manualshive.com logo in svg

Edge-Core Direk Tronik 24/48-Port, Management Manual

Share
Download
Edge-Core Direk Tronik 24/48-Port Management Manual Download Page 367

Secure Shell Commands

41-15

41

Secure Shell Commands

This section describes the commands used to configure the SSH server. Note that 
you also need to install a SSH client on the management station when using this 
protocol to configure the switch. 

Note:

The switch supports both SSH Version 1.5 and 2.0 clients.

Configuration Guidelines

The SSH server on this switch supports both password and public key 
authentication. If password authentication is specified by the SSH client, then the 
password can be authenticated either locally or via a RADIUS or  remote 
authentication server, as specified by the 

authentication login

 command on 

page 41-3. If public key authentication is specified by the client, then you must 
configure authentication keys on both the client and the switch as described in the 
following section. Note that regardless of whether you use public key or password 
authentication, you still have to generate authentication keys on the switch and 
enable the SSH server.

To use the SSH server, complete these steps:

1. Generate a Host Key Pair – Use the 

ip ssh crypto host-key generate

 

command to create a host public/private key pair. 

Table 41-10   Secure Shell Commands

Command

Function

Mode

Page

ip ssh server

Enables the SSH server on the switch 

GC

41-17

ip ssh timeout

Specifies the authentication timeout for the SSH server

GC

41-18

ip ssh 

authentication-retries

Specifies the number of retries allowed by a client 

GC

41-19

ip ssh server-key size Sets the SSH server key size

GC

41-19

copy tftp public-key

Copies the user’s public key from a TFTP server to the switch  PE

35-2

delete public-key

Deletes the public key for the specified user

PE

41-20

ip ssh crypto host-key 

generate

Generates the host key

PE

41-20

ip ssh crypto zeroize 

Clear the host key from RAM

PE

41-21

ip ssh save host-key

Saves the host key from RAM to flash memory

PE

41-21

disconnect 

Terminates a line connection 

PE

36-9

show ip ssh

Displays the status of the SSH server and the configured values 

for authentication timeout and retries

PE

41-22

show ssh

Displays the status of current SSH sessions

PE

41-22

show public-key

Shows the public key for the specified user or for the host

PE

41-23

show users

Shows SSH users, including privilege level and public key type PE

34-7

Summary of Contents for Direk Tronik 24/48-Port

Page 1: ...Powered by Accton Management Guide ES4524D ES4548D 24 48 Port Gigabit Ethernet Switch e mail info direktronik se tel 08 52 400 700 fax 08 520 18121...

Page 2: ......

Page 3: ...hernet Switch Layer 2 Switch with 20 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP ES4548D Gigabit Ethernet Switch Layer 2 Switch with 44 10 100 1000BASE T RJ 45 Ports and 4...

Page 4: ...ES4524D ES4548D F0 0 0 4 E112006 CS R01 149100030400A...

Page 5: ...10 Community Strings for SNMP version 1 and 2c clients 2 10 Trap Receivers 2 11 Configuring Access for SNMP Version 3 Clients 2 12 Managing System Files 2 12 Saving Configuration Settings 2 13 Sectio...

Page 6: ...1 Remote Log Configuration 9 2 Displaying Log Messages 9 4 Sending Simple Mail Transfer Protocol Alerts 9 4 Chapter 10 Setting the System Clock 10 1 Configuring SNTP 10 1 Setting the Time Zone 10 2 C...

Page 7: ...Port Configuration 16 1 Displaying Connection Status 16 1 Configuring Interface Connections 16 4 Showing Port Statistics 16 6 Chapter 17 Creating Trunk Groups 17 1 Statically Configuring a Trunk 17 2...

Page 8: ...face to a QinQ Tunnel 23 17 Chapter 24 Configuring Private VLANs 24 1 Enabling Private VLANs 24 1 Configuring Uplink and Downlink Ports 24 2 Chapter 25 Configuring Protocol Based VLANs 25 1 Configurin...

Page 9: ...Configuration 30 1 Cluster Member Configuration 30 2 Cluster Member Information 30 3 Cluster Candidate Information 30 4 Section III Command Line Interface Chapter 31 Using the Command Line Interface 3...

Page 10: ...s 35 1 copy 35 2 delete 35 4 dir 35 5 whichboot 35 6 boot system 35 7 Chapter 36 Line Commands 36 1 line 36 1 login 36 2 password 36 3 timeout login response 36 4 exec timeout 36 4 password thresh 36...

Page 11: ...mp 40 2 snmp server community 40 3 snmp server contact 40 4 snmp server location 40 4 snmp server host 40 5 snmp server enable traps 40 7 snmp server engine id 40 8 show snmp engine id 40 9 snmp serve...

Page 12: ...19 ip ssh server key size 41 19 delete public key 41 20 ip ssh crypto host key generate 41 20 ip ssh crypto zeroize 41 21 ip ssh save host key 41 21 show ip ssh 41 22 show ssh 41 22 show public key 41...

Page 13: ...4 12 permit deny MAC ACL 44 13 show mac access list 44 14 mac access group 44 15 show mac access group 44 15 ACL Information 44 16 show access list 44 16 show access group 44 16 Chapter 45 Interface C...

Page 14: ...nning Tree Commands 51 1 spanning tree 51 2 spanning tree mode 51 2 spanning tree forward time 51 3 spanning tree hello time 51 4 spanning tree max age 51 5 spanning tree priority 51 5 spanning tree p...

Page 15: ...g 52 13 dot1q tunnel system tunnel control 52 14 switchport dot1q tunnel mode 52 14 switchport dot1q tunnel tpid 52 15 show dot1q tunnel 52 16 Displaying VLAN Information 52 16 show vlan 52 17 Chapter...

Page 16: ...how policy map 56 8 show policy map interface 56 9 Chapter 57 Multicast Filtering Commands 57 1 IGMP Snooping Commands 57 1 ip igmp snooping 57 1 ip igmp snooping vlan static 57 2 ip igmp snooping ver...

Page 17: ...v6 address autoconfig 60 6 ipv6 address eui 64 60 7 ipv6 address link local 60 9 show ipv6 interface 60 10 ipv6 default gateway 60 12 show ipv6 default gateway 60 12 ipv6 mtu 60 13 show ipv6 mtu 60 14...

Page 18: ...dix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interfac...

Page 19: ...iguration Command Modes 31 8 Table 31 3 Keystroke Commands 31 9 Table 32 1 Command Group Index 32 1 Table 33 1 General Commands 33 1 Table 34 1 System Management Commands 34 1 Table 35 1 Flash File Co...

