 1s MSTP on all or some portion of the segment edge true false true designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port...

Page 103: ...re the default settings configurable using the config stp command discussed previously create stp instance_id Purpose Used to create a STP instance ID for MSTP Syntax create stp instance_id value 1 4 Description This command allows the user to create a STP instance ID for the Multiple Spanning Tree Protocol There are 5 STP instances on the Switch one internal CIST unchangeable and the user may cre...

Page 104: ...and the same name Parameters value 1 4 Enter a number between 1 and 4 to define the instance_id The switch supports 5 STP regions with one unchangeable default instance ID set as 0 add_vlan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id remove_vlan Along with the vid_range vidlist parameter this command will remove VIDs to the pre...

Page 105: ... 0 4 Description This command is used to update the STP instance configuration settings on the Switch The MSTP will utilize the priority in selecting the root bridge root port and designated port Assigning higher priorities to STP regions will instruct the Switch to give precedence to the selected instance_id for forwarding packets The lower the priority value set the higher the priority Parameter...

Page 106: ...idered as part of the same MSTP region Parameters revision_level int 0 65535 Enter a number between 0 and 65535 to identify the MSTP region This value along with the name will identify the MSTP region configured on the Switch The default setting is 0 name string Enter an alphanumeric string of up to 32 characters to uniquely identify the MSTP region on the Switch This name along with the revision_...

Page 107: ...ance_id value 0 4 Enter a numerical value between 0 and 4 to identify the instance_id previously configured on the Switch An entry of 0 will denote the CIST Common and Internal Spanning Tree internalCost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP instance The default setting is auto There are two options ...

Page 108: ...riority 16 Success DES 3550 4 show stp Purpose Used to display the Switch s current STP configuration Syntax show stp Description This command displays the Switch s current STP configuration Parameters None Restrictions None Example usage To display the status of STP on the Switch Status 1 STP enabled with STP compatible version DES 3550 4 show stp Command show stp STP Status Enabled STP Version S...

Page 109: ...bled STP Version RSTP Max Age 20 Hello Time 2 Forward Delay 15 Max Age 20 TX Hold Count 3 Forwarding BPDU Enabled DES 3550 4 Status 3 STP enabled for MSTP DES 3550 4 show stp Command show stp STP Status Enabled STP Version MSTP Max Age 20 Forward Delay 15 Max Age 20 TX Hold Count 3 Forwarding BPDU Enabled DES 3550 4 105 ...

Page 110: ...ed the STP information for port 1 will be displayed You may use the Space bar p and n keys to view information for the remaining ports Restrictions None Example usage To show STP ports information for port 5 STP enabled on Switch DES 3550 4 show stp ports Command show stp ports MSTP Port Information Port Index 5 Hello Time 2 2 Port STP enabled External PathCost Auto 200000 Edge Port No No P2P Auto...

Page 111: ...rictions None Example usage To display the STP instance configuration for instance 0 the internal CIST on the Switch DES 3550 4 show stp instance 0 Command show stp instance 0 STP Instance Settings Instance Type CIST Instance Status Enabled Instance Priority 32768 bridge priority 32768 sys ID ext 0 STP Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 External Root Cost 20...

Page 112: ...s the Switch s current MSTP configuration identification Parameters None Restrictions None Example usage To show the MSTP configuration identification currently set on the Switch DES 3550 4 show stp mst_config_id Command show stp mst_config_id Current MST Configuration Identification Configuration Name 00 53 13 1A 33 24 Revision Level 0 MSTI ID Vid list CIST 2 4094 1 1 DES 3526 4 108 ...

Page 113: ...multicast_fdb vlan_name 32 macaddr add delete portlist config fdb aging_time sec 10 1000000 delete fdb vlan_name 32 macaddr clear fdb vlan vlan_name 32 port port all show multicast_fdb vlan vlan_name 32 mac_address macaddr show fdb port port vlan vlan_name 32 mac_address macaddr static aging_time config multicast port_filtering_mode portlist all forward_all_groups forward_unregistered_groups filte...

Page 114: ...The name of the VLAN on which the MAC address resides macaddr The MAC address that will be added to the forwarding table port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port Restrictions Only administrator level users can issue this command Example usage To create a unicast MAC FDB entry DES 3550 4 c...

Page 115: ...the Switch s multicast MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address that will be added to the forwarding table Restrictions Only administrator level users can issue this command Example usage To create multicast MAC forwarding DES 3550 4 create multicast_fdb default 01 00 00 00 00 01 Command create multicast_f...

Page 116: ...the MAC address resides macaddr The MAC address that will be added to the multicast forwarding table add delete add will add ports to the forwarding table delete will remove ports from the multicast forwarding table portlist Specifies a port or range of ports to be configured Restrictions Only administrator level users can issue this command Example usage To add multicast MAC forwarding DES 3550 4...

Page 117: ...entries that are out of date or no longer exist This may cause incorrect packet forwarding decisions by the Switch If the aging time is too short however many entries may be aged out too soon This will result in a high percentage of received packets whose source addresses cannot be found in the forwarding table in which case the Switch will broadcast the packet to all ports negating many of the be...

Page 118: ...of the VLAN on which the MAC address resides macaddr The MAC address that will be added to the forwarding table Restrictions Only administrator level users can issue this command Example usage To delete a permanent FDB entry DES 3550 4 delete fdb default 00 00 00 00 01 02 Command delete fdb default 00 00 00 00 01 02 Success DES 3550 4 Example usage To delete a multicast fdb entry DES 3550 4 delete...

Page 119: ... database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port all Clears all dynamic entries to the Switch s forwarding database Restrictions Only administrator level users can issue this command Example usage To clear all...

Page 120: ...of the Switch s multicast MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address that is present in the forwarding database table Restrictions None Example usage To display multicast MAC address table DES 3550 4 show multicast_fdb vlan default Command show multicast_fdb vlan default VLAN Name default MAC Address 01 00 5...

Page 121: ...witch s forwarding database Parameters port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address that is present in the forwarding database table static Displays the static MAC address entries aging_time Displays th...

Page 122: ...0 10 Dynamic 1 default 00 00 81 05 02 00 10 Dynamic 1 default 00 00 81 48 70 01 10 Dynamic 1 default 00 00 E2 4F 57 03 10 Dynamic 1 default 00 00 E2 61 53 18 10 Dynamic 1 default 00 00 E2 6B BC F6 10 Dynamic 1 default 00 00 E2 7F 6B 53 10 Dynamic 1 default 00 00 E2 82 7D 90 10 Dynamic 1 default 00 00 F8 7C 1C 29 10 Dynamic 1 default 00 01 02 03 04 00 CPU Self 1 default 00 01 02 03 04 05 10 Dynamic...

Page 123: ... may set the filtering mode to any of these three options Restrictions Only administrator level users can issue this command Example usage To configure the multicast filtering mode to forward all groups on ports 1 through 4 DES 3550 4 config multicast port_filtering_mode 1 4 forward_all_groups Command config multicast port_filtering_mode 1 4 forward_all_groups Success DES 3550 4 show multicast por...

Page 124: ...ward_unregistered_groups 6 forward_unregistered_groups 7 forward_unregistered_groups 8 forward_unregistered_groups 9 forward_unregistered_groups 10 forward_unregistered_groups 11 forward_unregistered_groups 12 forward_unregistered_groups 13 forward_unregistered_groups 14 forward_unregistered_groups 15 forward_unregistered_groups 16 forward_unregistered_groups 17 forward_unregistered_groups 18 forw...

Page 125: ...e CLI are listed along with the appropriate parameters in the following table Command Parameters config traffic control storm_grouplist all broadcast enable disable multicast enable disable dlf enable disable threshold value 0 255 show traffic control group_list storm_grouplist Each command is listed in detail in the following sections 121 ...

Page 126: ...broadcast enable disable Enables or disables broadcast storm control multicast enable disable Enables or disables multicast storm control dlf enable disable Enables or disables dlf traffic control threshold value 0 255 The upper threshold at which the specified traffic control is switched on The value is the number of broadcast multicast dlf packets in Kpps received by the Switch that will trigger...

Page 127: ...cast storm control group This is specified by entering the storm_grouplist Restrictions None Example usage To display traffic control setting DES 3550 4 show traffic control Command show traffic control Traffic Control Broadcast Multicast Destination Module Group ports Threshold Storm Storm Lookup Fail 1 1 1 8 128 Disabled Disabled Disabled 1 2 9 18 128 Disabled Disabled Disabled 1 3 17 24 128 Dis...

