background image

DES-3526 / DES-3526DC Layer 2 Fast Ethernet Switch CLI Reference Manual

 

 

140

config 802.1x auth_parameter 

Request/Identity packets. 

server_timeout <sec 1-65535> 

- Configure the length of time to wait 

for a response from a RADIUS server. 

max_req <value 1-10>

 

 Configures the number of times to retry 

sending packets to a supplicant (user). 

reauth_period <sec 1-65535>

 

 Configures the time interval between 

successive re-authentications. 

enable_reauth [enable | disable] 

 Determines whether or not the 

Switch will re-authenticate. Enabled causes re-authentication of 
users at the time interval specified in the Re-authentication Period 
field, above. 

Restrictions

 

Only administrator-level users can issue this command. 

Example usage: 

To configure 802.1x authentication parameters for ports 1 – 20:

 

DES-3526:4#config 802.1x auth_parameter ports 1–20 direction both 
Command: config 802.1x auth_parameter ports 1–20 direction both 
 
Success. 
 
DES-3526:4# 

 

config 802.1x auth_protocol 

Purpose 

Used to configure the 802.1x authentication protocol on the Switch. 

Syntax 

config 802.1x auth_protocol [radius_eap | radius_pap] 

Description 

The config 802.1x auth_protocol command enables you to configure 
the authentication protocol. 

Parameters 

radius_eap | radius_pap

 – Specify the type of authentication protocol 

desired. 

Restrictions Only 

administrator-level users can issue this command. 

Example usage: 

To configure the authentication protocol on the Switch: 

DES-3526:4# config 802.1x auth_protocol radius_pap 
Command: config 802.1x auth_protocol local radius_pap 
 
Success. 
 
DES-3526:4# 

 

config 802.1x init 

Purpose 

Used to initialize the 802.1x function on a range of ports. 

Syntax 

config 802.1x init {port_based ports [<portlist> | all] | 
mac_based [ports] [<portlist> | all] {mac_address <macaddr>}] 

Description The 

config 802.1x init 

command is used to immediately initialize the 

802.1x functions on a specified range of ports or for specified MAC 
addresses operating from a specified range of ports. 

Parameters 

port_based 

– This instructs the Switch to initialize 802.1x functions 

based only on the port number. Ports approved for initialization can 

Summary of Contents for xStack DES-3526

Page 1: ...Copyright 2005 All Rights Reserved CLI Manual Product Model xStackTM DES 3526 DES 3526DC Layer 2 Managed Stackable Fast Ethernet Switch Release 3 60...

Page 2: ...MANDS 26 SWITCH UTILITY COMMANDS 45 NETWORK MONITORING COMMANDS 53 MULTIPLE SPANNING TREE PROTOCOL MSTP COMMANDS 66 FORWARDING DATABASE COMMANDS 78 BROADCAST STORM CONTROL COMMANDS 85 QOS COMMANDS 87...

Page 3: ...FIC SEGMENTATION COMMANDS 154 TIME AND SNTP COMMANDS 156 ARP COMMANDS 162 ROUTING TABLE COMMANDS 166 MAC NOTIFICATION COMMANDS 168 ACCESS AUTHENTICATION CONTROL COMMANDS 172 SSH COMMANDS 193 SSL COMMA...

Page 4: ...sed outside of Europe certain cosmetic differences between the actual switch and images in this document will be apparent to the reader such as the faceplate and the manual cover The DES 3526 DES 3526...

Page 5: ...fore it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The...

Page 6: ...itch was assigned an IP address of 10 41 44 254 with a subnet mask of 255 0 0 0 The system message Success indicates that the command was executed successfully The Switch can now be configured and man...

Page 7: ...in the Switch s NV RAM and reloaded when the Switch is rebooted If the Switch is rebooted without using the save command the last configuration saved to NV RAM will be loaded Connecting to the Switch...

Page 8: ...ands are entered at the command prompt DES 3526 4 There are a number of helpful features included in the CLI Entering the command will display a list of all of the top level commands Figure 2 2 The Co...

Page 9: ...pear at the command prompt Figure 2 4 Using the Up Arrow to Re enter a Command In the above example the command config account was entered without the required parameter username the CLI returned the...

Page 10: ...r config what Where the what is the next parameter For example if you enter the show command with no additional parameters the CLI will then display all of the possible next parameters Figure 2 6 Next...

Page 11: ...o not type the angle brackets Example Command create ipif Engineering vlan Design ipaddress 10 24 22 5 255 0 0 0 square brackets Purpose Encloses a required value or set of required arguments One valu...

Page 12: ...entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to pro...

Page 13: ...t tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web save reboot reset config system login logout Each command is listed in detail in the following sections create a...

Page 14: ...strator level users can issue this command Usernames can be between 1 and 15 characters Passwords can be between 0 and 15 characters Example usage To configure the user password of dlink account DES 3...