Page 20: ...s display description 46 10 Table 46 5 show lacp sysid display description 46 11 Table 47 1 Broadcast Storm Control Commands 47 1 Table 48 1 Mirror Port Commands 48 1 Table 49 1 Rate Limit Commands 49...

Page 21: ...guration Commands 59 1 Table 60 1 IPv6 Configuration Commands 60 1 Table 60 2 show ipv6 interface display description 60 10 Table 60 3 show ipv6 mtu display description 60 14 Table 60 4 show ipv6 traf...

Page 22: ...xxii Tables...

Page 23: ...Startup Configuration Settings 6 5 Figure 7 1 Configuring the Console Port 7 2 Figure 8 1 Configuring the Telnet Interface 8 2 Figure 9 1 System Logs 9 2 Figure 9 2 Remote Logs 9 3 Figure 9 3 Displayi...

Page 24: ...5 LACP Port Counters Information 17 10 Figure 17 6 LACP Port Internal Information 17 12 Figure 17 7 LACP Port Neighbors Information 17 13 Figure 18 1 Port Broadcast Control 18 1 Figure 19 1 Mirror Po...

Page 25: ...26 11 Figure 26 9 IP Port Priority 26 11 Figure 27 1 Configuring Class Maps 27 3 Figure 27 2 Configuring Policy Maps 27 6 Figure 27 3 Service Policy Settings 27 7 Figure 28 1 IGMP Configuration 28 3 F...

Page 26: ...xxvi Figures...

Page 27: ...is section provides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface Introduction 1...

Page 28: ...Getting Started...

Page 29: ...up to 32 ACLs 96 MAC rules 96 IP rules and 96 IPv6 rules DHCP Client Supported DNS Proxy service Port Configuration Speed and duplex mode and flow control Rate Limiting Input and output rate limiting...

Page 30: ...also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the...

Page 31: ...ss any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 24 trunks Broadcast Storm Control Broadcast suppression prevents broadcast...

Page 32: ...A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network The switch supports tagged VLANs based on...

Page 33: ...provides policy based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis Each packet is classified upon entry into the...

Page 34: ...Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Pass...

Page 35: ...Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Defaults All valu...

Page 36: ...VLAN configured with an IP address IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled DNS Disabled BOOTP Disabled IGMP Snooping Snooping Enabled Querier Disabled Sys...

Page 37: ...al console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch...

Page 38: ...follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud if want to view all the system initializa...

Page 39: ...ion and use basic utilities To fully configure the switch parameters you must access the CLI at the Privileged Exec level Access to both CLI levels are controlled by user names and passwords The switc...

Page 40: ...ce and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by t...

Page 41: ...hitecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields For detailed information on t...

Page 42: ...For most networks that encompass several different subnets it s easier to first define a network prefix and then configure the host address for the switch An IPv6 network prefix is composed of an IPv...

Page 43: ...ipv6 address bits The remaining bits are assigned to the host interface Press Enter 4 Type exit to return to the global configuration mode prompt Press Enter 5 To set the IP address of the IPv6 defaul...

Page 44: ...ccess the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To...

Page 45: ...etwork containing more than one subnet the switch can be configured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages D...

Page 46: ...ublic community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assig...

Page 47: ...are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure...

Page 48: ...et as a start up file The three types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files c...

Page 49: ...e start up configuration file using the copy command New startup configuration files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not cont...

Page 50: ...Initial Configuration 2 14 2...

Page 51: ...9 1 Setting the System Clock 10 1 Simple Network Management Protocol 11 1 User Authentication 12 1 Configuring Port Security 13 1 Configuring 802 1X Port Authentication 14 1 Access Control Lists 15 1...

Page 52: ...Switch Management Configuring Domain Name Service 29 1 Switch Clustering 30 1...

Page 53: ...2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwo...

Page 54: ...cts with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu lin...

Page 55: ...t to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent dis...

Page 56: ...General Prefix Configures IPv6 general prefix for network portion of addresses 5 10 IPv6 Neighbor Configures IPv6 neighbor discover protocol and static neighbors 5 11 Jumbo Frames Enables support for...

Page 57: ...the host key pair public and private 12 10 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 13 1 802 1X Port authentication 1...

Page 58: ...e output rate limit for each port 20 1 Output Trunk Configuration Sets the output rate limit for each trunk 20 1 Port Statistics Lists Ethernet and RMON port statistics 16 6 Address Table 21 1 Static...

Page 59: ...23 10 Tunnel Configuration Adds ports to a QinQ tunnel 23 17 Tunnel Trunk Configuration Adds trunks to a QinQ tunnel 23 17 Private VLAN Status Enables or disables the private VLAN 24 1 Link Status Con...

Page 60: ...ticast router for each VLAN ID 28 4 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 28 5 IP Multicast Registration Table Displays all multi...

Page 61: ...of time the management agent has been up These additional parameters are displayed for the CLI System Description Brief description of device type MAC Address The physical layer address for this swit...

Page 62: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Page 63: ...rsion Version number of loader code Console config hostname R D 5 34 1 Console config snmp server location WC 9 40 4 Console config snmp server contact Ted 40 4 Console config exit Console show system...

Page 64: ...er in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 4 2 Switch Information CLI Use the following command to display version...

Page 65: ...static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 21 1 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filt...

Page 66: ...between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo...

Page 67: ...the stack For a line topology the stack is numbered from top to bottom with the first unit in the stack designated at unit 1 For a ring topology the Master unit taken as the top of the stack and is nu...

Page 68: ...Basic System Settings 4 8 4...

Page 69: ...be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4093 By default all ports on the switch are members of VLAN 1 However the management station can be attach...

Page 70: ...ic Enter the IP address subnet mask and gateway then click Apply Figure 5 1 IPv4 Interface Configuration Manual CLI Specify the management interface IP address and default gateway Console config Conso...

Page 71: ...n make a console connection to the switch and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then ent...

Page 72: ...either be manually configured or dynamically assigned Command Usage All IPv6 addresses must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal v...

Page 73: ...terface and a warning message displayed on the console Command Attributes Management VLAN ID of the configured VLAN 1 4093 By default all ports on the switch are members of VLAN 1 However the manageme...

Page 74: ...also be set by selecting a preconfigured general prefix for the network portion of the address from the Based on General Prefix scroll down list and marking the check box next to this field to enable...

Page 75: ...l take precedence over the interface identifier IPv6 addresses are 16 bytes long of which the bottom 8 bytes typically form a unique host identifier based on the device s MAC address The EUI 64 specif...

Page 76: ...elow A node is also required to compute and join the associated solicited node multicast addresses for every unicast and anycast address it is assigned IPv6 addresses that differ only in the high orde...

Page 77: ...Click System IPv6 Configuration IPv6 Configuration Set the IPv6 default gateway specify the VLAN to configure enable IPv6 and set the MTU Then enter a global unicast or link local address and click Ad...