Page 128: ...will empty the four hardware priority queues in order beginning with the highest priority queue 4 to the lowest priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transm...

Page 129: ...ed by the above specified ports value 1 1000 Specifies the packet limit in Mbps that the above ports will be allowed to receive tx_rate Specifies that one of the parameters below no_limit or value 1 1000 will be applied to the rate at which the above specified ports will be allowed to transmit packets no_limit Specifies that there will be no limit on the rate of packets received by the above speci...

Page 130: ...witch on a port by port basis Parameters portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display bandwidth control settings DES 3550 4 show bandwidth_control 1 10 Command show bandwidth_control 1 10 Bandwidth Control Table Port RX Rate Mbit sec TX_RATE Mbit sec 1 no_limit 10 2 no_limit 10 3 no_limit 10 4 no_limit 10 5 no_limit 10 6 no_limit 10 7 no_limit...

Page 131: ... have transmitted 3 packets The process will then repeat The max_latency parameter allows you to specify the maximum amount of time that packets are delayed before being transmitted to a given hardware priority queue A value between 0 and 255 can be specified This number is then multiplied by 16 ms to determine the maximum latency For example if 3 is specified the maximum latency allowed will be 3...

Page 132: ...o display the currently configured traffic scheduling on the Switch Syntax show scheduling Description The show scheduling command will display the current traffic scheduling mechanisms in use on the Switch Parameters None Restrictions None Example usage To display the current scheduling configuration DES 3550 4 show scheduling Command show scheduling QOS Output Scheduling Class ID MAX Packets MAX...

Page 133: ... Lowest 3 1 Mid low 4 2 Mid high 5 2 Mid high 6 3 Highest 7 3 Highest This mapping scheme is based upon recommendations contained in IEEE 802 1D You can change this mapping by specifying the 802 1p user priority you want to go to the class_id 0 3 the number of the hardware queue priority 0 7 The 802 1p user priority you want to associate with the class_id 0 3 the number of the hardware queue with ...

Page 134: ...priority command displays the current mapping of an incoming packet s 802 1p priority value to one of the Switch s four hardware priority queues Parameters None Restrictions None Example usage To show 802 1p user priority DES 3550 4 show 802 1p user_priority Command show 802 1p user_priority QOS Class of Traffic Priority 0 Class 1 Priority 1 Class 0 Priority 2 Class 0 Priority 3 Class 1 Priority 4...

Page 135: ...itch The priority value entered with this command will be used to determine which of the four hardware priority queues the packet is forwarded to Parameters portlist Specifies a port or range of ports to be configured all Specifies that the command applies to all ports on the Switch priority 0 7 The priority value you want to assign to untagged packets received by the Switch or a range of ports on...

Page 136: ...figured 802 1p priority value that will be assigned to an incoming untagged packet before being forwarded to its destination Parameters portlist Specifies a port or range of ports to be configured Restrictions None Example usage To display the current 802 1p default priority configuration on the Switch DES 3550 4 show 802 1p default_priority Command show 802 1p default_priority Port Priority 1 0 2...

Page 137: ...n the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config mirror port port add delete source ports portlist rx tx both enable mirror disable mirror show mirror Each command is listed in detail in the following sections 133 ...

Page 138: ...a s the source port If the target port is operating at a lower speed the source port will be forced to drop its operating speed to match that of the target port add delete Specifies if the user wishes to add or delete ports to be mirrored that are specified in the source ports parameter source ports The port or ports being mirrored This cannot include the Target port portlist This specifies a port...

Page 139: ...nfiguration Syntax enable mirror Description This command combined with the disable mirror command below allows you to enter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only administrator level users can issue this command To enable mirroring configurations DES 3550...

Page 140: ...le mirror command above allows you to enter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only administrator level users can issue this command Example usage To disable mirroring configurations DES 3550 4 disable mirror Command disable mirror Success DES 3550 4 136 ...

Page 141: ... Syntax show mirror Description This command displays the current port mirroring configuration on the Switch Parameters None Restrictions None Example usage To display mirroring configuration DES 3550 4 show mirror Command show mirror Current Settings Mirror Status Enabled Target Port 1 Mirrored Port RX TX 5 7 DES 3550 4 137 ...

Page 142: ... tag vlanid 1 4094 advertisement delete vlan vlan_name 32 config vlan vlan_name 32 add tagged untagged forbidden delete portlist advertisement enable disable config gvrp portlist all state enable disable ingress_checking enable disable acceptable_frame tagged_only admit_all pvid vlanid 1 4094 enable gvrp disable gvrp show vlan vlan_name 32 show gvrp portlist Each command is listed in detail in the...

Page 143: ...94 The VLAN ID of the VLAN to be created Allowed values 1 4094 advertisement Specifies that the VLAN is able to join GVRP If this parameter is not set the VLAN cannot be configured to have forbidden ports Restrictions Each VLAN name can be up to 32 characters If the VLAN is not given a tag it will be a port based VLAN Only administrator level users can issue this command Example usage To create a ...

Page 144: ...vlan_name 32 Description This command will delete a previously configured VLAN on the Switch Parameters vlan_name 32 The VLAN name of the VLAN you want to delete Restrictions Only administrator level users can issue this command Example usage To remove the vlan v1 DES 3550 4 delete vlan v1 Command delete vlan v1 Success DES 3550 4 140 ...

Page 145: ... to add ports to add Entering the add parameter will add ports to the VLAN There are three types of ports to add tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden delete Deletes ports from the specified VLAN portlist A port or range of ports to add to or delete from the specified VLAN advertisem...

Page 146: ...t VLAN ID PVID Parameters portlist A port or range of ports for which you want to enable GVRP for all Specifies all of the ports on the Switch state enable disable Enables or disables GVRP for the ports specified in the port list ingress_checking enable disable Enables or disables ingress checking for the specified port list acceptable_frame tagged_only admit_all This parameter states the frame ty...

Page 147: ...table_frame tagged_only pvid 2 Success DES 3550 4 enable gvrp Purpose Used to enable GVRP on the Switch Syntax enable gvrp Description This command along with disable gvrp below is used to enable and disable GVRP on the Switch without changing the GVRP configuration on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To enable the generic ...

Page 148: ... disable the Generic VLAN Registration Protocol GVRP DES 3550 4 disable gvrp Command disable gvrp Success DES 3550 4 show vlan Purpose Used to display the current VLAN configuration on the Switch Syntax show vlan vlan_name 32 Description This command displays summary information about each VLAN including the VLAN ID VLAN name the Tagging Untagging status and the Member Non member Forbidden status ...

Page 149: ...ault VLAN TYPE static Advertisement Enabled Member ports 1 5 50 Static ports 1 5 50 Current Untagged ports 1 5 50 Static Untagged ports 1 5 50 Forbidden ports VID 4094 VLAN Name Trinity VLAN TYPE static Advertisement Enabled Member ports 2 4 Static ports 2 4 Current Untagged ports 2 4 Static Untagged ports 2 4 Forbidden ports Total Entries 2 DES 3550 4 145 ...

Page 150: ...ing Acceptable Frame Type 1 1 Disabled Enabled All Frames 2 1 Disabled Enabled All Frames 3 1 Disabled Enabled All Frames 4 1 Disabled Enabled All Frames 5 1 Disabled Enabled All Frames 6 1 Disabled Enabled All Frames 7 1 Disabled Enabled All Frames 8 1 Disabled Enabled All Frames 9 1 Disabled Enabled All Frames 10 1 Disabled Enabled All Frames 11 1 Disabled Enabled All Frames 12 1 Disabled Enable...

Page 151: ...metric VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable asymmetric_vlan disable asymmetric_vlan show asymmetric_vlan Each command is listed in detail in the following sections 147 ...

Page 152: ...age To enable asymmetric VLANs DES 3550 4 enable asymmetric_vlan Command enable asymmetric_vlan Success DES 3550 4 disable asymmetric_vlan Purpose Used to disable the asymmetric VLAN function on the Switch Syntax disable asymmetric_vlan Description This command disables the asymmetric VLAN function on the Switch Parameters None Restrictions Only administrator level users can issue this command Exa...

Page 153: ...c_vlan Description This command displays the asymmetric VLAN state on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To display the asymmetric VLAN state cuurently set on the Switch DES 3550 4 show asymmetric_vlan Command show asymmetric_vlan Asymmetric Vlan Enabled DES 3550 4 149 ...