Page 15: ...trictions Only Administrator level users can issue this command Example usage To delete the user account System DES 3526 4 delete account System Command delete account System Success DES 3526 4 show s...

Page 16: ...41 44 22 Manual VLAN Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 3 00 005 Firmware Version Build 3 06 B09 Hardware Version 0A1 Device S N Power Status Main Norm...

Page 17: ...be used to communicate with the management host There are four options 9600 19200 38400 115200 never No time limit on the length of time the console can be open with no user input 2_minutes The conso...

Page 18: ...e Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information Syntax disable clipaging Description This comma...

Page 19: ...tch Parameters None Restrictions Only administrator level users can issue this command Example usage To disable the Telnet protocol on the Switch DES 3526 4 disable telnet Command disable telnet Succe...

Page 20: ...ge To disable HTTP DES 3526 4 disable web Command disable web Success DES 3526 4 save Purpose Used to save changes in the Switch s configuration to non volatile RAM Syntax save Description This comman...

Page 21: ...tory default settings are restored on the Switch including the IP address user accounts and the switch history log The Switch will not save or reboot system If the keyword system is specified all of t...

Page 22: ...pted for a Username and Password Parameters None Restrictions None Example usage To initiate the login procedure DES 3526 4 login Command login UserName logout Purpose Used to log out a user from the...

Page 23: ...Specifies a port or range of ports to be configured speed Allows the user to adjust the speed for a port or range of ports The user has a choice of the following auto Enables auto negotiation for the...

Page 24: ...Ctrl Learning 1 Enabled Auto Enabled Link Down Enabled 2 Enabled Auto Enabled Link Down Enabled 3 Enabled Auto Enabled Link Down Enabled 4 Enabled Auto Enabled Link Down Enabled 5 Enabled Auto Enabled...

Page 25: ...ed Description dads1 2 Enabled Auto Disabled Link Down Enabled Description 3 Enabled Auto Disabled Link Down Enabled Description 4 Enabled Auto Disabled Link Down Enabled Description 5 Enabled Auto Di...

Page 26: ...the port security feature Only the ports listed in the portlist are affected Parameters portlist Specifies a port or range of ports to be configured all Configure port security for all ports on the Sw...

Page 27: ...administrator level users can issue this command Example usage To delete a port security entry DES 3526 4 delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Command del...

Page 28: ...ity admin state maximum number of learning address and lock mode Parameters portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display the port security config...

Page 29: ...el of security provided between the management station and the network device The following table lists the security features of the three SNMP versions SNMP Version Authentication Method Description...

Page 30: ...2 show snmp community community_string 32 config snmp engineID snmp_engineID show snmp engineID create snmp group groupname 32 v1 v2c v3 noauth_nopriv auth_nopriv auth_priv read_view view_name 32 writ...

Page 31: ...ey in hex form below This method is not recommended auth The user may also choose the type of authentication algorithms used to authenticate the snmp user The choices are md5 Specifies that the HMAC M...

Page 32: ...32 characters that identifies the SNMP user that will be deleted Restrictions Only administrator level users can issue this command Example usage To delete a previously entered SNMP user on the Switch...

Page 33: ...is object from the list of objects that an SNMP manager can access Restrictions Only administrator level users can issue this command Example usage To create an SNMP view DES 3526 4 create snmp view d...

Page 34: ...3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included restricted 1 3 6 1 6 3 15 1 1 Included CommunityView 1 Included CommunityView 1 3 6 1 6 3 Excluded C...

Page 35: ...ty string created with this command can read from and write to the contents of the MIBs on the Switch Restrictions Only administrator level users can issue this command Example usage To create the SNM...

Page 36: ...entered SNMP community strings DES 3526 4 show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right dlink ReadView read_write private CommunityView re...

Page 37: ...the new SNMP user will be associated with v1 Specifies that SNMP version 1 will be used The Simple Network Management Protocol SNMP version 1 is a network management protocol that provides a means to...

Page 38: ...o access on the Switch Restrictions Only administrator level users can issue this command Example usage To create an SNMP group named sg1 DES 3526 4 create snmp group sg1 v3 noauth_nopriv read_view v1...

Page 39: ...ups Command show snmp groups Vacm Access Table Settings Group Name Group3 ReadView Name ReadView WriteView Name WriteView Notify View Name NotifyView Security Model SNMPv3 Security Level NoAuthNoPriv...

Page 40: ...provides secure access to devices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity ensures that packets have not been tampered with during...

Page 41: ...st 10 48 74 100 Success DES 3526 4 show snmp host Purpose Used to display the recipient of SNMP traps generated by the Switch s SNMP agent Syntax show snmp host ipaddr Description The show snmp host c...

Page 42: ...ipaddr The IP address of the trusted host to be created Restrictions Only administrator level users can issue this command Example usage To create the trusted host DES 3526 4 create trusted_host 10 48...