Page 78: ...t be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of ze...

Page 79: ...scovery to discover each other s presence to determine each other s link layer addresses to find routers and to maintain reachability information about the paths to active neighbors The key parameters...

Page 80: ...an interface is changed duplicate address detection is performed on the new link local address but not for any of the IPv6 global unicast addresses already associated with the interface Current Neigh...

Page 81: ...interface from which the address was reached Adding Static Neighbors IPv6 Neighbor Add IPv6 Address The IPv6 address of a neighbor device that can be reached through one of the network interfaces con...

Page 82: ...entries click Add fill in the IPv6 address VLAN interface and hardware address Then click Add Figure 5 5 IPv6 Neighbor Detection and Neighbor Cache CLI This example maps a static entry for a global u...

Page 83: ...y assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another...

Page 84: ...address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you repla...

Page 85: ...as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware...

Page 86: ...a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a fil...

Page 87: ...ion Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file na...

Page 88: ...as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 35 2 TFTP server ip address 192 168 1 19 Source configuration file name config 1...

Page 89: ...ts the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per charac...

Page 90: ...onfig line login local 36 2 Console config line password 0 secret 36 3 Console config line timeout login response 0 36 4 Console config line exec timeout 0 36 4 Console config line password thresh 5 3...

Page 91: ...detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold...

Page 92: ...ne command from the Normal Exec level Console config line vty 36 1 Console config line login local 36 2 Console config line password 0 secret 36 3 Console config line timeout login response 300 36 4 C...

Page 93: ...disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specified l...

Page 94: ...eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sen...

Page 95: ...rver host IP address choose the facility type and set the logging trap Console config logging host 10 1 0 9 37 3 Console config logging facility 23 37 3 Console config logging trap 4 37 4 Console conf...

Page 96: ...vers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used f...

Page 97: ...s You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click System Log SMTP Enable SMTP specify a source email a...

Page 98: ...y the current SMTP configuration Console config logging sendmail host 192 168 1 4 38 1 Console config logging sendmail level 3 38 2 Console config logging sendmail source email big wheels matel com 38...

Page 99: ...ree time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers...

Page 100: ...s 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone S...

Page 101: ...the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its po...

Page 102: ...w Notify View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPri...

Page 103: ...g that acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the acc...

Page 104: ...receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is...

Page 105: ...y available for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The nu...

Page 106: ...adds a trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default eng...

Page 107: ...ne ID Enter an ID of up to 26 hexadecimal characters and then click Save Figure 11 4 Setting the SNMPv3 Engine ID CLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID To send inform...

Page 108: ...SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The s...

Page 109: ...Actions Enables the user to be assigned to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click A...

Page 110: ...t on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 11 7 Remote I...

Page 111: ...inimum of eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to sa...

Page 112: ...SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication a...

Page 113: ...he SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent s...

Page 114: ...with the master board version This trap binds two objects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 25...

Page 115: ...hen click Delete Figure 11 8 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read...

Page 116: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view W...

Page 117: ...erver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 40 10 Console config exit Console show snmp view 40 11 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile...

Page 118: ...Simple Network Management Protocol 11 18 11...

Page 119: ...read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soo...

Page 120: ...ecified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication D...

Page 121: ...specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server...

Page 122: ...2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the T...

Page 123: ...he connection Console config authentication login radius 41 3 Console config radius server port 181 41 6 Console config radius server key green 41 7 Console config radius server retransmit 5 41 7 Cons...

Page 124: ...12 3 HTTPS Settings CLI This example enables the HTTP secure server and modifies the port number Replacing the Default Secure site Certificate When you log onto the web interface using HTTPS for secu...

Page 125: ...ss of a TFTP server Source Certificate File Name The file name of the unique certificate file as provided by the recognized certification authority Source Private File Name The file name of the privat...

Page 126: ...authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings page page 12 2 If public key authentication is specified by the client...

Page 127: ...es the client s password to those stored in memory c If a match is found the connection is allowed Note To use SSH with only password authentication the host public key must still be given to the clie...

Page 128: ...ributes Public Key of Host Key The public key for the host RSA The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string...

Page 129: ...947448320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 6032591968369705343933643844522333518828717389689451172929...

Page 130: ...120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authe...

Page 131: ...roup i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an in...

Page 132: ...example restricts management access for Telnet clients Console config management telnet client 192 168 1 19 41 24 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit...

Page 133: ...resses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from a...

Page 134: ...allowed on a port and click Apply Figure 13 1 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address coun...

Page 135: ...nt provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back...

Page 136: ...and client also have to support the same EAP authentication type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1...

Page 137: ...are described in this section Command Attributes Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connec...

Page 138: ...period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before r...

Page 139: ...ontrol enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 23 disabled Single Host ForceAuthorize...

Page 140: ...he number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenti...

Page 141: ...4 4 802 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 43 6 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logo...

Page 142: ...Configuring 802 1X Port Authentication 14 8 14...

Page 143: ...ding Standard and Extended ACLs IPv6 Standard ACLs and IPv6 Extended ACLs For the ES4524D all ports share this quota For the ES4548D ports 1 24 share a quota of 96 rules and ports 25 50 share another...

Page 144: ...page for the new list Figure 15 1 Selecting ACL Type CLI This example creates a standard IP ACL named bill Configuring a Standard IPv4 ACL Command Attributes Action An ACL can contain any combination...

Page 145: ...ny to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default...

Page 146: ...The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means...

Page 147: ...incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes t...

Page 148: ...sk for source or destination MAC address VID VLAN ID Range 1 4093 VID Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 ff...

Page 149: ...Ethernet type is 0800 Configuring a Standard IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Address Type Specifies the source IP address Use Any t...

Page 150: ...229 5 64 Configuring an Extended IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Destination Address Type Specifies the destination IP address Use Any to...

Page 151: ...63 Flow Label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of service or real time service see...

Page 152: ...uration Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 3 Al...

Page 153: ...s the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port...

Page 154: ...Access Control Lists 15 12 15...

Page 155: ...cates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Bac...

Page 156: ...Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm t...

Page 157: ...ddress 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow co...

Page 158: ...led you can force the settings for speed duplex mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operati...

Page 159: ...t 1 13 45 1 Console config if description RD SW 13 45 2 Console config if shutdown 45 6 Console config if no shutdown Console config if no negotiation 45 3 Console config if speed duplex 100half 45 2...

Page 160: ...t this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Pac...

Page 161: ...articular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one colli...

Page 162: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than...

Page 163: ...rt Statistics 16 9 16 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 16 3 Port S...

Page 164: ...t errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Interna...