Page 154: ...e 1 6 type lacp static delete link_aggregation group_id value 1 6 config link_aggregation group_id value1 6 master_port port ports portlist state enable disable config link_aggregation algorithm mac_source mac_destination mac_source_dest ip_source ip_destination ip_source_dest show link_aggregation group_id value 1 6 algorithm config lacp_port portlist mode active passive show lacp_port portlist E...

Page 155: ...P allows dynamic adjustment to the aggregated port group LACP compliant ports may be further configured see config lacp_ports LACP compliant must be connected to LACP compliant devices static This designates the aggregated port group as static Static port groups can not be changed as easily as LACP compliant port groups since both linked devices must be manually configured if the configuration of ...

Page 156: ...te a previously configured link aggregation group Parameters value 1 6 Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups Restrictions Only administrator level users can issue this command Example usage To delete link aggregation group DES 3550 4 delete link_aggregation group_id 6 Command delete link_aggregation ...

Page 157: ...d The group number identifies each of the groups master_port port Master port ID Specifies which port by port number of the link aggregation group will be the master port All of the ports in a link aggregation group will share the port configuration with the master port ports portlist Specifies a port or range of ports that will belong to the link aggregation group state enable disable Allows you ...

Page 158: ... MAC source address mac_destination Indicates that the Switch should examine the MAC destination address mac_source_dest Indicates that the Switch should examine the MAC source and destination addresses ip_source Indicates that the Switch should examine the IP source address ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Indicates that the Switch ...

Page 159: ...pecifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups algorithm Allows you to specify the display of link aggregation by the algorithm in use by that group Restrictions None Example usage To display Link Aggregation configuration DES 3550 4 show link_aggregation Command show link_aggregation Link Aggregation Algorith...

Page 160: ...tiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP passive LACP ports that are designated as passive cannot process LACP control frames In order...

Page 161: ...portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions Only administrator level users can issue this command Example usage To display LACP port mode settings DES 3550 4 show lacp_port 1 10 Command show lacp_port 1 10 Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Act...

Page 162: ...nd Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config ipif ipif_name 12 ipaddress network_address vlan vlan_name 32 state enable disable bootp dhcp show ipif ipif_name 12 Each command is listed in detail in the following sections 158 ...

Page 163: ...tion using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 vlan_name 32 The name of the VLAN corresponding to the System IP interface state enable disable Allows you to enable or disable the IP interface bootp Allows the selection of the BOOTP protocol for the assignment of an IP address to the Switch s System IP interface dhcp Allows the selection of the DHCP pr...

Page 164: ...an IP interface on the Switch Parameters ipif_name 12 The name created for the IP interface Restrictions None Example usage To display IP interface settings DES 3550 4 show ipif System Command show ipif System IP Interface Settings Interface Name System IP Address 10 48 74 122 MANUAL Subnet Mask 255 0 0 0 VLAN Name default Admin State Disabled Link Status Link UP Member Ports 1 26 Total Entries 1 ...

Page 165: ... querier vlan_name 32 all query_interval sec 1 65535 max_response_time sec 1 25 robustness_variable value 1 255 last_member_query_interval sec 1 25 state enable disable config router_ports vlan_name 32 add delete portlist enable igmp snooping forward_mcrouter_only show igmp snooping vlan vlan_name 32 disable igmp snooping show igmp snooping group vlan vlan_name 32 show router ports vlan vlan_name ...

Page 166: ...s router_timeout sec 1 16711450 Specifies the maximum amount of time a route can be a member of a multicast group without the Switch receiving a host membership report The default is 260 seconds leave_timer sec 1 16711450 Specifies the amount of time a Multicast address will stay in the database before it is deleted after it has sent out a leave group message An entry of zero 0 specifies an immedi...

Page 167: ...e maximum amount of time between group specific query messages including those sent in response to leave group messages You might lower this interval to reduce the amount of time it takes a router to detect the loss of the last member of a group state enable disable Allows the Switch to be specified as an IGMP Querier or Non querier Only administrator level users can issue this command Group membe...

Page 168: ...ows you to designate a range of ports as being connected to multicast enabled routers This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol etc vlan_name 32 The name of the VLAN on which the router port resides Parameters portlist Specifies a port or range of ports that will be configured as router ports Restrictions ...

Page 169: ...t traffic to the multicast router only Otherwise the Switch forwards all multicast traffic to any IP router Parameters forward_mcrouter_only Specifies that the Switch should only forward all multicast traffic to a multicast enabled router Otherwise the Switch will forward all multicast traffic to any IP router Restrictions Only administrator level users can issue this command Example usage To enab...

Page 170: ...this command will disable forwarding all multicast traffic to a multicast enabled routers The Switch will then forward all multicast traffic to any IP router Entering this command without the parameter will disable igmp snooping on the Switch Restrictions Only administrator level users can issue this command Example usage To disable IGMP snooping on the Switch DES 3550 4 disable igmp_snooping Comm...

Page 171: ...ES 3550 4 show igmp_snooping Total Entries 2 DES 3550 4 Command show igmp_snooping IGMP Snooping Global State Disabled Multicast router Only Disabled VLAN Name default Query Interval 125 Max Response Time 10 Robustness Value 2 Last Member Query Interval 1 Host Timeout 260 Route Timeout 260 Leave Timer 2 Querier State Disabled Querier Router Behavior Non Querier State Disabled VLAN Name vlan2 Query...

Page 172: ...ng group Command show igmp_snooping group Reports 1 Multicast group 224 0 0 9 MAC address 01 00 5E 00 00 09 Port Member 6 8 Multicast group 234 5 6 7 Port Member 4 10 Multicast group 236 54 63 75 Port Member 18 22 Multicast group 239 255 255 250 MAC address 01 00 5E 7F FF FE VLAN Name default Multicast group 224 0 0 2 MAC address 01 00 5E 00 00 02 Port Member 2 5 VLAN Name default Reports 1 VLAN N...

Page 173: ...ntly configured on the Switch Parameters vlan_name 32 The name of the VLAN on which the router port resides static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured Restrictions None Example usage To display the router ports DES 3550 4 show router_ports Command show router_ports VLAN Name default Static router port 1 2 10...

Page 174: ...mple usage To view the IGMP snooping forwarding table for VLAN Trinity DES 3550 4 show igmp_snooping forwarding vlan Trinity Command show igmp_snooping forwarding vlan Trinity VLAN Name Trinity Multicast group 224 0 0 2 MAC address 01 00 5E 00 00 02 Port Member 17 Total Entries 1 DES 3550 4 show igmp_snooping group Purpose Used to display the current IGMP snooping configuration on the Switch Synta...

Page 175: ... 00 5E 00 00 02 Reports 1 Port Member 2 4 VLAN Name default Multicast group 224 0 0 9 MAC address 01 00 5E 00 00 09 Reports 1 Port Member 6 8 VLAN Name default Multicast group 234 5 6 7 MAC address 01 00 5E 05 06 07 Port Member 10 12 VLAN Name default Multicast group 236 54 63 75 MAC address 01 00 5E 36 3F 4B Reports 1 Port Member 14 16 Multicast group 239 255 255 250 MAC address 01 00 5E 7F FF FA...

Page 176: ...ange of multicast addresses The Limited IP Multicast Commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters portlist from multicast_ipaddr to multicast_ipaddr access permit deny state enable disable all portlist show limited multicast address portlist config limited multicast address delete limited multicast address 172...

Page 177: ...ess of the range to Enter the highest multicast IP address of the range access Use the access field to either permit or deny to limit or grant access to a specified range of Multicast addresses on a particular port or range of ports state This parameter allows the user to enable or disable the limited multicast address range on a specific port or range of ports Restrictions Only administrator leve...

Page 178: ...as been assigned to all Allows the user to delete all limited multicast addresses that have been configured on the Switch portlist allows the user to delete only those multicast address ranges that have been assigned to a particular port or range of ports Restrictions Only administrator level users can issue this command Syntax Description Parameters Example usage To delete the limited multicast a...

Page 179: ... address range by ports Parameters portlist A port or range of ports on which the limited multicast address range to be shown has been assigned Restrictions None Example usage To show the limited multicast address on ports 1 3 DES 3550 4 show limited multicast address 1 3 2 224 1 1 1 224 1 1 2 permit enable Command show limited multicast address 1 3 Port From To Access Status 1 224 1 1 1 224 1 1 2...

Page 180: ...t additional information into the client s DHCP request This information can be used to implement policies intended to improve security and efficiency For simplicity references to DHCP include BOOTP i e DHCP requests are treated identically to BOOTP requests for the DHCP relay agent The DHCP relay commands in the Command Line Interface CLI are listed along with the appropriate parameters in the fo...

Page 181: ...onds elapsed since that client began booting up This information is read by the Switch The Switch forwards a DHCP request if the time elapsed is equal to or greater than the time parameter entered here If the elapsed time is less the DHCP request is dropped The default value 0 so the default setting requires the Switch to forward all DHCP requests Entering a value greater than zero here can used t...

Page 182: ...eout DES 3550 4 config dhcp_relay hops 2 time 23 Command config dhcp_relay hops 2 time 23 Success DES 3550 4 To add an IP destination to the DHCP relay table DES 3550 4 config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DES 3550 4 178 ...

Page 183: ...t originated check Used to specify a validity check of the option 82 field when enabled If the option 82 field is determined invalid the DHCP request is dropped policy Used to specify a policy implementation in the option 82 field when enabled The policy instructions are one of the following enable When the option 82 state is enabled the relay agent will insert and remove DHCP relay information op...

Page 184: ... option_82 state enable Success DES 3550 4 To configure DHCP relay option 82 check DES 3550 4 config dhcp_relay option_82 check enable Command config dhcp_relay option_82 check enable Success DES 3550 4 To configure DHCP relay option 82 policy DES 3550 4 config dhcp_relay option_82 policy replace Command config dhcp_relay option_82 policy replace Success DES 3550 4 180 ...

Page 185: ..._name 12 The name of the IP interface for which to display the current DHCP relay configuration Restrictions None Syntax Example usage To show the DHCP relay configuration DES 3550 4 show dhcp_relay DHCP BOOTP Relay Status Enabled Command show dhcp_relay DHCP BOOTP Hops Count Limit 2 DHCP BOOTP Relay Time Threshold 23 DHCP Relay Agent Information Option 82 State Enabled DHCP Relay Agent Informatio...

Page 186: ...Server 4 System 10 58 44 6 DES 3550 4 enable dhcp_relay Purpose Used to enable the DHCP BOOTP relay function on the switch Syntax enable dhcp_relay Description This command is used to enable the DHCP BOOTP relay function on the switch Parameters None Restrictions Only administrator level users can issue this command Example usage To enable DHCP relay DES 3550 4 enable dhcp_relay Command enable dhc...

Page 187: ...switch Syntax disable dhcp_relay Description This command is used to disable the DHCP BOOTP relay function on the switch Parameters None Restrictions Only administrator level users can issue this command Example usage To disable DHCP relay DES 3550 4 disable dhcp_relay Command disable dhcp_relay Success DES 3550 4 183 ...

Page 188: ...in port_control force_unauth auto force_auth quiet_period sec 0 65535 tx_period sec 1 65535 supp_timeout sec 1 65535 server_timeout sec 1 65535 max_req value 1 10 reauth_period sec 1 65535 enable_reauth enable disable config 802 1x auth_protocol radius eap radius pap config 802 1x init port_based mac_based port_based ports portlist all mac_based ports portlist all mac_address macaddr server_index ...

Page 189: ...xample usage Command enable 802 1x To enable 802 1x switch wide DES 3550 4 enable 802 1x Success DES 3550 4 disable 802 1x Purpose Used to disable the 802 1x server on the Switch Syntax disable 802 1x Description The disable 802 1x command is used to disable the 802 1x Network Access control server application on the Switch To select between port based or MAC based use the config 802 1x auth_mode ...

Page 190: ...ait for a response from a Radius server AdminCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction OpenCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the rec...

Page 191: ...guration ports 1 802 1X Enabled Authentication Mode Port_based Port Control Auto Authentication Protocol Radius_Eap Port number 1 Capability None AdminCrlDir Both OpenCrlDir Both QuietPeriod 60 sec TxPeriod 30 sec SuppTimeout 30 sec ServerTimeout 30 sec MaxReq 2 times ReAuthPeriod 3600 sec ReAuthenticate Disabled CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All 187 ...

Page 192: ...wing details what is displayed Port number Shows the physical port number on the Switch Auth PAE State Initalize Disconnected Connecting Authenticating Authenticated Held ForceAuth ForceUnauth Shows the current state of the Authenticator PAE Backend State Request Response Fail Idle Initalize Success Timeout Shows the current state of the Backend Authenticator Port Status Authorized Unauthorized Sh...

Page 193: ...uccess Authorized 6 ForceAuth Success Authorized 7 ForceAuth Success Authorized 8 ForceAuth Success Authorized 9 ForceAuth Success Authorized 10 ForceAuth Success Authorized 11 ForceAuth Success Authorized 12 ForceAuth Success Authorized 13 ForceAuth Success Authorized 14 ForceAuth Success Authorized 15 ForceAuth Success Authorized 16 ForceAuth Success Authorized 17 ForceAuth Success Authorized 18...

Page 194: ...d 802 1x DES 3550 4 show 802 1x auth_state Port number 1 1 1 00 08 02 4E DA FA Authenticated Idle Authorized 4 7 Command show 802 1x auth_state Index MAC Address Auth PAE State Backend State Port Status 2 3 5 6 8 9 10 11 12 13 14 15 16 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All 190 ...

Page 195: ...used to enable either the port based or MAC based 802 1x authentication feature on the Switch Parameters port_based mac_based ports The Switch allows you to authenticate 802 1x by either port or MAC address Restrictions Only administrator level users can issue this command Example usage To configure 802 1x authentication by MAC address DES 3550 4 config 802 1x auth_mode mac_based Command config 80...

Page 196: ...and Supplicant and None Parameters portlist Specifies a port or range of ports to be configured all Specifies all of the ports on the Switch authenticator A user must pass the authentication process to gain access to the network none The port is not controlled by the 802 1x functions Restrictions Only administrator level users can issue this command Example usage To configure 802 1x capability on ...

Page 197: ...strative control over the authentication process for the range of ports The user has the following authentication options quiet_period sec 0 65535 Configures the time interval between authentication failure and the start of a new authentication attempt tx_period sec 1 65535 Configures the time to wait for a response from a supplicant user to send EAP Request Identity packets supp_timeout sec 1 655...

Page 198: ...ation protocol on the Switch Syntax config 802 1x auth_protocol radius_eap radius_pap Description The config 802 1x auth_protocol command enables you to configure the authentication protocol Parameters radius_eap radius_pap Specify the type of authentication protocol desired Restrictions Only administrator level users can issue this command Example usage To configure the authentication protocol on...

Page 199: ...2 1x functions based only on the port number Ports approved for initialization can then be specified mac_based This instructs the Switch to initialize 802 1x functions based only on the MAC address MAC addresses approved for initialization can then be specified ports portlist Specifies a port or range of ports to be configured all Specifies all of the ports on the Switch mac_address macaddr Enter ...

Page 200: ...ort number Ports approved for re authorization can then be specified mac_based This instructs the Switch to re authorize 802 1x functions based only on the MAC address MAC addresses approved for re authorization can then be specified ports portlist Specifies a port or range of ports to be re authorized all Specifies all of the ports on the Switch mac_address macaddr Enter the MAC address to be re ...

Page 201: ... address of the RADIUS server key Specifies that a password and encryption key will be used between the Switch and the Radius server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 characters can be used default Uses the default udp port number in both the auth_port and acct_port settings auth_port udp_port_number 1 65535 The UDP port number for authentication req...

Page 202: ...reviously entered RADIUS server configuration Parameters server_index 1 3 Assigns a number to the current set of RADIUS server settings Up to 3 groups of RADIUS server settings can be entered on the Switch Restrictions Only administrator level users can issue this command Example usage To delete previously configured RADIUS server communication settings DES 3550 4 config radius delete 1 Command co...

Page 203: ...s server_ip The IP address of the RADIUS server key Specifies that a password and encryption key will be used between the Switch and the RADIUS server auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 Restrictions Only administrator level users can i...

Page 204: ...nt RADIUS configurations on the Switch Syntax Description Parameters None Restrictions None Example usage Command show radius To display RADIUS settings on the Switch DES 3550 4 show radius Index IP Address Auth Port Acct Port Status Key Number Number 1 10 1 1 1 1812 1813 Active switch 2 20 1 1 1 1800 1813 Active des3226 3 30 1 1 1 1812 1813 Active dlink Total Entries 3 DES 3550 4 200 ...

Page 205: ...0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 255 delete access_profile profile_id value 1 255 config access_profile profile_id value 1 255 add access_id value 1 65535 ethernet vlan vlan_name 32 source_mac macaddr destination_mac macaddr 802 1p value 0 7 ethernet_type...

Page 206: ...er in this case 1 and it is used to assign a priority in case a conflict occurs The profile_id establishes a priority within the list of profiles A lower profile_id gives the rule a higher priority In case of a conflict in the rules entered for different profiles the rule with the highest priority lowest profile_id will take precedence See below for information regarding limitations on access prof...

Page 207: ...ry of the maximum ACL profile rule limits Port Numbers Maximum ACL Profile Rules per Port Group 1 8 200 9 16 200 17 24 200 25 32 200 33 40 200 41 48 200 49 Gigabit 100 50 Gigabit 100 It is important to keep this in mind when setting up VLANs as well Access rules applied to a VLAN require that a rule be created for each port in the VLAN For example let s say VLAN10 contains ports 2 11 and 12 If you...

Page 208: ...xffffffff hex 0x0 0xffffffff offset_32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_48 63 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 255 Description The create access_profile command is used to create an access profile...

Page 209: ...port_mask hex 0x0 0xffff Specifies a UDP port mask for the source port user_define_mask hex 0x0 0xffffffff Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header tcp Specifies that the Switch will examine each frames Transport Control Protocol TCP field src_port_mask hex 0x0 0xffff Specifies a TCP port mask for the source port flag_mask Enter the appropriat...

Page 210: ... a value in hex form to mask the packet from byte 16 to byte 31 offset_32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 offset_48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 offset_64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Only administrator level users can issue this command Example usage To create an access li...

Page 211: ...ters profile_id value 1 255 Enter an integer between 1 and 255 that is used to identify the access profile that will be deleted with this command This value is assigned to the access profile when it is created with the create access_profile command Restrictions Only administrator level users can issue this command Example usage To delete the access profile with a profile ID of 1 DES 3550 4 delete ...

Page 212: ... hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff port portlist permit priority value 0 7 replace_priority replace_dscp_with value 0 63 deny delete access_id value 1 65535 Description The config access_profile command is used to configure an access profile on the Switch and to enter specific values that will be combined using a logical AND operation with masks entered with the create acces...

Page 213: ...at the access profile will apply to packets that have this IGMP type value tcp Specifies that the Switch will examine the Transmission Control Protocol TCP field within each packet src_port value 0 65535 Specifies that the access profile will apply only to packets that have this TCP source port in their TCP header dst_port value 0 65535 Specifies that the access profile will apply only to packets ...

Page 214: ...cess for incoming packets on the previously specified port replace_priority Allows you to specify a new value to be written to the priority field of an incoming packet on the previously specified port priority value 0 7 Specifies that the access profile will apply to packets that contain this value in their 802 1p priority field of their header for incoming packets on the previously specified port...

Page 215: ...d value 1 65535 Description The show access_profile command is used to display the currently configured access profiles Parameters profile_id Specify the profile id to display only the access rules configuration for a single profile id access_id Specify the access id to display the access rule configuration for the access id Restrictions Only administrator level users can issue this command 211 ...

Page 216: ... Profile ID 246 Type IP Frame Filter Ports All Masks Source IP Addr 255 0 0 0 ID Mode Access Profile ID 247 Type Ethernet Frame Filter Ports All Masks 802 1p ID Mode Access Profile ID 249 Type Packet Content Filter Ports All Masks Offset 0 15 0x00000000 00000000 00000000 00000000 Offset 16 31 0x00000000 00000000 00000000 00000000 Offset 32 47 0x00000000 00000000 00000000 00000000 Offset 48 63 0x00...

Page 217: ...to smaller groups of ports that will help to reduce traffic on the VLAN The VLAN rules take precedence and then the traffic segmentation rules are applied Command Parameters config traffic_segmentation portlist forward_list null portlist show traffic_segmentation portlist Each command is listed in detail in the following sections 213 ...

Page 218: ... ports that will receive forwarded frames from the ports specified in the portlist above Restrictions Only administrator level users can issue this command null No ports are specified portlist Specifies a range of ports for the forwarding list This list must be on the same Switch previously specified for traffic segmentation i e following the portlist specified above for config traffic_segmentatio...

Page 219: ...which the current traffic segmentation configuration on the Switch will be displayed Restrictions The port lists for segmentation and the forward list must be on the same Switch Example usage To display the current traffic segmentation configuration on the Switch DES 3550 4 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward Portlist 1 1 50 2 1 50 3 ...

Page 220: ...disable sntp config time date ddmmmyyyy time hh mm ss config time_zone operator hour gmt_hour 0 13 min minute 0 59 config dst disable repeating s_week start_week 1 4 last s_day start_day sun sat s_mth start_mth 1 12 s_time start_time hh mm e_week end_week 1 4 last e day end_day sun sat e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 annual s_date start_date 1 31 s_mth start_mth 1 12 s...

Page 221: ...ill be taken from in the event the primary server is unavailable poll interval int 30 99999 This is the interval between requests for updated SNTP information The polling interval ranges from 30 to 99 999 seconds Restrictions Only administrator level users can issue this command SNTP service must be enabled for this command to function enable sntp ipaddr The IP address of the primary server ipaddr...

Page 222: ...cluding the source IP address time and poll interval Parameters None Restrictions Only administrator level users can issue this command Example usage To display SNTP configuration information DES 3550 4 show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES 3550 4 218 ...

Page 223: ...ured see config sntp Enabling and configuring SNTP support will override any manually configured system time settings Parameters None Restrictions Only administrator level users can issue this command SNTP settings must be configured for SNTP to function config sntp Syntax Example usage To enable the SNTP function DES 3550 4 enable sntp Command enable sntp Success DES 3550 4 219 ...

Page 224: ... disable sntp Description This will disable SNTP support SNTP service must be separately configured see config sntp Parameters None Restrictions Only administrator level users can issue this command Example To disable SNTP support DES 3550 4 disable sntp Success Command disable sntp DES 3550 4 220 ...

Page 225: ... characters for the name of the month and four numerical characters for the year For example 03aug2003 time Express the system time using the format hh mm ss that is two numerical characters each for the hour using a 24 hour clock the minute and second For example 19 42 30 Restrictions Only administrator level users can issue this command Manually configured system time and date settings are overr...

Page 226: ... to allow for the use of Daylight Savings Time DST Syntax config dst disable repeating s_week start_week 1 4 last s_day start_day sun sat s_mth start_mth 1 12 s_time start_time hh mm e_week end_week 1 4 last e_day end_day sun sat e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 annual s_date start_date 1 31 s_mth start_mth 1 12 s_time start_time hh mm e_date end_date 1 31 e_mth end_mth...

Page 227: ...0 The default value is 60 Restrictions Only administrator level users can issue this command start_week 1 4 last The number of the week during the month in which DST begins where 1 is the first week 2 is the second week and so on last is the last week of the month end_week 1 4 last The number of the week during the month in which DST ends where 1 is the first week 2 is the second week and so on la...

Page 228: ...show time Description This will display system time and date configuration as well as display current system time Parameters None Restrictions Only administrator level users can issue this command Example usage To show the time cuurently set on the Switch s System clock DES 3550 4 show time Command show time Current Time Source System Clock Boot Time 0 Days 00 00 00 Current Time 1 Days 01 39 17 Ti...

Page 229: ...nding is useful for preventing IP spoofing and other abuses The IP MAC Binding commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create address_binding ip_mac ipaddress ipaddr mac_address macaddr config address_binding ip_mac ipaddress ipaddr mac_address macaddr config address_binding ip_mac ports portlist all stat...

Page 230: ...of the device where the IP MAC binding is made Restrictions Only administrator level users can issue this command Example usage To create address binding on the switch DES 3550 4 create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Command create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Success DES 3550 4 config address_binding ip_mac ipaddr...

Page 231: ...n This command is used to enable disable IP MAC binding for specified ports The IP MAC binding entry applies only to the specified port or ports Parameters portlist Specifies a port or range of ports all Specifies all ports on the switch state enable disable Enables or disables IP MAC binding for the specified range of ports When enabled the IP MAC binding comparison is applied to traffic ARP pack...

Page 232: ...sses ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC address of the device where the IP MAC binding is made vlan_name The VLAN name of the VLAN that is bound to a MAC address in order to block a specific device on a known VLAN Restrictions None IP_MAC Address Binding entries can be viewed by entering the MAC and IP addresses of the device Blocked MAC addresses ...

Page 233: ...C binding all specifies all the IP MAC binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and their bound phsical addresses Restrictions Only administrator level users can issue this command IP_MAC Individual Address Binding entries can be deleted by entering the physical and IP addresses of the device Specify all to delete all the Address Binding entries Block...

Page 234: ...e appropriate parameters in the following table Command Parameters create arpentry ipaddr macaddr ipaddr macaddr delete arpentry ipaddr all show arpentry ipif ipif_name 12 ipaddress ipaddr static local config arp_aging time value 0 65535 clear arptable config arpentry Each command is listed in detail in the following sections 230 ...

Page 235: ...itch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only administrator level users can issue this command Example Usage To create a static arp entry for the IP address 10 48 74 121 and MAC address 00 50 BA 00 07 36 DES 3550 4 create arpentry 10 48 74 121 00 50 BA 00 07 36 Command create arpentry 10 ...

Page 236: ...g MAC address of an entry in the Switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only administrator level users can issue this command Example Usage To configure a static arp entry for the IP address 10 48 74 12 and MAC address 00 50 BA 00 07 36 DES 3550 4 config arpentry 10 48 74 12 00 50 BA ...

Page 237: ...and above by specifying either the IP address of the entry or all Specifying all clears the Switch s ARP table Parameters ipaddr The IP address of the end node or station all Deletes all ARP entries Restrictions Only administrator level users can issue this command Example Usage To delete an entry of IP address 10 48 74 121 from the ARP table DES 3550 4 delete arpentry 10 48 74 121 Command delete ...

Page 238: ...try can remain in the Switch s ARP table without being accessed before it is dropped from the table Parameters time value 0 65535 The ARP age out time in minutes The value may be set in the range of 0 65535 minutes with a default setting of 20 minutes Restrictions Only administrator level users can issue this command Syntax Example Usage To configure ARP aging time DES 3550 4 config arp_aging time...

Page 239: ... 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 1 1 169 00 50 BA 70 E4 4E Dynamic System 10 1 1 254 00 01 30 FA 5F 00 Dynamic System 10 9 68 1 00 A0 C9 A4 22 5B Dynamic System 10 9 68 4 00 80 C8 2E C7 45 Dynamic System 10 10 27 51 00 80 C8 48 DF AB Dynamic System 10 11 22 145 00 80 C8 93 05 6B Dynamic System 10 11 94 10 00 10 83 F9 37 6E Dynamic System 10 14 82 24 00 50 BA 90 37 10 Dynamic S...

Page 240: ...n This command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Only administrator level users can issue this command Restrictions Example Usage To remove dynamic entries in the ARP table DES 3550 4 clear arptable Command clear arptable Success DES 3550 4 236 ...

Page 241: ...le commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create iproute default ipaddr metric 1 65535 delete iproute default show iproute Each command is listed in detail in the following sections 237 ...

Page 242: ... The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry representing the number of routers between the Switch and the IP address above The default setting is 1 Restrictions Only administrator level users can issue this command Example Usage To add the default static address 10 48 74 121 with a metric setting of 1 to the routing table DES 3...

Page 243: ...ault Description This command will delete an existing default entry from the Switch s IP routing table Parameters None Restrictions Only administrator level users can issue this command Syntax Example usage To delete the default IP route 10 53 13 254 DES 3550 4 delete iproute default 10 53 13 254 Command delete iproute default 10 53 13 254 Success DES 3550 4 239 ...

Page 244: ...current IP routing table Restrictions None show iproute Description Parameters None Example Usage To display the contents of the IP routing table DES 3550 4 show iproute Routing Table Command show iproute IP Address Netmask Gateway Interface Hops Protocol 0 0 0 0 10 1 1 254 System 1 Default 10 0 0 0 8 10 48 74 122 System 1 Local Total Entries 2 DES 3550 4 240 ...

Page 245: ...ble along with their appropriate parameters Command Parameters enable mac_notification disable mac_notification config mac_notification interval int 1 2147483647 historysize int 1 500 config mac_notification ports portlist all enable disable show mac_notification show mac_notification ports portlist Each command is listed in detail in the following sections 241 ...

Page 246: ...changing basic configuration DES 3550 4 enable mac_notification Command enable mac_notification Success DES 3550 4 disable mac_notification Used to disable global MAC address table notification on the Switch Syntax disable mac_notification Description This command is used to disable MAC address notification without changing configuration Parameters None Restrictions Only administrator level users ...

Page 247: ...ec 1 2147483647 The time in seconds between notifications The user may choose an interval between 1 and 2 147 483 647 seconds historysize 1 500 The maximum number of entries listed in the history log used for notification Restrictions Only administrator level users can issue this command Example usage To configure the Switch s MAC address table notification global settings DES 3550 4 config mac_no...

Page 248: ...into the FDB Parameters portlist Specify a port or range of ports to be configured all Entering this command will set all ports on the system enable disable These commands will enable or disable MAC address table notification on the Switch Restrictions Only administrator level users can issue this command Example usage To enable port 7 for MAC address table notification DES 3550 4 config mac_notif...

Page 249: ...ification global settings DES 3550 4 show mac_notification History Size 1 Command show mac_notification Global Mac Notification Settings State Enabled Interval 1 DES 3550 4 show mac_notification ports Purpose Used to display the Switch s MAC address table notification status settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address ta...

Page 250: ...d show mac_notification ports Port MAC Address Table Notification State 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh 246 ...

Page 251: ... other than the Switch called a server host and it must include usernames and passwords for authentication When the user is prompted by the Switch to enter usernames and passwords for authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages A The server verifies the username and password and the user is granted norm...

Page 252: ...and are not compatible The Switch and the server must be configured exactly the same using the same protocol For example if the Switch is set up for TACACS authentication so must be the host server The TACACS commands are listed along with the appropriate parameters in the following table 248 ...

Page 253: ...ation console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show authen server_group string 15 create authen server_host ipaddr protocol tacacs xt...

Page 254: ...strator defined authentication policy for users trying to access the Switch When enabled the device will check the method list and choose a technique for user authentication upon login Restrictions Only administrator level users can issue this command Syntax Description Parameters None Example usage To enable the system access authentication policy DES 3550 4 enable authen_policy Command enable au...

Page 255: ...ed the Switch will access the local user account database for username and password verification In addition the Switch will now accept the local enable password as the authentication for normal users attempting to access administrator level privileges Parameters None Restrictions Only administrator level users can issue this command Example usage To disable the system access authentication policy...

Page 256: ...Switch Syntax show authen_policy Description This command will show the current status of the access authentication policy on the Switch Parameters None Restrictions None Example usage To display the system access authentication policy DES 3550 4 show authen_policy Command show authen_policy Authentication Policy Enabled DES 3550 4 252 ...

Page 257: ... can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured separately Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given method list Restrictions Only administrator level users can issue this command Syntax Description Example usage To create the method list Trinity DES ...

Page 258: ...d by a previously configured password See the enable admin part of this section for more detailed information concerning the enable admin command default The default method list for access authentication as defined by the user The user may choose one or a combination of up to four 4 of the following authentication methods method_list_name Enter a previously implemented method list name defined by ...

Page 259: ...he RADIUS protocol from a remote RADIUS server server_group string 15 Adding this parameter will require the user to be authenticated using a user defined server group previously configured on the Switch local Adding this parameter will require the user to be authenticated using the local user account database on the Switch none Adding this parameter will require no authentication to access the Sw...

Page 260: ..._name Trinity method tacacs xtacacs local Command config authen_login method_list_name Trinity method tacacs xtacacs local Success DES 3550 4 Example usage To configure the default method list with authentication methods xtacacs tacacs and local in that order DES 3550 4 config authen_login default method xtacacs tacacs local Success Command config authen_login default method xtacacs tacacs local D...

Page 261: ...iption This command is used to delete a list for authentication methods for user login Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given method list the user wishes to delete Restrictions Only administrator level users can issue this command Example usage To delete the method list name Trinity DES 3550 4 delete authen_login method_list_name Trinity Comman...

Page 262: ...er method list name Method List Name The name of a previously configured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Comment Defines the type of Method User defined Group refers to server group defined by the user Built in Group refers to the TACACS...

Page 263: ...s command This command is used to promote users with normal level privileges to Administrator level privileges using authentication methods on the Switch Once a user acquires normal user level privileges on the Switch he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch which is defined by the Administrator A maximum of eight 8 enable method list...

Page 264: ...icate the user Successful authentication using any of these methods will give the user an Admin level privilege Parameters default The default method list for adminstration rights authentication as defined by the user The user may choose one or a combination of up to four 4 of the following authentication methods method_list_name Enter a previously implemented method list name defined by the user ...

Page 265: ...he local user account database on the Switch The local enable password of the device can be configured using the config admin local_password command none Adding this parameter will require no authentication to access the administration level privileges on the Switch Restrictions Only administrator level users can issue this command Example usage To configure the user defined method list Permit wit...

Page 266: ...d to delete a user defined method list of authentication methods for promoting user level privileges to Adminstrator level privileges Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given enable method list the user wishes to delete Restrictions Only administrator level users can issue this command Example usage To delete the user defined method list Permit D...

Page 267: ...is parameter will display all the authentication login methods currently configured on the Switch The window will display the following parameters Restrictions None Method List Name The name of a previously configured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest...

Page 268: ... administrator level privileges DES 3550 4 show authen_enable all Command show authen_enable all Method List Name Priority Method Name Comment Permit 1 tacacs Built in Group 2 tacacs Built in Group 3 Darren User defined Group 4 local Keyword default 1 tacacs Built in Group 2 local Keyword Total Entries 2 DES 3550 4 264 ...

Page 269: ...tion using the default method list Restrictions Description console Choose this parameter to configure the command line interface login method ssh Choose this parameter to configure the Secure Shell login method login Use this parameter to configure an application for normal login on the user level using a previously configured method list method_list_name string 15 Use this parameter to configure...

Page 270: ...ble administrator privileges for Switch configuration applications console telnet ssh web currently configured on the Switch Parameters None Restrictions None Example usage To display the login and enable method list for all applications on the Switch DES 3550 4 show authen application Command show authen application Application Login Method List Enable Method List Console default default Telnet T...

Page 271: ...st to add protocol The protocol used by the server host The user may choose one of the following port int 1 65535 Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host The default port number is 49 for TACACS XTACACS TACACS servers and 1812 and 1813 for RADIUS servers but the user may set a unique port number for higher security key ke...

Page 272: ...t with port number 1234 a timeout value of 10 seconds and a retransmit count of 5 DES 3550 4 create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Command create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Success DES 3550 4 268 ...

Page 273: ...ter protocol The protocol used by the server host The user may choose one of the following key key_string 254 Authentication key to be shared with a configured TACACS or RADIUS server only Specify an alphanumeric string up to 254 characters or choose none timeout int 1 255 Enter the time in seconds the Switch will wait for the server host to reply to an authentication request The default value is ...

Page 274: ...otocol tacacs xtacacs tacacs radius Description This command is used to delete a user defined authentication server host previously created on the Switch Parameters server_host ipaddr The IP address of the remote server host to be deleted protocol The protocol used by the server host the user wishes to delete The user may choose one of the following Restrictions Only administrator level users can ...

Page 275: ...splayed IP Address The IP address of the authentication server host Protocol The protocol used by the server host Possible results will include TACACS XTACACS TACACS or RADIUS Port The virtual port number on the server host The default value is 49 Timeout The time in seconds the Switch will wait for the server host to reply to an authentication request Retransmit The value in the retransmit field ...

Page 276: ...ill create an authentication server group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may add up to eight 8 authentication server hosts to this group using the config authen server_group command Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the ...

Page 277: ...estrictions Only administrator level users can issue this command tacacs Use this parameter to utilize the built in TACACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group xtacacs Use this parameter to utilize the built in XTACACS server protocol on the Switch Only server hosts utilizing the XTACACS protocol may be added to this group tacacs ...

Page 278: ...p Purpose Used to delete a user defined authentication server group Syntax delete authen server_group string 15 Description This command will delete an authentication server group Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the previously created server group to be deleted Restrictions Only administrator level users can issue this command Example usage To del...

Page 279: ...ilt in groups and user defined groups IP Address The IP address of the server host Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the previously created server group to be viewed Entering this command without the string parameter will display all authentication server groups on the Switch Restrictions None Example usage tacacs This group has no entry To view aut...

Page 280: ... wait for a response of authentication from the user Parameters response_timeout int 1 255 Set the time in seconds the Switch will wait for a response of authentication from the user attempting to log in from the command line interface or telnet interface Restrictions Only administrator level users can issue this command Example usage To configure the response timeout for 60 seconds DES 3550 4 con...

Page 281: ...he Switch and will be locked out of further authentication attempts Command line interface users will have to wait 60 seconds before another authentication attempt Telnet users will be disconnected from the Switch Parameters parameter attempt int 1 255 Set the maximum number of attempts the user may try to become authenticated by the Switch before being locked out Restrictions Only administrator l...

Page 282: ...y the following fields Response timeout The configured time allotted for the Switch to wait for a response of authentication from the user attempting to log in from the command line interface or telnet interface User attempts The maximum number of attempts the user may try to become authenticated by the Switch before being locked out Parameters None Restrictions None Example usage To view the auth...

Page 283: ...ssword Possible authentication methods for this function include TACACS XTACACS TACACS RADIUS user defined server groups local enable local account on the Switch or no authentication none Because XTACACS and TACACS do not support the enable function the user must create a special account on the server host which has the username enable and a password configured by the administrator that will suppo...

Page 284: ...hat is set locally on the Switch Parameters password 15 After entering this command the user will be prompted to enter the old password then a new password in an alphanumeric string of no more than 15 characters and finally prompted to enter the new password again for confirmation See the example below Restrictions Only administrator level users can issue this command Example usage To configure th...

Page 285: ... will use to authorize the user and they are password publickey and hostbased Configure the encryption algrothim that SSH will use to encrypt and decrypt messages sent between the SSH Client and the SSH Server After following the above steps you can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line In...

Page 286: ...ers can issue this command Usage Example To enable SSH DES 3550 4 enable ssh Command enable ssh Success DES 3550 4 disable ssh Purpose Used to disable SSH Syntax disable ssh Description This command allows you to disable SSH on the Switch Parameters None Restrictions Only administrator level users can issue this command Usage Example To disable SSH DES 3550 4 disable ssh Command disable ssh Succes...

Page 287: ...inistrator wishes to use a host computer for authentication This parameter is intended for Linux users requiring SSH authentication techniques and the host computer is running the Linux operating system with a SSH program previously installed enable disable This allows you to enable or disable SSH authentication on the Switch publickey This parameter may be chosen if the administrator wishes to us...

Page 288: ...scription This command will allow you to display the current SSH authentication set on the Switch Parameters None Restrictions None Example usage Command show ssh authmode Password Enabled To view the current authentication mode set on the Switch DES 3550 4 show ssh authmode The SSH authmode Publickey Enabled Hosatbased Enabled DES 3550 4 284 ...

Page 289: ...120 and 600 seconds The default is 300 seconds authfail int 2 20 Allows the administrator to set the maximum number of attempts that a user may try to logon utilizing SSH authentication After the maximum number of attempts is exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login rekey 10min 30min 60min never Sets the time period that the Switch...

Page 290: ...cription This command allows you to display the current SSH server setting Parameters None Restrictions None Usage Example To display the SSH server DES 3550 4 show ssh server Rekey timeout never DES 3550 4 Command show ssh server The SSH server configuration max Session 8 Connection timeout 300 Authfail attempts 2 port 22 286 ...

Page 291: ...oosing this parameter requires the user to input the following information to identify the SSH user hostname domain_name Enter an alphanumeric string of up to 31 characters identifying the remote SSH user hostname_IP domain_name ipaddr Enter the hostname and the corresponding IP address of the SSH user password This parameter should be chosen if the user wishes to use an administrator defined pass...

Page 292: ...ons None Example usage To display the SSH user DES 3550 4 show ssh user Command show ssh user UserName Authentication Trinity Publickey DES 3550 4 Current Accounts Note To configure the SSH user the administrator must create a user account on the Switch For information concerning configuring a user account please see the section of this manual entitled Basic Switch Commands and then the command cr...

Page 293: ... disable the Arcfour encryption algorithm blowfish This parameter will enable or disable the Blowfish encryption algorithm cast128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 This parameter will enab...

Page 294: ...strictions None Usage Example To display SSH algorithms cuurently set on the Switch DES 3550 4 show ssh algorithm Command show ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled ARC4 Enabled Blowfish Enabled Cast128 Enabled Twofish128 Enabled Twofish192 Enabled Twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA En...

Page 295: ... to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Secure Hash Algorithm The...

Page 296: ...DES 3550 Layer 2 Fast Ethernet Switch Each command is listed in detail in the following sections 292 ...

Page 297: ...ite will not enable the SSL status on the Switch Restrictions Only administrator level users can issue this command RSA_with_RC4_128_MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_D...

Page 298: ...ey sizes to be used for an authentication session The user may choose any combination of the following Restrictions Only administrator level users can issue this command RSA_with_RC4_128_MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Ciphe...

Page 299: ...hrough a key exchange Specifying a longer timeout will allow the SSL session to reuse the master key on future connections with that particular host therefore accelerating the negotiation process Parameters timeout value 60 86400 Enter a timeout value between 60 and 86400 seconds to specify the total time an SSL key exchange ID stays valid before the SSL module will require a new full SSL negotiat...

Page 300: ...emented on the Switch Parameters None Restrictions None Example usage To view the SSL cache timeout on the Switch DES 3550 4 show ssl cachetimeout Command show ssl cachetimeout Cache timeout is 600 second s DES 3550 4 show ssl Purpose Used to view the SSL status and the certificate file status on the Switch Syntax show ssl Description This command is used to view the SSL status on the Switch Param...

Page 301: ...H_3DES_EDE_CBC_SHA 0x0013 Enabled DES 3550 4 show ssl certificate Purpose Used to view the SSL certificate file status on the Switch Syntax show ssl certificate Description This command is used to view the SSL certificate file information currently implemented on the Switch Parameters None Restrictions None Example usage To view certificate file information on the Switch DES 3550 4 show ssl certif...

Page 302: ...t certificate files for optimal use of the SSL function The Switch only supports certificate files with der file extensions Parameters ipaddr Enter the IP address of the TFTP server certfilename path_filename 64 Enter the path and the filename of the certificate file you wish to download keyfilename path_filename 64 Enter the path and the filename of the key exchange file you wish to download Rest...

Page 303: ...to one group If multiple VLANs are configured the SIM group will only utilize the default VLAN on any switch SIM allows intermediate devices that do not support SIM This enables the user to manage a switch that is more than one hop away from the CS The SIM group is a group of switches that are managed as a single entity The DES 3550 may take on three different roles Commander Switch CS This is a s...

Page 304: ...nstead of executing the packets The applications will decode the packet from the administrator modify some data then send it to the MS After execution the CS may receive a response packet from the MS which it will encode and send back to the administrator When a CS becomes a MS it automatically becomes a member of the first SNMP community include read write and read only to which the CS belongs Ho...

Page 305: ...s Only administrator level users can issue this command Example usage To enable SIM on the Switch DES 3550 4 enable sim Command enable sim Success DES 3550 4 disable sim Purpose Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only administrator level users can issue this command ...

Page 306: ... discovery packets out over the network Hold time Displays the time in seconds the Switch will hold discovery results before dropping it or utilizing it Parameters candidates candidate_id 1 32 Entering this parameter will display information concerning candidates of the SIM group To view a specific candidate include that candidate s ID number listed from 1 to 32 members member_id 1 32 Entering thi...

Page 307: ...h SIM State Enabled Role State Commander Discovery Interval 60 sec Hold Time 180 sec DES 3550 4 To show the candidate information in summary if the candidate ID is specified DES 3550 4 show sim candidates Command show sim candidates ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3550 L2 Switch 40 2 00 B02 The Man 2 00 55 55 00 55 00 DES 3550 L2 Sw...

Page 308: ...o show other groups information in summary if group is specified DES 3550 4 show sim group Command show sim group SIM Group Name default ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3550 L2 Switch 40 2 00 B02 Trinity 2 00 55 55 00 55 00 DES 3550 L2 Switch 140 2 00 B02 default master SIM Group Name SIM2 ID MAC Address Platform Hold Firmware Devic...

Page 309: ...ntax reconfig member_id value 1 32 exit Description This command is used to reconnect to a member switch using telnet Parameters member_id value 1 32 Select the ID number of the member switch the user desires to configure exit This command is used to exit from managing the member switch and will return to managing the commander switch Restrictions Only administrator level users can issue this comm...

Page 310: ...h CaS to a member switch MS of a SIM group The CaS may be defined by its ID number and a password if necessary delete member_id 1 32 Use this parameter to delete a member switch of a SIM group The member switch should be defined by ID number Only administrator level users can issue this command Restrictions Example usage To add a member DES 3550 4 config sim_group add 2 Command config sim_group ad...

Page 311: ...that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 90 seconds hold time sec 100 300 Using this parameter the user may set the time in seconds the CS will hold information sent to it from other switches utilizing the discovery interval protocol The user ma...

Page 312: ... the hold time of the discovery protocol DES 3550 4 config sim commander hold_time 120 Command config sim commander hold_time 120 Success DES 3550 4 To transfer the CS commander to be a CaS candidate DES 3550 4 config sim candidate Command config sim candidate Success DES 3550 4 To transfer the Switch to be a CS DES 3550 4 config sim commander Command config sim commander Success DES 3550 4 To upd...

Page 313: ...n Specify this parameter if the user wishes to download a switch configuration to members of a SIM group ipaddr Enter the IP address of the TFTP server path_filename Enter the path and the filename of the firmware or switch on the TFTP server members Enter this parameter to specify the members the user prefers to download firmware or switch configuation files to The user may specify a member or me...

Page 314: ...dress Result 1 00 01 02 03 04 00 Success 2 00 07 06 05 04 03 Success 3 00 07 06 05 04 03 Success DES 3550 4 To download configuration files DES 3550 4 download sim configuration 10 53 13 94 c des3526 txt members all Command download sim firmware 10 53 13 94 c des3526 txt members all This device is updating configuation Please wait Download Status ID MAC Address Result 1 00 01 02 03 04 00 Success 2...

Page 315: ..._filename Enter a user defined path and file name on the TFTP server the user wishes to upload configuration files to Restrictions Only administrator level users can issue this command Parameters member_id 1 32 Enter this parameter to specify the member the user prefers to upload a switch configuation file to The user may specify a member or members by adding the ID number of the specified member ...

Page 316: ...witch history commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters dir config command_history value 1 40 show command_history Each command is listed in detail in the following sections 312 ...

Page 317: ...DES 3550 4 clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p default_priority config 802 1p user_priority config 802 1x auth_mode config 802 1x auth_parameter ports config 802 1x auth_protocol config 802 1x capability ports config 802 1x init config 802 1x reauth config access_profile profile_id config account config admin local_enable config arp_...

Page 318: ...DES 3550 Layer 2 Fast Ethernet Switch 314 ...

Page 319: ...0 4 dir clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p default_priority config 802 1p user_priority config 802 1x auth_mode config 802 1x auth_parameter ports config 802 1x auth_protocol config 802 1x init config access_profile profile_id config account config 802 1x capability ports config 802 1x reauth config admin local_enable config arp_agi...

Page 320: ...executed commands may be viewed Restrictions None Example usage To configure the command history DES 3550 4 config command_history 20 Command config command_history 20 Success DES 3550 4 show command_history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None Restrictions None Example usage To display the...

Page 321: ...nternal power supply fails Power Consumption 60 watts maximum DC fans 2 built in 40 x 40 x10 mm fans 0 to 40 degrees Celsius 32 to 104 degrees Fahrenheit Storage Temperature 40 to 70 degrees Celsius 40 to 158 degrees Fahrenheit Humidity Operating 5 to 95 RH non condensing Dimensions 441 mm x 309 mm x 44 mm 1U 19 inch rack mount width Weight 5 kg EMC CE Class A FCC Class A C Tick Safety CSA Interna...

Page 322: ...egotiation Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps n a 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE LH DEM 314GT transceiver IEEE 802 3z 1000BASE ZX DEM 315GT transceiver Network Cables Cat 5 Enha...

Page 323: ...4 MB per device Filtering Address Table 8K MAC address per device Packet Filtering Forwarding Rate Full wire speed for all connections 148 810 pps per port for 100Mbps 1 488 100 pps per port for 1000Mbps MAC Address Learning Automatic update Forwarding Table Age Time Max age 10 1000000 seconds Default 300 ...

Reviews:

No comments