Page 43: ...sted_host 10 48 74 121 Success DES 3526 4 enable snmp traps Purpose Used to enable SNMP trap support Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap supp...

Page 44: ...nistrator level users can issue this command Example usage To view the current SNMP trap support DES 3526 4 show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled DES 35...

Page 45: ...other information to identify a contact person who is responsible for the Switch A maximum of 255 character can be used Parameters sw_contact A maximum of 255 characters is allowed A NULL string is a...

Page 46: ...d A NULL string is accepted if no name is desired Restrictions Only administrator level users can issue this command Example usage To configure the Switch name for DES 3526 Switch DES 3526 4 config sn...

Page 47: ...x disable rmon Description This command is used in conjunction with the enable rmon command above to enable and disable remote monitoring RMON on the Switch Parameters None Restrictions Only administr...

Page 48: ...1 2 configuration ipaddr path_filename 64 increment Description This command is used to download a new firmware or a Switch configuration file from a TFTP server Parameters firmware Download and insta...

Page 49: ...ully loaded the message End of configuration file for DES 3526 appears followed by the command prompt DES 3526 4 disable authen_policy Command disable authen_policy Success DES 3526 4 DES 3526 4 DES 3...

Page 50: ...ion Size B Update Time From User 1 2 00 B19 1360471 00000 days 00 00 00 Serial Port PROM Unknown 2 1 00 B21 2052372 00000 days 00 00 56 10 53 13 94 Anonymous means boot up section T means firmware upd...

Page 51: ...onfig Entering this parameter will display configurations entered without being saved to NVRAM config_in_NVRAM Entering this parameter will display configurations entered and saved to NVRAM Restrictio...

Page 52: ...48 74 121 c cfg log txt Connecting to server Done Upload configuration Done DES 3526 4 enable autoconfig Purpose Used to activate the autoconfiguration function for the Switch This will load a previo...

Page 53: ...reen will appear similar to the example below The configuration settings will be loaded in normal order DES 3526 Fast Ethernet Switch Command Line Interface Firmware Build 3 01 B21 Copyright C 2000 20...

Page 54: ...trictions None Example usage To stop the autoconfiguration function DES 3526 4 disable autoconfig Command disable autoconfig Success DES 3526 4 show autoconfig Purpose Used to display the current auto...

Page 55: ...ost times value 1 255 The number of individual ICMP echo messages to be sent A value of 0 will send an infinite ICMP echo messages The maximum value is 255 The default is 0 timeout sec 1 99 Defines th...

Page 56: ...able disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable...

Page 57: ...Used to display the error statistics for a range of ports Syntax show error ports portlist Description This command will display all of the packet error statistics collected and logged by the Switch...

Page 58: ...ecifies a port or range of ports to be displayed Restrictions None Example usage To display the port utilization statistics DES 3526 4 show utilization ports Command show utilization ports Port TX sec...

Page 59: ...e Used to clear the Switch s history log Syntax clear log Description This command will clear the Switch s history log Parameters None Restrictions Only administrator level users can issue this comman...

Page 60: ...emote host Syntax enable syslog Description The enable syslog command enables the system log to be sent to a remote host Parameters None Restrictions Only administrator level users can issue this comm...

Page 61: ...tocol status as enabled or disabled Syntax show syslog Description The show syslog command displays the syslog status as enabled or disabled Parameters None Restrictions None Example usage To display...

Page 62: ...tem is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational...

Page 63: ...es that local use 2 messages will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This correspon...

Page 64: ...ndicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical...

Page 65: ...ifies that local use 2 messages will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corres...

Page 66: ...om the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 all Specifies that the command will be applied...

Page 67: ...oads or uploads and failed logins Critical Events classified as critical are fatal exceptions occurring on the Switch such as hardware failures or spoofing attacks Parameters Choose one of the followi...

Page 68: ...DES 3526 DES 3526DC Layer 2 Fast Ethernet Switch CLI Reference Manual 65 DES 3526 4 config system_severity trap critical Command config system_severity trap critical Success DES 3526 4...

Page 69: ...ees Each switch utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32...

Page 70: ...abled on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To enable STP globally on the Switch DES 3526 4 enable stp Command enable stp Succe...

Page 71: ...l commands here will be implemented for the STP version that is currently set on the Switch Parameters maxage value 6 40 This value may be set to ensure that old information does not endlessly circula...

Page 72: ...ng back it signifies a loop on the network STP will automatically be blocked and an alert will be sent to the administrator The LBD STP port will restart change to discarding state when the LBD Recove...

Page 73: ...ts to an 802 1w or 802 1s enabled network Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802 1w RSTP or 802 1s MSTP on all or s...

Page 74: ...panning tree instance 2 DES 3526 4 create stp instance_id 2 Command create stp instance_id 2 Success DES 3526 4 config stp instance_id Purpose Used to add or delete an STP instance ID Syntax config st...