Page 165: ...the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by takin...

Page 166: ...ts and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fie...

Page 167: ...ic load is distributed evenly across all links in a trunk the source or destination addresses used in the load balance calculation can be selected to provide the best result for trunk connections The...

Page 168: ...stination MAC Address All traffic with the same source and destination MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the...

Page 169: ...tch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full...

Page 170: ...45 1 Console config if lacp 46 4 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 45 8 Informati...

Page 171: ...tem Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports mus...

Page 172: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Page 173: ...rity 512 Console config if end Console show lacp sysid 46 8 Channel Group System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 Console show lacp...

Page 174: ...net Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry t...

Page 175: ...ational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not...

Page 176: ...he LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 46 8 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP S...

Page 177: ...er s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigne...

Page 178: ...neighbors Eth 1 2 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 78 AE C0 Partner Admin Port Number 2 Partner Oper Port Number 2 Port Admin Priority 32768 Port...

Page 179: ...ropped Command Usage Broadcast control does not effect IP multicast traffic The resolution is 1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port1 Port num...

Page 180: ...nfig interface ethernet 1 2 Console config if switchport broadcast packet rate 600 47 1 Console config if end Console show interfaces switchport ethernet 1 2 45 10 Information of Eth 1 2 Broadcast thr...

Page 181: ...ic the target port must be included in the same VLAN as the source port when using MSTP see Spanning Tree Algorithm Configuration on page 22 1 Command Attributes Mirror Sessions Displays a list of cur...

Page 182: ...ck Add Figure 19 1 Mirror Port Configuration CLI Use the interface command to select the monitor port then use the port monitor command to specify the source port Note that default mirroring under the...

Page 183: ...vidual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is...

Page 184: ...s example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps Console config interface ethernet 1 1 45 1 Console config if rate limit input 600 49 1 Console config if r...

Page 185: ...are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attribute...

Page 186: ...are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this in...

Page 187: ...kbox select the method of sorting the displayed addresses and then click Query Figure 21 2 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac addres...

Page 188: ...es disables the aging function Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging tim...

Page 189: ...signated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as de...

Page 190: ...STP builds a separate Multiple Spanning Tree MST for each instance to maintain connectivity among each of the assigned VLAN groups MSTP then builds a Internal Spanning Tree IST for the Region containi...

Page 191: ...ttached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunk...

Page 192: ...except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected...

Page 193: ...de MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4093 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Ma...

Page 194: ...sages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1...

Page 195: ...oot device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then...

Page 196: ...assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maxi...

Page 197: ...Configuring Global Settings 22 9 22 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 22 2 STA Global Configuration...

Page 198: ...here is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then some of them chan...

Page 199: ...tached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge...

Page 200: ...arding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port You can enable this option if an interface is a...

Page 201: ...onal information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay paramete...

Page 202: ...Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duple...

Page 203: ...ts all bridges and LANs within the MST region This switch supports up to 33 instances You should try to group VLANs which cover the same general area of your network However remember that you must con...

Page 204: ...32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs in MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign t...

Page 205: ...t root port 7 Current root cost 10000 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master Sta...

Page 206: ...I This displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 22 3 the settings for other instances only app...

Page 207: ...llowing interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If...

Page 208: ...ccording to the values shown below Path cost 0 is used to indicate auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ether...

Page 209: ...rovide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs based on th...

Page 210: ...e VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VL...

Page 211: ...the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple t...

Page 212: ...AN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 23 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informati...

Page 213: ...Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all t...

Page 214: ...default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID I...

Page 215: ...ship by Port page to configure VLAN groups based on the port index page 23 9 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged V...

Page 216: ...tagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from a...

Page 217: ...lect a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 23 6 VLAN Stat...

Page 218: ...cluding tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress...

Page 219: ...ning the group Range 500 18000 centiseconds Default 1000 Mode Indicates VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a dir...

Page 220: ...ers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN...

Page 221: ...en the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 New SPVLAN tags are added to all incoming packets no matter how many tags they al...

Page 222: ...der s network The TPID must be configured on a per port basis and the verification cannot be disabled 3 If the ether type of an incoming packet single or double tagged is equal to the TPID of the upli...

Page 223: ...Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunnel...

Page 224: ...23 1 802 1Q Tunnel Status CLI This example sets the switch to operate in QinQ mode Console config dot1q tunnel system tunnel control 52 14 Console config exit Console show dot1q tunnel 52 16 Current...

Page 225: ...he VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames a...

Page 226: ...Console show dot1q tunnel 52 16 Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x9100 The dot1q tunnel mode of the set int...

Page 227: ...Ns can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable...

Page 228: ...esignated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figure 24 2 Private VLAN Link Status CLI...

Page 229: ...these steps 1 First configure VLAN groups for the protocols you want to use page 23 6 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do n...

Page 230: ...mit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be...

Page 231: ...ID the corresponding VLAN ID and click Apply Figure 25 2 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol grou...

Page 232: ...Configuring Protocol Based VLANs 25 4 25...

Page 233: ...then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage...

Page 234: ...ult 5 55 3 Console config if end Console show interfaces switchport ethernet 1 3 45 10 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Dis...

Page 235: ...plications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes P...

Page 236: ...ity queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for eac...

Page 237: ...WRR algorithm to determine the frequency at which it services each priority queue As described in Mapping CoS Values to Egress Queues on page 26 3 the traffic classes are mapped to one of the eight e...

Page 238: ...hen click Apply Figure 26 4 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 15 55 4 Console con...

Page 239: ...tput queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be...

Page 240: ...application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selecte...

Page 241: ...for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Prio...

Page 242: ...rt 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switc...

Page 243: ...IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note Up...

Page 244: ...pping specific values for IP Port Priority is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip port 55 7 Console c...

Page 245: ...ze the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should...

Page 246: ...onfigures the name and a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class e...

Page 247: ...1 4093 Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffServ then click Add Class to create a new...

Page 248: ...gs page 27 7 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6...

Page 249: ...r second Burst byte Burst in bytes Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped or the DSCP service level will be reduced Remove Class Deletes a class Po...

Page 250: ...27 6 27 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 27 2 Conf...

Page 251: ...gress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate poli...

Page 252: ...Quality of Service 27 8 27...

Page 253: ...2 IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service IGMP Query thereby identifies the ports containing hosts requesting to join the servic...

Page 254: ...assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast serv...

Page 255: ...ple modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 57 1 Console config ip igmp snooping querier 57 4 Console config ip igmp snooping...

Page 256: ...attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch...

Page 257: ...scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit Range Always 1 Port or Trunk Specifies the interface attached to...

Page 258: ...Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propa...

Page 259: ...erface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to...