Page 75: ...ce_id 2 add_vlan 10 Success DES 3526 4 Example usage To remove VID 10 from instance id 2 DES 3526 4 config stp instance_id 2 remove_vlan 10 Command config stp instance_id 2 remove_vlan 10 Success DES...

Page 76: ...sage To set the priority value for instance_id 2 as 4096 DES 3526 4 config stp priority 4096 instance_id 2 Command config stp priority 4096 instance_id 2 Success DES 3526 4 config stp mst_config_id Pu...

Page 77: ...identify the instance_id previously configured on the Switch An entry of 0 will denote the CIST Common and Internal Spanning Tree internalCost This parameter is set to represent the relative cost of f...

Page 78: ...P Compatible Max Age 20 Hello Time 2 Forward Delay 15 Max Age 20 TX Hold Count 3 Forwarding BPDU Enabled LoopBack Guard Enabled LBD Recover Time 60 DES 3526 4 Status 2 STP enabled for RSTP DES 3526 4...

Page 79: ...mmand show stp ports MSTP Port Information Port Index 5 Hello Time 2 2 Port STP enabled LBD No External PathCost Auto 200000 Edge Port No No P2P Auto Yes Port Forward BPDU disabled Msti Designated Bri...

Page 80: ...t 1 Max Age 20 Forward Delay 15 Last Topology Change 856 Topology Changes Count 2987 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show stp mst_config_id Purpose Used to display the MS...

Page 81: ...registered_groups filter_unregistered_groups show multicast port_filtering_mode portlist Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to...

Page 82: ...default 01 00 00 00 00 01 Success DES 3526 4 config multicast_fdb Purpose Used to configure the Switch s multicast MAC address forwarding database Syntax config multicast_fdb vlan_name 32 macaddr add...

Page 83: ...d in the forwarding table in which case the Switch will broadcast the packet to all ports negating many of the benefits of having a switch Parameters sec 10 1000000 The aging time for the MAC address...

Page 84: ...itch will always forward traffic to the specified device through this port all Clears all dynamic entries to the Switch s forwarding database Restrictions Only administrator level users can issue this...

Page 85: ...the static MAC address entries aging_time Displays the aging time for the MAC address forwarding database Restrictions None Example usage To display unicast MAC address table DES 3526 4 show fdb Comma...

Page 86: ...ering mode to any of these three options Restrictions Only administrator level users can issue this command Example usage To configure the multicast filtering mode to forward all groups on ports 1 thr...

Page 87: ..._groups 6 forward_unregistered_groups 7 forward_unregistered_groups 8 forward_unregistered_groups 9 forward_unregistered_groups 10 forward_unregistered_groups 11 forward_unregistered_groups 12 forward...

Page 88: ...mmand is used to configure broadcast storm control Parameters storm_grouplist Used to specify a broadcast storm control group This is specified by entering the syntax unit_id all Specifies all broadca...

Page 89: ...to specify a broadcast storm control group This is specified by entering the syntax unit_id Restrictions None Example usage To display traffic control setting DES 3526 4 show traffic control Command...

Page 90: ...st hardware priority queue will begin transmitting any packets it may have received The commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following tab...

Page 91: ...command Example usage To configure bandwidth control DES 3526 4 config bandwidth_control 1 10 tx_rate 10 Command config bandwidth_control 1 10 tx_rate 10 Success DES 3526 4 show bandwidth_control Pur...

Page 92: ...all of the queues have transmitted 3 packets The process will then repeat The max_latency parameter allows you to specify the maximum amount of time that packets are delayed before being transmitted...

Page 93: ...tion DES 3526 4 show scheduling Command show scheduling QOS Output Scheduling Class ID MAX Packets MAX Latency Class 0 100 150 Class 1 99 100 Class 2 91 101 Class 3 21 201 DES 3526 4 config 802 1p use...

Page 94: ...ssue this command Example usage To configure 802 1 user priority on the Switch DES 3526 4 config 802 1p user_priority 1 3 Command config 802 1p user_priority 1 3 Success DES 3526 4 show 802 1p user_pr...

Page 95: ...eceived by the Switch or a range of ports on the Switch Restrictions Only administrator level users can issue this command Example usage To configure 802 1p default priority on the Switch DES 3526 4 c...

Page 96: ...DES 3526 DES 3526DC Layer 2 Fast Ethernet Switch CLI Reference Manual 93 10 0 11 0 12 0 13 0 14 0 15 0 16 0 17 0 18 0 19 0 20 0 21 0 22 0 23 0 24 0 DES 3526 4...

Page 97: ...ic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received The target port must be configured...

Page 98: ...to the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only administrator level users can issue this command E...

Page 99: ...he current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configuration on the Switch Parameters None Restrictions None Exam...

Page 100: ...detail in the following sections create vlan Purpose Used to create a VLAN on the Switch Syntax create vlan vlan_name 32 tag vlanid 1 4094 advertisement Description This command allows the user to cre...

Page 101: ...the port list of a previously configured VLAN You can specify the additional ports as tagging untagging or forbidden The default is to assign the ports as untagging Parameters vlan_name 32 The name o...

Page 102: ...specified port list acceptable_frame tagged_only admit_all This parameter states the frame type that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames...

Page 103: ...strator level users can issue this command Example usage To disable the Generic VLAN Registration Protocol GVRP DES 3526 4 disable gvrp Command disable gvrp Success DES 3526 4 show vlan Purpose Used t...

Page 104: ...on the Switch Syntax show gvrp portlist Description This command displays the GVRP status for a port list on the Switch Parameters portlist Specifies a port or range of ports for which the GVRP status...

Page 105: ...lan Description This command enables the asymmetric VLAN function on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To enable asymmetric VL...

Page 106: ...ntax show asymmetric_vlan Description This command displays the asymmetric VLAN state on the Switch Parameters None Restrictions Only administrator level users can issue this command Example usage To...

Page 107: ...oup with a unique identifier Parameters value Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups type Specify the...

Page 108: ...s created with the create link_aggregation command above The DES 3526 supports link_aggregation cross box which specifies that link aggregation groups may be spread over multiple switches in the switc...

Page 109: ...ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Indicates that the Switch should examine the IP source address and the destination address Restriction...

Page 110: ...ve Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs requ...

Page 111: ...figured Parameters portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions Only administrat...

Page 112: ...me mac_address macaddr Each command is listed in detail in the following sections create address_binding ip_mac ipaddress Purpose Used to create an IP MAC Binding entry Syntax ipaddr mac_address macad...

Page 113: ...inding on the switch DES 3526 4 config address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 05 Command config address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 05 Su...

Page 114: ...rts The number of enabled ports on a device Parameters all For IP_MAC binding all specifies all the IP MAC binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and t...

Page 115: ...d the physical address of the device To delete all the Blocked Address Binding entries toggle all Parameters ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC addres...

Page 116: ...ess Purpose Used to configure limited IP multicast address range Syntax config limited multicast address portlist from multicast_ipaddr to multicast_ipaddr access permit deny state enable disable Desc...

Page 117: ...sers can issue this command Example usage To delete the limited multicast address on ports 1 3 DES 3526 4 delete limited multicast address 1 3 Command delete limited multicast address 1 3 Success DES...

Page 118: ...o 12 characters to identify this IP interface ipaddress network_address IP address and netmask of the IP interface to be created You can specify the address and mask information using the traditional...

Page 119: ...ously saved configuration file for current use Syntax enable autoconfig Description When autoconfig is enabled on the Switch the DHCP reply will contain a configuration file and path name It will then...

Page 120: ...net Switch CLI Reference Manual 117 DES 3526 4 enable autoconfig Command enable autoconfig Success DES 3526 4 NOTE More detailed information for this command and related commands can be found in the s...

Page 121: ...n vlan_name 32 create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 config igmp_snooping multicast_vlan vlan_name 32 member_port portlist source_port portlist state enable disable delete igm...

Page 122: ...f time in seconds between general query transmissions The default setting is 125 seconds max_response_time sec 1 25 Specifies the maximum time in seconds to wait for reports from members The default s...

Page 123: ...st enabled router regardless of protocol etc Parameters vlan_name 32 The name of the VLAN on which the router port resides portlist Specifies a port or range of ports that will be configured as router...

Page 124: ...routers The Switch will then forward all multicast traffic to any IP router Entering this command without the parameter will disable igmp snooping on the Switch Restrictions Only administrator level...

Page 125: ...e vlan2 Query Interval 125 Max Response Time 10 Robustness Value 2 Last Member Query Interval 1 Host Timeout 260 Route Timeout 260 Leave Timer 2 Querier State Disabled Querier Router Behavior Non Quer...

Page 126: ...N Name default Multicast group 239 255 255 250 MAC address 01 00 5E 7F FF FA Reports 2 Port Member 9 19 VLAN Name default Multicast group 239 255 255 254 MAC address 01 00 5E 7F FF FE Reports 1 Port M...

Page 127: ...IGMP snooping forwarding table information Restrictions None Example usage To view the IGMP snooping forwarding table for VLAN Trinity DES 3526 4 show igmp_snooping forwarding vlan Trinity Command sh...

Page 128: ...ss 01 00 5E 00 00 09 Reports 1 Port Member 6 8 VLAN Name default Multicast group 234 5 6 7 MAC address 01 00 5E 05 06 07 Reports 1 Port Member 10 12 VLAN Name default Multicast group 236 54 63 75 MAC...