Page 260: ...lays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 57 2 Console config exit Console show mac address table multicast vlan...

Page 261: ...If there is no domain list the default domain name is used If there is a domain list the default domain name is not used When an incomplete host name is received by the DNS service on this switch and...

Page 262: ...me and a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 58 3 Console config ip domain list sample com uk 5...

Page 263: ...rk devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a...

Page 264: ...ck Apply Figure 29 2 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0...

Page 265: ...4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are...

Page 266: ...51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POIN...

Page 267: ...4 to connect to the Member switch Cluster Configuration To create a switch cluster first be sure that clustering is enabled on the switch the default is enabled then set the switch as a Cluster Comma...

Page 268: ...luster Member Configuration Adds Candidate switches to the cluster as Members Command Attributes Member ID Specify a Member ID number for the selected Candidate switch Range 1 36 MAC Address Select a...

Page 269: ...information Command Attributes Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assign...

Page 270: ...h Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 30 4 Cluster Candidate Information CLI This example shows information about cluster C...

Page 271: ...Commands 38 1 Time Commands 39 1 SNMP Commands 40 1 User Authentication Commands 41 1 Port Security Commands 42 1 802 1X Port Authentication 43 1 Access Control List Commands 44 1 Interface Commands 4...

Page 272: ...Command Line Interface Domain Name Service Commands 58 1 IPv4 Interface Commands 59 1 IPv6 Interface Commands 60 1 Switch Cluster Commands 61 1...

Page 273: ...rivileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your de...

Page 274: ...ress of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access m...

Page 275: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username a...

Page 276: ...Show LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Sh...

Page 277: ...to the default value For example the logging command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all appli...

Page 278: ...Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new...

Page 279: ...figuration These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such...

Page 280: ...s Control List access list ip standard access list ip extended access list mac access list ipv6 standard access list ipv6 extended Console config std acl Console config ext acl Console config mac acl...

Page 281: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Page 282: ...Using the Command Line Interface 31 10 31...

Page 283: ...stricts port access based on source MAC addresses 42 1 IEEE 802 1X Configures IEEE 802 1X port access control 43 1 Access Control List Provides filtering for IPv4 frames based on address protocol TCP...

Page 284: ...strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP UDP traffic types IP precedence and DSCP 55 1 Quality of Service Configures Differentiated S...

Page 285: ...change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 41 2 The character is appended to the end of the prompt to indicate that the s...

Page 286: ...er is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 33 1 configure This command activates Global Configuration mode You must en...

Page 287: ...d history buffer The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer w...

Page 288: ...This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree C...

Page 289: ...configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to...

Page 290: ...General Commands 33 6 33...

Page 291: ...mmand Function Mode Page hostname Specifies the host name for the switch GC 34 1 reload Restarts the system PE 34 2 switch renumber Renumbers stack units PE 34 2 jumbo frame Enables support for jumbo...

Page 292: ...how to reset the switch switch renumber This command resets the switch unit identification numbers in the stack All stack members are numbered sequentially starting from the top unit for a non loop s...

Page 293: ...frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two...

Page 294: ...LAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address Layer 4 precedence settings Spanning tree settings An...

Page 295: ...mbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP communit...

Page 296: ...private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable pa...

Page 297: ...ddress of Telnet client Default Setting None Console show system System Description 24 48 L2 L4 IPV4 IPV6 GE Switch System OID String 1 3 6 1 4 1 259 6 10 84 System information System Up time 0 days 1...

Page 298: ...Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 4 3 for detailed information on the items displayed by this command Console show users Username acco...

Page 299: ...t1 Serial Number 0000E8900000 Hardware Version R01 EPLD Version 1 02 Number of Ports 24 Main Power Status Up Redundant Power Status Not present Agent master Unit ID 1 Loader Version 0 0 0 2 Boot ROM V...

Page 300: ...System Management Commands 34 10 34...

Page 301: ...guration Settings Configuration settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded to restore switch settings The configuration file can b...

Page 302: ...system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you...

Page 303: ...cure connection see ip http secure server on page 41 12 Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration...

Page 304: ...r code image unit Stack unit Range Always 1 Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file...

Page 305: ...lash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time op...

Page 306: ...by this command Table 35 2 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file...

Page 307: ...n file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range Always 1 The colon is required Default Setting None Command Mode Global Configuration Comm...

Page 308: ...File Management Commands 35 8 35...

Page 309: ...assword on a line LC 36 3 timeout login response Sets the interval that the system waits for a login attempt LC 36 4 exec timeout Sets the interval that the command interpreter waits until user input...

Page 310: ...r name specified with the username command Default Setting login local Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login login s...

Page 311: ...ecified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system s...

Page 312: ...ogin attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet canno...

Page 313: ...ber of failed logon attempts Use the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no thresh...

Page 314: ...35 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration console only Example To set the silent time to 60 seconds enter this command Related Commands pa...

Page 315: ...y 36 7 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity De...

Page 316: ...the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the swit...

Page 317: ...will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 41 22 show users 34 7 show...

Page 318: ...w line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Passw...

Page 319: ...se the logging trap command to control the type of error messages that are sent to specified syslog servers Example Table 37 1 Event Logging Commands Command Function Mode Page logging on Controls log...

Page 320: ...lt Setting Flash errors level 3 0 RAM warnings level 7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower th...

Page 321: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example logging facility This command sets the facility type for remote logging of syslog messages Use t...

Page 322: ...thout a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the syslog severity levels listed in the table on page...

Page 323: ...command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Display...

Page 324: ...e message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugg...

Page 325: ...tored in temporary RAM i e memory flushed on power reset Default Setting None Command Mode Privileged Exec Example The following example shows the event message stored in RAM Console show log ram 1 00...

Page 326: ...Event Logging Commands 37 8 37...

Page 327: ...d finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fai...

Page 328: ...l or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from...

Page 329: ...mail address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must...

Page 330: ...ler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destinati...

Page 331: ...ervers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This com...

Page 332: ...is command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is receive...

Page 333: ...16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 39 1 show sntp This command displays the current time and configuration settings for...

Page 334: ...ne Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime m...

Page 335: ...cond Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command M...

Page 336: ...Time Commands 39 6 39...

Page 337: ...ommand Function Mode Page snmp server Enables the SNMP agent GC 40 2 show snmp Displays the status of SNMP communications NE PE 40 2 snmp server community Sets up the community access string to permit...

Page 338: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Page 339: ...t stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent en...

Page 340: ...hat describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 40 4 snmp server locatio...

Page 341: ...55 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like com...

Page 342: ...nsure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to net...

Page 343: ...uthentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Page 344: ...nd Usage An SNMP engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also us...

Page 345: ...server engine id local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBo...

Page 346: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefi...

Page 347: ...no authentication or with authentication and privacy See Simple Network Management Protocol on page 11 1 for further information about these authentication and encryption options readview Defines the...

Page 348: ...d users When authentication is selected the MD5 or SHA algorithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For...

Page 349: ...iew defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volati...

Page 350: ...P version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain t...

Page 351: ...e user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote age...

Page 352: ...r Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage Type The storage ty...

Page 353: ...ssword 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 Table 41 1 Authentication Commands Command Group Function Page User Accounts...

Page 354: ...figuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user enable password Af...

Page 355: ...le 33 1 authentication enable 41 4 Authentication Sequence Three authentication methods can be specified to authenticate users logging into the system for management access The commands in this sectio...

Page 356: ...uence For example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is a...

Page 357: ...he TACACS server is not available the local user name and password is checked Example Related Commands enable password sets the password for changing command modes 41 2 RADIUS Client Remote Authentica...

Page 358: ...on messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access vi...

Page 359: ...ing None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_ret...

Page 360: ...fault Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example...

Page 361: ...tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server netw...

Page 362: ...not use blank spaces in the string Maximum length 48 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TAC...

Page 363: ...ample Related Commands ip http server 41 11 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http serve...

Page 364: ...the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_nu...

Page 365: ...secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same po...

Page 366: ...he no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port number used by the Telnet interface port number The TCP port t...

Page 367: ...enerate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair Table 41 10 Secure Shell Commands Command Function Mode Page ip ssh server Enables the...

Page 368: ...05553616163105177594083868631109291232226828519254374603100937187721199 69631781366277414168985132049117204830339254324101637997592371449011938 0060902539484084827178194372288402533115952134861022902...

Page 369: ...he request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether the supplied key is acceptable for authentication and...

Page 370: ...nge 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation p...

Page 371: ...uration Example Related Commands show ip ssh 41 22 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Page 372: ...Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients This command stores the...

Page 373: ...e host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related...

Page 374: ...t key dsa Console Console show ip ssh SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username...

Page 375: ...d by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options fo...

Page 376: ...41 0719421061655759424590939236096954050362775257556251003866130989393834523 1033280214988866192159556859887989191950588394018138744046890877916030583 7768185490002831341625008348718449522087429212255...

Page 377: ...u cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by speci...

Page 378: ...Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 TELN...

Page 379: ...ut any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresse...

Page 380: ...nt command to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the...

Page 381: ...dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 43 2 dot1x port control Sets...

Page 382: ...x dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Default 2 Command Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a p...

Page 383: ...ation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts...

Page 384: ...ent software Only if re authentication fails is the port blocked Example dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re auth...

Page 385: ...ult Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re...

Page 386: ...5 Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x sta...

Page 387: ...on session before re transmitting EAP packet page 43 6 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Maximum number...

Page 388: ...d 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 23 disabled Single Host ForceAuthorized yes 1 24 enabled Single Host Auto yes 802 1X Port Details 802 1X i...

Page 389: ...ion Page IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code 44 1 IPv6 ACLs Configures ACLs based on IPv6 addresses next header type and flow label...

Page 390: ...ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed...

Page 391: ...sets a filter condition for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no...

Page 392: ...ary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering th...

Page 393: ...st This command displays the rules for configured IPv4 ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Na...

Page 394: ...age A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show i...

Page 395: ...Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you mu...

Page 396: ...ed in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address compr...

Page 397: ...dscp DSCP priority level Range 0 63 flow label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of...

Page 398: ...Authentication RFC 2402 50 Encapsulating Security Payload RFC 2406 60 Destination Options RFC 2460 Example This example accepts any incoming packets if the destination address is 2009 DB9 2229 79 48...

Page 399: ...net Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one IPv6 ACLs can onl...

Page 400: ...eate a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To...

Page 401: ...address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host de...

Page 402: ...ter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rul...

Page 403: ...ce Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new...

Page 404: ...sole Table 44 5 ACL Information Commands Command Function Mode Page show access list Show all IPv4 ACLs and associated rules PE 44 16 show access group Shows the IPv4 ACLs assigned to each port PE 44...

Page 405: ...ACL Information 44 17 44 Example Console show access group Interface ethernet 1 2 IP standard access list david MAC access list jerry Console...

Page 406: ...Access Control List Commands 44 18 44...

Page 407: ...45 1 description Adds a description to an interface configuration IC 45 2 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 45 2 negotiat...

Page 408: ...The following example adds a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the d...

Page 409: ...he required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 45 3 capabil...

Page 410: ...tion 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives...

Page 411: ...the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal...

Page 412: ...fp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting sfp preferred auto Command Mode Interface Configuration Ethernet Example Thi...

Page 413: ...e Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This comm...

Page 414: ...isplayed by this command see Displaying Connection Status on page 16 1 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1...

Page 415: ...utput 5 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcas...

Page 416: ...00 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable fra...

Page 417: ...ge 55 3 GVRP status Shows if GARP VLAN Registration Protocol is enabled or disabled page 52 2 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged p...

Page 418: ...Interface Commands 45 12 45...

Page 419: ...cluding communication mode i e speed and duplex mode VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types Tabl...

Page 420: ...if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select th...

Page 421: ...enly across all links in a trunk select the source and destination addresses used in the load balance calculation to provide the best result for trunk connections dst ip All traffic with the same dest...

Page 422: ...source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from many different hosts Example lacp This...

Page 423: ...G membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 10 Console config if lacp Console config if e...

Page 424: ...key Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggrega...

Page 425: ...al LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority m...

Page 426: ...h the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP set...

Page 427: ...d Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to...

Page 428: ...to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the corre...

Page 429: ...Administrative values of the partner s state parameters See preceding table Oper State Operational values of the partner s state parameters See preceding table Console show lacp sysid Port Channel Sys...

Page 430: ...Link Aggregation Commands 46 12 46 Example Console show port channel load balance Source and destination IP address Console...

Page 431: ...s per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit 500 pps Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified t...

Page 432: ...Broadcast Storm Control Commands 47 2 47...

Page 433: ...nfiguration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the d...

Page 434: ...nd Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from...

Page 435: ...nforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the...

Page 436: ...Rate Limit Commands 49 2 49...

Page 437: ...Range 1 24 48 port channel channel id Range 1 24 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No sta...

Page 438: ...another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this comm...

Page 439: ...MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted...

Page 440: ...0000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show ma...

Page 441: ...tance MST 51 9 name Configures the name for the multiple spanning tree MST 51 9 revision Configures the revision number for the multiple spanning tree MST 51 10 max hops Configures the maximum number...

Page 442: ...t switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes d...

Page 443: ...STP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate...

Page 444: ...loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree he...

Page 445: ...s except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port f...

Page 446: ...t method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifi...

Page 447: ...de Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configurati...

Page 448: ...balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all V...

Page 449: ...g the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same prior...

Page 450: ...panning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Con...

Page 451: ...nstances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the...

Page 452: ...h cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ether...

Page 453: ...ith the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifie...

Page 454: ...spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the fast spanning tree mode for the sele...

Page 455: ...point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the...

Page 456: ...to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex...

Page 457: ...interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link i...

Page 458: ...nterface mst instance_id interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 instance_id Instance identifier of the multiple s...

Page 459: ...sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time...

Page 460: ...figuration This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configura...

Page 461: ...guration for bridge extension MIB 52 1 Editing VLAN Groups Sets up VLAN groups including name VID and state 52 5 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and...

Page 462: ...switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information...

Page 463: ...if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setti...

Page 464: ...Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media...

Page 465: ...garp timer 52 4 Editing VLAN Groups vlan database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration...

Page 466: ...elete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed...

Page 467: ...lan Table 52 4 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 52 7 switchport mode Configures VLAN membe...

Page 468: ...link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as t...

Page 469: ...xample The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 52 8 switchport ingress filtering This command enables ingress filte...

Page 470: ...ange 1 4093 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this...

Page 471: ...nk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used w...

Page 472: ...signate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Page 473: ...This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 52 1...

Page 474: ...terfaces switchport 45 10 switchport dot1q tunnel mode This command configures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switchport dot1q tunnel mode a...

Page 475: ...custom 802 1Q ethertype value on the selected interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged...

Page 476: ...TPID is 0x8100 The dot1q tunnel mode of the set interface 1 2 is Uplink mode TPID is 0x8100 The dot1q tunnel mode of the set interface 1 3 is Normal mode TPID is 0x8100 The dot1q tunnel mode of the s...

Page 477: ...m 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1...

Page 478: ...VLAN Commands 52 18 52...

Page 479: ...e VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs can...

Page 480: ...an This command displays the configured private VLAN Command Mode Privileged Exec Example Console show pvlan Private VLAN status Enabled Up link port Ethernet 1 12 Down link port Ethernet 1 5 Ethernet...

Page 481: ...protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protocol...

Page 482: ...roup identifier of this protocol group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4093 Default Setting No protocol groups are mapped for any interface Comm...

Page 483: ...2 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax show protocol vlan protocol group group id group id Group identifier for a pr...

Page 484: ...ce ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting The mapping for all interfaces is displayed Command Mode Privileg...

Page 485: ...r 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 55 1 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags t...

Page 486: ...d Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed b...

Page 487: ...ames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight...

Page 488: ...s port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues Related Commands show queue bandwidth 55 6 queue cos map This command assigns...

Page 489: ...iority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 55 6 show queue mode This command shows the...

Page 490: ...vice priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None...

Page 491: ...mple The following example shows how to enable TCP UDP port mapping globally Table 55 4 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping...

Page 492: ...an be specified for IP Port priority mapping This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Glob...

Page 493: ...ion Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Serv...

Page 494: ...t switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable...

Page 495: ...802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP val...

Page 496: ...ip port Interface Configuration 55 8 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Stack unit Range...

Page 497: ...ys 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None Command Mode Privileged Exec Example Console show map ip precedence ethernet 1 5 Precedence mapping status d...

Page 498: ...Class of Service Commands 55 14 55 Related Commands map ip dscp Global Configuration 55 10 map ip dscp Interface Configuration 55 10...

Page 499: ...mmand to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the...

Page 500: ...a class map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter...

Page 501: ...ration mode Then use the match command to specify the fields within ingress packets that must match to qualify for this class map Only one match command can be entered per class map Example This examp...

Page 502: ...must create a Class Map page 56 4 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the...

Page 503: ...class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and c...

Page 504: ...2 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of profile packets Command Mode Policy Map Class Conf...

Page 505: ...map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interfa...

Page 506: ...QoS policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map nam...

Page 507: ...unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_c...

Page 508: ...Quality of Service Commands 56 10 56...

Page 509: ...owing example enables IGMP snooping Table 57 1 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP...

Page 510: ...configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp s...

Page 511: ...known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Displ...

Page 512: ...is responsible for asking hosts if they want to receive multicast traffic Example Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1...

Page 513: ...by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not re...

Page 514: ...ct This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a c...

Page 515: ...r the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global...

Page 516: ...n Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over th...

Page 517: ...lan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include St...

Page 518: ...Multicast Filtering Commands 57 10 57...

Page 519: ...rresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 58 1 DNS Commands Command Function Mode Page ip...

Page 520: ...get device Example This example maps two address to a host name clear host This command deletes entries from the DNS table Syntax clear host name name Name of the host Range 1 64 characters Removes al...

Page 521: ...ration Example Related Commands ip domain list 58 3 ip name server 58 4 ip domain lookup 58 5 ip domain list This command defines a list of domain names that can be appended to incomplete host names i...

Page 522: ...names to the current list and then displays the list Related Commands ip domain name 58 3 ip name server This command specifies the address of one or more domain name servers to use for name to addre...

Page 523: ...nables DNS host name to address translation Use the no form to disable DNS Syntax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server...

Page 524: ...Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end...

Page 525: ...8 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7...

Page 526: ...e Service Commands 58 8 58 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMA...

Page 527: ...s mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configura...

Page 528: ...itch If you assign an IP address to any other VLAN the new IP address overrides the original IP address and this becomes the new management VLAN 2 Before you can change the IP address you must first c...

Page 529: ...P interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to...

Page 530: ...show ip redirects This command shows the IPv4 default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 59 2 show ipv6 de...

Page 531: ...nd Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination...

Page 532: ...IPv4 Interface Commands 59 6 59...

Page 533: ...IPv6 on the interface IC 60 7 ipv6 address link local Configures an IPv6 link local address for an interface and enables IPv6 on the interface IC 60 9 show ipv6 interface Displays the usability and c...

Page 534: ...devices attached to the same local subnet If a duplicate address is detected on the local segment this interface will be disabled and a warning message displayed on the console The no ipv6 enable comm...

Page 535: ...al value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No general prefix is defined Command Mode Gl...

Page 536: ...full IPv6 address if no general prefix is used or the subsequent bits following the general prefix if one is used followed by the host address bits The address must be formatted according to RFC 2373...

Page 537: ...at If a duplicate address is detected a warning message is sent to the console Example This example uses the general network prefix of 2009 DB9 2229 48 used in an earlier example and then specifies th...

Page 538: ...ith an address prefix of FE80 and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console If the router adve...

Page 539: ...refix i e the network portion of the address Default Setting No IPv6 addresses are defined Command Mode Interface Configuration VLAN Command Usage If a link local address has not yet been assigned to...

Page 540: ...er to be used on multiple IP interfaces of a single device as long as those interfaces are attached to different subnets Example This example uses the general network prefix of 2001 0DB8 0 1 64 used i...

Page 541: ...uration VLAN Command Usage The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multiple IPv6 global unicast addre...

Page 542: ...elds prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Command Mode Normal Exec Privilege...

Page 543: ...Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A nod...

Page 544: ...to indicate the appropriate number of zeros required to fill the undefined fields Default Setting No default gateway is defined Command Mode Global Configuration Command Usage A IPv6 default gateway...

Page 545: ...tion VLAN Command Usage IPv6 routers do not fragment IPv6 packets forwarded from other routers However traffic originating from an end station connected to an IPv6 router may be fragmented All devices...

Page 546: ...tics about IPv6 traffic passing through this switch Command Mode Normal Exec Privileged Exec Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6...

Page 547: ...eassembly failures 0 Ipv6 sent sent generated 1435 forwarded 0 fragmented 0 generated fragments 0 Fragmented failed 0 encapsulation failed 0 no route 0 too big 0 Ipv6 mcast mcast received 0 mcast sent...

Page 548: ...checksum errors 0 length errors 0 no port 1 dropped 0 output 1 TCP Statistics input 1911 checksum errors 0 output 4339 retransmitted 0 Console Table 60 4 show ipv6 traffic display description Field De...

Page 549: ...te that this is not necessarily a count of discarded IPv6 fragments since some algorithms notably the algorithm in RFC 815 can lose track of the number of fragments by combining them as they are recei...

Page 550: ...may be a local site or the destination may not have a route back to the source unreach address The number of times that an address is unreachable unreach port The number of times that a port is unrea...

Page 551: ...eader The number of Send ICMP parameter problem messages caused by an unrecognized header error parameter option The number of Send ICMP parameter problem messages caused by an unrecognized option err...

Page 552: ...s the system encounter an error when trying to queue the received packet output The total number of UDP datagrams sent from this entity TCP Statistics input The total number of segments received inclu...

Page 553: ...ress assigned to the interface sending the ping seconds The timeout interval Range 0 to 3600 seconds verbose Displays detailed output Default Setting repeat 5 timeout 2 seconds Command Mode Normal Exe...

Page 554: ...e undefined fields vlan id VLAN ID Range 1 4093 hardware address The 48 bit MAC layer address for the neighbor device This address must be formatted as six hexadecimal pairs separated by hyphens Defau...

Page 555: ...n Use the no form to restore the default setting Syntax ipv6 nd dad attempts count no ipv6 nd dad attempts count The number of neighbor solicitation messages sent to determine whether or not a duplica...

Page 556: ...icate address remain configured while the address is in duplicate state If the link local address for an interface is changed duplicate address detection is performed on the new link local address but...

Page 557: ...licitation messages when resolving an address or when probing the reachability of a neighbor Therefore avoid using very short intervals for normal IPv6 operations Example The following sets the interv...

Page 558: ...to fill the undefined fields Default Setting All IPv6 neighbor discovery cache entries are displayed Command Mode Normal Exec No command options are available Privileged Exec All command options are...

Page 559: ...he forward path was functioning While in STALE state the device takes no action until a packet is sent DELAY More than the ReachableTime interval has elapsed since the last positive confirmation was r...

Page 560: ...IPv6 Interface Commands 60 28 60...

Page 561: ...switch the default is enabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to swi...

Page 562: ...itches only become cluster Members when manually selected by the administrator through the management station Cluster Member switches can be managed through only using a Telnet connection to the Comma...

Page 563: ...ge the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled Example cluster member This command configures a Candidate switch as a cluster Member Use th...

Page 564: ...g cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI Example show cluster This comman...

Page 565: ...network Command Mode Privileged Exec Example Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 12 cf 23 49 c0 Description 24 48 L2 L4 IPV4 IP...

Page 566: ...Switch Cluster Commands 61 6 61...

Page 567: ...Section IV Appendices This section provides additional information on the following topics Software Specifications A 1 Troubleshooting B 1 Glossary Index...

Page 568: ...Appendices...

Page 569: ...n port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm...

Page 570: ...P in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protoc...

Page 571: ...GMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP MIB RFC 2011 IP Multicasting related MIBs IPV6 MIB RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB...

Page 572: ...Software Specifications A 4 A TACACS Authentication Client MIB TCP MIB RFC 2012 Trap RFC 1215 UDP MIB RFC 2013...

Page 573: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Page 574: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 575: ...ks by employing a well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particul...

Page 576: ...word is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard GARP VLAN Registrat...

Page 577: ...ons for VLAN tagging IEEE 802 3x Defines Ethernet frame start stop requests and timers used for flow control on full duplex links IGMP Snooping Listening to IGMP Query and IGMP Report packets transfer...

Page 578: ...on another device Management Information Base MIB An acronym for Management Information Base It is a set of database objects that contains information about a specific device MD5 Message Digest Algor...

Page 579: ...ferential treatment to specific flows either by raising the priority of one flow or limiting the priority of another flow Quality of Service QoS QoS refers to the capability of a network to provide be...

Page 580: ...your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance a...

Page 581: ...targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Page 582: ...Glossary Glossary 8...

Page 583: ...10 IP port priority 26 11 55 7 IP precedence 26 8 55 8 layer 3 4 priorities 26 7 55 7 queue mapping 26 3 55 4 queue mode 26 4 55 2 traffic class weights 26 5 55 4 D default IPv4 gateway configuration...

Page 584: ...es 26 8 55 9 IPv4 address BOOTP DHCP 5 3 59 1 59 3 dynamic configuration 2 8 manual configuration 2 4 setting 2 4 5 1 59 1 IPv6 configuring static neighbors 5 11 60 22 displaying neighbors 5 11 60 22...

Page 585: ...duplex mode 16 4 45 2 forced selection on combo ports 45 6 speed 16 4 45 2 ports configuring 16 1 45 1 ports mirroring 19 1 48 1 priority default port ingress 26 1 55 3 problems troubleshooting B 1 pr...

Page 586: ...6 2 35 2 T TACACS logon authentication 12 2 41 9 time setting 10 1 39 1 TPID 23 17 52 15 traffic class weights 26 5 55 4 trap manager 2 11 11 4 40 5 troubleshooting B 1 trunk configuration 17 1 46 1 L...

Page 587: ......

Page 588: ...ES4524D ES4548D E112006 CS R01 149100030400A...

Reviews:

No comments

Brands by name

Popular brands

Load more brands