Page 129: ...n the switch Syntax config igmp_snooping multicast_vlan vlan_name 32 member_port portlist source_port portlist state enable disable Description This command will configure a multicast VLAN previously...

Page 130: ...delete igmp_snooping multicast_vlan trinity Command delete igmp_snooping multicast_vlan trinity Success DES 3526 4 show igmp_snooping multicast_vlan Purpose Used to show the settings for a multicast V...

Page 131: ...relay hops value 1 16 time sec 0 65535 Description This command is used to configure the DHCP BOOTP relay feature Parameters hops value 1 16 Specifies the maximum number of relay agent hops that the D...

Page 132: ...BOOTP relay table Syntax config dhcp_relay delete ipif ipif_name 12 ipaddr Description This command is used to delete an IP destination addresses in the Switch s DHCP BOOTP relay table Parameters ipi...

Page 133: ...s the option 82 field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request disable If the field is toggled to disable the relay agent will not insert...

Page 134: ...dy exists in the packet received from the DHCP client keep The option 82 field will be retained if the option 82 field already exists in the packet received from the DHCP client Restrictions Only admi...

Page 135: ...nd show dhcp_relay ipif System Interface Server 1 Server 2 Server 3 Server 4 System 10 58 44 6 DES 3526 4 enable dhcp_relay Purpose Used to enable the DHCP BOOTP relay function on the switch Syntax en...

Page 136: ...DES 3526 DES 3526DC Layer 2 Fast Ethernet Switch CLI Reference Manual 133 Example usage To disable DHCP relay DES 3526 4 disable dhcp_relay Command disable dhcp_relay Success DES 3526 4...

Page 137: ...5 enable_reauth enable disable config 802 1x auth_protocol radius eap radius pap config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr config 802 1x auth_mo...

Page 138: ...ed or MAC based Network Access control local users currently configured on the Switch Parameters ports portlist Specifies a port or range of ports to view The following details are displayed 802 1x En...

Page 139: ...EAP packets except for the Request Identity packets ServerTimeout Shows the length of time to wait for a response from a Radius server MaxReq Shows the maximum number of times to retry sending packets...

Page 140: ...entication process Authorized means that the user was authenticated and can access the network Unauthorized means that the user was not authenticated and cannot access the network Restrictions None Ex...

Page 141: ...C based 802 1x authentication feature on the Switch Parameters port_based mac_based ports The Switch allows you to authenticate 802 1x by either port or MAC address Restrictions Only administrator lev...

Page 142: ...he 802 1x Authentication parameters on a range of ports The default parameter will return all ports in the specified range to their default 802 1x settings Parameters portlist Specifies a port or rang...

Page 143: ..._protocol Purpose Used to configure the 802 1x authentication protocol on the Switch Syntax config 802 1x auth_protocol radius_eap radius_pap Description The config 802 1x auth_protocol command enable...

Page 144: ...Syntax config 802 1x reauth port_based ports portlist all mac_based ports portlist all mac_address macaddr Description The config 802 1x reauth command is used to re authenticate a previously authenti...

Page 145: ...d acct_port settings auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests...

Page 146: ...and the RADIUS server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 characters can be used auth_port udp_port_number 1 65535 The UDP port number for authentication...

Page 147: ...ference Manual 144 DES 3526 4 show radius Command show radius Index IP Address Auth Port Acct Port Status Key Number Number 1 10 1 1 1 1812 1813 Active switch 2 20 1 1 1 1800 1813 Active des3226 3 30...

Page 148: ...e value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 flag_mask all urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_...

Page 149: ...l be applied to the IP addresses contained within each frame s header source_ip tells the Switch that this rule will apply to the source IP addresses in each frame s header The IP address 10 42 73 1 w...

Page 150: ...xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_48 63 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xff...

Page 151: ...hat to do with the packet The user may deny packets by denying certain flag bits within the packets The user may choose between all urg urgent ack acknowledgement psh push rst reset syn synchronize an...

Page 152: ...lete access_profile profile_id value 1 255 Description The delete access_profile command is used to delete a previously created access profile on the Switch Parameters profile_id value 1 255 Enter an...

Page 153: ...hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff port portlist permit priority value 0 7 replace_priority replace_dscp_with value 0 63 deny delete access_id value 1 65535 D...

Page 154: ...t have this IGMP type value tcp Specifies that the Switch will examine the Transmission Control Protocol TCP field within each packet src_port value 0 65535 Specifies that the access profile will appl...

Page 155: ...an incoming packet on the previously specified port replace_dscp_with value 0 63 Allows you to specify a new value to be written to the DSCP field of an incoming packet on the previously specified por...

Page 156: ...rmit default Access Profile ID 246 Type IP Frame Filter Ports All Masks Source IP Addr 255 0 0 0 ID Mode Access Profile ID 247 Type Ethernet Frame Filter Ports All Masks 802 1p ID Mode Access Profile...

Page 157: ...rwarded frames from the ports specified in the portlist above null No ports are specified portlist Specifies a range of ports for the forwarding list This list must be on the same Switch previously sp...

Page 158: ...guration on the Switch DES 3526 4 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward Portlist 1 1 26 2 1 26 3 1 26 4 1 26 5 1 26 6 1 26 7 1 26 8 1 26 9...

Page 159: ...e hh mm e_date end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP se...

Page 160: ...nfiguration information DES 3526 4 show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES...

Page 161: ...system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical cha...

Page 162: ...re time zone settings DES 3526 4 config time_zone operator hour 2 min 30 Command config time_zone operator hour 2 min 30 Success DES 3526 4 config dst Purpose Used to enable and configure time adjustm...

Page 163: ...figure the day of the week in which DST begins start_day sun sat The day of the week in which DST begins expressed using a three character abbreviation sun mon tue wed thu fri sat e_day Configure the...

Page 164: ...the current time settings and status Syntax show time Description This will display system time and date configuration as well as display current system time Parameters None Restrictions None Example...

Page 165: ...P address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only administrator level users can issue this command The Switch supports up to 255 stat...

Page 166: ...node or station all Deletes all ARP entries Restrictions Only administrator level users can issue this command Example Usage To delete an entry of IP address 10 48 74 121 from the ARP table DES 3526 4...

Page 167: ...ARP Aging Time 30 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 1 1 169 00 50 BA 70 E4 4E Dynamic System 10 1 1 254 00 01 30 FA 5F 00 Dynamic Syste...

Page 168: ...arptable Description This command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only administrator leve...

Page 169: ...way IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry representing the number of routers between the Switch and the IP address above The default set...

Page 170: ...s current IP routing table Syntax show iproute Description This command will display the Switch s current IP routing table Parameters None Restrictions None Example Usage To display the contents of t...

Page 171: ...address table notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions...

Page 172: ...nfigure the Switch s MAC address table notification global settings DES 3526 4 config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DES...

Page 173: ...otification Command show mac_notification Global Mac Notification Settings State Enabled Interval 1 History Size 1 DES 3526 4 show mac_notification ports Purpose Used to display the Switch s MAC addre...

Page 174: ...ports Port MAC Address Table Notification State 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 D...

Page 175: ...or authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages A The server verifies the username and password and the u...

Page 176: ...ole telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 a...

Page 177: ...icy Syntax disable authen_policy Description This command will disable the administrator defined authentication policy for users trying to access the Switch When disabled the Switch will access the lo...

Page 178: ...fig authen_login Purpose Used to configure a user defined or default method list of authentication methods for user login Syntax config authen_login default method_list_name string 15 method tacacs xt...

Page 179: ...ined server group previously configured on the Switch local Adding this parameter will require the user to be authenticated using the local user account database on the Switch none Adding this paramet...

Page 180: ...e Switch Syntax delete authen_login method_list_name string 15 Description This command is used to delete a list for authentication methods for user login Parameters string 15 Enter an alphanumeric st...

Page 181: ...view the authentication login method list named Trinity DES 3526 4 show authen_login method_list_name Trinity Command show authen_login method_list_name Trinity Method List Name Priority Method Name C...

Page 182: ...ost in the server group and so on until the list is exhausted At that point the Switch will restart the same sequence with the following protocol listed xtacacs If no authentication takes place using...

Page 183: ...is parameter will require the user to be authenticated using a user defined server group previously configured on the Switch local_enable Adding this parameter will require the user to be authenticate...

Page 184: ...thod list of authentication methods for promoting user level privileges to Administrator level privileges Parameters default Entering this parameter will display the default method list for users atte...

Page 185: ...er may choose one of the following five options to configure console Choose this parameter to configure the command line interface login method telnet Choose this parameter to configure the telnet log...

Page 186: ...to create an authentication server host Syntax create authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout int 1 255 retransmit 1 255 Descr...

Page 187: ...TACACS authentication server host with port number 1234 a timeout value of 10 seconds and a retransmit count of 5 DES 3526 4 create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10...

Page 188: ...ault value is 5 seconds retransmit int 1 255 Enter the value in the retransmit field to change how many times the device will resend an authentication request when the server does not respond This fie...

Page 189: ...ed on the Switch The following parameters are displayed IP Address The IP address of the authentication server host Protocol The protocol used by the server host Possible results will include TACACS X...

Page 190: ...r group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may define the type of server...

Page 191: ...rotocol if the server host is using the RADIUS authentication protocol Restrictions Only administrator level users can issue this command Example usage To add an authentication host to server group gr...

Page 192: ...xample usage To view authentication server groups currently set on the Switch DES 3526 4 show authen server_group Command show authen server_group Group Name IP Address Protocol Darren 10 53 13 2 TACA...

Page 193: ...try to become authenticated by the Switch before being locked out Restrictions Only administrator level users can issue this command Example usage To set the maximum number of authentication attempts...

Page 194: ...figured by the administrator that will support the enable function This function becomes inoperable when the authentication policy is disabled Parameters None Restrictions Only administrator level use...

Page 195: ...hernet Switch CLI Reference Manual 192 DES 3526 4 config admin local_enable Command config admin local_enable Enter the old password Enter the case sensitive new password Enter the new password again...

Page 196: ...nd the SSH Server Finally enable SSH on the Switch using the enable ssh command After following the above steps you can configure an SSH Client on the remote PC and manage the Switch using secure in b...

Page 197: ...ntication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Swi...

Page 198: ...8 timeout sec 120 600 authfail int 2 20 rekey 10min 30min 60min never Description This command allows you to configure the SSH server Parameters maxsession int 1 8 Allows the user to set the number o...

Page 199: ...x config ssh user username 15 authmode hostbased hostname domain_name hostname_IP domain_name ipaddr password publickey Description This command allows you to configure the SSH user authentication met...

Page 200: ...nd config ssh user Trinity authmode Password Enter a case sensitive new password Enter the new password again for conformation Success DES 3526 4 show ssh user Purpose Used to display the SSH user set...

Page 201: ...disable the Blowfish encryption algorithm cast128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption alg...

Page 202: ...Used to regenerate the hostkey to be recognized by the SSH server Syntax config ssh regenerate hostkey Description This command is used to regenerate the hostkey to be recognized by the SSH server Pe...

Page 203: ...E encryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will...

Page 204: ...key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encry...

Page 205: ..._SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key e...

Page 206: ...200 Command config ssl cachetimeout timeout 7200 Success DES 3526 4 show ssl cachetimeout Purpose Used to show the SSL cache timeout Syntax show ssl cachetimeout Description Entering this command will...

Page 207: ...for the SSL function on the Switch Syntax download certificate_fromTFTP ipaddr certfilename path_filename 64 keyfilename path_filename 64 Description This command is used to download a certificate fil...

Page 208: ...Manual 205 DES 3526 4 DES 3526 4 download certificate_fromTFTP 10 53 13 94 certfilename c cert der keyfilename c pkey der Command download certificate_fromTFTP 10 53 13 94 certfilename c cert der key...

Page 209: ...ther Single IP group It is connected to the Member Switches through its management VLAN Member Switch MS This is a switch that has joined a single IP group and is accessible from the CS and it takes o...

Page 210: ...4 candidate dp_interval sec 30 90 hold_time sec 100 300 download sim_ms firmware configuration ipaddr path_filename members mslist all upload sim_ms configuration ipaddr path_filename member_id 1 32 E...

Page 211: ...mmander role Discovery Interval Time in seconds the Switch will send discovery packets out over the network Hold time Displays the time in seconds the Switch will hold discovery results before droppin...

Page 212: ...specified DES 3526 4 show sim candidates Command show sim candidates ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3526 L2 Switch 40 2 00 B02 The M...

Page 213: ...526 4 Example usage To view SIM neighbors DES 3526 4 show sim neighbor Command show sim neighbor Neighbor Info Table Port MAC Address Role 23 00 35 26 00 11 99 Commander 23 00 35 26 00 11 91 Member 24...

Page 214: ...umber and a password if necessary delete member_id 1 32 Use this parameter to delete a member switch of a SIM group The member switch should be defined by ID number Restrictions Only administrator lev...

Page 215: ...ommander to a CaS candidate dp_interval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include i...

Page 216: ...arameter to download a switch configuration to members of a SIM group ipaddr Enter the IP address of the TFTP server path_filename Enter the path and the filename of the firmware or switch on the TFTP...

Page 217: ...im_ms ipaddr path_filename member_id 1 32 Description This command will upload a configuration file to a TFTP server from a specified member of a SIM group Parameters ipaddr Enter the IP address of th...

Page 218: ...isplay all of the commands available through the Command Line Interface CLI Parameters None Restrictions None Example usage To display all of the commands in the CLI DES 3526 4 clear clear arptable cl...

Page 219: ...802 1x auth_protocol config 802 1x capability ports config 802 1x init config 802 1x reauth config access_profile profile_id config account config admin local_enable config arp_aging time config arpe...

Page 220: ...d to display the command history Syntax show command_history Description This command will display the command history Parameters None Restrictions None Example usage To display the command history DE...

Page 221: ...egation Control IEEE 802 3x Full duplex Flow Control IEEE 802 3 Nway auto negotiation Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex...

Page 222: ...non condensing Dimensions 441 mm 207 mm 44 mm 1U 19 inch rack mount width Weight DES 3526 2 56 kg DES 3526DC 2 5 kg EMI CE class A FCC Class A C Tick VCCI Class A Safety CSA International Performance...

Reviews: