Edge-Core ECS4660-28F Management Manual Download Page 1128

Page: 1128 / 2020

HAPTER

| General Security Measures

DHCPv6 Snooping

– 1128 –

If a DHCPv6 packet from a client passes the filtering criteria above,

it will only be forwarded to trusted ports in the same VLAN.

DHCP Server Packet

■

If a DHCP server packet is received on an

untrusted

port, drop

this packet and add a log entry in the system.

■

If a DHCPv6 Reply packet is received from a server on a

trusted

port, it will be processed in the following manner:

Check if IPv6 address in IA option is found in binding table:

■

If yes, continue to C.

■

If not, continue to B.

Check if IPv6 address in IA option is found in binding cache:

■

If yes, continue to C.

■

If not, check failed, and forward packet to trusted port.

Check status code in IA option:

■

If successful, and entry is in binding table, update lease

time and forward to original destination.

■

If successful, and entry is in binding cache, move entry

from binding cache to binding table, update lease time

and forward to original destination.

■

Otherwise, remove binding entry. and check failed.

■

If a DHCPv6 Relay packet is received, check the relay message

option in Relay-Forward or Relay-Reply packet, and process

client and server packets as described above.

◆

If DHCPv6 snooping is globally disabled, all dynamic bindings are

removed from the binding table.

◆

Additional considerations when the switch itself is a DHCPv6 client

–

The port(s) through which the switch submits a client request to the

DHCPv6 server must be configured as trusted (using the

ipv6 dhcp

snooping trust

command). Note that the switch will not add a dynamic

entry for itself to the binding table when it receives an ACK message

from a DHCPv6 server. Also, when the switch sends out DHCPv6 client

packets for itself, no filtering takes place. However, when the switch

receives any messages from a DHCPv6 server, any packets received

from untrusted ports are dropped.

XAMPLE

This example enables DHCPv6 snooping globally for the switch.

Console(config)#ipv6 dhcp snooping

Console(config)#

ELATED

OMMANDS

ipv6 dhcp snooping vlan (1129)

ipv6 dhcp snooping trust (1130)

«
...
1126
1127
1128
1129
1130
...
»

Summary of Contents for ECS4660-28F

Page 1: ...Management Guide www edge core com ECS4660 28F Layer 3 Gigabit Ethernet Switch...

Page 2: ......

Page 3: ...AGEMENT GUIDE ECS4660 28F GIGABIT ETHERNET SWITCH Layer 3 Switch with 24 Gigabit Ethernet Ports SFP 2 10G Ethernet Ports XSFP and 2 Slots for Optional 10G Modules ECS4660 28F E102013 ST R03 1491000001...

Page 4: ......

Page 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Page 6: ...raffic Flows Updated Parameters section under Enabling QinQ Tunneling on the Switch on page 247 Added Creating CVLAN to SPVLAN Mapping Entries on page 248 Added Mapping Ingress DSCP Values to Internal...

Page 7: ...ands on page 1025 Updated syntax for the command ip source guard binding on page 1134 ip source guard max binding on page 1137 and show ip source guard binding on page 1139 Added the commands ip sourc...

Page 8: ...ort dscp on page 1403 Added the command ip igmp snooping priority on page 1428 Added the commands ip igmp authentication on page 1451 and show ip igmp authentication on page 1456 Added MLD Filtering a...

Page 9: ...Configuring VLAN Groups on page 228 Added Configuring VLAN Translation on page 259 Added parameters under Configuring Loopback Detection on page 274 Added parameters under Configuring a Class Map on p...

Page 10: ...PIMv6 Interface Settings on page 850 Added Configuring Global PIM6 SM Settings on page 856 Added Configuring a PIM6 BSR Candidate on page 858 Added Configuring a PIM6 Static Rendezvous Point on page 8...

Page 11: ...6 Updated parameter description for show ip route on page 1726 Added tunnel parameter to ipv6 route on page 1730 Added Border Gateway Protocol BGPv4 on page 1818 Added Policy based Routing for BGP on...

Page 12: ...ABOUT THIS GUIDE 12...

Page 13: ...rotocol 100 System Defaults 102 2 INITIAL SWITCH CONFIGURATION 105 Connecting to the Switch 105 Configuration Options 105 Required Connections 106 Remote Connections 107 Basic Configuration 108 Consol...

Page 14: ...Files via FTP TFTP or HTTP 155 Saving the Running Configuration to a Local File 157 Setting The Start Up File 158 Showing System Files 159 Automatic Operation Code Upgrade 160 Setting the System Cloc...

Page 15: ...on 219 Enabling Traffic Segmentation 219 Configuring Uplink and Downlink Ports 220 VLAN Trunking 222 6 VLAN CONFIGURATION 225 IEEE 802 1Q VLANs 225 Configuring VLAN Groups 228 Adding Static Members to...

Page 16: ...ON CONTROL 295 Rate Limiting 295 Storm Control 296 Automatic Traffic Control 298 Setting the ATC Timers 300 Configuring ATC Thresholds and Responses 301 10 CLASS OF SERVICE 305 Layer 2 Queue Settings...

Page 17: ...366 Configuring Interface Settings for Web Authentication 367 Network Access MAC Address Authentication 368 Configuring Global Settings for Network Access 371 Configuring Network Access for Ports 372...

Page 18: ...802 1X Global Settings 424 Configuring Port Authenticator Settings for 802 1X 425 Displaying 802 1X Statistics 429 DoS Protection 431 IPv4 Source Guard 432 Configuring Ports for IP Source Guard 433 Co...

Page 19: ...89 Setting Community Access Strings 494 Configuring Local SNMPv3 Users 495 Configuring Remote SNMPv3 Users 497 Specifying Trap Managers 500 Creating SNMP Notification Logs 504 Showing SNMP Statistics...

Page 20: ...on 585 Enabling OAM on Local Ports 585 Displaying Statistics for OAM Messages 588 Displaying the OAM Event Log 589 Displaying the Status of Remote Interfaces 590 Configuring a Remote Loop Back Test 59...

Page 21: ...nfiguring IGMP Proxy Routing 647 Configuring IGMP Interface Parameters 650 Configuring Static IGMP Group Membership 652 Displaying Multicast Group Information 654 Multicast VLAN Registration for IPv4...

Page 22: ...splaying the DNS Cache 718 Dynamic Host Configuration Protocol 719 Specifying a DHCP Client Identifier 720 Configuring DHCP Relay Service 721 Configuring the DHCP Server 723 Forwarding UDP Service Req...

Page 23: ...771 Clearing Entries from the Routing Table 774 Specifying Network Interfaces 775 Specifying Passive Interfaces 777 Specifying Static Neighbors 778 Configuring Route Redistribution 779 Specifying an...

Page 24: ...IM Globally 833 Configuring PIM Interface Settings 834 Displaying PIM Neighbor Information 839 Configuring Global PIM SM Settings 840 Configuring a PIM BSR Candidate 842 Configuring a PIM Static Rende...

Page 25: ...okup 874 Negating the Effect of Commands 874 Using Command History 874 Understanding Command Modes 874 Exec Commands 875 Configuration Commands 876 Command Line Processing 878 CLI Command Groups 879 2...

Page 26: ...anner configure note 900 show banner 901 System Status 901 show access list tcam utilization 902 show alarm status 902 show memory 903 show process cpu 904 show running config 904 show startup config...

Page 27: ...29 silent time 929 speed 930 stopbits 931 timeout login response 931 disconnect 932 show line 932 Event Logging 933 logging facility 934 logging history 934 logging host 935 logging on 936 logging tra...

Page 28: ...ock summer time predefined 953 clock summer time recurring 954 clock timezone 955 calendar set 956 show calendar 957 Time Range 957 time range 957 absolute 958 periodic 959 show time range 960 Precisi...

Page 29: ...selecting 983 synce force clock source selecting 984 synce ssm ethernet 985 synce clk src ssm 986 show synce 987 Switch Clustering 989 cluster 990 cluster commander 990 cluster ip pool 991 cluster me...

Page 30: ...server notify filter 1013 show nlm oper status 1014 show snmp notify filter 1015 Additional Trap Commands 1015 memory 1015 process cpu 1016 26 REMOTE MONITORING COMMANDS 1017 rmon alarm 1018 rmon eve...

Page 31: ...TACACS Client 1040 tacacs server host 1041 tacacs server key 1041 tacacs server port 1042 tacacs server retransmit 1042 tacacs server timeout 1043 show tacacs server 1043 AAA 1044 aaa accounting dot1x...

Page 32: ...ssh 1065 show public key 1065 show ssh 1066 802 1X Port Authentication 1067 General Commands 1068 dot1x default 1068 dot1x eapol pass through 1068 dot1x system auth control 1069 Authenticator Command...

Page 33: ...0 mac learning 1090 port security 1091 port security mac address as permanent 1093 show port security 1093 Network Access MAC Address Authentication 1095 network access aging 1096 network access mac f...

Page 34: ...information option 1118 ip dhcp snooping information policy 1119 ip dhcp snooping verify mac address 1120 ip dhcp snooping vlan 1121 ip dhcp snooping information option circuit id 1122 ip dhcp snoopi...

Page 35: ...pection 1145 ip arp inspection 1146 ip arp inspection filter 1147 ip arp inspection log buffer logs 1148 ip arp inspection validate 1149 ip arp inspection vlan 1150 ip arp inspection limit 1151 ip arp...

Page 36: ...1170 access list ipv6 1170 permit deny Standard IPv6 ACL 1171 permit deny Extended IPv6 ACL 1172 ipv6 access group 1174 show ipv6 access group 1175 show ipv6 access list 1175 MAC ACLs 1176 access lis...

Page 37: ...on 1205 transceiver threshold auto 1205 transceiver threshold monitor 1206 transceiver threshold current 1206 transceiver threshold rx power 1207 transceiver threshold temperature 1208 transceiver thr...

Page 38: ...ort packet rate 1241 switchport block 1242 Automatic Traffic Control Commands 1243 Threshold Commands 1246 auto traffic control apply timer 1246 auto traffic control release timer 1246 auto traffic co...

Page 39: ...val 1262 loopback detection trap 1262 loopback detection release 1263 show loopback detection 1263 36 UNIDIRECTIONAL LINK DETECTION COMMANDS 1265 udld message interval 1265 udld aggressive 1266 udld p...

Page 40: ...ck detection release mode 1294 spanning tree loopback detection trap 1295 spanning tree mst cost 1295 spanning tree mst port priority 1296 spanning tree port bpdu flooding 1297 spanning tree port prio...

Page 41: ...ch 1329 show erps 1331 40 VLAN COMMANDS 1337 GVRP and Bridge Extension Commands 1338 bridge ext gvrp 1338 garp timer 1339 switchport forbidden vlan 1340 switchport gvrp 1340 show bridge ext 1341 show...

Page 42: ...ation 1364 show vlan translation 1366 Configuring Private VLANs 1366 private vlan 1367 private vlan association 1368 switchport mode private vlan 1369 switchport private vlan host association 1370 swi...

Page 43: ...ueue weight 1391 Priority Commands Layer 3 and 4 1392 qos map cos dscp 1393 qos map default drop precedence 1394 qos map dscp cos 1395 qos map dscp mutation 1396 qos map ip port dscp 1398 qos map ip p...

Page 44: ...lood 1431 ip igmp snooping tcn query solicit 1432 ip igmp snooping unregistered data flood 1432 ip igmp snooping unsolicited report interval 1433 ip igmp snooping version 1434 ip igmp snooping version...

Page 45: ...profile 1457 show ip igmp query drop 1458 show ip igmp throttle interface 1458 show ip multicast data drop 1459 MLD Snooping 1460 ipv6 mld snooping 1461 ipv6 mld snooping querier 1461 ipv6 mld snoopi...

Page 46: ...ile 1476 show ipv6 mld query drop 1476 show ipv6 mld throttle interface 1477 MVR for IPv4 1478 mvr 1479 mvr associated profile 1479 mvr domain 1480 mvr profile 1481 mvr proxy query interval 1481 mvr p...

Page 47: ...clear mvr6 statistics 1507 show mvr6 1507 show mvr6 associated profile 1508 show mvr6 interface 1509 show mvr6 members 1510 show mvr6 profile 1511 show mvr6 statistics 1511 IGMP Layer 3 1513 ip igmp...

Page 48: ...37 lldp 1539 lldp holdtime multiplier 1539 lldp med fast start count 1540 lldp notification interval 1540 lldp refresh interval 1541 lldp reinit delay 1541 lldp tx delay 1542 lldp admin status 1543 ll...

Page 49: ...t cfm domain 1567 ethernet cfm enable 1569 ma index name 1570 ma index name format 1571 ethernet cfm mep 1571 ethernet cfm port enable 1572 clear ethernet cfm ais mpid 1573 show ethernet cfm configura...

Page 50: ...linktrace cache 1594 Loopback Operations 1595 ethernet cfm loopback 1595 Fault Generator Operations 1596 mep fault notify alarm time 1596 mep fault notify lowest priority 1597 mep fault notify reset t...

Page 51: ...dns cache 1622 show hosts 1622 48 DHCP COMMANDS 1625 DHCP Client 1625 DHCP for IPv4 1625 ip dhcp client class id 1625 ip dhcp restart client 1627 DHCP for IPv6 1628 ipv6 dhcp client rapid commit vlan...

Page 52: ...S 1647 IPv4 Interface 1647 Basic IPv4 Configuration 1648 ip address 1648 ip default gateway 1650 show ip interface 1651 show ip traffic 1652 traceroute 1653 ping 1654 ARP Configuration 1655 arp 1655 a...

Page 53: ...empts 1684 ipv6 nd managed config flag 1685 ipv6 nd other config flag 1686 ipv6 nd ns interval 1687 ipv6 nd raguard 1688 ipv6 nd reachable time 1689 ipv6 nd prefix 1690 ipv6 nd ra interval 1691 ipv6 n...

Page 54: ...ipv6 nd snooping binding 1711 show ipv6 nd snooping prefix 1711 50 VRRP COMMANDS 1713 vrrp authentication 1714 vrrp ip 1714 vrrp preempt 1715 vrrp priority 1716 vrrp timers advertise 1717 clear vrrp i...

Page 55: ...ntication mode 1742 ip rip authentication string 1743 ip rip receive version 1744 ip rip receive packet 1745 ip rip send version 1745 ip rip send packet 1746 ip rip split horizon 1747 clear ip rip rou...

Page 56: ...o interval 1772 ip ospf message digest key 1773 ip ospf priority 1774 ip ospf retransmit interval 1775 ip ospf transmit delay 1776 passive interface 1777 Display Information 1777 show ip ospf 1777 sho...

Page 57: ...y 1808 ipv6 ospf retransmit interval 1809 ipv6 ospf transmit delay 1810 passive interface 1811 Display Information 1812 show ipv6 ospf 1812 show ipv6 ospf database 1813 show ipv6 ospf interface 1814 s...

Page 58: ...8 redistribute 1849 timers bgp 1850 clear ip bgp 1851 clear ip bgp dampening 1852 Route Metrics and Selection 1853 bgp always compare med 1853 bgp bestpath as path ignore 1853 bgp bestpath compare con...

Page 59: ...bers 1872 neighbor port 1872 neighbor prefix list 1873 neighbor remote as 1874 neighbor remove private as 1874 neighbor route map 1875 neighbor route reflector client 1876 neighbor route server client...

Page 60: ...list 1895 show ip prefix list 1896 show ip prefix list detail 1896 show ip prefix list summary 1897 Policy based Routing for BGP 1897 route map 1899 call 1900 continue 1901 description 1901 match as p...

Page 61: ...t routing 1922 show ipv6 mroute 1923 Static Multicast Routing 1925 ip igmp snooping vlan mrouter 1925 show ip igmp snooping mrouter 1926 PIM Multicast Routing 1927 IPv4 PIM Commands 1927 PIM Shared Mo...

Page 62: ...hash 1949 IPv6 PIM Commands 1950 PIM6 Shared Mode Commands 1951 router pim6 1951 ipv6 pim 1951 ipv6 pim hello holdtime 1953 ipv6 pim hello interval 1953 ipv6 pim join prune holdtime 1954 ipv6 pim lan...

Page 63: ...show ipv6 pim rp mapping 1971 show ipv6 pim rp hash 1972 SECTION IV APPENDICES 1973 A SOFTWARE SPECIFICATIONS 1975 Software Features 1975 Management Features 1977 Standards 1977 Management Information...

Page 64: ...CONTENTS 64...

Page 65: ...uring NTP 167 Figure 15 Specifying SNTP Time Servers 168 Figure 16 Adding an NTP Time Server 169 Figure 17 Showing the NTP Time Server List 169 Figure 18 Adding an NTP Authentication Key 170 Figure 19...

Page 66: ...eiver Thresholds 203 Figure 48 Configuring Static Trunks 205 Figure 49 Creating Static Trunks 206 Figure 50 Adding Static Trunks Members 206 Figure 51 Configuring Connection Parameters for a Static Tr...

Page 67: ...ivate VLANs 241 Figure 84 Showing Associated VLANs 241 Figure 85 Configuring Interfaces for Private VLANs 243 Figure 86 QinQ Operational Concept 244 Figure 87 Enabling QinQ Tunneling 248 Figure 88 Con...

Page 68: ...for STA 288 Figure 119 Creating an MST Instance 290 Figure 120 Displaying MST Instances 290 Figure 121 Modifying the Priority for an MST Instance 291 Figure 122 Displaying Global Settings for an MST I...

Page 69: ...to a Policy Map 338 Figure 157 Showing the Rules for a Policy Map 338 Figure 158 Attaching a Policy Map to a Port 339 Figure 159 Configuring a Voice VLAN 343 Figure 160 Configuring an OUI Telephony L...

Page 70: ...sses Authenticated for Network Access 378 Figure 190 Configuring HTTPS 379 Figure 191 Downloading the Secure Site Certificate 381 Figure 192 Configuring the SSH Server 385 Figure 193 Generating the SS...

Page 71: ...urce Guard Binding Table 438 Figure 229 Setting the Filter Type for IPv6 Source Guard 440 Figure 230 Configuring Static Bindings for IPv6 Source Guard 442 Figure 231 Displaying Static Bindings for IPv...

Page 72: ...4 Figure 263 Showing Community Access Strings 495 Figure 264 Configuring Local SNMPv3 Users 496 Figure 265 Showing Local SNMPv3 Users 497 Figure 266 Configuring Remote SNMPv3 Users 499 Figure 267 Show...

Page 73: ...gure 301 Configuring Global Settings for CFM 554 Figure 302 Configuring Interfaces for CFM 555 Figure 303 Configuring Maintenance Domains 559 Figure 304 Showing Maintenance Domains 559 Figure 305 Conf...

Page 74: ...re 337 Displaying PTP Neighbor Information 608 Figure 338 Multicast Filtering Concept 610 Figure 339 IGMP Protocol 611 Figure 340 Configuring General Settings for IGMP Snooping 617 Figure 341 Configur...

Page 75: ...Configuring IGMP Interface Settings 652 Figure 371 Configuring Static IGMP Groups 653 Figure 372 Showing Static IGMP Groups 654 Figure 373 Displaying Multicast Groups Learned from IGMP Information 656...

Page 76: ...Interface 700 Figure 407 Configuring RA Guard for an IPv6 Interface 700 Figure 408 Configuring an IPv6 Address 703 Figure 409 Showing Configured IPv6 Addresses 704 Figure 410 Showing IPv6 Neighbors 7...

Page 77: ...Layer 3 Routing 742 Figure 443 Pinging a Network Device 746 Figure 444 Tracing the Route to a Network Device 747 Figure 445 Proxy ARP 749 Figure 446 Configuring General Settings for ARP 750 Figure 44...

Page 78: ...istance Assigned to External Routes 782 Figure 479 Configuring a Network Interface for RIP 785 Figure 480 Showing RIP Network Interface Settings 786 Figure 481 Showing RIP Interface Settings 787 Figur...

Page 79: ...e Database 822 Figure 517 Displaying Neighbor Routers Stored in the Link State Database 824 Figure 518 Enabling IPv4 Multicast Routing 828 Figure 519 Enabling IPv6 Multicast Routing 829 Figure 520 Dis...

Page 80: ...P Candidate 863 Figure 546 Showing Information About the PIM6 BSR 864 Figure 547 Showing PIM6 RP Mapping 865 Figure 548 Storm Control by Limiting the Traffic Rate 1244 Figure 549 Storm Control by Shut...

Page 81: ...pping 309 Table 15 CoS Priority Levels 310 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 310 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 315 Table 18 Default Ma...

Page 82: ...tion 705 Table 46 Show IPv6 Statistics display description 707 Table 47 Show MTU display description 712 Table 48 Options 60 66 and 67 Statements 720 Table 49 Options 55 and 124 Statements 720 Table 5...

Page 83: ...isplay description for boundary clock 977 Table 84 show ptp information display description for transparent clock 979 Table 85 Sync E Commands 979 Table 86 Synchronous Ethernet Standards 980 Table 87...

Page 84: ...2 information 1122 Table 120 DHCP Snooping Commands 1126 Table 121 IPv4 Source Guard Commands 1133 Table 122 IPv6 Source Guard Commands 1140 Table 123 ARP Inspection Commands 1145 Table 124 DoS Protec...

Page 85: ...32 Table 157 show erps domain detailed display description 1333 Table 158 show erps statistics detailed display description 1334 Table 159 VLAN Commands 1337 Table 160 GVRP and Bridge Extension Comman...

Page 86: ...s 1460 Table 191 MLD Filtering and Throttling Commands 1469 Table 192 Multicast VLAN Registration for IPv4 Commands 1478 Table 193 show mvr display description 1490 Table 194 show mvr interface displa...

Page 87: ...w hosts display description 1623 Table 227 DHCP Commands 1625 Table 228 DHCP Client Commands 1625 Table 229 Options 60 66 and 67 Statements 1626 Table 230 Options 55 and 124 Statements 1626 Table 231...

Page 88: ...y description 1790 Table 264 Open Shortest Path First Commands Version 3 1790 Table 265 show ip ospf display description 1812 Table 266 show ip ospf database display description 1814 Table 267 show ip...

Page 89: ...Table 287 show ip pim rp hash display description 1949 Table 288 PIM DM and PIM SM Multicast Routing Commands 1950 Table 289 show ipv6 pim neighbor display description 1958 Table 290 show ip pim bsr...

Page 90: ...TABLES 90...

Page 91: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 92: ...SECTION I Getting Started 92...

Page 93: ...r name password RADIUS TACACS Port IEEE 802 1X MAC address filtering SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Telnet SSH Web HTTPS General Security Measures AAA ARP inspection D...

Page 94: ...Port Qualify of Service Supports Differentiated Services DiffServ Link Layer Discovery Protocol Used to discover basic information about neighboring devices Switch Clustering Supports up to 36 member...

Page 95: ...thentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the E...

Page 96: ...port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity PORT TRUNKING Ports can be combined into an aggreg...

Page 97: ...ks SPANNING TREE ALGORITHM The switch supports these spanning tree protocols Spanning Tree Protocol STP IEEE 802 1D This protocol provides loop detection When there are multiple physical paths between...

Page 98: ...restricting all traffic to the originating VLAN except where a connection is explicitly defined via the switch s routing service Use private VLANs to restrict traffic to pass only between data ports a...

Page 99: ...nodes in the ring structure It can also function with IEEE 802 1ag to support link monitoring when non participating devices exist within the Ethernet ring OPERATION ADMINISTRATION AND MAINTENANCE The...

Page 100: ...CMP uses either equal cost unicast multipaths manually configured in the static routing table or equal cost multipaths dynamically detected by the Open Shortest Path Algorithm OSPF In other words it u...

Page 101: ...rs Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration set...

Page 102: ...Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication D...

Page 103: ...thm Status Enabled RSTP Defaults RSTP standard Edge Ports Disabled ERPS Status Disabled LLDP Status Enabled Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Swit...

Page 104: ...Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled MLD Snooping Layer 2 IPv6 Snooping Enabled Querier Disabled Multicast VLAN Registration Disa...

Page 105: ...lay statistics using a standard web browser such as Internet Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any com...

Page 106: ...rol on any port for excessive broadcast multicast or unknown unicast traffic Display system information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a con...

Page 107: ...rotocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on page 109 NOTE This...

Page 108: ...each level To log into the CLI at the Privileged Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification...

Page 109: ...IPv4 configuration requests to BOOTP or DHCP address allocation servers on the network or can automatically generate a unique IPv6 host address based on the local subnet address prefix received in rou...

Page 110: ...config ip default gateway 192 168 1 254 ASSIGNING AN IPV6 ADDRESS This section describes how to configure a link local address for connectivity within the local subnet only and also how to configure...

Page 111: ...enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time i...

Page 112: ...onsole config interface vlan 1 Console config if ipv6 address 2001 DB8 2222 7272 64 Console config if exit Console config ipv6 default gateway 2001 DB8 2222 7272 254 Console config end Console show ip...

Page 113: ...ddress assignments through BOOTP or DHCP It may be necessary to use this command when DHCP is configured on a VLAN and the member ports which were previously shut down are now enabled If the bootp or...

Page 114: ...efix of FE80 This address type makes the switch accessible over IPv6 for all devices attached to the same local subnet To generate an IPv6 link local address for the switch complete the following step...

Page 115: ...uration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not receive a DHCP response prior to completing the bootup process it w...

Page 116: ...Default Option 66 option bootfile name bootfile Default Option 67 class Option66 67_1 DHCP Option 60 Vendor class two match if option vendor class identifier ecs4660 28f cfg option tftp server name 19...

Page 117: ...need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects...

Page 118: ...onfig CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write...

Page 119: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 155 for more information Diagnostic Code Software that is run during system boot up also kno...

Page 120: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Page 121: ...n page 181 VLAN Configuration on page 225 Address Table Settings on page 263 Spanning Tree Algorithm on page 271 Congestion Control on page 295 Class of Service on page 305 Quality of Service on page...

Page 122: ...SECTION II Web Configuration 122 Multicast Routing on page 825...

Page 123: ...page 109 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Sett...

Page 124: ...nfiguration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connects with the switch s web agent the home page is displayed...

Page 125: ...f the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control...

Page 126: ...eral Manual Manually sets the current time 164 SNTP Configures SNTP polling interval 165 NTP Configures NTP authentication parameters 166 Configure Time Server Configures a list of NTP or SNTP servers...

Page 127: ...igure Trunk 205 Add Creates a trunk along with the first port member 205 Show Shows the configured trunk identifiers 205 Add Member Specifies ports to group into static trunks 205 Show Member Shows th...

Page 128: ...ts for a segmented group of ports 220 Add Assign the downlink and uplink ports to use in a segmented group 220 Show Shows the assigned ports and direction uplink downlink 220 VLAN Trunking Allows unkn...

Page 129: ...IP Subnet 256 Add Maps IP subnet traffic to a VLAN 256 Show Shows IP subnet to VLAN mapping 256 MAC Based 258 Add Maps traffic with specified source MAC address to a VLAN 258 Show Shows source MAC add...

Page 130: ...ast storm threshold for each interface 296 Auto Traffic Control Sets thresholds for broadcast and multicast storms which can be used to trigger configured rate limits or to shut down a port 298 Config...

Page 131: ...326 Add Creates a class map for a type of traffic 326 Show Shows configured class maps 326 Modify Modifies the name of a class map 326 Add Rule Configures the criteria used to classify ingress traffi...

Page 132: ...accounting settings used for various service types 355 Configure Service Sets the accounting method applied to specific interfaces for 802 1X CLI command privilege levels for the console port and for...

Page 133: ...S Secure HTTP 378 Configure Global Enables HTTPs and specifies the UDP port to use 378 Copy Certificate Replaces the default secure site certificate 380 SSH Secure Shell 381 Configure Global Configure...

Page 134: ...ed MAC addresses 420 Port Authentication IEEE 802 1X 423 Configure Global Enables authentication and EAPOL pass through 424 Configure Interface Sets authentication parameters for individual ports 425...

Page 135: ...n about a remote device connected to this switch 470 Show Device Statistics 478 General Displays statistics for all connected remote devices 478 Port Trunk Displays statistics for remote devices on a...

Page 136: ...s 506 RMON Remote Monitoring 508 Configure Global Add Alarm Sets threshold bounds for a monitored variable 509 Event Creates a response event for an alarm 511 Show Alarm Shows all configured alarms 50...

Page 137: ...ure Maintenance Associations 560 Add Defines a unique CFM service instance identified by its parent MD the MA index the VLAN assigned to the MA and the MIP creation method 560 Configure Details Config...

Page 138: ...fied port sets the mode to active or passive and enables the reporting of critical events or errored frame events 585 Counters Displays statistics on OAM PDUs 588 Event Log Displays the log for record...

Page 139: ...RP protocol packet errors 766 Group Statistics Displays statistics for VRRP protocol events and errors on the specified VRRP group and interface 767 IPv6 Configuration 695 Configure Global Sets an IPv...

Page 140: ...signated name servers 718 DHCP Dynamic Host Configuration Protocol Client Specifies the DHCP client identifier for an interface 720 Relay Specifies DHCP relay servers 721 Snooping 444 Configure Global...

Page 141: ...t snooping 613 Multicast Router 617 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 617 Show Static Multicast Router Displays ports statically configured...

Page 142: ...y configured as attached to a neighboring multicast router 641 Show Current Multicast Router Displays ports attached to a neighboring multicast router either through static or dynamic configuration 64...

Page 143: ...st stream addresses 662 Show Shows multicast stream addresses 662 Associate Profile 662 Add Maps an address profile to a domain 662 Show Shows addresses profile to domain mapping 662 Configure Interfa...

Page 144: ...assigned to an MVR VLAN the source address of the multicast services and the interfaces with active subscribers 685 Show Statistics 686 Show Query Statistics Shows statistics for query related message...

Page 145: ...the RIP parameters set for each interface 782 Modify Modifies RIP parameters for an interface 782 Statistics Show Interface Information Shows RIP settings and statistics on RIP protocol messages 786 S...

Page 146: ...Configures OSPF protocol settings and authentication for specified VLAN 811 Configure by Address Configures OSPF protocol settings and authentication for specified interface address 811 Show MD5 Key S...

Page 147: ...didate 858 RP Address 859 Add Sets a static address for an RP and the associated multicast group s 859 Show Shows the static addresses configured for each RP and the associated multicast groups 859 RP...

Page 148: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 148...

Page 149: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Settings...

Page 150: ...ubsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator respon...

Page 151: ...ersion Hardware version of the main board Main Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply Management Softwar...

Page 152: ...process protocol encapsulation fields CLI REFERENCES jumbo frame on page 911 switchport mtu on page 1195 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a comput...

Page 153: ...can access these extensions to display default settings for the key variables CLI REFERENCES GVRP and Bridge Extension Commands on page 1338 PARAMETERS The following parameters are displayed Extended...

Page 154: ...status VLAN Tagged or Untagged on each port Refer to VLAN Configuration on page 225 Max Supported VLAN Numbers The maximum number of VLANs supported on this switch Max Supported VLAN ID The maximum co...

Page 155: ...sion and then set the new file as the startup file CLI REFERENCES copy on page 914 COMMAND USAGE When logging into an FTP server the interface prompts for a user name and password configured on the re...

Page 156: ...imited only by available flash memory space NOTE The file Factory_Default_Config cfg can be copied to a file server or management station but cannot be used as the destination file name on the switch...

Page 157: ...or to another file which can be subsequently set as the startup file CLI REFERENCES copy on page 914 PARAMETERS The following parameters are displayed Copy Type The copy operation includes this optio...

Page 158: ...uration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING THE START UP FILE Use the System File Set Start Up pa...

Page 159: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Page 160: ...name of the code stored on the remote server must be ECS4660_28F bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this manual e...

Page 161: ...switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgrad...

Page 162: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Page 163: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Page 164: ...time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on t...

Page 165: ...S Time on page 944 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time u...

Page 166: ...between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers The authentication keys and their a...

Page 167: ...address for up to three SNTP time servers CLI REFERENCES sntp server on page 946 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three...

Page 168: ...time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by the serve...

Page 169: ...key list CLI REFERENCES ntp authentication key on page 948 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key List to us...

Page 170: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Page 171: ...ou can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 955 PARAMETERS The following p...

Page 172: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Page 173: ...to the console connection see login on page 926 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts...

Page 174: ...rrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number of eight sessions Login Timeout Sets the interval that the system waits for a user to log into the CLI If a lo...

Page 175: ...le port 1 Click System then Telnet 2 Specify the connection parameters as required 3 Click Apply Figure 22 Telnet Connection Settings DISPLAYING CPU UTILIZATION Use the System CPU Utilization page to...

Page 176: ...soon as a new setting is selected Figure 23 Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System Memory Status page to display memory utilization parameters CLI REFERENCES show mem...

Page 177: ...ys run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command see copy on page 914 PARAMETERS The foll...

Page 178: ...59 At Specifies a time at which to reload the switch DD The day of the month at which to reload Range 01 31 MM The month at which to reload Range 01 12 YYYY The year at which to reload Range 1970 203...

Page 179: ...the System 179 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted confirm that you want reset the switch Figure 25 Restarting the Switch Imm...

Page 180: ...CHAPTER 4 Basic Management Tasks Resetting the System 180 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Page 181: ...RMON port statistics in table or chart form Configuring History Sampling Configures statistical sampling for the specified interfaces Displaying Transceiver Data Displays identifying information and o...

Page 182: ...ch can be advertised include speed duplex mode flow control and symmetric pause frames Using Jumbo Frames Use the jumbo frame attribute on the System Capability page to enable or disable jumbo frames...

Page 183: ...P ports SFP Forced 100FX Always uses 1000BASE FX mode SFP Forced 1000SFP Always uses 1000BASE SFP mode SFP Forced 10GSFP Always uses 10GBASE SFP mode Autonegotiation Port Capabilities Allows auto nego...

Page 184: ...18 bytes WEB INTERFACE To configure port connection parameters 1 Click Interface Port General 2 Select Configure by Port List from the Action List 3 Modify the required interface settings 4 Click Appl...

Page 185: ...y Port Range DISPLAYING CONNECTION STATUS Use the Interface Port General Show Information page to display the current connection status including link state speed duplex mode flow control and auto neg...

Page 186: ...t Figure 31 Displaying Port Information CONFIGURING LOCAL PORT MIRRORING Use the Interface Port Mirror page to mirror traffic from any source port to a target port for real time analysis You can then...

Page 187: ...ort cannot be a trunk or trunk member port Note that Spanning Tree BPDU packets are not mirrored to the target port PARAMETERS These parameters are displayed Source Port The port whose traffic will be...

Page 188: ...over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybrid p...

Page 189: ...g the mirror session the switch s role Destination the destination port whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where t...

Page 190: ...ffic Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations Destination Specifies this device as a swi...

Page 191: ...r the same session Also note that a destination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the...

Page 192: ...rnet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy traffi...

Page 193: ...s The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Transmitted Multicast Packets The total number of packets that h...

Page 194: ...ss than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet seg...

Page 195: ...t Statistics Table Utilization Statistics Input Octets in kbits per second Number of octets entering this interface in kbits second Input Packets per second Number of packets entering this interface p...

Page 196: ...ode is chosen select a port from the drop down list If All ports statistics mode is chosen select the statistics type to display Figure 40 Showing Port Statistics Chart CONFIGURING HISTORY SAMPLING Us...

Page 197: ...mber Range 1 28 History Name Name of sample interval Default settings 15min 1day Interval The interval for sampling statistics Requested Buckets The number of samples to take Show Details Mode Status...

Page 198: ...ck Interface Port Statistics or Interface Trunk Statistics 2 Select Show from the Action menu 3 Select an interface from the Port or Trunk list Figure 42 Showing Entries for History Sampling To show t...

Page 199: ...rent interval of a sample entry 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options for Mode 4 Select an...

Page 200: ...ory Sample DISPLAYING TRANSCEIVER DATA Use the Interface Port Transceiver page to display identifying information and operational for optical transceivers which support Digital Diagnostic Monitoring D...

Page 201: ...Figure 46 Displaying Transceiver Data CONFIGURING TRANSCEIVER THRESHOLDS Use the Interface Port Transceiver page to configure thresholds for alarm and warning messages for optical transceivers which s...

Page 202: ...nsceiver s operation values falls outside of specified thresholds Default Disabled Auto Mode Uses default threshold settings obtained from the transceiver to determine when an alarm or trap message sh...

Page 203: ...n generated another such event will not be generated until the sampled value has risen above the low threshold and reaches the high threshold Threshold events are triggered as described above to avoid...

Page 204: ...aced in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trunk the...

Page 205: ...is switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the p...

Page 206: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 50 Adding Static Trunks Members To configure connection parame...

Page 207: ...Select Show Information from the Action list Figure 52 Showing Information for Static Trunks CONFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic pages to set the administrative key for an aggr...

Page 208: ...rt admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that group...

Page 209: ...ermined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the Partner System Priority LACP system priorit...

Page 210: ...he command attributes have the same meaning as those used for the port actor WEB INTERFACE To configure the admin key for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Aggregator...

Page 211: ...o configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5...

Page 212: ...gure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step List 3 Select Configure from the Action List 4 Modify the required interface setti...

Page 213: ...nters 5 Select a group member from the Port list Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of va...

Page 214: ...CPDU information Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive m...

Page 215: ...ist 4 Click Internal 5 Select a group member from the Port list Figure 61 Displaying LACP Port Internal Information Aggregation The system considers this link to be aggregatable i e a potential candid...

Page 216: ...on Information Parameter Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Por...

Page 217: ...IP Address All traffic with the same destination IP address is output on the same link in a trunk This mode works best for switch to router trunk links where traffic through the switch is destined fo...

Page 218: ...C Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from man...

Page 219: ...rd traffic through the uplink ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION...

Page 220: ...ownlink ports assigned to different client sessions is shown below When traffic segmentation is disabled all ports operate in normal forwarding mode based on the settings specified by other functions...

Page 221: ...These parameters are displayed Session ID Traffic segmentation session Range 1 4 Direction Adds an interface to the segmented group by setting the direction to uplink or downlink Default Uplink Interf...

Page 222: ...ge 1350 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Page 223: ...instance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be al...

Page 224: ...CHAPTER 5 Interface Configuration VLAN Trunking 224 Figure 68 Configuring VLAN Trunking...

Page 225: ...ound in the IP MAC address to VLAN mapping table VLAN Translation Maps VLAN IDs between the customer and the service provider IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast...

Page 226: ...oup s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate...

Page 227: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Page 228: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Page 229: ...3 configuration and reserves memory space required to maintain additional information about this interface type This parameter must be enabled before you can assign an IP address to a VLAN Show VLAN...

Page 230: ...fy the configuration settings for VLAN groups 1 Click VLAN Static 2 Select Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name operational status or Layer 3...

Page 231: ...ces or untagged they are not connected to any VLAN aware devices Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol CLI REFERENCES Conf...

Page 232: ...ed for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives f...

Page 233: ...shown below Port Range Displays a list of ports Range 1 28 Trunk Range Displays a list of ports Range 1 8 NOTE The PVID acceptable frame type and ingress filtering parameters for each interface withi...

Page 234: ...VLAN Static 2 Select Edit Member by Interface from the Action list 3 Select a port or trunk configure 4 Modify the settings for any interface as required 5 Click Apply Figure 75 Configuring Static VLA...

Page 235: ...switch or to enable GVRP and adjust the protocol timers per interface CLI REFERENCES GVRP and Bridge Extension Commands on page 1338 Configuring VLAN Interfaces on page 1345 PARAMETERS These paramete...

Page 236: ...s can rejoin before the port actually leaves the group Range 60 3000 centiseconds Default 60 LeaveAll The interval between sending out a LeaveAll query message for VLAN group participants and the port...

Page 237: ...ic 2 Select Configure Interface from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the GVRP status or timers for any interface 5 Click Apply Figure 78 Configuring GVRP fo...

Page 238: ...oups A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups while a community or secondary VLAN contains community ports that can onl...

Page 239: ...to a primary VLAN and any host ports a community VLAN CREATING PRIVATE VLANS Use the VLAN Private Configure VLAN Add page to create primary or community VLANs CLI REFERENCES private vlan on page 1367...

Page 240: ...wing Private VLANs NOTE All member ports must be removed from the VLAN before it can be deleted ASSOCIATING PRIVATE VLANS Use the VLAN Private Configure VLAN Add Community VLAN page to associate each...

Page 241: ...elect an entry from the Community VLAN list to associate it with the selected primary VLAN Note that a community VLAN can only be associated with one primary VLAN 6 Click Apply Figure 83 Associating P...

Page 242: ...promiscuous port s Promiscuous A promiscuous port can communicate with all interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and co...

Page 243: ...re intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 QinQ tunneling uses a single Service Provider VLAN SPVLAN for customers who have multiple VLANs Cu...

Page 244: ...the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 An SPVLAN tag is added to all outbound packets on the SPVLAN interface no matter ho...

Page 245: ...native tag is added to the packet This outer tag is used for learning and switching packets within the service provider s network The TPID must be configured on a per port basis and the verification...

Page 246: ...provider network There are some inherent incompatibilities between Layer 2 and Layer 3 switching Tunnel ports do not support IP Access Control Lists Layer 3 Quality of Service QoS and other QoS featur...

Page 247: ...e hexadecimal 8000 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value for the 802 1Q Tunnel TPID This feature allows the switch to interoperate with third party switches that do n...

Page 248: ...ag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes ac...

Page 249: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 88 Configuring CVLAN to SPVLAN Mapp...

Page 250: ...e attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set t...

Page 251: ...ired protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure protocol based VLANs...

Page 252: ...VLAN Group Range 1 2147483647 NOTE Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet tra...

Page 253: ...he VLAN Protocol Configure Interface Add page to map a protocol group to a VLAN for each interface that will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces...

Page 254: ...r this interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 8 Protocol Group ID Protocol Grou...

Page 255: ...nterfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a po...

Page 256: ...P subnet consists of an IP address and a mask The specified VLAN need not be an existing VLAN When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLA...

Page 257: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Page 258: ...resses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last...

Page 259: ...g VLAN Translation on page 1364 COMMAND USAGE QinQ tunneling uses double tagging to preserve the customer s VLAN tags on traffic crossing the service provider s network However if any switch in the pa...

Page 260: ...uality of Service QoS processes QinQ MAC based VLANs VLAN translation or traps If VLAN translation is set on an interface and the same interface is also configured as a QinQ access port on the VLAN Tu...

Page 261: ...figuring VLAN Translation 261 Figure 100 Configuring VLAN Translation To show the mapping entries for VLANs translation 1 Click VLAN Translation 2 Select Show from the Action list Figure 101 Showing t...

Page 262: ...CHAPTER 6 VLAN Configuration Configuring VLAN Translation 262...

Page 263: ...MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on page 1090 COMMAND USAGE When MAC address learnin...

Page 264: ...ity Status see Configuring Port Security on page 420 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range...

Page 265: ...ollowing characteristics Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be writt...

Page 266: ...the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 103 Configuring Static MAC Addresses...

Page 267: ...ess table aging time on page 1271 PARAMETERS These parameters are displayed Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 1000000 sec...

Page 268: ...RENCES show mac address table on page 1273 PARAMETERS These parameters are displayed Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk MAC Address Ph...

Page 269: ...parameters are displayed Clear by All entries can be cleared or you can clear the entries for a specific MAC address all the entries in a VLAN or all the entries associated with a port or trunk WEB I...

Page 270: ...CHAPTER 7 Address Table Settings Clearing the Dynamic Address Table 270 Figure 107 Clearing Entries in the Dynamic MAC Address Table...

Page 271: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Page 272: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Page 273: ...cations with STP or RSTP nodes in the global network Figure 110 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Commo...

Page 274: ...loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection wi...

Page 275: ...e will be automatically enabled when the shutdown interval has expired If an interface is shut down due to a detected loopback and the release mode is set to Manual the interface can be re enabled usi...

Page 276: ...he RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridg...

Page 277: ...oot device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 R...

Page 278: ...rovided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Referenc...

Page 279: ...Region Name2 The name for this MSTI Maximum length 32 characters switch s MAC address Max Hop Count The maximum number of hops allowed in the MST region before a BPDU is discarded Range 1 40 Default 2...

Page 280: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 280 Figure 112 Configuring Global Settings for STA STP Figure 113 Configuring Global Settings for STA RSTP...

Page 281: ...ing tree on page 1302 show spanning tree mst configuration on page 1304 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique ide...

Page 282: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 115 Displaying Global Settings for STA CO...

Page 283: ...Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter is used by the...

Page 284: ...Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild addre...

Page 285: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Page 286: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Page 287: ...designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tre...

Page 288: ...Step list 3 Select Show Information from the Action list Figure 118 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Page 289: ...bridges within the same MSTI Region page 276 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Page 290: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Page 291: ...e priority for an MSTP Instance 5 Click Apply Figure 121 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Page 292: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 12...

Page 293: ...t in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree Th...

Page 294: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 125 Co...

Page 295: ...se the Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interfac...

Page 296: ...e the Traffic Storm Control page to configure broadcast multicast and unknown unicast storm control thresholds Traffic storms may occur when a device on your network is malfunctioning or if applicatio...

Page 297: ...interface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports...

Page 298: ...grams Figure 129 Storm Control by Limiting the Traffic Rate Storm Alarm FireTRAP Alarm Fire Threshold 1 255kpps AlarmClear Threshold 1 255kpps Traffic kpps Time Traffic without storm control Traffic w...

Page 299: ...ffic Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using Manual Control Release see page 301 The traffic control response...

Page 300: ...e it must be manually re enabled using the Manual Control Release see page 301 PARAMETERS These parameters are displayed in the web interface Broadcast Apply Timer The interval after the upper thresho...

Page 301: ...d Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be a...

Page 302: ...packets per second Default 128 Kpps If rate limiting has been configured as a control response and Auto Control Release is enabled rate limiting will be discontinued after the traffic rate has fallen...

Page 303: ...matic Traffic Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response...

Page 304: ...CHAPTER 9 Congestion Control Automatic Traffic Control 304...

Page 305: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Page 306: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 133 Setting the Default Port Priority...

Page 307: ...rity value Service time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode...

Page 308: ...ned to queues 0 7 respectively WEB INTERFACE To configure the queue mode 1 Click Traffic Priority Queue 2 Select a port or trunk 3 Set the queue mode 4 If the weighted queue mode is selected the queue...

Page 309: ...riority Weighted Round Robin WRR or a combination of strict and weighted queuing Up to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to re...

Page 310: ...ange 0 7 where 7 is the highest priority Queue Output queue buffer Range 0 7 where 7 is the highest CoS priority queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB...

Page 311: ...assigned output queue the mapping done on this page can effectively determine the service priority for different traffic classes 5 Click Apply Figure 137 Mapping CoS Values to Egress Queues To show t...

Page 312: ...used to determine the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It...

Page 313: ...METERS These parameters are displayed Interface Specifies a port or trunk Trust Mode CoS Maps layer 3 4 priorities using Class of Service values This is the default setting DSCP Maps layer 3 4 priorit...

Page 314: ...ity mapping mode is set to DSCP see page 312 and the ingress packet type is IPv4 Any attempt to configure the DSCP mutation map will not be accepted by the switch unless the trust mode has been set to...

Page 315: ...s dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5...

Page 316: ...p to eight CoS CFI paired values per hop behavior and drop precedence If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used...

Page 317: ...ed for controlling traffic congestion Range 0 Green 3 Yellow 1 Red WEB INTERFACE To map CoS CFI values to internal PHB drop precedence 1 Click Traffic Priority CoS to DSCP 2 Select Configure from the...

Page 318: ...er 2 interface CLI REFERENCES qos map dscp cos on page 1395 COMMAND USAGE Enter any per hop behavior and drop precedence pair within the internal priority map and then enter the corresponding CoS CFI...

Page 319: ...values in the web interface 1 Click Traffic Priority DSCP to CoS 1 Select Configure from the Action list 2 Select a port 3 Select any PHB and drop precedence pair within the internal priority map and...

Page 320: ...rocessing The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest p...

Page 321: ...rt Specifies a port IP Precedence IP Precedence value in ingress packets Range 0 7 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for cont...

Page 322: ...ng IP Precedence to DSCP Internal Mapping To show the IP Precedence to internal PHB drop precedence map in the web interface 1 Click Traffic Priority IP Precedence to DSCP 2 Select Show from the Actio...

Page 323: ...t 23 and POP3 110 No default mapping is defined for ingress TCP UDP port types PARAMETERS These parameters are displayed in the web interface Port Specifies a port IP Protocol TCP Transport Control Pr...

Page 324: ...Port Number to DSCP Internal Mapping To show the TCP UDP port number to per hop behavior and drop precedence map in the web interface 1 Click Traffic Priority IP Port to DSCP 2 Select Show from the A...

Page 325: ...ferent kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets i...

Page 326: ...configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to as...

Page 327: ...ntrol list Any type of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP v...

Page 328: ...edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic f...

Page 329: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Page 330: ...size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that some preceding en...

Page 331: ...throughput exceeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control qu...

Page 332: ...Tp is decremented by B else the packet is green and both Tp and Tc are decremented by B The trTCM can be used to mark a IP packet stream in a service where different decreasing levels of assurances ei...

Page 333: ...ximum throughput burst rate and the action that results from a policy violation Meter Mode Selects one of the following policing methods Flow Police Flow Defines the committed information rate CIR or...

Page 334: ...ts are pre colored The functional differences between these modes is described at the beginning of this section under srTCM Police Meter Committed Information Rate CIR Rate in kilobits per second Rang...

Page 335: ...op precedence of a packet The color modes include Color Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional d...

Page 336: ...t of conformance traffic Violate Specifies whether the traffic that exceeds the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority...

Page 337: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Page 338: ...Policies 338 Figure 156 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Page 339: ...ervice policy to the required interface PARAMETERS These parameters are displayed Port Specifies a port Ingress Applies the selected rule to ingress traffic Egress Applies the selected rule to egress...

Page 340: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 340...

Page 341: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Page 342: ...hip is not set to access mode see Adding Static Members to VLANs on page 231 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Page 343: ...I REFERENCES Configuring Voice VLANs on page 1379 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 8...

Page 344: ...fine a MAC address range 6 Enter a description for the devices 7 Click Apply Figure 160 Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment 1 Click Traffic VoIP 2 Sel...

Page 345: ...Auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1ab LLDP When OUI is se...

Page 346: ...ning Age starts to count down when the OUI s MAC address expires from the MAC address table Therefore the MAC address aging time should be added to the overall aging time For example if you configure...

Page 347: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Page 348: ...Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for services that us...

Page 349: ...access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentication server based on RADIUS or TACACS protocols to verify management ac...

Page 350: ...urity AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Service RADIUS and Terminal Access Contr...

Page 351: ...the authentication server The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authe...

Page 352: ...pecifies the index number of the server to be configured The switch currently supports only one TACACS server Server IP Address Address of the TACACS server A Server Index entry must be selected to di...

Page 353: ...fined see Configuring Local Remote Logon Authentication on page 349 WEB INTERFACE To configure the parameters for RADIUS or TACACS authentication 1 Click Security AAA Server 2 Select Configure Server...

Page 354: ...TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server...

Page 355: ...accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 1044 COMMAND USAGE AAA authentication through a RAD...

Page 356: ...ame refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the service as 802 1X Command or Exec as described in the preceding...

Page 357: ...Displays the receive port number through which this user accessed the switch Time Elapsed Displays the length of time this entry has been active WEB INTERFACE To configure global settings for AAA acc...

Page 358: ...elect Add from the Action list 4 Select the accounting type 802 1X Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 170 Configuring AAA Accounting Methods To...

Page 359: ...fic privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select the accounting type 802 1X Exec 4 Enter the requ...

Page 360: ...nformation and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Statistics Figure 175 Displaying Statistics for AAA Accounting...

Page 361: ...cal Remote Logon Authentication on page 349 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Configure Serv...

Page 362: ...nd server group name 4 Click Apply Figure 176 Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group 1 Click Security AAA...

Page 363: ...ation Method CONFIGURING USER ACCOUNTS Use the Security User Accounts page to control management access to the switch based on manually configured user names and passwords CLI REFERENCES User Accounts...

Page 364: ...word is required for this user to log in Plain Password Plain text unencrypted password Encrypted Password Encrypted password The encrypted password is required for compatibility with legacy password...

Page 365: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Page 366: ...e enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Range 300 3600...

Page 367: ...s for the port Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply En...

Page 368: ...ork properly See Configuring Remote Logon Authentication Servers on page 350 NOTE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on pag...

Page 369: ...the RADIUS server Tunnel Type VLAN Tunnel Medium Type 802 Tunnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list...

Page 370: ...ion result remains unchanged The Filter ID attribute cannot be found to carry the user profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecogniza...

Page 371: ...addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authentication as described on page 425 Authenticated MAC addresses are stored as dynamic...

Page 372: ...number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Access Max MAC Count4...

Page 373: ...assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC address table Dynami...

Page 374: ...ERS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condition The link event type which will trigger the port action Link up On...

Page 375: ...e to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port C...

Page 376: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Page 377: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Page 378: ...ES Web Server on page 1051 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Page 379: ...ARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used for HTTPS connec...

Page 380: ...efault certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and transfer them to the switch to replace the default un...

Page 381: ...ell and rcp remote copy are not secure from hostile attacks Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can als...

Page 382: ...appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 765468017262...

Page 383: ...1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to generate...

Page 384: ...page 1057 PARAMETERS These parameters are displayed SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is...

Page 385: ...After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 387 N...

Page 386: ...emory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Default Disabled WEB INTERFACE To generate the S...

Page 387: ...r the user to be able to log in using the public key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanism...

Page 388: ...on 2 for SSHv2 clients TFTP Server IP Address The IP address of the TFTP server that contains the public key file you wish to import Source File Name The public key file to upload WEB INTERFACE To cop...

Page 389: ...ocol port number or TCP control code IPv6 frames based on address DSCP next header type or flow label or any frames based on MAC address or Ethernet type To filter incoming packets first create an acc...

Page 390: ...yed before writing the ACE into TCAM the software compresses the ACEs to reduce the number of required TCAM entries For example one ACL may include 128 ACEs which classify a continuous IP address rang...

Page 391: ...and one of the periodic time ranges PARAMETERS These parameters are displayed Add Time Range Name Name of a time range Range 1 30 characters Add Rule Time Range Name of a time range Mode Absolute Spe...

Page 392: ...t 3 Select Show from the Action list Figure 198 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Page 393: ...3 Figure 199 Add a Rule to a Time Range To show the rules configured for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Show Rule from the Action list Figu...

Page 394: ...s VLAN translation or traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs...

Page 395: ...s packets based on the source or destination IPv4 address as well as the protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP contr...

Page 396: ...CL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Click Apply Figure 202 Creating an ACL To show a list of ACLs 1 Cl...

Page 397: ...Address and Subnet Mask fields Options Any Host IP Default Any Source IP Address Source IP address Source Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period Th...

Page 398: ...matching the selected type Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address type Use Any to include all...

Page 399: ...bits to match Range 0 63 The control bit mask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means t...

Page 400: ...l type or control code 10 Click Apply Figure 205 Configuring an Extended IPv4 ACL CONFIGURING A STANDARD IPV6 ACL Use the Security ACL Configure ACL Add Rule IPv6 Standard page to configure a Standard...

Page 401: ...e appropriate number of zeros required to fill the undefined fields Source Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the ne...

Page 402: ...ation of permit or deny rules Destination Address Type Specifies the destination IP address type Use Any to include all possible addresses or IPv6 Prefix to specify a range of addresses Options Any IP...

Page 403: ...t be chosen pseudo randomly and uniformly from the range 1 to FFFFF hexadecimal The purpose of the random allocation is to make any set of bits within the Flow Label field suitable for use as a hash k...

Page 404: ...type or flow label 10 Click Apply Figure 207 Configuring an Extended IPv6 ACL CONFIGURING A MAC ACL Use the Security ACL Configure ACL Add Rule MAC page to configure a MAC ACL based on hardware addres...

Page 405: ...802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets VID VLAN ID Range 1 4094 VID Bit Mask VLAN bit mask Range 0 4095 Ethernet Type This option can only be...

Page 406: ...to configure ACLs based on ARP message addresses ARP Inspection can then use these ACLs to filter suspicious traffic see Configuring Global Settings for ARP Inspection on page 411 CLI REFERENCES permi...

Page 407: ...MAC to specify an address range with the Address and Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination MAC Bit Mask Hexad...

Page 408: ...REFERENCES ip access group on page 1168 show ip access group on page 1169 mac access group on page 1179 show mac access group on page 1180 Time Range on page 957 PARAMETERS These parameters are displa...

Page 409: ...CLI REFERENCES show access list on page 1185 PARAMETERS These parameters are displayed Port Port identifier Range 1 12 Type ACL type IP Standard IP Extended MAC IPv6 Standard or IPv6 Extended Directi...

Page 410: ...the middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appr...

Page 411: ...not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes will...

Page 412: ...e controlled basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and des...

Page 413: ...ACE To configure global settings for ARP Inspection 1 Click Security ARP Inspection 2 Select Configure General from the Step list 3 Enable ARP inspection globally enable any of the address validation...

Page 414: ...database determines their validity PARAMETERS These parameters are displayed ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the sele...

Page 415: ...ports are subject to ARP packet rate limiting and all trusted ports are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Valida...

Page 416: ...asons CLI REFERENCES show ip arp inspection statistics on page 1153 PARAMETERS These parameters are displayed Table 24 ARP Inspection Statistics Parameter Description Received ARP packets before ARP i...

Page 417: ...VLAN port and address components CLI REFERENCES show ip arp inspection log on page 1153 PARAMETERS These parameters are displayed ARP packets dropped by additional validation IP Count of ARP packets...

Page 418: ...to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch f...

Page 419: ...th the start address and end address PARAMETERS These parameters are displayed Mode Web Configures IP address es for the web group SNMP Configures IP address es for the SNMP group Telnet Configures IP...

Page 420: ...hen port security is enabled on a port the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number Only incoming traffic with source addresses alr...

Page 421: ...aximum number of allowed addresses are set to a non zero value any device not in the address table that attempts to use the port will be prevented from accessing the switch If a port is disabled shut...

Page 422: ...dress filtering has been set under Security Network Access Configure MAC Filter as described on page 375 MAC Filter ID The identifier for a MAC address filter Last Intrusion MAC The last unauthorized...

Page 423: ...he client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending o...

Page 424: ...er comparable client software CONFIGURING 802 1X GLOBAL SETTINGS Use the Security Port Authentication Configure Global page to configure IEEE 802 1X port authentication The 802 1X protocol must be ena...

Page 425: ...2 1X port settings for the switch as the local authenticator When 802 1X is enabled you need to configure the parameters for the authentication process that runs between the client and the switch i e...

Page 426: ...deny access to all clients either dot1x aware or otherwise Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Default Single Host Single Host Allows only a...

Page 427: ...to the client during an active connection as required for reauthentication Server Timeout Sets the time that a switch port waits for a response to an EAP request from an authentication server before r...

Page 428: ...cation Server Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without recei...

Page 429: ...Statistics Parameter Description Authenticator Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that hav...

Page 430: ...he number of valid EAPOL frames of any type that have been received by this Supplicant Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Supplicant R...

Page 431: ...e most of its resources so that it can no longer provide its intended service or to obstruct the communication media between the intended users and the target so that they can no longer communicate ad...

Page 432: ...igured TCP packets which contain a sequence number of 0 and the URG PSH and FIN flags If the target s TCP port is closed the target replies with a TCP RST packet If the target TCP port is open it simp...

Page 433: ...ooping on page 444 or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address SIP option or both its IP address and corresponding MAC...

Page 434: ...ored in the binding table Max Binding Entry The maximum number of entries that can be bound to an interface Range 1 5 Default 5 This parameter sets the maximum number of address entries that can be ma...

Page 435: ...the same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entr...

Page 436: ...ure static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 226 Con...

Page 437: ...VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which this entry is bound MAC Addre...

Page 438: ...ration page to filter inbound traffic based on the source IPv6 address stored in the binding table IPv6 Source Guard is used to filter traffic on an insecure port which receives messages from outside...

Page 439: ...ry is found in the binding table and the entry type is static IPv6 source guard binding the packet will be forwarded If ND snooping or DHCP snooping is enabled IPv6 source guard will check the VLAN ID...

Page 440: ...ded to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries lear...

Page 441: ...eplace the old one If there is an entry with same MAC address and IPv6 address and the type of the entry is either a dynamic ND snooping binding or DHCPv6 snooping binding then the new entry will repl...

Page 442: ...B INTERFACE To configure static bindings for IPv6 Source Guard 1 Click Security IPv6 Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 C...

Page 443: ...D of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IPv6 Address A valid global unicast IPv6 address Dynamic Binding List VLAN VLAN to which this entry is bound MAC Address Phy...

Page 444: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Page 445: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Page 446: ...on CLI REFERENCES DHCPv4 Snooping on page 1115 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globally Default Disabled DHCP Snooping MAC Address Verification Ena...

Page 447: ...s to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inserts the relay agent s address wh...

Page 448: ...g is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table PARAMETERS Th...

Page 449: ...a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other...

Page 450: ...this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry is bound Interface Port or trunk...

Page 451: ...1 WEB INTERFACE To display the binding table for DHCP Snooping 1 Click IP Service DHCP Snooping 2 Select Show Information from the Step list 3 Use the Store or Clear function if required Figure 236 Di...

Page 452: ...CHAPTER 13 Security Measures DHCP Snooping 452...

Page 453: ...ion of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over a group of switches connected to the sam...

Page 454: ...sh or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 933 PARAMETERS These parameters are displayed S...

Page 455: ...source WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select Configure Global from the Step list 3 Enable or disable system logging set...

Page 456: ...ages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facili...

Page 457: ...ggered by logging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 940 PARAM...

Page 458: ...the minimum severity level Specify the source and destination email addresses and one or more SMTP servers 3 Click Apply Figure 240 Configuring SMTP Alert Messages LINK LAYER DISCOVERY PROTOCOL Link L...

Page 459: ...ult 30 seconds Hold Time Multiplier Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 4 The time to live tells the receiving LLDP agent...

Page 460: ...astChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss MED Fast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit...

Page 461: ...fying Trap Managers on page 500 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a trap noti...

Page 462: ...full name and version identification of the system s hardware type software operating system and networking software System Name The system name is taken from the sysName object in RFC 3418 which con...

Page 463: ...advertises device details useful for inventory management such as manufacturer model software version and other pertinent information Location This option advertises location identification details Ne...

Page 464: ...GURING LLDP INTERFACE CIVIC ADDRESS Use the Administration LLDP Configure Interface Add CA Type page to specify the physical location of the device attached to an interface CLI REFERENCES lldp med loc...

Page 465: ...n LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from the Port or Trunk list 5 Specify a CA Type and CA Value pair 6 Click Apply T...

Page 466: ...al ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the speci...

Page 467: ...ly to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Description A string that indicates the port or trunk description If R...

Page 468: ...the interface LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory WEB INTERFACE To display LLDP information for the local devic...

Page 469: ...tocols Link Layer Discovery Protocol 469 Figure 244 Displaying Local Device Information for LLDP General Figure 245 Displaying Local Device Information for LLDP Port Figure 246 Displaying Local Device...

Page 470: ...e system s administratively assigned name Port Details Port Port identifier on local switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP c...

Page 471: ...ed frames are associated Remote Port Protocol VLAN List The port based protocol VLANs configured on this interface whether the given port associated with the remote system supports port based protocol...

Page 472: ...re in use and Spare means that the spare pairs only are in use Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Con...

Page 473: ...in octets on the port component associated with the remote system Port Details LLDP MED Capability 6 Device Class Any of the following categories of endpoint devices Class 1 The most basic class of e...

Page 474: ...ired by the device but is currently unknown VLAN ID The VLAN identifier VID for the port as defined in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that...

Page 475: ...n PSE Local PSE and Local PSE Unknown Primary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power...

Page 476: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk Details 4 When the next page opens select a port on this switch a...

Page 477: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 477 Figure 248 Displaying Remote Device Information for LLDP Port Details...

Page 478: ...P capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1560 PARAMETERS These parameter...

Page 479: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Page 480: ...nt as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A de...

Page 481: ...ups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings NOTE The predefined default groups and view can be deleted...

Page 482: ...page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want t...

Page 483: ...rap types 4 Click Apply Figure 252 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engine ID An SNM...

Page 484: ...ed WEB INTERFACE To configure the local SNMP engine ID 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Set Engine ID from the Action list 4 Enter an ID of a least 9 h...

Page 485: ...l format If an odd number of characters are specified a trailing zero is added to the value to fill in the last octet For example the value 123456789 is equivalent to 1234567890 Remote IP Host The IP...

Page 486: ...anch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the object identi...

Page 487: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 257 Showing SNMP...

Page 488: ...an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Page 489: ...of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the group...

Page 490: ...dicated by the included value of ifOperStatus linkUp 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its c...

Page 491: ...0 75 When multicast storm is detected as normal traffic this trap is fired swAtcMcastStormTcApplyTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 76 When ATC is activated this trap is fired swAtcMcastStormTcRelease...

Page 492: ...D lbdRecoveryTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 142 This trap is sent when a recovery is done by LBD sfpThresholdAlarmWarnTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 189 This trap is sent when the sfp s A D qu...

Page 493: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 260 Creating an SN...

Page 494: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Page 495: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 1007 PARAMETERS T...

Page 496: ...t DES is currently available Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2 Select Configure User fr...

Page 497: ...notify view CLI REFERENCES snmp server user on page 1007 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent...

Page 498: ...minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text...

Page 499: ...anagement Protocol 499 Figure 266 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Page 500: ...s received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider...

Page 501: ...receive notification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Infor...

Page 502: ...ange 0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specif...

Page 503: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Page 504: ...ers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 1012 snmp server notify filter on page 10...

Page 505: ...ed Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry agi...

Page 506: ...inistration SNMP Show Statistics page to show counters for SNMP input and output protocol data units CLI REFERENCES show snmp on page 999 PARAMETERS The following counters are displayed SNMP packets i...

Page 507: ...the SNMP protocol entity Set request PDUs The total number of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total numbe...

Page 508: ...automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any specified ta...

Page 509: ...ay be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes ether...

Page 510: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Page 511: ...red The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems CLI REFERENCE...

Page 512: ...and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see Setting Community Access Strings on page...

Page 513: ...MON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Page 514: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Page 515: ...Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 280 Showing Configured RMON History S...

Page 516: ...istics collection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets m...

Page 517: ...index number and the name of the owner for this entry 7 Click Apply Figure 282 Configuring an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select C...

Page 518: ...t Switches that support clustering can be grouped together regardless of physical location or switch type as long as they are connected to the same local network COMMAND USAGE A switch cluster has a p...

Page 519: ...AGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with the network IP subnet Cl...

Page 520: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 285 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Page 521: ...ep list 3 Select Add from the Action list 4 Select one of the cluster candidates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 286 Configuring a Cluster Member...

Page 522: ...Cluster Show Member page to manage another switch in the cluster CLI REFERENCES Switch Clustering on page 989 PARAMETERS These parameters are displayed Member ID The ID number of the Member switch Ra...

Page 523: ...h would fatally affect network operation and service availability The G 8032 recommendation also referred to as Ethernet Ring Protection Switching ERPS can be used to increase the availability and rob...

Page 524: ...31 is received which has a higher priority than any other local request A link node failure is detected by the nodes adjacent to the failure These nodes block the failed link and report the failure to...

Page 525: ...owner node for ERP1 and ring node E is the RPL owner node for ERP2 These ring nodes A and E are responsible for blocking the traffic channel on the RPL for ERP1 and ERP2 respectively There is no restr...

Page 526: ...onnectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated R APS messa...

Page 527: ...switch supports up to six ERPS rings each ring must have one Control VLAN and at most 255 Data VLANs Ring ports can not be a member of a trunk nor an LACP enabled port Dynamic VLANs are not supported...

Page 528: ...tion An ERPS ring containing one Control VLAN and one or more protected Data VLANs must be configured and the global ERPS function enabled on the switch see ERPS Global Configuration on page 527 befor...

Page 529: ...nk failure has occurred This state will switch to idle state if all the failed links recover Type Shows node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertive recove...

Page 530: ...ddress is disabled for the R APS Def MAC parameter then the Domain ID will be used in R APS PDUs Admin Status Activates the current ERPS ring Default Disabled Before enabling a ring the global ERPS fu...

Page 531: ...ed VLAN used for sending and receiving E APS protocol messages Range 1 4094 Configure one control VLAN for each ERPS ring First create the VLAN to be used as the control VLAN see Configuring VLAN Grou...

Page 532: ...itch is set as the RPL neighbor for an ERPS domain the east ring port is set as the other end of the RPL The east and west connections to the ring must be specified for all ring nodes When this switch...

Page 533: ...igher priority request the RPL Owner Node initiates reversion by blocking its traffic channel over the RPL transmitting an R APS NR RB message over both ring ports informing the ring that the RPL is b...

Page 534: ...Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority request than NR is accepted by the RPL Owner Node or is declared locally at the RPL Owner Nod...

Page 535: ...t no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another higher priority request is received If the ring node...

Page 536: ...al port on a secondary ring must be the west port In other words if a domain has two physical ring ports this ring can only be a major ring not a secondary ring or sub domain which can have only one p...

Page 537: ...l RAPS messages of the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can...

Page 538: ...ust be configured as 1 If this command is disabled the following strings are used as the node identifier ERPSv1 01 19 A7 00 00 01 ERPSv2 01 19 A7 00 00 Ring ID Propagate TC Enables propagation of topo...

Page 539: ...It does not use the normal procedure of waiting to receive an R APS NR no request message from nodes adjacent to the recovered link Instead it waits to see if the non standard health check packets loo...

Page 540: ...ering from an FS or MS command the delay timer must be long enough to receive any latent remote FS or MS commands This delay timer called the WTB timer is defined to be 5 seconds longer than the guard...

Page 541: ...is allowed transmission reception and forwarding of R APS messages is allowed Unknown The interface is not in a known state Local SF Shows if a signal fault exists on a link to the local node Local FS...

Page 542: ...eters for a ring 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanni...

Page 543: ...et Ring Protection Switching 543 Figure 296 Creating an ERPS Ring To show the configure ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Actio...

Page 544: ...ommand was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s highest pri...

Page 545: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Page 546: ...riority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without...

Page 547: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Page 548: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Page 549: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 299 Single CFM Maintenance Domain The...

Page 550: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Page 551: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Page 552: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Page 553: ...a forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has...

Page 554: ...g CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cros...

Page 555: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Page 556: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Page 557: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Page 558: ...IP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 65535 MEP Archive Hold Time The time that data from a missin...

Page 559: ...thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click Apply Figure 303 Configuring Maintenance Domains To show...

Page 560: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Page 561: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Page 562: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Page 563: ...sables suppression of the AIS Default Disabled WEB INTERFACE To create a maintenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4...

Page 564: ...y from the MD Index list Figure 307 Showing Maintenance Associations To configure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 S...

Page 565: ...g order 1 maintenance domain at the same level as the MEP to be configured see Configuring CFM Maintenance Domains 2 maintenance association within the domain see Configuring CFM Maintenance Associati...

Page 566: ...nk WEB INTERFACE To configure a maintenance end point 1 Click Administration CFM 2 Select Configure MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Inde...

Page 567: ...ther devices inside a maintenance association should be statically configured to ensure full connectivity through the cross check process Remote MEPs can only be configured if local domain service acc...

Page 568: ...1 Click Administration CFM 2 Select Configure Remote MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the remote MEPs which exist on othe...

Page 569: ...been learned for the target MEP LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each MIP generating a link trace reply up to the point at which the LTM reaches its destination...

Page 570: ...target of a link trace message This address can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx TTL The time to live of the link trace message Range 0 255 hops WEB INT...

Page 571: ...DSAP and the target maintenance point must be within the same MA If the continuity check database does not have an entry for the specified maintenance point an error message will be displayed When usi...

Page 572: ...k Messages TRANSMITTING DELAY MEASURE REQUESTS Use the Administration CFM Transmit Delay Measure page to send periodic delay measure requests to a specified MEP within a maintenance association CLI RE...

Page 573: ...erence between two subsequent two way frame delay measurements PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 1 2147483647 Source MEP ID The...

Page 574: ...identifier or MAC address set the number of times the delay measure message is to be sent the interval and the timeout 5 Click Apply Figure 315 Transmitting Delay Measure Messages DISPLAYING LOCAL MEP...

Page 575: ...entry either a port or trunk CC Status Shows administrative status of CCMs MAC Address MAC address of this MEP entry WEB INTERFACE To show information for the MEPs configured on this device 1 Click A...

Page 576: ...ion Shows the defect detected on the MEP Received RDI Receive status of remote defect indication RDI messages on the MEP AIS Status Shows if MEPs within the specified MA are enabled to send frames wit...

Page 577: ...e discovered by the CFM protocol For a description of MIPs refer to the Command Usage section under Configuring CFM Maintenance Domains CLI REFERENCES show ethernet cfm maintenance points local on pag...

Page 578: ...or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1579 clear ethernet cfm maintenance poi...

Page 579: ...gh continuity check messages or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1579 PARAM...

Page 580: ...n received or no interface status TLV was received in the last CCM Up The interface is ready to pass packets Down The interface cannot pass packets Testing The interface is in some test mode Unknown T...

Page 581: ...cfm linktrace cache on page 1594 clear ethernet cfm linktrace cache on page 1593 PARAMETERS These parameters are displayed Hops The number hops taken to reach the target MEP MA Maintenance associatio...

Page 582: ...nabled so the target data frame was filtered by ingress filtering Egress Action Action taken on the egress port EgrOk The targeted data frame was forwarded EgrDown The Egress Port can be identified bu...

Page 583: ...age 1599 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD Name Maintenance domain name MA Name Maintenance association name Highest Defect The highest defect that w...

Page 584: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Page 585: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 323 Showing Continuity Check Errors OAM...

Page 586: ...terface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local T...

Page 587: ...are faults Errored Frame Controls reporting of errored frame link events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reache...

Page 588: ...se the Administration OAM Counters page to display statistics for the various types of OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1610 PARAMETERS These...

Page 589: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Page 590: ...ion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where tr...

Page 591: ...1609 COMMAND USAGE You can use this command to perform an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of e...

Page 592: ...The number of loop back frames transmitted during the last loopback test on this interface Packets Received The number of loop back frames received during the last loopback test on this interface Los...

Page 593: ...Loop Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loop Back Show Test Result page to display the results of remote loop back testing for each port for whi...

Page 594: ...area network PTP uses a hierarchical master slave architecture for clock distribution where the distribution system consists of one or more network segments and one or more clocks An ordinary clock ha...

Page 595: ...boundary clock can have multiple network connections and can accurately bridge synchronization from one network segment to another Setting the switch to boundary mode allows it to participate in the...

Page 596: ...ge and link delay on the port receiving the Sync message Adjust When this parameter is enabled the switch will adjust the time of the local clock to match that of the master clock based on information...

Page 597: ...TP clock synchronization domain to which the switch belongs Range 0 255 Default 0 A domain is a set of clocks that synchronize to one another using PTP Multiple independent PTP clocking domains can be...

Page 598: ...on page 966 ptp log min pdelay request interval on page 969 ptp log min delay request interval on page 969 ptp port release on page 973 COMMAND USAGE When the PTP mode is set to boundary clock under G...

Page 599: ...of these delay times Transport Sets the message transport method to one of the following options Ethernet PTP messages are transmitted using Ethernet format When using Ethernet as the transport mecha...

Page 600: ...st master clock algorithm Log Announce Interval Sets the PTP announcement message transmit interval Range 0 4 in log base 2 The log base 2 settings equate to the following values 0 1 packet every seco...

Page 601: ...This parameter is only applicable for interfaces which are set to use the peer to peer delay mechanism Log Min Delay Req Interval Sets the delay request message transmit interval This parameter indica...

Page 602: ...lated data CLI REFERENCES show ptp information on page 975 PARAMETERS These parameters are displayed Default Data Two Step Flag Shows if this device is a two step clock A two step clock sends a time s...

Page 603: ...n Clock Identity A unique 8 octet array based on the IEEE EUI 64 assigned numbers Port Number Port connected to the parent clock This attribute indicates a number from the sequence of ports supporting...

Page 604: ...ndicates if the frequency determining the time scale is traceable to a primary reference PTP Timescale Indicates if the clock time scale of the grand master clock is PTP Time Source The source of time...

Page 605: ...nism Time delay measurement method end to end or peer to peer Log Min Pdelay Req Interval Peer delay request message transmit interval Version Number PTP version number 1 or 2 WEB INTERFACE To display...

Page 606: ...4 Basic Administration Protocols PTP Configuration 606 Figure 333 Displaying PTP Information Current Data Figure 334 Displaying PTP Information Parent Data Figure 335 Displaying PTP Information Time P...

Page 607: ...tet array based on the IEEE EUI 64 assigned clock identifier numbers and the port number Master Clock Quality The reported clock quality components include Class Clock class defines the clock s Intern...

Page 608: ...Administration Protocols PTP Configuration 608 WEB INTERFACE To show PTP announcements from neighbors 1 Click Sync PTP 2 Select Show PTP Foreign Master from the Step list Figure 337 Displaying PTP Nei...

Page 609: ...isolation Multicast VLAN Registration for IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation...

Page 610: ...e ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering...

Page 611: ...with a multicast routing protocol such as Protocol Independent Multicasting PIM to support IP multicasting across the Internet Note that IGMP neither alters nor routes IP multicast packets A multicas...

Page 612: ...depending on the version of the IGMP query packets detected on each VLAN NOTE IGMP snooping will not function unless a multicast router port is enabled on the switch This can accomplished in one of t...

Page 613: ...adcasting the traffic to all ports and possibly disrupting network performance CLI REFERENCES IGMP Snooping on page 1426 COMMAND USAGE IGMP Snooping This switch can passively snoop on IGMP Query and R...

Page 614: ...means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device When proxy reporting is disabled all IGMP reports received by the switch are forwa...

Page 615: ...e spanning tree change occurred When an upstream multicast router receives this solicitation it immediately issues an IGMP general query A query solicitation can be sent whenever the switch notices a...

Page 616: ...the new upstream interface This command only applies when proxy reporting is enabled Router Port Expire Time The time the switch waits after the previous querier stops before it considers it to have...

Page 617: ...the switch the interface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to a...

Page 618: ...ping Multicast Router 2 Select Add Static Multicast Router from the Action list 3 Select the VLAN which will forward all the corresponding multicast traffic and select the port or trunk attached to th...

Page 619: ...the VLAN for which to display this information Ports in the selected VLAN which are attached to a neighboring multicast router switch are displayed Figure 343 Showing Current Interfaces Attached an I...

Page 620: ...ce Range 1 4094 Interface Activates the Port or Trunk scroll down list Port or Trunk Specifies the interface assigned to a multicast group Multicast IP The IP address for a specific multicast service...

Page 621: ...been many mechanisms used in the past to identify multicast routers This has lead to interoperability issues between multicast routers and snooping switches from different vendors In response to this...

Page 622: ...d Upon receiving a solicitation on an interface with IP multicast forwarding and MRD enabled a router will respond with an Advertisement Multicast Router Termination These messages are sent when a rou...

Page 623: ...vice if a leave packet is received at that port and immediate leave is enabled for the parent VLAN Default Disabled If immediate leave is not used a multicast router or querier will send a group speci...

Page 624: ...hen this message is received by downstream hosts all receivers build an IGMP report for the multicast groups they have joined This attribute applies when the switch is serving as the querier page 613...

Page 625: ...sending traffic to them To resolve this problem the source address in proxied IGMP query messages can be replaced with any valid unicast address other than the router s own address Rules Used for Pro...

Page 626: ...y for IPv4 626 Figure 346 Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Select Show VLAN Information from the Action...

Page 627: ...query packets received on the specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Multicast Data Drop Configures a...

Page 628: ...at is forwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a st...

Page 629: ...display IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1444 PARAMETERS These parameters are displayed VLAN VLAN identifie...

Page 630: ...ry messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query...

Page 631: ...essages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN Figure 350 Displaying IGMP Snooping Statistics Query To display IGMP snooping pro...

Page 632: ...igure 351 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Act...

Page 633: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Page 634: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Page 635: ...and set its access mode 5 Click Apply Figure 354 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step li...

Page 636: ...list 4 Select the profile for which to display this information Figure 357 Showing the Groups Assigned to an IGMP Filtering Profile CONFIGURING IGMP FILTERING AND THROTTLING FOR INTERFACES Use the Mu...

Page 637: ...ulticast Groups Sets the maximum number of multicast groups an interface can join at the same time Range 1 1024 Default 1024 Current Multicast Groups Displays the current multicast groups the interfac...

Page 638: ...nd report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time CONFIGURING MLD SNO...

Page 639: ...e multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10 seconds This attribute controls how long the host...

Page 640: ...d immediate leave is enabled for the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave mess...

Page 641: ...REFERENCES ipv6 mld snooping vlan mrouter on page 1474 COMMAND USAGE MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 638 before a multica...

Page 642: ...Select the VLAN for which to display this information Figure 362 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multicas...

Page 643: ...corresponding traffic can only be forwarded to ports within that VLAN PARAMETERS These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast service Range 1 4094 Multic...

Page 644: ...3 Select the VLAN for which to display this information Figure 365 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Page 645: ...s used to summarize the total listening state of a multicast address to a minimum set such that all nodes listening states are respected In Include mode the router only uses the request list indicatin...

Page 646: ...or IGMP service requests from multicast clients and dynamically configure the switch ports which need to forward multicast traffic IGMP Query Multicast query is used to poll each known multicast group...

Page 647: ...vice to learn multicast requirements from its downstream interfaces and proxy this group membership information to the upstream router Multicast packets can then be forwarded downstream based solely u...

Page 648: ...ultiple sources a more robust failover mechanism should be used If more than one administrative domain is involved a multicast routing protocol should be used instead of IGMP proxy To enable IGMP prox...

Page 649: ...roxy service is enabled Only one upstream interface is supported on the system A maximum of 1024 multicast entries are supported PARAMETERS These parameters are displayed VLAN VLAN interface on which...

Page 650: ...st router to ensure that it will continue to receive the multicast service The parameters described in this section are used to control Layer 3 IGMP and query functions NOTE IGMP Protocol Status shoul...

Page 651: ...es Range 0 255 tenths of a second Default 10 seconds IGMPv1 does not support a configurable maximum response time for query messages It is fixed at 10 seconds for IGMPv1 By varying the Query Maximum R...

Page 652: ...rce specific multicast SSM address range default 232 8 is specified but no source address is included the request to join the multicast group will fail unless the next node up the reverse path tree ha...

Page 653: ...server transmitting traffic to the specified multicast group address WEB INTERFACE To configure static IGMP groups 1 Click Multicast IGMP Static Group 2 Select Add from the Action list 3 Select a VLA...

Page 654: ...650 and multicast routing must be enabled globally on the system see Configuring Global Settings for Multicast Routing on page 828 CLI REFERENCES show ip igmp groups on page 1520 PARAMETERS These para...

Page 655: ...ry was created Depending on the elapsed time information may displayed for w weeks d days h hours m minutes or s seconds Group Mode In INCLUDE mode reception of packets sent to the specified multicast...

Page 656: ...3 Select a VLAN The selected entry must be a configured IP interface Figure 373 Displaying Multicast Groups Learned from IGMP Information To display detailed information about the current multicast g...

Page 657: ...VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exchange any i...

Page 658: ...port acts as an MVR router with querier service enabled Default Enabled When MVR proxy switching is enabled an MVR source port serves as the upstream or host interface and the MVR receiver port serves...

Page 659: ...uery interval at which active receiver ports send out general queries This interval is only effective when proxy switching is enabled Source Port Mode Configures the switch to forward any multicast st...

Page 660: ...r IPv4 on page 1478 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Range 1 5 MVR Status When MVR is enabled on the switch any multicast data associated with an MVR...

Page 661: ...ce or to set a low priority for normal multicast traffic not sensitive to latency Upstream Source IP The source IP address assigned to all MVR control packets sent upstream on the specified domain By...

Page 662: ...0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x IGMP snooping and MVR share a maximum number of 1024...

Page 663: ...list 4 Enter the name of a group profile to be assigned to one or more domains and specify a multicast group that will stream traffic to participating hosts 5 Click Apply Figure 378 Configuring an MVR...

Page 664: ...the Action list 4 Select a domain from the scroll down list and enter the name of a group profile 5 Click Apply Figure 380 Assigning an MVR Group Address Profile to a Domain To show the MVR group add...

Page 665: ...a member of the MVR VLAN If so configured its MVR status will be inactive One or more interfaces may be configured as MVR source ports A source port is able to both receive and send data for configure...

Page 666: ...ces on page 667 Non MVR An interface that does not participate in the MVR VLAN This is the default type Forwarding Status Shows if MVR traffic is being forwarded or discarded MVR Status Shows the MVR...

Page 667: ...m 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Only IGMP version 2 or 3 hosts can issue multic...

Page 668: ...a VLAN and interface to receive the multicast stream and then enter the multicast group address 6 Click Apply Figure 383 Assigning Static MVR Groups to a Port To show the static MVR groups assigned to...

Page 669: ...the service is received Note that this may be different from the MVR VLAN if the group address has been statically assigned Port Shows the interfaces with subscribers for multicast services provided...

Page 670: ...time after which this querier is assumed to have expired General Query Received The number of general queries received on this interface General Query Sent The number of general queries sent from thi...

Page 671: ...t content not allowed or MVR group report received Join Success The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Output Statistics...

Page 672: ...r IPv4 672 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Page 673: ...IPv4 673 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR dom...

Page 674: ...r similar to that described for MRV see Multicast VLAN Registration for IPv4 on page 657 COMMAND USAGE General Configuration Guidelines for MVR6 1 Enable MVR6 for a domain on the switch and select the...

Page 675: ...uter interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on...

Page 676: ...efault the switch forwards any multicast streams within the address range set by a profile and bound to a domain The multicast streams are sent to all source ports on the switch and to all receiver po...

Page 677: ...the channel for streaming multicast services using MVR6 MVR6 source ports should be configured as members of the MVR6 VLAN see Adding Static Members to VLANs on page 231 but MVR6 receiver ports should...

Page 678: ...eros required to fill the undefined fields Note that the IP address ff02 X is reserved WEB INTERFACE To configure settings for an MVR6 domain 1 Click Multicast MVR6 2 Select Configure Domain from the...

Page 679: ...nge assigned to a profile cannot overlap with the group address range of any other profile MRV6 domains can be associated with more than one MVR6 profile But since MVR6 domains cannot share the group...

Page 680: ...p Address Profile To show the configured MVR6 group address profiles 1 Click Multicast MVR6 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure 392 Displaying MVR6...

Page 681: ...d to an interface is receiving multicast services you can enable the immediate leave function CLI REFERENCES MVR for IPv6 on page 1496 COMMAND USAGE A port configured as an MVR6 receiver or source por...

Page 682: ...determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only be enabled on a...

Page 683: ...h to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group This option only applies to an interface configured as an MVR6 receiver WEB INTERFACE...

Page 684: ...te the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings PARAMETE...

Page 685: ...5 Select the port or trunk for which to display this information Figure 397 Showing the Static MVR6 Groups Assigned to a Port DISPLAYING MVR6 RECEIVER GROUPS Use the Multicast MVR6 Show Member page t...

Page 686: ...been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Count The number of multicast services currently being...

Page 687: ...e Number of Reports Sent The number of reports sent from this interface Number of Leaves Sent The number of leaves sent from this interface VLAN Port and Trunk Statistics Input Statistics Report The n...

Page 688: ...The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface WEB INTERFACE To display sta...

Page 689: ...Pv6 689 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Page 690: ...Pv6 690 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Page 691: ...etwork or for creating an interface to multiple subnets This switch supports both IPv4 and IPv6 and can be managed through either of these address types For information on configuring the switch with...

Page 692: ...tion User Specified Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broad...

Page 693: ...ss has yet been configured for this interface and then enter the IP address and subnet mask 4 Click Apply Figure 402 Configuring a Static IPv4 Address To obtain an dynamic IPv4 address through DHCP BO...

Page 694: ...itch address Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose mana...

Page 695: ...Pv6 includes two distinct address types link local unicast and global unicast A link local address makes the switch accessible over IPv6 for all devices attached to the same local subnet Management tr...

Page 696: ...enabled page 769 you can still define a static route page 753 to ensure that traffic to the designated address or subnet passes through a preferred gateway An IPv6 default gateway can only be success...

Page 697: ...duplicate address exists on the same network segment and the interval between neighbor solicitations used to verify reachability information PARAMETERS These parameters are displayed VLAN Mode VLAN ID...

Page 698: ...duplicate address detection for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a t...

Page 699: ...rmation that enables nodes to auto configure on the network This information may include the default router address taken from the observed source address of the RA message as well as on link prefix i...

Page 700: ...t Configure Interface from the Action list 3 Select RA Guard mode 4 Enable RA Guard for untrusted interfaces 5 Click Apply Figure 407 Configuring RA Guard for an IPv6 Interface CONFIGURING AN IPV6 ADD...

Page 701: ...etwork prefix and prefix length and using the EUI 64 form of the interface identifier to automatically create the low order 64 bits in the host portion of the address You can also manually configure t...

Page 702: ...ce s MAC address The EUI 64 specification is designed for devices that use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must be convert...

Page 703: ...tation can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4094 IPv6 Address Type The address type Global EUI 64 Link Local IPv6 Address An IPv...

Page 704: ...lticast address which is formed by taking the low order 24 bits of the address and appending those bits to the prefix Note that the solicited node multicast address link local scope FF02 is used to re...

Page 705: ...ableTime interval that the forward path to the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime interval has...

Page 706: ...ry for transmission through small packet networks ICMPv6 Internet Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in proces...

Page 707: ...ce for some of the datagrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems...

Page 708: ...ssfully fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be ICMPv6...

Page 709: ...interface Parameter Problem Message The number of ICMP Parameter Problem messages sent by the interface Echo Request Messages The number of ICMP Echo request messages sent by the interface Echo Reply...

Page 710: ...wing IPv6 Statistics IPv6 No Port Errors The total number of received UDP datagrams for which there was no application at the destination port Other Errors The number of received UDP datagrams that co...

Page 711: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 711 Figure 412 Showing IPv6 Statistics ICMPv6 Figure 413 Showing IPv6 Statistics UDP...

Page 712: ...1674 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure 414 Showing Reporte...

Page 713: ...thentication messages between a client and broadband remote access servers DOMAIN NAME SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or b...

Page 714: ...main name Range 1 127 alphanumeric characters WEB INTERFACE To configure general settings for DNS 1 Click IP Service DNS 2 Select Configure Global from the Action list 3 Enable domain lookup and set t...

Page 715: ...ecified the switch will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match see Configuring a List of Name Ser...

Page 716: ...p status see Configuring General DNS Service Parameters on page 713 When more than one name server is specified the servers are queried in the specified sequence until a response is received or the en...

Page 717: ...st Table Add page to manually configure static entries in the DNS table that are used to map domain names to IP addresses CLI REFERENCES ip host on page 1618 show hosts on page 1622 COMMAND USAGE Stat...

Page 718: ...1 Click IP Service DNS Static Host Table 2 Select Show from the Action list Figure 421 Showing Static Entries in the DNS Table DISPLAYING THE DNS CACHE Use the IP Service DNS Cache page to display en...

Page 719: ...e DNS Cache DYNAMIC HOST CONFIGURATION PROTOCOL Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they boot up...

Page 720: ...DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter request list asking for this information Besides the client req...

Page 721: ...ue is used enter a text string or hexadecimal value 3 Click Apply Figure 423 Specifying A DHCP Client Identifier CONFIGURING DHCP RELAY SERVICE Use the IP Service DHCP Relay page to configure DHCP rel...

Page 722: ...ration will be disabled if an active DHCP server is detected on the same network segment PARAMETERS These parameters are displayed VLAN ID ID of configured VLAN Server IP Address Addresses of DHCP ser...

Page 723: ...be assigned to hosts based on the client identifier code or MAC address Figure 426 DHCP Server COMMAND USAGE First configure any excluded addresses including the address for this switch Then configure...

Page 724: ...ct Configure Global from the Step list 3 Mark the Enabled box 4 Click Apply Figure 427 Enabling the DHCP Server SETTING EXCLUDED ADDRESSES Use the IP Service DHCP Server Configure Excluded Addresses A...

Page 725: ...2 Select Configure Excluded Addresses from the Step list 3 Select Add from the Action list 4 Enter a single address or an address range 5 Click Apply Figure 428 Configuring Excluded Addresses on the...

Page 726: ...nterface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is fou...

Page 727: ...ould be on the same subnet as the client DNS Server The IP address of the primary and alternate DNS server DNS servers must be configured for a DHCP client to map host names to IP addresses Netbios Se...

Page 728: ...r Host 5 Enter the IP address and subnet mask for a network pool or host If configuring a static binding for a host enter the client identifier or hardware address for the host device Configure the op...

Page 729: ...Figure 431 Configuring DHCP Server Address Pools Host To show the configured DHCP address pools 1 Click IP Service DHCP Server 2 Select Configure Pool from the Step list 3 Select Show from the Action...

Page 730: ...ents 1 Click IP Service DHCP Server 2 Select Show IP Binding from the Step list Figure 433 Shows Addresses Assigned by the DHCP Server FORWARDING UDP SERVICE REQUESTS This section describes how this s...

Page 731: ...UDP HELPER Use the IP Service UDP Helper General page to enable the UDP helper globally on the switch CLI REFERENCES ip helper on page 1660 PARAMETERS These parameters are displayed UDP Helper Status...

Page 732: ...Service port 53 IEN 116 Name Service port 42 NetBIOS Datagram Server port 138 NetBIOS Name Server port 137 NTP port 37 TACACS service port 49 TFTP port 69 WEB INTERFACE To specify UDP destination por...

Page 733: ...specified in the IP Service UDP Helper Forwarding page and the packets meet the following criteria The MAC address of the received frame must be the all ones broadcast address ffff ffff ffff The IP d...

Page 734: ...rver or subnet for forwarding UDP request packets 1 Click IP Service UDP Helper Address 2 Select Add from the Action list 3 Enter the address of the remote server or subnet where UDP request packets a...

Page 735: ...Configure Interface page The BRAS detects the presence of the subscriber s circuit ID tag inserted by the switch during the PPPoE discovery phase and sends this tag as a NAS port ID attribute in PPP...

Page 736: ...PoE Intermediate Agent Configure Interface page to enable PPPoE IA on an interface set trust status enable vendor tag stripping and set the circuit ID and remote ID CLI REFERENCES PPPoE Intermediate A...

Page 737: ...identifier using the PPPoE Vendor Specific tag 0x0105 to PPPoE Active Discovery Initiation PADI and Request PADR packets The switch then forwards these packets to the PPPoE server The tag contains th...

Page 738: ...runk selection Received Received PPPoE active discovery messages All All PPPoE active discovery message types PADI PPPoE Active Discovery Initiation messages PADO PPPoE Active Discovery Offer messages...

Page 739: ...e Agent 739 WEB INTERFACE To show statistics for PPPoE IA protocol messages 1 Click IP Service PPPoE Intermediate Agent 2 Select Show Statistics from the Step list 3 Select Port or Trunk interface typ...

Page 740: ...CHAPTER 17 IP Services Configuring the PPPoE Intermediate Agent 740...

Page 741: ...this switch acts as a wire speed router passing traffic between VLANs with different IP interfaces and routing traffic to external IP networks However when the switch is first booted default routing...

Page 742: ...orward packets for both Layer 2 and Layer 3 as well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing...

Page 743: ...packet follows the Layer 3 routing process The destination IP address is checked against the Layer 3 address table If the address is not already there the switch broadcasts an ARP packet to all the p...

Page 744: ...h the network prefix number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network segment that is connect...

Page 745: ...RAMETERS These parameters are displayed Host Name IP Address IPv4 IPv6 address or alias of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 14...

Page 746: ...se the IP General Trace Route page to show the route packets take to the specified destination CLI REFERENCES traceroute on page 1653 PARAMETERS These parameters are displayed Destination IP Address I...

Page 747: ...unreachable message If the timer goes off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating...

Page 748: ...ntains the following fields similar to that shown in this example When devices receive this request they discard it if their address does not match the destination IP address in the message However if...

Page 749: ...uter may tie up resources by repeating ARP requests for addresses recently flushed from the table When a ARP entry expires it is deleted from the cache and an ARP request packet is sent to re establis...

Page 750: ...ts and other routers on local network interfaces defined on this router You can define up to 128 static entries in the ARP cache A static entry may need to be used if there is no response to an ARP br...

Page 751: ...ing physical address in the ARP cache using the web interface 1 Click IP ARP 2 Select Configure Static Address from the Step List 3 Select Add from the Action List 4 Enter the IP address and the corre...

Page 752: ...cast addresses However most entries will be dynamically learned through replies to broadcast messages CLI REFERENCES show arp on page 1658 WEB INTERFACE To display all dynamic entries in the ARP cache...

Page 753: ...rk segments using dynamic routing protocols i e RIP OSPF BGP However you can also manually enter static routes in the routing table using the IP Routing Static Routes Add page Static routes may be req...

Page 754: ...es are included in RIP and OSPF updates periodically sent by the router if this feature is enabled see page 779 or 807 respectively PARAMETERS These parameters are displayed Destination IP Address IP...

Page 755: ...of these methods the priority for route selection is local static and then dynamic except when the distance parameter of a dynamic route is set to a value that makes its priority exceed that of a sta...

Page 756: ...ectly reach the next hop so the VLAN interface associated with any dynamic or static route entry must be up Note that routes currently not accessible for forwarding may still be displayed by using the...

Page 757: ...F entries not both Normal unicast routing simply selects the path to the destination that has the lowest cost Multipath routing still selects the path with the lowest cost but can forward traffic over...

Page 758: ...f the multiple paths Because the hash algorithm is calculated based upon the packet header information which can identify specific traffic flows this technique minimizes the number of times a path is...

Page 759: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Page 760: ...has a higher priority than the currently active master router CLI REFERENCES VRRP Commands on page 1713 COMMAND USAGE Address Assignment To designate a specific router as the VRRP master the IP addre...

Page 761: ...ority of the virtual IP address Owner is the highest the original master router will always become the active master router when it recovers If two or more routers are configured with the same VRRP pr...

Page 762: ...rmation about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be proces...

Page 763: ...n the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded State VRRP router role Values M...

Page 764: ...ure Group ID from the Step List 3 Select Show from the Action List Figure 460 Showing Configured VRRP Groups To configure the virtual router address for a VRRP group 1 Click IP VRRP 2 Select Configure...

Page 765: ...om the Step List 3 Select Show IP Addresses from the Action List 4 Select a VLAN and a VRRP group identifier Figure 462 Showing the Virtual Addresses Assigned to VRRP Groups To configure detailed sett...

Page 766: ...ETERS These parameters are displayed VRRP Packets with Invalid Checksum The total number of VRRP packets received with an invalid VRRP checksum value VRRP Packets with Unknown Error The total number o...

Page 767: ...sement Packets Number of VRRP advertisements received by this router Received Error Advertisement Interval Packets Number of VRRP advertisements received for which the advertisement interval is differ...

Page 768: ...lue in the type field Received Error Address List VRRP Packets Number of packets received for which the address list does not match the locally configured list for the virtual router Received Invalid...

Page 769: ...te of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of ne...

Page 770: ...ds to prevent loops from occurring Split horizon Never propagate routes back to an interface port from which they have been acquired Poison reverse Propagate routes back to an interface port from whic...

Page 771: ...rk every 30 seconds by default and updates its own routing table when RIP messages are received from other routers To communicate properly with other routers using RIP you need to specify the RIP vers...

Page 772: ...efault metric does not override the metric value set in the Redistribute screen see Configuring Route Redistribution on page 779 When a metric value has not been configured in the Redistribute screen...

Page 773: ...k configuration Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unr...

Page 774: ...ting the entire RIP network redistribute connected routes using the Routing Protocol RIP Redistribute screen page 779 to make the RIP network a connected route To delete the RIP routes learned from ne...

Page 775: ...l 2 Select Clear Route from the Action list 3 When clearing routes by type select the required type from the drop down list When clearing routes by network enter a valid network address and prefix len...

Page 776: ...rk portion of the address This mask identifies the network address bits used for the associated routing entries By VLAN Adds a Layer 3 VLAN to the RIP routing process The VLAN must be configured with...

Page 777: ...locked on an interface the attached subnet will still continue to be advertised to other interfaces and updates from other routers on the specified interface will continue to be received and processed...

Page 778: ...rmation with a static neighbor specifically for point to point links rather than relying on broadcast or multicast messages generated by the RIP protocol This feature can be used in conjunction with t...

Page 779: ...e the Routing Protocol RIP Redistribute Add page to import external routing information from other routing domains that is directly connected routes protocols or static routes into this autonomous sys...

Page 780: ...ed to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow an imported route the maximum number of hops allowed with...

Page 781: ...is applied to all routes learned for the specified network PARAMETERS These parameters are displayed Distance Administrative distance for external routes External routes are routes for which the best...

Page 782: ...ttings and the loopback prevention method for each interface that participates in the RIP routing process CLI REFERENCES ip rip receive version on page 1744 ip rip send version on page 1745 ip rip aut...

Page 783: ...le when only static routes are to be allowed for a specific interface Protocol Message Authentication RIPv1 is not a secure protocol Any device sending protocol messages from UDP port 520 will be cons...

Page 784: ...2 packets RIPv1 and RIPv2 Accepts RIPv1 and RIPv2 packets Do Not Receive Does not accept incoming RIP packets This option does not add any dynamic entries to the routing table for an interface The def...

Page 785: ...thod propagates routes back to an interface from which they have been acquired but sets the distance vector metrics to infinity This provides faster convergence This is the default setting None No loo...

Page 786: ...ings CLI REFERENCES show ip rip on page 1749 PARAMETERS These parameters are displayed Interface Source IP address of RIP router interface Auth Type The type of authentication used for exchanging RIPv...

Page 787: ...parameters are displayed Peer Address IP address of a neighboring RIP router Update Time Last time a route update was received from this peer Version Shows whether RIPv1 or RIPv2 packets were received...

Page 788: ...for large area networks which experience frequent changes in the links It also handles subnets much better than RIP OSPF protocol actively tests the status of each link to its neighbors to generate a...

Page 789: ...protocol message authentication and the addition of a point to multipoint interface which allows OSPF to run over non broadcast networks as well as support for overlapping area ranges When using OSPF...

Page 790: ...d areas and external links to other areas Use the Routing Protocol OSPF Network Area Add page to define an OSPF area and the interfaces that operate within this area An autonomous system must be confi...

Page 791: ...and the corresponding address range forms a routing interface and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the netwo...

Page 792: ...at is contiguous with all the other areas in the network and configure an area for all of the other OSPF interfaces 4 Click Apply Figure 486 Defining OSPF Network Areas Based on Addresses To to show t...

Page 793: ...e using the same RFC for calculating summary route costs Enable this field to force the router to calculate summary route costs using RFC 1583 Default Disabled When RFC 1583 compatibility is enabled o...

Page 794: ...orted from other protocols Range 0 16777214 Default 20 A default metric must be used to resolve the problem of redistributing external routes from other protocols that use incompatible metrics This de...

Page 795: ...advertisements add the internal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a tie breaker if seve...

Page 796: ...iption Router ID Type Indicates if the router ID was manually configured or automatically generated by the system Rx LSAs The number of link state advertisements that have been received Originate LSAs...

Page 797: ...a separate routing database for each area ASBR Status Autonomous System Boundary Router Indicates if this router exchanges routing information with boundary routers in other autonomous systems to whic...

Page 798: ...twork Area Add page Range 1 65535 Area ID Identifier for a not so stubby area NSSA or stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 42949672...

Page 799: ...BR An NSSA is similar to a stub It blocks most external routing information and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the au...

Page 800: ...ed into its own area and then leaked to adjacent areas Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned through OSPF the default route static r...

Page 801: ...R it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using this option Metric Type Type 1 or Type 2 external routes Wh...

Page 802: ...icantly reduce the amount of topology data that has to be exchanged over the network Figure 496 OSPF Stub Area By default a stub can only pass traffic to other areas in the autonomous system through t...

Page 803: ...ummary Controls the use of summary routes Summary Allows an Area Border Router ABR to send a summary link advertisement into the stub area No Summary Stops an ABR from sending a summary link advertise...

Page 804: ...e 790 Area ID Identifier for a not so stubby area NSSA or stub SPF Runs The number of times the Shortest Path First algorithm has been run for this area ABR Count The number of Area Border Routers att...

Page 805: ...Route Summarization for ABRs CLI REFERENCES router ospf on page 1751 area range on page 1757 COMMAND USAGE Use the Area Range configuration page to summarize intra area routes and advertise this info...

Page 806: ...or not to advertise the summary route If the routes are set to be advertised the router will issue a Type 3 summary LSA for each specified address range If the summary is not advertised the specified...

Page 807: ...outer supports redistribution for all currently connected routes entries learned through RIP and static routes When you redistribute external routes into an OSPF autonomous system AS the router automa...

Page 808: ...signed to all external routes for the specified protocol Range 1 65535 Default 10 The metric value specified for redistributed routes supersedes the Default External Metric specified in the Routing Pr...

Page 809: ...ute individually in an external LSA as described in the preceding section The reduce the number of protocol messages required to redistribute these external routes an Autonomous System Boundary Router...

Page 810: ...es for advertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 805 This router supports up 20 Type 5 summary routes PARAMETERS These...

Page 811: ...n page to assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area use the Routing Protocol OSPF Interface Configure by VLAN or Configure by Address page t...

Page 812: ...o prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority becomes the DR and the router with the next highest priority becomes the B...

Page 813: ...d trip delay between any two routers on the attached network to avoid unnecessary retransmissions Authentication Type Specifies the authentication type used for an interface Options None Simple MD5 De...

Page 814: ...Normally only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key v...

Page 815: ...E To configure OSPF interface for all areas assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by VLAN from the Action list 3 Specify the VLAN ID and configure the required...

Page 816: ...for a specific area assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by Address from the Action list 3 Specify the VLAN ID enter the address assigned to an area and confi...

Page 817: ...thentication Keys CONFIGURING VIRTUAL LINKS Use the Routing Protocol OSPF Virtual Link Add and Configure Detailed Settings pages to configure a virtual link from an area that does not have a direct ph...

Page 818: ...ospf on page 1751 area virtual link on page 1765 COMMAND USAGE Use the Add page to create a virtual link and then use the Configure Detailed Settings page to set the protocol timers and authentication...

Page 819: ...virtual link 1 Click Routing Protocol OSPF Virtual Link 2 Select Add from the Action list 3 Specify the process ID the Area ID and Neighbor router ID 4 Click Apply Figure 512 Adding a Virtual Link To...

Page 820: ...N Use the Routing Protocol OSPF Information LSDB page to show the Link State Advertisements LSAs sent by OSPF routers advertising routes The full collection of LSAs collected by a router interface fro...

Page 821: ...NSSA External Type 7 An ASBR within an NSSA generates an NSSA external link state advertisement for each known network destination outside the AS CLI REFERENCES show ip ospf database on page 1780 PAR...

Page 822: ...um of the complete contents of the LSA WEB INTERFACE To display information in the link state database 1 Click Routing Protocol OSPF Information 2 Click LSDB 3 Select the process identifier 4 Specify...

Page 823: ...Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications e...

Page 824: ...CHAPTER 20 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2 824 3 Select the process identifier Figure 517 Displaying Neighbor Routers Stored in the Link State Database...

Page 825: ...is designed for networks where the probability of multicast group members is high such as a local network PIM SM is designed for networks where the probability of multicast group members is low such...

Page 826: ...a Reverse Path Tree RPT that channels the multicast traffic from each source through a single Rendezvous Point RP within the local PIM SM domain and then forwards this traffic to the Designated Router...

Page 827: ...ters along the RP Tree are replicated wherever the RP Tree branches and eventually reach all the receivers for that multicast group Because all routers along the shared tree are using PIM SM the multi...

Page 828: ...erface but both PIMv4 and PIMv6 can be enabled on the same interface ENABLING MULTICAST ROUTING GLOBALLY Use the Multicast Multicast Routing General page or the Multicast IPv6 Multicast Routing Genera...

Page 829: ...s processed multicast traffic from any particular source listed in the table It uses these routes to forward multicast traffic only if group members appear on directly attached subnetworks or on subne...

Page 830: ...s IP group address for a multicast service Source Address Subnetwork containing the IP multicast source Source Mask Network mask for the IP multicast source Upstream Neighbor The multicast router RPF...

Page 831: ...ream interface indicate Forward Traffic received from the upstream interface is being forwarded to this interface Local Downstream interface has received IGMP report message from host in this subnet P...

Page 832: ...uting table 1 Click Multicast IPv6 Multicast Routing Information 2 Select Show Summary from the Action List Figure 522 Displaying the IPv6 Multicast Routing Table To display detailed information on a...

Page 833: ...er CLI REFERENCES router pim on page 1928 COMMAND USAGE This feature enables PIM DM and PIM SM globally for the router You also need to enable PIM DM or PIM SM for each interface that will support mul...

Page 834: ...etermine the presence of multicast group members The main difference is that it uses the router s unicast routing table to determine if the interface through which a packet is received provides the sh...

Page 835: ...message and then sets its Hello timer to the configured value If a router does not hear from a neighbor for the period specified by the Hello Holdtime that neighbor is dropped This hold time is inclu...

Page 836: ...mbers which want to continue receiving the flow referenced in a LAN prune delay message then the override interval represents the time required for the downstream router to process the message and the...

Page 837: ...nges sources joining or leaving a multicast group before the default three minute state timeout expires This command is only effectively for interfaces of first hop PIM DM routers that are directly co...

Page 838: ...particular source forwards this traffic only to those interfaces on the router that have requests to join this group When there are no longer any requesting groups on that interface the leaf node send...

Page 839: ...Neighbor page to display all neighboring PIM routers CLI REFERENCES show ip pim neighbor on page 1936 PARAMETERS These parameters are displayed Address IP address of the next hop router VLAN VLAN tha...

Page 840: ...seconds in which register messages are sent from bursty sources Register Source Configures the IP source address of a register message to an address other than the outgoing interface address of the D...

Page 841: ...electing Reset to force the router to use the shared tree for all multicast groups or just for the specified multicast groups This is the default setting Group Address An IP multicast group address If...

Page 842: ...It is also preferable to set up one of these routers as both the primary BSR and RP PARAMETERS These parameters are displayed BSR Candidate Status Configures the switch as a Bootstrap Router BSR candi...

Page 843: ...e router will act as an RP for all multicast groups in the local PIM SM domain if no groups are specified A static RP can either be configured for the whole multicast group range 224 4 or for specific...

Page 844: ...be an RP for the specified multicast group s Group Address An IP multicast group address If a group address is not specified the RP is used for all multicast groups Group Mask Subnet mask that is use...

Page 845: ...ter that receives the list of RP candidates from the BSR also elects an active RP for each group range using the same election process The election process for each group is based on the following cri...

Page 846: ...ity to zero means that this router is not eligible to server as the RP Range 0 255 Default 0 Group Address An IP multicast group address If not defined the default address is 224 0 0 0 4 or the entire...

Page 847: ...ion about the bootstrap router BSR CLI REFERENCES show ip pim bsr router on page 1947 PARAMETERS These parameters are displayed IP Address IP address of interface configured as the BSR Uptime The time...

Page 848: ...router is a candidate to be the BSR for the RP set Currently no other router is the preferred BSR but this router is not yet the elected BSR Elected BSR Elected to serve as BSR WEB INTERFACE To displ...

Page 849: ...Select Show RP Mapping from the Action list Figure 535 Showing PIM RP Mapping CONFIGURING PIMV6 FOR IPV6 This section describes how to configure PIM DM and PIM SM for IPv6 ENABLING PIMV6 GLOBALLY Use...

Page 850: ...o the selected mode An IPv6 address must first be assigned to the required routing interface before PIMv6 can be configured on this page PIMv6 and MLD proxy cannot be used at the same time When an int...

Page 851: ...ess assigned to the selected VLAN Hello Holdtime Sets the interval to wait for hello messages from a neighboring PIM router before declaring it dead Note that the hello holdtime should be greater than...

Page 852: ...ing a prune request Default Disabled When other downstream routers on the same VLAN are notified that this upstream router has received a prune request they must send a Join to override the prune befo...

Page 853: ...ust respond with an graft acknowledgement message If this acknowledgement message is lost the router that sent the graft message will resend it a number of times as defined by Max Graft Retries Max Gr...

Page 854: ...t which join prune messages are sent Range 1 65535 seconds Default 60 seconds By default the switch sends join prune messages every 60 seconds to inform other PIM SM routers about clients who want to...

Page 855: ...CHAPTER 21 Multicast Routing Configuring PIMv6 for IPv6 855 Figure 537 Configuring PIMv6 Interface Settings Dense Mode Figure 538 Configuring PIMv6 Interface Settings Sparse Mode...

Page 856: ...ending periodic Join Prune messages toward a group specific RP for each group WEB INTERFACE To display neighboring PIMv6 routers 1 Click Routing Protocol PIM6 Neighbor Figure 539 Showing PIMv6 Neighbo...

Page 857: ...source to a receiver is through the RP However the path through the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to...

Page 858: ...ontinue to be the BSR until it receives a bootstrap message from another candidate with a higher priority or a higher IP address if the priorities are the same To improve failover recovery it is advis...

Page 859: ...igure the switch as a BSR candidate 1 Click Routing Protocol PIM6 PIM6 SM 2 Select BSR Candidate from the Step list 3 Specify the VLAN interface for which this router is bidding to become the BSR the...

Page 860: ...ver the one statically configured All routers within the same PIM6 SM domain must be configured with the same RP s Selecting an RP through the dynamic election process is therefore preferable for most...

Page 861: ...GE When this router is configured as an RP candidate it periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for the specified group addresses The IP address of the design...

Page 862: ...yed VLAN Identifier of configured VLAN interface Range 1 4094 Interval The interval at which this device advertises itself as an RP candidate Range 60 16383 seconds Default 60 seconds Priority Priorit...

Page 863: ...RP Candidate DISPLAYING THE PIM6 BSR ROUTER Use the Routing Protocol PIM6 SM Show Information Show BSR Router page to display Information about the bootstrap router BSR CLI REFERENCES show ipv6 pim b...

Page 864: ...d is using the RP set provided by that BSR Only bootstrap messages from that BSR or from a C BSR with higher weight than the current BSR will be accepted Candidate BSR Bidding in election process Pend...

Page 865: ...p address RP Address IP address of the RP for the listed multicast group Information Source RP that advertised the mapping how the RP was selected Static or Bootstrap and the priority used in the bidd...

Page 866: ...CHAPTER 21 Multicast Routing Configuring PIMv6 for IPv6 866...

Page 867: ...995 Remote Monitoring Commands on page 1017 Flow Sampling Commands on page 1025 Authentication Commands on page 1031 General Security Measures on page 1089 Access Control Lists on page 1163 Interface...

Page 868: ...page 1407 Multicast Filtering Commands on page 1425 LLDP Commands on page 1537 CFM Commands on page 1561 OAM Commands on page 1603 Domain Name Service Commands on page 1615 DHCP Commands on page 1625...

Page 869: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Page 870: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Page 871: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Page 872: ...ch debugging option discard Discard packet dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile...

Page 873: ...Time range traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hardware and so...

Page 874: ...tion effect for all applicable commands USING COMMAND HISTORY The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arro...

Page 875: ...ng the enable command followed by the privileged level password super To enter Privileged Exec mode enter the following user names and passwords Username admin Password admin login password CLI sessio...

Page 876: ...ation Creates a DiffServ class map for a specified traffic type DHCP Configuration These commands are used to configure the DHCP server ERPS Configuration These commands configure Ethernet Ring Protec...

Page 877: ...ended access list mac Console config arp acl Console config std acl Console config ext acl Console config std ipv6 acl Console config ext ipv6 acl Console config mac acl 1181 1164 1164 1170 1170 1176...

Page 878: ...for command line processing Table 56 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current ta...

Page 879: ...dynamic addresses web authentication MAC address authentication filtering DHCP requests and replies and discarding invalid ARP responses 1089 Access Control List Provides filtering for IPv4 frames bas...

Page 880: ...icast router also configures multicast VLAN registration and IPv6 MLD snooping 1425 Link Layer Discovery Protocol Configures LLDP settings to enable information discovery about neighbor devices 1537 C...

Page 881: ...LI Command Groups 881 IPC IGMP Profile Configuration LC Line Configuration MST Multiple Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration RC Router Configuration RM Route Map...

Page 882: ...CHAPTER 22 Using the Command Line Interface CLI Command Groups 882...

Page 883: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Page 884: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Page 885: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Page 886: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifi...

Page 887: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Page 888: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 885 reload Privileged Exec This command restarts the system NOT...

Page 889: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Page 890: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Page 891: ...ment Manages code image or switch configuration files Line Sets communication parameters for the serial port including baud rate and console time out Event Logging Controls logging of error messages S...

Page 892: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 61 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Page 893: ...ted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Edge Core Networks Responsible de...

Page 894: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Page 895: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Page 896: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Page 897: ...G None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersc...

Page 898: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Page 899: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Page 900: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Page 901: ...d to display system information Table 62 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show alarm status Shows information for...

Page 902: ...sed by System 0 Entries Used by User 0 TCAM Utilization 0 0 Console show alarm status This command displays information on predefined alarms i e non configurable and on the link down alarm which is di...

Page 903: ...are active and another example when both minor and major alarms occur Console show alarm status Unit 1 Asserted Alarm Input NONE Current Major Alarm Status NONE Current Minor Alarm Status NONE Current...

Page 904: ...ss cpu 1016 show running config This command displays the configuration information currently in use SYNTAX show running config COMMAND MODE Privileged Exec COMMAND USAGE Use this command in conjuncti...

Page 905: ...rw snmp server enable traps authentication username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0...

Page 906: ...SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and...

Page 907: ...k Fan 2 Ok Fan 3 Ok System Temperature Unit 1 Temperature 1 29 degrees Temperature 2 32 degrees Main Power Status Up Redundant Power Status Not present Main Power Type AC100 240V to 12V Module Redunda...

Page 908: ...and IP address of Telnet client DEFAULT SETTING None COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE The session used to execute this command is indicated by a symbol next to the Line i e sess...

Page 909: ...sion 13 08 Number of Ports 28 Main Power Status Up Redundant Power Status Not present Role Master Loader Version 1 3 2 3 Linux Kernel Version 2 6 19 2 0 1 Boot ROM Version 0 0 0 1 Operation Code Versi...

Page 910: ...d SYNTAX no fan speed force full DEFAULT SETTING Normal speed COMMAND MODE Global Configuration EXAMPLE Console config fan speed force full Console config FRAME SIZE This section describes commands us...

Page 911: ...required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is oper...

Page 912: ...startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the FTP TFTP serv...

Page 913: ...ROM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAG...

Page 914: ...figuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword that allows you to copy the HTTPS secure site certifi...

Page 915: ...ch to use HTTPS for a secure connection see the ip http secure server command When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note th...

Page 916: ...s example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19 So...

Page 917: ...word that allows you to delete a file usbdisk Keyword indicating USB memory stick or disk name Keyword indicating a file filename Name of configuration file or code image public key Keyword that allow...

Page 918: ...le usbdisk System file on a USB memory stick or disk filename Name of configuration file or code image If this file exists but contains errors information on this file cannot be shown DEFAULT SETTING...

Page 919: ...pressed user config files 2584576 Console umount usbdisk This command prepares the USB memory device to be safely removed from the switch SYNTAX umount usbdisk DEFAULT SETTING None COMMAND MODE Privil...

Page 920: ...AULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE This command is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image...

Page 921: ...pgrade succeeds Downloading new image Flash programming started Flash programming completed The switch will now restart upgrade opcode path This command specifies an TFTP server and directory in which...

Page 922: ...omitted a null string will be used for the connection EXAMPLE This shows how to specify a TFTP server where new code is stored Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config T...

Page 923: ...SSH connections LC authorization exec Applies an authorization method to local console Telnet or SSH connections LC databits Sets the number of data bits per character that are interpreted and genera...

Page 924: ...AGE Telnet is considered a virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet conn...

Page 925: ...nput from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character EXAMPLE To specify 7 d...

Page 926: ...local Selects local password checking Authentication is based on the user name specified with the username command DEFAULT SETTING login local COMMAND MODE Line Configuration COMMAND USAGE There are t...

Page 927: ...ED COMMANDS username 1033 password 928 parity This command defines the generation of a parity bit Use the no form to restore the default setting SYNTAX parity none even odd no parity none No parity ev...

Page 928: ...ction the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect p...

Page 929: ...llowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down EXAMPLE To set the password threshold to...

Page 930: ...inal speeds Use the no form to restore the default setting SYNTAX speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps DEFAULT SETTING 115200 bps COMMAND MODE...

Page 931: ...t login response This command sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default setting SYNTAX timeout login response seconds no timeout log...

Page 932: ...SSH Telnet or console connection Range 0 8 COMMAND MODE Privileged Exec COMMAND USAGE Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an act...

Page 933: ...on describes commands used to configure event logging on the switch Table 68 Event Logging Commands Command Function Mode logging facility Sets the facility type for remote logging of syslog messages...

Page 934: ...the syslog server to sort messages or to store messages in the corresponding database EXAMPLE Console config logging facility 19 Console config logging history This command limits syslog messages sav...

Page 935: ...emove a syslog server host SYNTAX no logging host host ip address host ip address The IPv4 or IPv6 address of a syslog server DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Use t...

Page 936: ...rror messages that are stored in memory You can use the logging trap command to control the type of error messages that are sent to specified syslog servers EXAMPLE Console config logging on Console c...

Page 937: ...evel also enables remote logging but restores the minimum severity level to the default EXAMPLE Console config logging trap 4 Console config clear log This command clears messages from the log buffer...

Page 938: ...d then on through the power source EXAMPLE The following example shows the event message stored in RAM Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function...

Page 939: ...bled Remote Log Facility Type Local use 7 Remote Log Level Type Debugging messages Remote Log Server IP Address 0 0 0 0 Remote Log Server IP Address 0 0 0 0 Remote Log Server IP Address 0 0 0 0 Remote...

Page 940: ...facility command REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog serv...

Page 941: ...es the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mai...

Page 942: ...logging sendmail level 3 Console config logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient SYNTAX no logging sendma...

Page 943: ...ODE Global Configuration COMMAND USAGE You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch EXAMPLE Console config logging sen...

Page 944: ...configuration settings NE PE NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP client for tim...

Page 945: ...SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp...

Page 946: ...which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Use the no form to clear all time servers from the current list or to clear a...

Page 947: ...ing time synchronization requests and the current SNTP mode i e unicast EXAMPLE Console show sntp Current Time Nov 5 18 51 22 2006 Poll Interval 16 seconds Current Mode Unicast SNTP Status Enabled SNT...

Page 948: ...er The NTP authentication key ID number Range 1 65535 md5 Specifies that authentication is provided by using the message digest algorithm 5 key An MD5 authentication key string The key string can be u...

Page 949: ...n COMMAND USAGE The SNTP and NTP clients cannot be enabled at the same time First disable the SNTP client before using this command The time acquired from time servers is used to record accurate dates...

Page 950: ...client mode It issues time synchronization requests based on the interval set with the ntp poll command The client will poll all the time servers configured the responses received are filtered and co...

Page 951: ...ion 3 NTP Server 192 168 4 22 version 3 key 19 NTP Authentication Key 19 md5 42V68751663T6K11P2J307210R885 Console Manual Configuration Commands clock summer time date This command sets the start end...

Page 952: ...al Configuration COMMAND USAGE In some countries or regions clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less This is known as Summer Time or D...

Page 953: ...one hour at the start of spring and then adjusted backward in autumn This command sets the summer time time relative to the configured time zone To specify the time corresponding to your local time wh...

Page 954: ...ry march april may june july august september october november december b hour The hour when summer time will begin Range 0 23 hours b minute The minute when summer time will begin Range 0 59 minutes...

Page 955: ...he time zone for the switch s internal clock SYNTAX clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 30 characters hours Number of ho...

Page 956: ...TAX calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march...

Page 957: ...ge configuration mode Use the no form to remove a previously specified time range SYNTAX no time range name name Name of the time range Range 1 16 characters DEFAULT SETTING None COMMAND MODE Global C...

Page 958: ...june july august september october november december year Year 4 digit Range 2009 2109 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured yo...

Page 959: ...Weekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured...

Page 960: ...area network Table 76 PTP Commands Command Function Mode ptp adjust Adjusts the system time based information in received Sync messages GC ptp domain number Specifies the PTP clock synchronization dom...

Page 961: ...Sync message ensuring that the offset from the master clock listed in the Current Data Set is now zero as displayed by the show ptp information command EXAMPLE Console config ptp adjust Console confi...

Page 962: ...her using PTP Multiple independent PTP clocking domains can be configured on a single network but a device can only belong to one domain EXAMPLE Console config ptp domain number 1 Console config ptp e...

Page 963: ...d master clocks EXAMPLE Console config ptp in latency 10 Console config ptp mode This command sets the operating mode to boundary clock or transparent clock Use the no form to restore the default sett...

Page 964: ...witch will synchronize to that clock as its child and then acts as the parent clock to devices connected to other ports After initial synchronization the switch and connected devices exchange timing m...

Page 965: ...k based on the following clock properties Priority An administratively assigned precedence hint used by the BMC to help select a grandmaster for the PTP domain Class An attribute defining the clock s...

Page 966: ...AND USAGE The priority2 preference is only considered when it not possible to use priority1 and other clock attributes to select a best master clock EXAMPLE Console config ptp priority2 16 Console con...

Page 967: ...all paths through the switch or for successive messages crossing the same path peer to peer This method measures the delay required for PTP event messages to cross the link from the peer port on the u...

Page 968: ...ollowing values 0 1 packet every second 1 1 packet every 2 seconds 2 1 packet every 4 seconds 3 1 packet every 8 seconds 4 1 packet every 16 seconds It may be necessary for the announcement interval t...

Page 969: ...second 1 1 packet every 2 seconds 2 1 packet every 4 seconds 3 1 packet every 8 seconds 4 1 packet every 16 seconds 5 1 packet every 32 seconds This value is determined and advertised by a master clo...

Page 970: ...he ptp delay mechanism command EXAMPLE Console config interface ethernet 1 1 Console config if ptp log min pdelay request interval 1 Console config if ptp log sync interval This command sets the synch...

Page 971: ...ptp port enable DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE PTP is not enabled on all supported interfaces by default You must enable PTP on indiv...

Page 972: ...a transport mechanism the following UDP destination ports are reserved values assigned to PTP Table 77 Ethernet Multicast MAC Addresses Message Types Address hex All except peer delay mechanism messag...

Page 973: ...TP management message SYNTAX ptp port release interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged...

Page 974: ...rs Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show ptp configuration ethernet 1 1 Ethernet 1 1 Delay Mechanism Peer to Peer Transport Ethernet Log Sync I...

Page 975: ...aster clock quality time properties Shows information about the time attributes transparent Shows information for a transparent clock interface ethernet unit port list unit Stack unit Range 1 port lis...

Page 976: ...riority2 128 Domain Number 0 Slave Only No Current Data Set Steps Removed 0 Offset From Master 0 sec 0 nano sec Mean Path Delay 0 sec 0 nano sec Parent Data Set Parent Identity Clock Identity 0X00000C...

Page 977: ...ining the accuracy of the clock Offset Scaled Log Variance An attribute defining the stability of the clock Priority1 A preference level used in selecting the master clock Priority2 A secondary prefer...

Page 978: ...reference Frequency Traceable Indicates if the frequency determining the time scale is traceable to a primary reference PTP Timescale Indicates if the clock time scale of the grand master clock is PT...

Page 979: ...A unique 8 octet array based on the IEEE EUI 64 assigned numbers Number Ports Number of ports on this device Delay Mechanism Time delay measurement method end to end or peer to peer Primary Domain Num...

Page 980: ...nstream PHYs and retransmitted down the chain Every node in the chain must be capable of recovering and re transmitting frequency synchronization signals SyncE provides timing synchronization through...

Page 981: ...pports SyncE Use the no form to disable SyncE on a port SYNTAX no synce ethernet unit port unit Unit identifier Range 1 port Port number Range 25 28 DEFAULT SETTING Disabled COMMAND MODE Global Config...

Page 982: ...ctive clock source port exists the switch s internal clock will be used as the clock source If the priority of the clock source port is not specified the port ID of the clock source port will be used...

Page 983: ...ource selection mode All ports configured as clock source port in manual mode will be kept after changing to auto mode If more than one port is configured as clock source port the port with a valid cl...

Page 984: ...active clock source or sets a port to be the active clock source SYNTAX synce force clock source selecting ethernet unit port unit Unit identifier Range 1 port Port number Range 25 28 DEFAULT SETTING...

Page 985: ...command only enables a port to send receive SSM It does not designate a specific port to be used as the clock source port Use the synce clk src ssm command to configure the clock source Only SSM will...

Page 986: ...ode the local clock will be used as clock source in Manual mode All ports configured as clock source ports under Auto mode will be kept after changing to Manual mode Link State Changes If an SSM enabl...

Page 987: ...t function EXAMPLE Console config synce ssm ethernet 1 25 Console config synce ssm ethernet 1 26 Console config synce ssm ethernet 1 27 Console config synce ssm ethernet 1 28 Console config show synce...

Page 988: ...Status Port Port identifier Status Shows if reception transmission of SSM is enabled or disabled Priority The selection priority determined by the manual configuration or default setting Tx SSM Shows...

Page 989: ...Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate swit...

Page 990: ...k Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broad...

Page 991: ...pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Confi...

Page 992: ...tion COMMAND USAGE The maximum number of cluster Members is 16 The maximum number of cluster Candidates is 100 EXAMPLE Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config r...

Page 993: ...OMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates 2 Console show cluster members Thi...

Page 994: ...tes This command shows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active memb...

Page 995: ...Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Display...

Page 996: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Page 997: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Page 998: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Page 999: ...SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentica...

Page 1000: ...page 1561 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 0 3600 seconds Default 1 se...

Page 1001: ...cipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps a...

Page 1002: ...that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notifications are issued by the...

Page 1003: ...tring is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will be automatically created by the snmp server host command...

Page 1004: ...Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show snmp server enable port traps interface Interface MAC Notification Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine...

Page 1005: ...en the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need...

Page 1006: ...write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public17 read only private18 read write readview Every object belonging to th...

Page 1007: ...remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha...

Page 1008: ...emote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Page 1009: ...onsole config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engin...

Page 1010: ...ype volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1...

Page 1011: ...iption Field Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view sto...

Page 1012: ...s the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification...

Page 1013: ...host parameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a m...

Page 1014: ...ation log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network ma...

Page 1015: ...AX memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshol...

Page 1016: ...d in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Glob...

Page 1017: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Page 1018: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Page 1019: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Page 1020: ...he polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 28 Buckets 50 Interval 30...

Page 1021: ...24 interval 60 Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon collectio...

Page 1022: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Page 1023: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Page 1024: ...CHAPTER 26 Remote Monitoring Commands 1024...

Page 1025: ...of this chapter all refer to a remote server capable of receiving the sFlow datagrams generated by the sFlow agent of the switch sflow owner This command creates an sFlow collector on the switch Use...

Page 1026: ...s version v4 v5 Sends either v4 or v5 sFlow datagrams to the receiver DEFAULT SETTING No owner is configured UDP Port 6343 Version v4 Maximum Datagram Size 1400 bytes COMMAND MODE Privileged Exec COMM...

Page 1027: ...ling rate sample rate max header size max header size no sflow sample interface interface instance instance id interface The source from which the samples will be taken and sent to a collector etherne...

Page 1028: ...terval Use the no form to remove the polling data source instance from the switch s sFlow configuration SYNTAX sflow polling interface interface instance instance id receiver owner name polling interv...

Page 1029: ...s for the sFlow process SYNTAX show sflow owner owner name interface interface owner name The associated receiver to which the samples are sent Range 1 30 alphanumeric characters interface ethernet un...

Page 1030: ...CHAPTER 27 Flow Sampling Commands 1030...

Page 1031: ...ntication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS Client Configures settings for authentication via...

Page 1032: ...ec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password Password for this privilege level Maximum length 32 characters plain text or encrypted case sensitive DEFAULT...

Page 1033: ...redefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authe...

Page 1034: ...de with the enable command Use the no form to restore the default SYNTAX authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server passw...

Page 1035: ...nging command modes 1032 authentication login This command defines the login authentication method and precedence Use the no form to restore the default SYNTAX authentication login local radius tacacs...

Page 1036: ...base of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch radius server acct port This command sets the RADIUS server...

Page 1037: ...t 181 Console config radius server host This command specifies primary and backup RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a spec...

Page 1038: ...t 1812 acct port 1813 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console confi...

Page 1039: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Page 1040: ...Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on the network An authentication ser...

Page 1041: ...P port used for authentication messages Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 timeout Number of seconds the switch...

Page 1042: ...TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server re...

Page 1043: ...ds Number of seconds the switch waits for a reply before resending a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console con...

Page 1044: ...accounting method for service requests Range 1 64 characters start stop Records accounting from starting point and stopping point Table 102 AAA Commands Command Function Mode aaa accounting dot1x Enab...

Page 1045: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Page 1046: ...ethod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to us...

Page 1047: ...64 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Page 1048: ...EXAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the g...

Page 1049: ...list name Specifies a method list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config...

Page 1050: ...t name Specifies a method list created with the aaa authorization exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line authorizatio...

Page 1051: ...Eth 1 1 Method List tps Group List radius Interface Eth 1 2 Accounting Type EXEC Method List default Group List tacacs Interface vty Console WEB SERVER This section describes commands used to configur...

Page 1052: ...nge 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configuration EXAMPLE Console config ip http port 769 Console config RELATED COMMANDS ip http server 1052 show system 906 ip http server This command...

Page 1053: ...to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Cons...

Page 1054: ...e client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The fol...

Page 1055: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can...

Page 1056: ...CP port number to be used by the browser interface Range 1 65535 DEFAULT SETTING 23 COMMAND MODE Global Configuration EXAMPLE Console config ip telnet port 123 Console config ip telnet server This com...

Page 1057: ...h authentication retries Specifies the number of retries allowed by a client GC ip ssh server Enables the SSH server on the switch GC ip ssh server key size Sets the SSH server key size GC ip ssh time...

Page 1058: ...ts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233...

Page 1059: ...ents that have a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process Authenticating SSH v1 5 Clients a The client sen...

Page 1060: ...sing any configured IPv4 or IPv6 interface address on the switch ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no f...

Page 1061: ...ing the SSH server EXAMPLE Console ip ssh crypto host key generate dsa Console configure Console config ip ssh server Console config RELATED COMMANDS ip ssh crypto host key generate 1063 show ssh 1066...

Page 1062: ...e switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Page 1063: ...1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client p...

Page 1064: ...mory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command EXAMPLE Console ip ssh crypto zeroize dsa C...

Page 1065: ...ileged Exec COMMAND USAGE If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA...

Page 1066: ...27s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S...

Page 1067: ...ch sends an EAP request identity frame to the client before restarting the authentication process IC dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity...

Page 1068: ...MODE Global Configuration COMMAND USAGE When this device is functioning as intermediate node in the network and does not need to perform dot1x authentication the dot1x eapol pass through command can b...

Page 1069: ...either to block all traffic or to assign all traffic for the port to a guest VLAN Use the no form to reset the default SYNTAX dot1x intrusion action block traffic guest vlan no dot1x intrusion action...

Page 1070: ...T 2 COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x max reauth req 2 Console config if dot1x max req This command sets the maximum number of times...

Page 1071: ...ws multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this co...

Page 1072: ...T force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enable...

Page 1073: ...efault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console confi...

Page 1074: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Page 1075: ...interface SYNTAX dot1x re authenticate interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec COMMAND USAGE The re authentication...

Page 1076: ...erface that has enabled 802 1X including the following items Type Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 1...

Page 1077: ...rized Reauth Count Number of times connecting state is re entered Current Identifier The integer 0 255 used by the Authenticator to identify the current authentication session Backend State Machine St...

Page 1078: ...o Intrusion Action Block traffic Supplicant 00 e0 29 94 34 65 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 I...

Page 1079: ...invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access r...

Page 1080: ...addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Privileged Exec EXAMPLE Console show management...

Page 1081: ...op information from the client s PPPoE Active Discovery Request and forwards this information to all trusted ports Table 110 PPPoE Intermediate Agent Commands Command Function Mode pppoe intermediate...

Page 1082: ...X pppoe intermediate agent format type access node identifier id string generic error message error message no pppoe intermediate agent format type access node identifier generic error message id stri...

Page 1083: ...int ethernet 1 5 Console config if pppoe intermediate agent port enable Console config if pppoe intermediate agent port format type This command sets the circuit id or remote id for an interface Use t...

Page 1084: ...ets sent from the PPPoE Server include the Circuit Id tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients using the pppoe...

Page 1085: ...SAGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification information in PPPoE Discovery packets received from an...

Page 1086: ...nfo PPPoE Intermediate Agent Global Status Enabled PPPoE Intermediate Agent Admin Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Intermediate...

Page 1087: ...th 1 1 statistics Received All PADI PADO PADR PADS PADT 3 0 0 0 0 3 Dropped Response from untrusted Request towards untrusted Malformed 0 0 0 Console Table 111 show pppoe intermediate agent statistics...

Page 1088: ...CHAPTER 28 Authentication Commands PPPoE Intermediate Agent 1088...

Page 1089: ...AC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control Lists Provides filtering for IP frames based on address protocol TCP UDP port number or TC...

Page 1090: ...and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enabl...

Page 1091: ...security This command enables or configures port security Use the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings fo...

Page 1092: ...ddress VLAN for frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a p...

Page 1093: ...pecifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE This example shows the switch saving the MAC addresses learned by port...

Page 1094: ...settings and number of secure addresses for a specific port The Last Intrusion MAC and Last Time Detected Intrusion MAC fields show information about the last detected intrusion MAC address These fie...

Page 1095: ...Up Intrusion Action None Max MAC Count 0 Current MAC Count 0 MAC Filter Enabled MAC Filter ID 1 Last Intrusion MAC 00 10 22 00 00 01 Last Time Detected Intrusion MAC 2010 7 29 15 13 03 Console NETWORK...

Page 1096: ...ect and act upon link up events IC network access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac c...

Page 1097: ...e config if network access aging Console config if network access mac filter Use this command to add a MAC address into a filter table Use the no form of this command to remove the specified MAC addre...

Page 1098: ...mac authentication reauth time seconds The reauthentication time period Range 120 1000000 seconds DEFAULT SETTING 1800 COMMAND MODE Global Configuration COMMAND USAGE The reauthentication time is a gl...

Page 1099: ...ile a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off of the port NOTE Any configuration changes for dynamic QoS are not...

Page 1100: ...resses on the port must have same VLAN configuration or they are treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuratio...

Page 1101: ...est vlan to be effective see the dot1x intrusion action command EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detec...

Page 1102: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Page 1103: ...ponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAN...

Page 1104: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Page 1105: ...Type attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter...

Page 1106: ...ce Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addre...

Page 1107: ...t xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console clear netw...

Page 1108: ...MAC address table entries SYNTAX show network access mac address table static dynamic address mac address mask interface interface sort address interface static Specifies static address entries dynami...

Page 1109: ...FAULT SETTING Displays all filters COMMAND MODE Privileged Exec EXAMPLE Console show network access mac filter Filter ID MAC Address MAC Mask 1 00 00 01 02 03 08 FF FF FF FF FF FF Console WEB AUTHENTI...

Page 1110: ...web auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded...

Page 1111: ...cation again Range 1 180 seconds DEFAULT SETTING 60 seconds COMMAND MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defi...

Page 1112: ...system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web...

Page 1113: ...COMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the de...

Page 1114: ...empts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interf...

Page 1115: ...snooping globally GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy...

Page 1116: ...an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time V...

Page 1117: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Page 1118: ...n for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub option for the DHCP snooping agent that is the IP address of the managem...

Page 1119: ...ormation enabling the DHCP snooping information option will remove option 82 information from the packet EXAMPLE This example enables the DHCP Snooping Information Option Console config ip dhcp snoopi...

Page 1120: ...the source MAC address in the Ethernet header Use the no form to disable this function SYNTAX no ip dhcp binding verify mac address DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND U...

Page 1121: ...command DHCP packet filtering will be performed on any untrusted ports within the VLAN as specified by the ip dhcp snooping trust command When the DHCP snooping is globally disabled DHCP snooping can...

Page 1122: ...under the ip dhcp snooping information option command Option 82 information generated by the switch is based on TR 101 syntax as shown below The circuit identifier used by this switch starts at sub o...

Page 1123: ...ly messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or fire wall Set all ports connected to DHCP servers within t...

Page 1124: ...t any optional keywords to clear all entries from the binding table SYNTAX clear ip dhcp snooping binding mac address vlan vlan id mac address Specifies a MAC address entry Format xx xx xx xx xx xx vl...

Page 1125: ...ory will no longer be valid EXAMPLE Console ip dhcp snooping database flash Console show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND MODE Privileged Exec EXAMP...

Page 1126: ...store the default setting SYNTAX no ipv6 dhcp snooping DEFAULT SETTING Disabled Table 120 DHCP Snooping Commands Command Function Mode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp...

Page 1127: ...tch is 100 packets per second Any DHCPv6 packets in excess of this limit are dropped Filtering rules are implemented as follows If global DHCPv6 snooping is disabled all DHCPv6 packets are forwarded I...

Page 1128: ...me and forward to original destination Otherwise remove binding entry and check failed If a DHCPv6 Relay packet is received check the relay message option in Relay Forward or Relay Reply packet and pr...

Page 1129: ...y using the ipv6 dhcp snooping command and enabled on a VLAN with this command DHCPv6 packet filtering will be performed on any untrusted ports within the VLAN as specified by the ipv6 dhcp snooping t...

Page 1130: ...g trust This command configures the specified interface as trusted Use the no form to restore the default setting SYNTAX no ipv6 dhcp snooping trust DEFAULT SETTING All interfaces are untrusted COMMAN...

Page 1131: ...g trust Console config if RELATED COMMANDS ipv6 dhcp snooping 1126 ipv6 dhcp snooping vlan 1129 clear ipv6 dhcp snooping binding This command clears DHCPv6 snooping binding table entries from RAM Use...

Page 1132: ...ping status disabled DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max binding Current binding Eth 1 1 No 5 0 Eth 1 2 No 5 0 Eth 1 3 No 5 0 Eth 1 4 No 5 0 Eth 1 5 Yes 5 0 sh...

Page 1133: ...ooping on page 1115 IPv4 source guard can be used to prevent traffic attacks caused when a host tries to use the IPv4 address of a neighbor to access the network This section describes commands used t...

Page 1134: ...rt Port number Range 1 28 DEFAULT SETTING No configured entries COMMAND MODE Global Configuration COMMAND USAGE If the binding mode is not specified in this command the entry is bound to the ACL table...

Page 1135: ...8 0 99 interface ethernet 1 5 Console config RELATED COMMANDS ip source guard 1135 ip dhcp snooping 1116 ip dhcp snooping vlan 1121 ip source guard This command configures the switch to filter inbound...

Page 1136: ...h its IP address and corresponding MAC address sip mac option will be checked against the binding table If no matching entry is found the packet will be dropped Filtering rules are implemented as foll...

Page 1137: ...r of IP addresses that can be mapped to an interface in the binding table Range 1 5 for ACL mode 1 1024 for MAC mode DEFAULT SETTING Mode ACL Maximum bindings 5 for ACL mode 1024 for MAC mode COMMAND...

Page 1138: ...rnet EXAMPLE This command sets the binding table mode for the specified interface to MAC mode Console config interface ethernet 1 5 Console config if ip source guard mode mac Console config if clear i...

Page 1139: ...h 1 4 DISABLED ACL 5 1024 Eth 1 5 DISABLED ACL 5 1024 show ip source guard binding This command shows the source guard binding table SYNTAX show ip source guard binding dhcp snooping static acl mac bl...

Page 1140: ...e Use the no form to remove a static entry SYNTAX ipv6 source guard binding mac address vlan vlan id ipv6 address interface interface no ipv6 source guard binding mac address vlan vlan id mac address...

Page 1141: ...amic entries learned via ND snooping DHCPv6 snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry wi...

Page 1142: ...uard is enabled on an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A por...

Page 1143: ...rce bindings dynamically learned via ND snooping or DHCP snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packets and DHCPv6 pack...

Page 1144: ...source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries learned through DHC...

Page 1145: ...g each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an AR...

Page 1146: ...their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit...

Page 1147: ...andom group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DHCP snooping database is not checked DEFAULT SETTING...

Page 1148: ...inspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the lo...

Page 1149: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and respons...

Page 1150: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Page 1151: ...command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Console config i...

Page 1152: ...ion Global IP ARP Inspection Status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp insp...

Page 1153: ...ics ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address...

Page 1154: ...an no longer communicate adequately This section describes commands used to protect against DoS attacks dos protection land This command protects against DoS LAND Local Area Network Denial attacks in...

Page 1155: ...X no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp null scan Console config dos protection tcp syn fin scan This comm...

Page 1156: ...he target replies with a TCP RST packet If the target TCP port is open it simply discards the TCP XMAS scan Use the no form to disable this feature SYNTAX no dos protection tcp xmas scan DEFAULT SETTI...

Page 1157: ...tation SYNTAX no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Traffic segmentation provides port based security and isolation between ports within the...

Page 1158: ...entation globally on the switch Console config traffic segmentation Console config traffic segmentation session This command creates a traffic segmentation client session Use the no form to remove a c...

Page 1159: ...rface list downlink interface list downlink interface list session id Traffic segmentation session Range 1 4 uplink Specifies an uplink interface downlink Specifies a downlink interface interface list...

Page 1160: ...sole config traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink to uplink This command specifies whether or not traffic can be forwarded betwee...

Page 1161: ...segmentation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding...

Page 1162: ...CHAPTER 29 General Security Measures Configuring Port based Traffic Segmentation 1162...

Page 1163: ...IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class next header type or flow l...

Page 1164: ...er more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you crea...

Page 1165: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Page 1166: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Page 1167: ...t mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Preceden...

Page 1168: ...ort 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any contr...

Page 1169: ...ip access list 1169 Time Range 957 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP ac...

Page 1170: ...cess list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP addre...

Page 1171: ...ndard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address pre...

Page 1172: ...permit deny any host destination ipv6 address destination ipv6 address prefix length dscp dscp flow label flow label next header next header time range time range name no permit deny any host destinat...

Page 1173: ...handling by the intervening routers The nature of that special handling might be conveyed to the routers by a control protocol such as a resource reservation protocol or by information within the flow...

Page 1174: ...e config ext ipv6 acl This allows any packets sent to the destination 2009 DB9 2229 79 48 when the next header is 43 Console config ext ipv6 acl permit 2009 DB9 2229 79 48 next header 43 Console confi...

Page 1175: ...DS show ipv6 access list 1175 Time Range 957 show ipv6 access group This command shows the ports assigned to IPv6 ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 access group Interface eth...

Page 1176: ...Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuratio...

Page 1177: ...rce source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask NOTE The default is for Ethernet II packets permit deny tagged eth2...

Page 1178: ...I packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source or destination address host A specific...

Page 1179: ...ort Use the no form to remove the port SYNTAX mac access group acl name in out time range time range name counter no mac access group acl name in out acl name Name of the ACL Maximum length 16 charact...

Page 1180: ...ace ethernet 1 5 MAC access list M5 in Console RELATED COMMANDS mac access group 1179 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name...

Page 1181: ...MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create a...

Page 1182: ...esponse ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac des...

Page 1183: ...mac any any Console config mac acl RELATED COMMANDS access list arp 1181 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Page 1184: ...ernet unit port unit Unit identifier Range 1 port Port number Range 1 28 acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware c...

Page 1185: ...ngress egress rules for Standard IPv6 ACLs mac Shows ingress egress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Na...

Page 1186: ...CHAPTER 30 Access Control Lists ACL Information 1186...

Page 1187: ...ce IC switchport mtu Sets the maximum transfer unit for an interface IC clear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show in...

Page 1188: ...or IPv6 address before a connection can be made through Telnet SSH or HTTP transceiver threshold rx power Sends a trap when the power level of the received signal power falls outside the specified thr...

Page 1189: ...onfiguration file An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example...

Page 1190: ...n command the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the flowcontrol...

Page 1191: ...he no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cdp pvst cdp Cisco Discovery Protocol pvst Per VLAN Spanning Tree DEFAULT SETTING Default Forwa...

Page 1192: ...rmined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port EXAMPLE The following example enables flow control o...

Page 1193: ...ports Use the no form to restore the default mode SYNTAX media type sfp forced mode no media type sfp forced Forces transceiver mode for the SFP port mode 1000sfp Always uses 1000BASE SFP mode 100fx A...

Page 1194: ...When auto negotiation is disabled you must manually specify the link attributes with the flowcontrol command Note Auto negotiation is not supported for 1000BASE SFP transceivers used in 10G SFP Ports...

Page 1195: ...ING 1518 bytes COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use the jumbo frame command to enable or disable jumbo frames for all Gigabit and 10 Gigabit Ethernet ports To s...

Page 1196: ...and EXAMPLE The following first enables jumbo frames for layer 2 packets and then sets the MTU for port 1 Console config jumbo frame Console config interface ethernet 1 1 Console config if switchport...

Page 1197: ...th 1 1 Default Default Eth 1 2 Default Default Eth 1 3 Default Default Eth 1 4 Default Default Eth 1 7 Default Default Eth 1 8 Default Default Eth 1 9 Default Default Eth 1 10 Default Default Eth 1 11...

Page 1198: ...yed by this command see Showing Port or Trunk Statistics on page 192 EXAMPLE Console show interfaces counters ethernet 1 1 Ethernet 1 1 IF table Stats 2166458 Octets Input 14734059 Octets Output 14707...

Page 1199: ...Output per seconds 1 Packets Output per second 0 00 Output Utilization Console show interfaces counters vlan 1 VLAN 1 21462 Octets Input 93 Packets Input Console show interfaces history This command...

Page 1200: ...ries in the sampling table Console show interfaces history ethernet 1 1 Interface Eth 1 1 Name 1min Interval 1 minute s Buckets Requested 15 Buckets Granted 15 Status Active Current Entries Start Time...

Page 1201: ...ards Errors Unknown Proto 0 0 0 Octets Output Unicast Multicast Broadcast 8896498997 11151669 4734465 119595 Discards Errors 0 0 Console This example shows the statistics recorded for a named entry in...

Page 1202: ...62 30 00d 00 07 37 8548505 13380 2879 30 Start Time Octets Output Discards Errors 00d 00 05 37 6827866 0 0 00d 00 06 37 7572668 0 0 00d 00 07 37 8548505 0 0 Console show interfaces status This command...

Page 1203: ...Disabled MAC Learning Yes Media Type SFP forced MTU 1518 Current Status Link Status Up Port Operation Status Up Operation Speed duplex 1000full Up Time 0w 0d 1h 41m 8s 6068 seconds Flow Control Type...

Page 1204: ...hport display description Field Description Broadcast Threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 1241 Multicast Threshold S...

Page 1205: ...e private VLAN mode as host promiscuous or none 1369 Private VLAN host association Shows the secondary or community VLAN with which this port is associated 1368 Private VLAN mapping Shows the primary...

Page 1206: ...an alarm or warning message SYNTAX transceiver threshold current high alarm high warning low alarm low warning threshold value high alarm Sets the high current threshold for an alarm message high warn...

Page 1207: ...vel were to fluctuate just above and below either the high threshold or the low threshold Trap messages enabled by the transceiver threshold monitor command are sent to any management station configur...

Page 1208: ...alarm thresholds for the signal power received at port 1 Console config interface ethernet 1 1 Console config if transceiver threshold rx power low alarm 21 Console config if transceiver threshold rx...

Page 1209: ...thernet 1 1 Console config if transceiver threshold temperature low alarm 97 Console config if transceiver threshold temperature high alarm 83 Console transceiver threshold tx power This command sets...

Page 1210: ...ole config interface ethernet 1 1 Console config if transceiver threshold tx power low alarm 8 Console config if transceiver threshold tx power high alarm 3 Console transceiver threshold voltage This...

Page 1211: ...splays identifying information for the specified transceiver including connector type and vendor related parameters as well as the temperature voltage bias current transmit power and receive power SYN...

Page 1212: ...ower dBm 12 00 11 50 9 50 9 00 RxPower dBm 21 50 21 00 3 50 3 00 Console show interfaces transceiver threshold This command Displays the alarm warning thresholds for temperature voltage bias current t...

Page 1213: ...e a DDM compliant transceiver inserted EXAMPLE Console show interfaces transceiver threshold ethernet 1 25 Information of Eth 1 25 DDM Thresholds Transceiver monitor Disabled Transceiver threshold aut...

Page 1214: ...CHAPTER 31 Interface Commands Transceiver Threshold Configuration 1214...

Page 1215: ...8 ports Table 135 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC port...

Page 1216: ...s not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the...

Page 1217: ...r many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination I...

Page 1218: ...with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates tru...

Page 1219: ...shows that Trunk1 has been established Console config interface ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface etherne...

Page 1220: ...COMMAND USAGE Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chan...

Page 1221: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Page 1222: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Page 1223: ...reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3 Console config if lacp timeout This command configures the timeout to wait for the next LACP data unit LA...

Page 1224: ...again that timeout value will be used EXAMPLE Console config interface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands show lacp This command displ...

Page 1225: ...oup LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs rece...

Page 1226: ...s not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is cur...

Page 1227: ...t priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper K...

Page 1228: ...play Commands 1228 show port channel load balance This command shows the load distribution method used on aggregated links COMMAND MODE Privileged Exec EXAMPLE Console show port channel load balance T...

Page 1229: ...nitor interface rx tx both no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmitted...

Page 1230: ...mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor port When mirroring traffic from a VLAN traffic may als...

Page 1231: ...nation Port listen port Eth1 5 Source Port monitored port Eth1 6 Mode RX TX Console RSPAN MIRRORING COMMANDS Remote Switched Port Analyzer RSPAN allows you to mirror traffic from remote switches for a...

Page 1232: ...nation port cannot be configured on the same switch Local Remote Mirror The destination of a local mirror session created with the port monitor command cannot be used as the destination for RSPAN traf...

Page 1233: ...d remote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface list One or more source ports Use a hyphen to indicate a con...

Page 1234: ...ote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface ethernet unit port unit Unit identifier Range 1 port Port number...

Page 1235: ...y one session available for RSPAN vlan id ID of configured RSPAN VLAN Range 2 4092 Use the vlan rspan command to reserve a VLAN for RSPAN mirroring before enabling RSPAN with this command source Speci...

Page 1236: ...ch and the uplink interface as port 3 Console config rspan session 1 remote vlan 2 destination uplink ethernet 1 3 Console config no rspan session Use this command to delete a configured RSPAN session...

Page 1237: ...rt monitor command then there is only one session available for RSPAN COMMAND MODE Privileged Exec EXAMPLE Console show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None T...

Page 1238: ...CHAPTER 33 Port Mirroring Commands RSPAN Mirroring Commands 1238...

Page 1239: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Page 1240: ...specified interface rate Maximum value in Kbps Range 64 1 000 000 Kbits per second for Gigabit Ethernet ports 64 10 000 000 Kbits per second for 10G Ethernet ports DEFAULT SETTING Disabled COMMAND MO...

Page 1241: ...ast unicast packet rate rate no switchport broadcast multicast unicast broadcast Specifies storm control for broadcast traffic multicast Specifies storm control for multicast traffic unicast Specifies...

Page 1242: ...ected results It is therefore not advisable to use both of these commands on the same interface EXAMPLE The following shows how to configure broadcast storm control at 600 packets per second Console c...

Page 1243: ...raffic control alarm clear threshold Sets the lower threshold for ingress traffic beneath which a cleared storm control trap is sent IC Port auto traffic control alarm fire threshold Sets the upper th...

Page 1244: ...trap when multicast traffic falls beneath the lower threshold after a storm control response has been triggered and the release timer expires IC Port ATC Display Commands show auto traffic control Sh...

Page 1245: ...shut down a port it can only be manually re enabled using the auto traffic control control release command The traffic control response of rate limiting can be released automatically or manually The...

Page 1246: ...tion COMMAND USAGE After the apply timer expires a control action may be triggered as specified by the auto traffic control action command and a trap message sent as specified by the snmp server enabl...

Page 1247: ...nsole config auto traffic control broadcast release timer 800 Console config auto traffic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to di...

Page 1248: ...threshold configured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic c...

Page 1249: ...omatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control tra...

Page 1250: ...rm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second...

Page 1251: ...triggered and the release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the auto traffi...

Page 1252: ...bled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast alarm clear Console config if RELATED COM...

Page 1253: ...MAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast control apply Console config if RELATED COMMANDS...

Page 1254: ...ed Use the no form to disable this trap SYNTAX no snmp server enable port traps atc multicast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config...

Page 1255: ...ps atc multicast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Page 1256: ...ontrol This command shows global configuration settings for automatic storm control COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control Storm control Broadcast Apply timer sec 300 r...

Page 1257: ...ation Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128...

Page 1258: ...CHAPTER 34 Congestion Control Commands Automatic Traffic Control Commands 1258...

Page 1259: ...nterface or when an interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Page 1260: ...e protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tree loopback detec...

Page 1261: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Page 1262: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Page 1263: ...detection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Page 1264: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Page 1265: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Page 1266: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Page 1267: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Page 1268: ...1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDLD...

Page 1269: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Page 1270: ...CHAPTER 36 UniDirectional Link Detection Commands 1270...

Page 1271: ...0 seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 150 Address Table Commands Command Function Mode mac addres...

Page 1272: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Page 1273: ...mac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interf...

Page 1274: ...bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show...

Page 1275: ...DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show mac address table count interface ethernet 1 1 MAC Entries for Eth 1 1 Total Address Count 3 Static Address Count 0 Dynamic Addr...

Page 1276: ...CHAPTER 37 Address Table Commands 1276...

Page 1277: ...l spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops Configures the maximum number of hops allowed in the region before a BPDU is...

Page 1278: ...n instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPDUs to other ports when global spanning tree is...

Page 1279: ...ts the maximum time in seconds a port will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology chan...

Page 1280: ...econds Time in seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 DEFAULT SETTING 20 seconds COMMAND MODE Gl...

Page 1281: ...ay be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports conne...

Page 1282: ...ng tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that r...

Page 1283: ...lecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the device...

Page 1284: ...e receiving port s native VLAN i e as determined by port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu...

Page 1285: ...Range 1 40 DEFAULT SETTING 20 COMMAND MODE MST Configuration COMMAND USAGE An MSTI region is treated as a single node by the STP and RSTP protocols Therefore the message age for BPDUs inside an MSTI r...

Page 1286: ...ridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device with the lowest MA...

Page 1287: ...r remember that you must configure all bridges within the same MSTI Region page 1287 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP...

Page 1288: ...MMAND USAGE The MST region name page 1287 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST regio...

Page 1289: ...config if RELATED COMMANDS spanning tree edge port 1291 spanning tree bpdu guard This command shuts down an edge port i e an interface set for fast forwarding if it receives a BPDU Use the no form wit...

Page 1290: ...estore the default auto configuration mode SYNTAX spanning tree cost cost no spanning tree cost cost The path cost for the port Range 0 for auto configuration 1 65535 for short path cost method24 1 20...

Page 1291: ...mmand specifies an interface as an edge port Use the no form to restore the default SYNTAX spanning tree edge port auto no spanning tree edge port auto Automatically determines if an interface is an e...

Page 1292: ...ng tree link type auto point to point shared no spanning tree link type auto Automatically derived from the duplex mode setting point to point Point to point link shared Shared medium DEFAULT SETTING...

Page 1293: ...disabled on the switch EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree loopback detection spanning tree loopback detection action This command configures the response for...

Page 1294: ...ree loopback detection release mode auto Allows a port to automatically be released from the discarding state when the loopback state ends manual The port can only be released from the discarding stat...

Page 1295: ...EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree loopback detection trap spanning tree mst cost This command configures the path cost on a spanning instance in the Multipl...

Page 1296: ...media and higher values assigned to interfaces with slower media Use the no spanning tree mst cost command to specify auto configuration mode Path cost takes precedence over interface priority EXAMPL...

Page 1297: ...mst cost 1295 spanning tree port bpdu flooding This command floods BPDUs to other ports when spanning tree is disabled globally or disabled on a specific port Use the no form to restore the default se...

Page 1298: ...port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric id...

Page 1299: ...t could also be used to form a border around part of the network where the root bridge is allowed When spanning tree is initialized globally on the switch or on an interface the switch will wait for 2...

Page 1300: ...ich is purposely configured in a ring topology EXAMPLE Console config interface ethernet 1 1 Console config if spanning tree tc prop stop Console config if spanning tree loopback detection release Thi...

Page 1301: ...rt Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notificati...

Page 1302: ...he tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst command to display t...

Page 1303: ...Discarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 100000 Designated Port 128 1 Designated Root...

Page 1304: ...nfiguration This command shows the configuration of the multiple spanning tree COMMAND MODE Privileged Exec EXAMPLE Console show spanning tree mst configuration Mstp Configuration Information Configur...

Page 1305: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Page 1306: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Page 1307: ...for a specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS m...

Page 1308: ...for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configur...

Page 1309: ...exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable the current ring SYNTAX no en...

Page 1310: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Page 1311: ...ts Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMAND...

Page 1312: ...continuity check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized mai...

Page 1313: ...own this information is passed to ERPS which in turn processes it as a ring node failure For more information on how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on pa...

Page 1314: ...packets when an owner node enters protection state without any link down event having been detected through SF messages Use the no form to disable this feature SYNTAX no non erps dev protect DEFAULT S...

Page 1315: ...node will still transmit an R APS NR RB ring blocked message ERPS compliant nodes receiving this message flush their forwarding database and unblock previously blocked ports The ring is now returned t...

Page 1316: ...ther higher priority request is received Recovery with Revertive Mode When all ring links and ring nodes have recovered and no external requests are active reversion is handled in the following way a...

Page 1317: ...ge on both ring ports informing other nodes that no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another highe...

Page 1318: ...ocked until the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring The Ethernet Ring Node where the Manual Switch...

Page 1319: ...ndication all ring nodes flush their FDB This action unblocks the ring port which was blocked as result of an operator command EXAMPLE Console config erps non revertive Console config erps propagate t...

Page 1320: ...ing nodes running ERPSv1 and ERPSv2 co exist on the same ring the Ring ID of each ring node must be configured as 1 If this command is disabled the following strings are used as the node identifier ER...

Page 1321: ...the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can be achieved by for...

Page 1322: ...essary to take precautions against forming a loop which is potentially composed of a whole interconnected network Figure 551 Sub ring without Virtual Channel EXAMPLE Console config erps raps without v...

Page 1323: ...any member ports spanning tree will be disabled for the first member port assigned to the static trunk EXAMPLE Console config erps ring port east interface ethernet 1 12 Console config erps rpl neighb...

Page 1324: ...ink RPL owner Use the no form to restore the default setting SYNTAX rpl owner no rpl DEFAULT SETTING None that is neither owner nor neighbor COMMAND MODE ERPS Configuration COMMAND USAGE Only one RPL...

Page 1325: ...mount of flush FDB operations in the ring Support of multiple ERP instances on a single ring Version 2 is backward compatible with Version 1 If version 2 is specified the inputs and commands are forwa...

Page 1326: ...ion COMMAND USAGE If the switch goes into ring protection state due to a signal failure after the failure condition is cleared the RPL owner will start the wait to restore timer and wait until it expi...

Page 1327: ...ual switch state 1 Issue an erps clear command to remove the forced switch command on the node where a local forced switch command is active 2 Issue an erps clear command on the RPL owner node to trig...

Page 1328: ...R APS messages e The ring node receiving an R APS FS message flushes its FDB Protection switching on a forced switch request is completed when the above actions are performed by each ring node At thi...

Page 1329: ...ng a FS command at the ring node under maintenance in order to avoid falling into the above mentioned unrecoverable situation EXAMPLE Console erps forced switch domain r d west Console erps manual swi...

Page 1330: ...ch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without any local higher priority requests unblocks any blocked ring port which does not have an S...

Page 1331: ...tatus information for all configured rings or for a specified ring SYNTAX show erps domain ring name statistics domain Keyword to display ERPS ring configuration settings ring name Name of a specific...

Page 1332: ...link failure has occurred This state will switch to idle state if all the failed links recover Type Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertiv...

Page 1333: ...this ring node R APS with VC The R APS Virtual Channel is the R APS channel connection used to tunnel R APS messages between two interconnection nodes of a sub ring in another Ethernet ring or network...

Page 1334: ...to block timer expires WTR Expire The time before the wait to restore timer expires Table 158 show erps statistics detailed display description Field Description Interface The direction and port or t...

Page 1335: ...Commands 1335 EVENT Any request state message excluding FS SF MS and NR HEALTH The number of non standard health check messages Table 158 show erps statistics detailed display description Continued Fi...

Page 1336: ...CHAPTER 39 ERPS Commands 1336...

Page 1337: ...iltering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 802 1Q Tunneling QinQ Tunneling Configuring L...

Page 1338: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Page 1339: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Page 1340: ...re included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GV...

Page 1341: ...AMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maximum Supported VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurabl...

Page 1342: ...garp timer 1339 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range...

Page 1343: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Page 1344: ...eyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets rspan Keyword to create a VLAN used for mirroring traffic from remote s...

Page 1345: ...ING None COMMAND MODE Global Configuration Table 162 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchpor...

Page 1346: ...n assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if RELATED COMMANDS shutdown 1194 interface 1188 vlan 1344 sw...

Page 1347: ...range of IDs Do not enter leading zeros Range 1 4094 DEFAULT SETTING All ports are assigned to VLAN 1 by default The default frame type is untagged COMMAND MODE Interface Configuration Ethernet Port C...

Page 1348: ...Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VL...

Page 1349: ...gged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames private vlan For an explanation of th...

Page 1350: ...et to any VLAN for which it is an untagged member If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress po...

Page 1351: ...tags 1 and 2 groups that are unknown to those switches to pass through their VLAN trunking ports To prevent loops from forming in the spanning tree all unknown VLANs will be bound to a single instanc...

Page 1352: ...ry DEFAULT SETTING Shows all VLANs COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Static Name...

Page 1353: ...ode switchport dot1q tunnel mode 4 Set the Tag Protocol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify...

Page 1354: ...is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcome a break in the tree It is therefore advisable t...

Page 1355: ...ntrol command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag regardless of whether there are one...

Page 1356: ...arent manner as described under IEEE 802 1Q Tunneling on page 243 When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate...

Page 1357: ...chport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode uplink 4 Configures port 1 as an untagged member of VLANs 100 200 and 300 using access mode Console config int...

Page 1358: ...1q tunnel tpid tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Page 1359: ...nnel interface interface service svid service svid interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 8 svid VLAN ID for the outer VLAN ta...

Page 1360: ...address in all upstream L2PT protocol packets i e STP BPDUs to this value and forwards them on to uplink ports The MAC address must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx DEFAUL...

Page 1361: ...2PT processes packets is based on the following criteria 1 packet is received on a QinQ uplink port 2 packet is received on a QinQ access port or 3 received packet is Cisco compatible L2PT i e as indi...

Page 1362: ...received on an access port and recognized as a CDP VTP STP PVST protocol packet and L2PT is enabled on this port it is forwarded to the following ports in the same S VLAN a other access ports for whic...

Page 1363: ...ee Plus spanning tree Spanning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol DEFAULT SETTING Disabled for all protocols COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE R...

Page 1364: ...ed to that device can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream...

Page 1365: ...ries is 8 per port and up to 96 for the system However note that configuring a large number of entries may degrade the performance of other processes that also use the TCAM such as IP Source Guard fil...

Page 1366: ...imary and community groups A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups while a community or secondary VLAN contains commun...

Page 1367: ...show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary or community private VLAN Use the no form to remove the specified private VLAN S...

Page 1368: ...s ports Port membership for private VLANs is static Once a port has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked...

Page 1369: ...ate vlan host promiscuous no switchport mode private vlan host This port type can subsequently be assigned to a community VLAN promiscuous This port type can communicate with all other promiscuous por...

Page 1370: ...ut must communicate with resources outside of the group via promiscuous ports in the associated primary VLAN EXAMPLE Console config interface ethernet 1 3 Console config if switchport private vlan hos...

Page 1371: ...rivate vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 Console CONFIGURING PROTOCOL BASED VLANS The network devices required to support multiple protocols cannot be...

Page 1372: ...tocol group SYNTAX protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this protocol group Ra...

Page 1373: ...otocol group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 DEFAULT SETTING No protocol groups are mapped for any interface COMMAND MODE Interface Configu...

Page 1374: ...l group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMAND MODE Privileged Exec EXAMPLE This shows protocol group 1 co...

Page 1375: ...ssification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source ad...

Page 1376: ...ty 0 COMMAND MODE Global Configuration COMMAND USAGE Each IP subnet can be mapped to only one VLAN ID An IP subnet consists of an IP address and a subnet mask The specified VLAN need not be an existin...

Page 1377: ...192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based VLAN classification all...

Page 1378: ...traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addresses c...

Page 1379: ...n be manually configured voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to disable the Voice VLAN SYNTAX voice vlan voice vlan id no voice vlan vo...

Page 1380: ...rt as a tagged member of the Voice VLAN Only one Voice VLAN is supported and it must already be created on the switch before it can be specified as the Voice VLAN The Voice VLAN ID cannot be modified...

Page 1381: ...voice vlan mac address mac address mask mask address description description no voice vlan mac address mac address mask mask address mac address Defines a MAC address OUI that identifies VoIP devices...

Page 1382: ...ort but the port must be manually added to the Voice VLAN auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port DEFAULT SETTING Disabled COMMAND MO...

Page 1383: ...active for the port EXAMPLE The following example sets the CoS priority to 5 on port 1 Console config interface ethernet 1 1 Console config if switchport voice vlan priority 5 Console config if switc...

Page 1384: ...oIP traffic on a port Use the no form to disable filtering on a port SYNTAX no switchport voice vlan security DEFAULT SETTING Disabled COMMAND MODE Interface Configuration COMMAND USAGE Security filte...

Page 1385: ...aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Auto Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 1...

Page 1386: ...CHAPTER 40 VLAN Commands Configuring Voice VLANs 1386...

Page 1387: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Page 1388: ...ct queue DEFAULT SETTING WRR COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of...

Page 1389: ...config RELATED COMMANDS queue weight 1389 show queue mode 1391 queue weight This command assigns weights to the eight class of service CoS priority queues when using weighted queuing or one of the qu...

Page 1390: ...g is IP Port IP Precedence or IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagge...

Page 1391: ...shows the current queue mode SYNTAX show queue mode interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console show queue...

Page 1392: ...terface IC qos map dscp mutation Maps DSCP values in incoming packets to per hop behavior and drop precedence values for internal priority processing IC qos map ip port dscp Maps the destination TCP U...

Page 1393: ...to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 DEFAULT SETTING COMMAND MODE Interface Configuration Port show qos map phb queue Shows internal...

Page 1394: ...HB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used to control traffic congestion The specified mapping applies to all interfaces EXAMPL...

Page 1395: ...ommand maps internal per hop behavior and drop precedence value pairs to CoS CFI values used in tagged egress packets on a Layer 2 interface Use the no form to restore the default settings SYNTAX qos...

Page 1396: ...map dscp cos 1 0 from 1 2 Console config if qos map dscp mutation This command maps DSCP values in incoming packets to per hop behavior and drop precedence values for priority processing Use the no f...

Page 1397: ...vior of 3 and a drop precedence of 1 Referring to Table 178 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Console config interface ethernet 1...

Page 1398: ...Datagram Protocol port number 16 bit TCP UDP destination port number Range 0 65535 DEFAULT SETTING None COMMAND MODE Interface Configuration Port COMMAND USAGE This mapping table is only used if the...

Page 1399: ...prec dscp 7 0 6 0 5 0 4 0 3 0 2 1 1 1 0 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per hop behavior value Use the no form to...

Page 1400: ...ence DEFAULT SETTING CoS COMMAND MODE Interface Configuration Port COMMAND USAGE If the QoS mapping mode is set to IP Precedence with this command and the ingress packet type is IPv4 then priority pro...

Page 1401: ...Console config if qos map trust mode dscp Console config if show qos map cos dscp This command shows ingress CoS CFI to internal DSCP map SYNTAX show qos map cos dscp interface interface interface eth...

Page 1402: ...This map is only used if the packet is forwarded with a 8021 Q tag EXAMPLE Console show qos map dscp cos interface ethernet 1 5 Information of Eth 1 5 dscp cos map phb drop precedence 0 green 1 red 3...

Page 1403: ...8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5 0 5 1 5 0 5 3 5 0 5 1 6...

Page 1404: ...ress packet type is IPv4 then the IP Precedence to DSCP mapping table is used to generate per hop behavior and drop precedence values for internal processing EXAMPLE Console show qos map ip prec dscp...

Page 1405: ...6 7 Console show qos map trust mode This command shows the QoS mapping mode SYNTAX show qos map trust mode interface interface interface ethernet unit port unit Unit identifier Range 1 port Port numbe...

Page 1406: ...CHAPTER 41 Class of Service Commands Priority Commands Layer 3 and 4 1406...

Page 1407: ...of a policy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three c...

Page 1408: ...ntain up to 16 class maps 5 Use the set phb or set cos command to modify the per hop behavior the class of service value in the VLAN tag for the matching traffic class and use one of the police comman...

Page 1409: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Page 1410: ...USAGE First enter the class map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qual...

Page 1411: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 32 characters COMMAND MODE Class Map Configur...

Page 1412: ...rd policy Console config pmap class rd class Console config pmap c set cos 0 Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c class This...

Page 1413: ...nsmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form to remove a policer SYNTAX no police...

Page 1414: ...ze The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else Tc...

Page 1415: ...burst size BE in bytes Range 0 524288 bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service the packet packet is set green exceed actio...

Page 1416: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Page 1417: ...he no form to remove a policer SYNTAX no police trtcm color blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit new dscp exceed action drop new dscp vio...

Page 1418: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Page 1419: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service tha...

Page 1420: ...Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c set phb This command services IP traffic by setting a per hop behavior value for a matchi...

Page 1421: ...command applies a policy map defined by the policy map command to the ingress or egress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map...

Page 1422: ...ess list rd access Match IP DSCP 0 Class Map match any rd class 2 Match IP Precedence 5 Class Map match any rd class 3 Match VLAN 1 Console show policy map This command displays the QoS policy maps wh...

Page 1423: ...ole show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Ran...

Page 1424: ...CHAPTER 42 Quality of Service Commands 1424...

Page 1425: ...ed VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling MLD Snooping Configures multicast snooping for IPv6 MLD Filtering and Throttling Configures MLD filtering and throttling...

Page 1426: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Page 1427: ...fect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Console config ip igmp snooping vlan static Adds an interface as...

Page 1428: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Page 1429: ...ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip igmp snooping querier DEFAULT SE...

Page 1430: ...Router Alert option 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert optio...

Page 1431: ...eived and all the uplink ports are subsequently deleted a timeout mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Page 1432: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Page 1433: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Page 1434: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Page 1435: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Page 1436: ...v2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the timeout period The timeout for this release is currentl...

Page 1437: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Page 1438: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Page 1439: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Page 1440: ...address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for pro...

Page 1441: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Page 1442: ...1 8 DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the correspo...

Page 1443: ...P Snooping Running Status Inactive Version Using global version 2 Version Exclusive Using global status Disabled Immediate Leave Disabled Last Member Query Interval 10 1 10s Last Member Query Count 2...

Page 1444: ...Multicast Forwarding Entry Count 1 Flag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed t...

Page 1445: ...ion Interface Shows interface Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query...

Page 1446: ...ics vlan query display description Field Description Querier IP Address The IP address of the querier on this interface Querier Expire Time The time after which this querier is assumed to have expired...

Page 1447: ...e the IGMP querier Therefore if the IGMP querier is a known multicast router or switch connected over the network to an interface port or trunk on this switch that interface can be manually configured...

Page 1448: ...ort can join Table 188 IGMP Filtering and Throttling Commands Command Function Mode ip igmp filter Enables IGMP filtering and throttling on the switch GC ip igmp profile Sets a profile number and ente...

Page 1449: ...checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGM...

Page 1450: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Page 1451: ...TTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE Console config ip i...

Page 1452: ...ined by command ip igmp snooping vlan query interval When receiving the same report during this interval the switch will not send the access request to the RADIUS server If the interface leaves the gr...

Page 1453: ...profile from an interface SYNTAX no ip igmp filter profile number profile number An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND USAG...

Page 1454: ...wo actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it w...

Page 1455: ...if ip igmp query drop This command drops any received IGMP query packets Use the no form to restore the default setting SYNTAX no ip igmp query drop DEFAULT SETTING Disabled COMMAND MODE Interface Co...

Page 1456: ...hentication This command displays the interface settings for IGMP authentication SYNTAX show ip igmp authentication interface interface interface ethernet unit port unit Unit identifier Range 1 port P...

Page 1457: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2...

Page 1458: ...number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE C...

Page 1459: ...lticast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interfa...

Page 1460: ...tch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configure...

Page 1461: ...e no form to disable this feature SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected Th...

Page 1462: ...by this command When this message is received by downstream hosts all receivers build an MLD report for the multicast groups they have joined EXAMPLE Console config ipv6 mld snooping query interval 15...

Page 1463: ...GE A port will be removed from the receiver list for a multicast service when no MLD reports are detected in response to a number of MLD queries The robustness variable sets the number of queries on p...

Page 1464: ...AX ipv6 mld snooping unknown multicast mode flood to router port no ipv6 mld snooping unknown multicast mode flood Floods the unknown multicast data packets to all ports to router port Forwards the un...

Page 1465: ...no form to remove the configuration SYNTAX no ipv6 mld snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit Stack unit Range 1 port Port number Range...

Page 1466: ...st group Format X X X X X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Global Configuration EXAM...

Page 1467: ...s connected to only one MLD enabled device either a service host or a neighbor running MLD snooping EXAMPLE The following shows how to enable MLD immediate leave Console config interface vlan 1 Consol...

Page 1468: ...roup source list This command shows known multicast groups member ports the means by which each group was learned and the corresponding source list SYNTAX show ipv6 mld snooping group source list COMM...

Page 1469: ...ulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join Table 191 MLD Filt...

Page 1470: ...profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD filtering and throttling only...

Page 1471: ...but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ipv6 mld profile 19 Console config mld profile RELATED COMMANDS...

Page 1472: ...id IPv6 address X X X X X for the end of a multicast group range DEFAULT SETTING None COMMAND MODE MLD Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one mu...

Page 1473: ...icast groups an interface can join at the same time Range 1 1024 DEFAULT SETTING 1024 COMMAND MODE Interface Configuration Ethernet COMMAND USAGE MLD throttling sets a maximum number of multicast grou...

Page 1474: ...Configuration Ethernet COMMAND USAGE When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join...

Page 1475: ...to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT SETTING Disabled COMMAND MODE Interfac...

Page 1476: ...number profile number An existing MLD filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 mld profile MLD Profile 19 MLD Profile 50 Co...

Page 1477: ...and displays the interface settings for MLD throttling SYNTAX show ipv6 mld throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port chan...

Page 1478: ...s the interval at which the receiver port sends out general queries GC mvr proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port acts as an MVR router...

Page 1479: ...associated profile This command binds the MVR group addresses specified in a profile to an MVR domain Use the no form of this command to remove the binding SYNTAX no mvr domain domain id associated pr...

Page 1480: ...c domain Use the no form of this command to disable MVR for a domain SYNTAX no mvr domain domain id domain id An independent multicast domain Range 1 5 DEFAULT SETTING Disabled COMMAND MODE Global Con...

Page 1481: ...ed an MVR group is sent from all source ports to all receiver ports that have registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for mu...

Page 1482: ...ig mvr priority This command assigns a priority to all multicast traffic in the MVR VLAN Use the no form of this command to restore the default setting SYNTAX mvr priority priority no mvr priority pri...

Page 1483: ...l MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port receives report and leave...

Page 1484: ...f times report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes...

Page 1485: ...t the requested streams are still restricted to the address range which has been specified in a profile and bound to a domain EXAMPLE Console config mvr source port mode dynamic Console config mvr ups...

Page 1486: ...is the VLAN to which all source ports must be assigned The VLAN specified by this command must be an existing VLAN configured with the vlan command MVR source ports can be configured as members of the...

Page 1487: ...ly to multicast groups which have been statically assigned to a port with the mvr vlan group command EXAMPLE The following enables immediate leave on a receiver port Console config interface ethernet...

Page 1488: ...erface ethernet 1 5 Console config if mvr domain 1 type source Console config if exit Console config interface ethernet 1 6 Console config if mvr domain 1 type receiver Console config if exit Console...

Page 1489: ...ically assigns a multicast group to a receiver port Console config interface ethernet 1 7 Console config if mvr domain 1 type receiver Console config if mvr domain 1 vlan 3 group 225 0 0 5 Console con...

Page 1490: ...fic forwarded into the MVR VLAN MVR Proxy Switching Shows if MVR proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR...

Page 1491: ...6 8 VLAN2 Eth 1 3 Source Inactive Discarding Eth 1 1 Receiver Active Forwarding Disabled 225 0 0 1 VLAN1 225 0 0 9 VLAN3 Eth 1 4 Receiver Active Discarding Disabled Console Table 194 show mvr interfa...

Page 1492: ...address The subscriber IP addresses sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel ch...

Page 1493: ...6 7 1 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console show mvr profile This command shows all configured MVR profiles COMMAND MODE Privileged Exec EXAMPLE The following shows all configured MVR profiles Console...

Page 1494: ...ys statistics for all domains COMMAND MODE Privileged Exec EXAMPLE The following shows MVR protocol related statistics received Console show mvr domain 1 statistics input MVR Domain 1 Input Statistics...

Page 1495: ...rt received Join Succ The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Table 197 show mvr statistics output display description Fie...

Page 1496: ...ion Continued Field Description Table 199 Multicast VLAN Registration for IPv6 Commands Command Function Mode mvr6 associated profile Binds the MVR group addresses specified in a profile to an MVR dom...

Page 1497: ...oup address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config clear mvr6 statistics Clears the MVR statistics globally or on a per interface basis PE show mvr6 Show...

Page 1498: ...E The following example enables MVR for domain 1 Console config mvr6 domain 1 Console config mvr6 profile This command maps a range of MVR group addresses to a profile Use the no form of this command...

Page 1499: ...ess range of any other profile EXAMPLE The following example maps a range of MVR group addresses to a profile Console config mvr6 profile rd ff00 1 ff00 9 Console config mvr6 proxy query interval This...

Page 1500: ...ntaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port r...

Page 1501: ...s report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes effect...

Page 1502: ...ream source ip This command configures the source IPv6 address assigned to all MVR control packets sent upstream on the specified domain Use the no form to restore the default setting SYNTAX mvr6 doma...

Page 1503: ...OMMAND USAGE MVR source ports can be configured as members of the MVR VLAN using the switchport allowed vlan command and switchport native vlan command but MVR receiver ports should not be statically...

Page 1504: ...e following enables immediate leave on a receiver port Console config interface ethernet 1 5 Console config if mvr6 domain 1 immediate leave Console config if mvr6 type This command configures an inte...

Page 1505: ...iver ports on the switch Console config interface ethernet 1 5 Console config if mvr6 domain 1 type source Console config if exit Console config interface ethernet 1 6 Console config if mvr6 domain 1...

Page 1506: ...X is reserved The MVR VLAN cannot be specified as the receiver VLAN for static bindings EXAMPLE The following statically assigns a multicast group to a receiver port Console config interface ethernet...

Page 1507: ...using the interface option will only clear MVR6 statistics for the specified interface EXAMPLE The following shows how to clear all the MVR6 statistics Console clear mvr6 statistics Console show mvr6...

Page 1508: ...he receiver port sends out general queries MVR6 Source Port Mode Shows if the switch only forwards multicast streams which the source port has dynamically joined or always forwards multicast streams M...

Page 1509: ...ached to the MVR VLAN in domain 1 Console show mvr6 domain 1 interface MVR6 Domain 1 Port Type Status Immediate Static Group Address Eth1 1 Source Active Up Eth1 2 Receiver Active Up Disabled FF00 1 V...

Page 1510: ...e show mvr6 domain 1 members MVR6 Domain 1 MVR6 Forwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts join the group on this port P Port counts number of ports join...

Page 1511: ...n id statistics input interface interface output interface interface query domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port numbe...

Page 1512: ...y Eth 1 1 12 0 1 0 Eth 1 2 5 1 4 1 VLAN 1 7 2 3 0 Console Table 203 show mvr6 statistics input display description Field Description Interface Shows interfaces attached to the MVR Report The number of...

Page 1513: ...query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface Table 205 IGMP Commands Layer 3 Command Function...

Page 1514: ...ough the ip igmp command When a multicast routing protocol such as PIM is enabled IGMP is also enabled EXAMPLE Console config interface vlan 1 Console config if ip igmp Console config if end Console s...

Page 1515: ...N COMMAND USAGE When the switch receives an IGMPv2 or IGMPv3 leave message from a host that wants to leave a multicast group source or channel it sends a number of group specific or group source speci...

Page 1516: ...ip igmp version 1519 ip igmp query interval 1516 ip igmp query interval This command configures the frequency at which host query messages are sent Use the no form to restore the default SYNTAX ip ig...

Page 1517: ...G 2 COMMAND MODE Interface Configuration VLAN COMMAND USAGE The robustness value is used in calculating the appropriate range for other IGMP variables such as the Group Membership Interval as well as...

Page 1518: ...nless the next node up the reverse path tree has statically mapped this group to a specific source address Also if an address outside of the SSM address range is specified and a specific source addres...

Page 1519: ...s 1 3 If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts which are members of the group for which it heard the report If there are Versio...

Page 1520: ...splays detailed information about the multicast process and source addresses when available COMMAND MODE Privileged Exec COMMAND USAGE To display information about multicast groups IGMP must first be...

Page 1521: ...Uptime The time elapsed since this entry was created Expire The time remaining before this entry will be aged out The default is 260 seconds This field displays stopped if the Group Mode is INCLUDE V...

Page 1522: ...ses listed in the source list parameter In EXCLUDE mode reception of packets sent to the given multicast address is requested from all IP source addresses except for those listed in the source list pa...

Page 1523: ...ip igmp proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ip igmp proxy This command enables IGMP proxy service for multic...

Page 1524: ...rk then the proxy device will act as an IGMPv1 or IGMPv2 host on the upstream interface accordingly Otherwise it will act as an IGMPv3 host Multicast routing protocols are not supported on interfaces...

Page 1525: ...Disabled Table 209 MLD Commands Layer 3 Command Function Mode ipv6 mld Enables MLD for the specified interface IC ipv6 mld last member query response interval Configures the frequency at which to sen...

Page 1526: ...al This command configures the frequency at which to send MLD group specific or MLDv2 group source specific query messages in response to receiving a group specific or group source specific leave mess...

Page 1527: ...ds no ipv6 mld max resp interval seconds The report delay advertised in MLD queries Range 0 255 tenths of a second DEFAULT SETTING 100 10 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAG...

Page 1528: ...lticast service Only the designated multicast router for a subnet sends host query messages which are addressed to the link scope all nodes multicast address FF02 1 and uses a time to live TTL value o...

Page 1529: ...ends EXAMPLE Console config if ipv6 mld robustval 3 Console config if ipv6 mld static group This command statically binds multicast groups to a VLAN interface Use the no form to remove the static mapp...

Page 1530: ...on an interface Use the no form of this command to restore the default setting SYNTAX ipv6 mld version 1 2 no ipv6 mld version 1 MLD Version 1 2 MLD Version 2 DEFAULT SETTING MLD Version 2 COMMAND MO...

Page 1531: ...or the specified group Enter the interface option to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache EXAMPLE The following example...

Page 1532: ...has received traffic directed to the multicast group address Uptime The time elapsed since this entry was created Expire The time remaining before this entry will be aged out The default is 260 second...

Page 1533: ...VLAN 1 Up MLD Enabled MLD Version 2 MLD Proxy Disabled MLD Unsolicited Report Interval 400 sec Robustness Variable 2 Query Interval 125 sec Query Max Response Time 10 Last Member Query Interval 1 Quer...

Page 1534: ...LT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When MLD proxy is enabled on an interface that interface is known as the upstream or host interface This interface performs...

Page 1535: ...roxy unsolicited report interval This command specifies how often the upstream interface should transmit unsolicited MLD reports Use the no form to restore the default value SYNTAX ipv6 mld proxy unso...

Page 1536: ...CHAPTER 43 Multicast Filtering Commands MLD Proxy Routing 1536...

Page 1537: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Page 1538: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Page 1539: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Page 1540: ...the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Con...

Page 1541: ...e periodic transmit interval for LLDP advertisements Use the no form to restore the default setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval a...

Page 1542: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Page 1543: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Page 1544: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Page 1545: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Page 1546: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Page 1547: ...age 1371 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Page 1548: ...e 1373 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise lin...

Page 1549: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command config...

Page 1550: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Page 1551: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Page 1552: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Page 1553: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Page 1554: ...policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificatio...

Page 1555: ...config detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileg...

Page 1556: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Page 1557: ...rt on unit 0 port 3 Eth 1 4 MAC Address 00 12 CF DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MA...

Page 1558: ...ss 192 168 1 2 IPv4 Remote Port VID 1 Remote VLAN Name VLAN 1 DefaultVlan Remote Port Protocol VLAN VLAN 3 supported enabled Remote Protocol Identity Hex 88 CC Remote MAC PHY Configuration Status Remo...

Page 1559: ...ses LLDP MED TLVs LLDP MED Capability Device Class Network Connectivity Supported Capabilities LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Inventory Current...

Page 1560: ...LE Console show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Co...

Page 1561: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Page 1562: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Page 1563: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Page 1564: ...events discovered by continuity check messages page 1583 or cross check messages page 1587 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Page 1565: ...aintenance association name Range 1 44 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AI...

Page 1566: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Page 1567: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Page 1568: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Page 1569: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1570 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Page 1570: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Page 1571: ...2147483647 character string IEEE 802 1ag defined character string format This is an IETF RFC 2579 DisplayString icc based ITU T SG13 SG15 Y 1731 defined ICC based format DEFAULT SETTING character str...

Page 1572: ...ance domain at the same level as the MEP to be configured using the ethernet cfm domain command 2 maintenance association within the domain using the ma index name command and 3 finally the MEP using...

Page 1573: ...le config interface ethernet 1 1 Console config if ethernet cfm port enable Console config if clear ethernet cfm ais mpid This command clears AIS defect information for the specified MEP SYNTAX clear...

Page 1574: ...ifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethern...

Page 1575: ...received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a...

Page 1576: ...rimary VID CC Interval MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ether...

Page 1577: ...rd Console show ethernet cfm maintenance points local mep MPID MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance...

Page 1578: ...format of the Maintenance Association name including primary VID character string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction...

Page 1579: ...AULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this command to display information about a specific maintenance point or use the mac keyword to display informat...

Page 1580: ...he last CCM message about this MEP has been in the CCM database Frame Loss Percentage of transmitted frames lost CC Packet Statistics received error The number of CCM packets received successfully and...

Page 1581: ...te 7 10 minutes DEFAULT SETTING 4 1 second COMMAND MODE Global Configuration COMMAND USAGE CCMs provide a means to discover other MEPs and to detect connectivity failures in an MA If any MEP fails to...

Page 1582: ...connectivity to all other MEPs MIPs in the MA Each CCM received is checked to verify that the MEP identifier field sent in the message does not match its own MEPID which would indicate a duplicate MEP...

Page 1583: ...trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has recovered from an error condition mep up Sends a trap if a remote MEP is discovere...

Page 1584: ...ts the aging time for missing MEPs in the CCM database to 30 minutes Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep archive hold time 30 Console config ether...

Page 1585: ...AND MODE Privileged Exec COMMAND USAGE Use this command without any keywords to clear all entries in the error database Use the domain keyword to clear the error database for a specific domain or the...

Page 1586: ...associated with a specific VID list one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a...

Page 1587: ...CFM continuity check events in relation to the cross check operations between statically configured MEPs and those learned via continuity check messages CCMs Use the no form to restore disable these...

Page 1588: ...move a remote MEP SYNTAX no mep crosscheck mpid mpid ma ma name mpid Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 ma name Maintenan...

Page 1589: ...ain name ma ma name enable Starts the cross check process disable Stops the cross check process domain name Domain name Range 1 43 alphanumeric characters ma name MA name Range 1 44 alphanumeric chara...

Page 1590: ...k MPID MA Name Level VLAN MEP Up Remote MAC 2 downtown 4 2 Yes 00 0D 54 FC A2 73 Console Link Trace Operations ethernet cfm linktrace cache This command enables caching of CFM data learned through lin...

Page 1591: ...time minutes minutes The aging time for entries stored in the link trace cache Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE Global Configuration COMMAND USAGE Before setting the agin...

Page 1592: ...Console config ethernet cfm linktrace This command sends CFM link trace messages to the MAC address of a remote MEP SYNTAX ethernet cfm linktrace dest mep destination mpid src mep source mpid dest me...

Page 1593: ...isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Fault isolation is even more challenging since the MAC address of th...

Page 1594: ...could be returned for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be fals...

Page 1595: ...nce association name Range 1 44 alphanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes DE...

Page 1596: ...NTAX mep fault notify alarm time alarm time no fault notify alarm time alarm time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING...

Page 1597: ...mand The state machine transmits no further fault alarms until it is reset by the passage of a configured time period see the mep fault notify reset time command without a defect indication The normal...

Page 1598: ...generated Range 3 10 seconds DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration EXAMPLE This example sets the reset time after which another fault alarm can be generated Console config e...

Page 1599: ...rm Time Reset Time voip rd none macRemErrXcon 3sec 10sec Console Table 222 show fault notify generator display description Field Description MD Name The maintenance domain for this entry MA Name The m...

Page 1600: ...xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 44 alphanumeric characters count The number of times to retry...

Page 1601: ...p at the time of transmitting a frame with DM reply information Frame Delay RxTimeStampb TxTimeStampf TxTimeStampb RxTimeStampf The MEP can also make two way frame delay variation measurements based o...

Page 1602: ...CHAPTER 45 CFM Commands Delay Measure Operations 1602...

Page 1603: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Page 1604: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Page 1605: ...s Use the no form to disable this function SYNTAX no efm oam link monitor frame DEFAULT SETTING Enabled COMMAND MODE Interface Configuration COMMAND USAGE An errored frame is a frame in which one or m...

Page 1606: ...he no form to restore the default setting SYNTAX no efm oam link monitor frame window size size The period of time in which to check the reporting threshold for errored frame link events Range 10 6553...

Page 1607: ...will initiate the OAM discovery process When in passive mode it can only respond to discovery messages EXAMPLE Console config interface ethernet 1 1 Console config if efm oam mode active Console conf...

Page 1608: ...og Console efm oam remote loopback This command starts or stops OAM loopback test mode to the attached CPE SYNTAX efm oam remote loopback start stop interface start Starts remote loopback test mode st...

Page 1609: ...back operation is processing please wait Enter loopback mode succeeded Console efm oam remote loopback test This command performs a remote loopback test sending a specified number of packets SYNTAX ef...

Page 1610: ...0 1016 48 94 Console show efm oam counters interface This command displays counters for various OAM PDU message types SYNTAX show efm oam counters interface interface list interface list unit port uni...

Page 1611: ...automatically deleted to make room for new entries EXAMPLE Console show efm oam event log interface 1 1 OAM event log of Eth 1 1 00 24 07 2001 01 01 Unit 1 Port 1 Dying Gasp at Remote Console This co...

Page 1612: ...l 10 28 28 2013 09 13 Unit 1 Port 1 Dying Gasp clear occurred at Remote When the remote device comes up the switch will get OAM packets without the dying gasp bit and display dying gasp event clear Co...

Page 1613: ...l Mode Active Remote Loopback Disabled Remote Loopback Status No loopback Dying Gasp Enabled Critical Event Enabled Link Monitor Errored Frame Enabled Link Monitor Errored Frame Window 100msec 10 Erro...

Page 1614: ...ormal Exec Privileged Exec EXAMPLE Console show efm oam status remote interface 1 1 Port MAC Address OUI Remote Unidirectional Link MIB Variable Loopback Monitor Retrieval 1 1 00 12 CF 6A 07 F6 000084...

Page 1615: ...me Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 127 characters DEFAULT SETTING None Table 224 Address Table Commands Command Function Mode...

Page 1616: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Page 1617: ...n name 1617 ip name server 1619 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted not...

Page 1618: ...YNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use...

Page 1619: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Page 1620: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Page 1621: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Page 1622: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Page 1623: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Page 1624: ...CHAPTER 47 Domain Name Service Commands 1624...

Page 1625: ...r class identifier for the current interface Use the no form to remove the class identifier option from the DHCP packet SYNTAX ip dhcp client class id text text hex hex no ip dhcp client class id text...

Page 1626: ...le By default DHCP option 66 67 parameters are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter...

Page 1627: ...client request for any IP interface that has been set to BOOTP or DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or...

Page 1628: ...clients can obtain configuration parameters from a server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The rapid commit...

Page 1629: ...sees a DHCP client request it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server...

Page 1630: ...Disabled COMMAND MODE Privileged Exec COMMAND USAGE This command is used to configure DHCP relay functions for host devices attached to the switch If DHCP relay service is enabled and this switch sees...

Page 1631: ...ice is enabled and this switch sees a DHCPv6 request broadcast it inserts its own IP address into the request so the DHCPv6 server will know the subnet where the client is located Then the switch forw...

Page 1632: ...nds used to configure client address pools for the DHCP service Table 232 DHCP Server Commands Command Function Mode ip dhcp excluded address Specifies IP addresses that a DHCP server should not assig...

Page 1633: ...s is assigned to a DHCP client DC netbios name server Configures NetBIOS Windows Internet Naming Service WINS name servers available to Microsoft DHCP clients DC netbios node type Configures NetBIOS n...

Page 1634: ...e address pools for the network interfaces using the network command You can also manually bind an address to a specific client with the host command if required You can configure up to 8 network addr...

Page 1635: ...mmand Use the no form to delete the boot image name SYNTAX bootfile filename no bootfile filename Name of the file that is used as a default boot image DEFAULT SETTING None COMMAND MODE DHCP Pool Conf...

Page 1636: ...hcp client identifier text steve Console config dhcp RELATED COMMANDS host 1638 default router This command specifies default routers for a DHCP pool Use the no form to remove the default routers SYNT...

Page 1637: ...f DNS IP servers are not configured for a DHCP client the client cannot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred serv...

Page 1638: ...ND MODE DHCP Pool Configuration COMMAND USAGE This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bi...

Page 1639: ...ompares the hardware address for DHCP or BOOTP clients If no manual binding has been specified for a host entry with the client identifier or hardware address commands then the switch will assign an a...

Page 1640: ...n EXAMPLE The following example leases an address to clients using this pool for 7 days Console config dhcp lease 7 Console config dhcp netbios name server This command configures NetBIOS Windows Inte...

Page 1641: ...BIOS node type broadcast hybrid recommended mixed peer to peer DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration EXAMPLE Console config dhcp netbios node type hybrid Console config dhcp RELATE...

Page 1642: ...ified the class A B or C natural mask is used Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is...

Page 1643: ...he binding to clear Clears all automatic bindings DEFAULT SETTING None COMMAND MODE Privileged Exec USAGE GUIDELINES An address specifies the client s IP address If an asterisk is used as the address...

Page 1644: ...bindings on the DHCP server SYNTAX show ip dhcp binding address address Specifies the IP address of the DHCP client for which bindings will be displayed DEFAULT SETTING None COMMAND MODE Privileged E...

Page 1645: ...Network Network address 192 168 0 1 Subnet mask 255 255 255 0 Boot file Client identifier mode Hex Client identifier Default router 0 0 0 0 0 0 0 0 DNS server 0 0 0 0 0 0 0 0 Domain name Hardware type...

Page 1646: ...CHAPTER 48 DHCP Commands DHCP Server 1646...

Page 1647: ...to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment if r...

Page 1648: ...D USAGE If this router is directly connected to end node devices or connected to end nodes via shared media that will be assigned to a specific subnet then you must create a router interface for each...

Page 1649: ...condary address cannot be configured prior to setting the primary IP address and the primary address cannot be removed if a secondary address is still present Also if any router switch in a network se...

Page 1650: ...ablished COMMAND MODE Global Configuration COMMAND USAGE The default gateway can also be defined using the following Global configuration command ip route 0 0 0 0 0 0 0 0 gateway address Static routes...

Page 1651: ...el 2 ia IS IS inter area candidate default S 0 0 0 0 0 1 0 via 10 1 1 254 VLAN1 C 127 0 0 0 8 is directly connected lo0 C 192 168 2 0 24 is directly connected VLAN1 Console RELATED COMMANDS ip address...

Page 1652: ...MP Statistics ICMP received input errors destination unreachable messages time exceeded messages parameter problem message echo request messages echo reply messages redirect messages timestamp request...

Page 1653: ...his causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round trip time for e...

Page 1654: ...size specified because the router adds header information DEFAULT SETTING count 5 size 32 bytes COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE Use the ping command to see if another site on t...

Page 1655: ...ommands used to configure the Address Resolution Protocol ARP on the switch arp This command adds a static entry in the Address Resolution Protocol ARP cache Use the no form to remove an entry from th...

Page 1656: ...rk operations to time out Static entries will not be aged out nor deleted when power is reset A static entry can only be removed through the configuration interface EXAMPLE Console config arp 10 1 0 1...

Page 1657: ...sable proxy ARP SYNTAX no ip proxy arp DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE Proxy ARP allows a non routing device to determine the MAC address of a host on...

Page 1658: ...ther and VLAN interface Note that entry type other indicates local addresses for this router You can define up to 128 static entries in the ARP cache A static entry may need to be used if there is no...

Page 1659: ...t for which UDP service requests are forwarded Range 1 65535 DEFAULT SETTING The following UDP ports are included in the forwarding list when UDP helper is enabled with the ip helper command and a rem...

Page 1660: ...are confined to the local subnet either as an all hosts broadcast all ones broadcast 255 255 255 255 or a directed subnet broadcast such as 10 10 10 255 To reduce the number of application servers de...

Page 1661: ...igured with an IP address The UDP packets to be forwarded must be specified by the ip forward protocol udp command and the packets meet the following criteria The MAC address of the received frame mus...

Page 1662: ...uration settings for UDP helper COMMAND MODE Privileged Exec COMMAND USAGE This command displays all configuration settings for UDP helper including its functional status the UDP ports for which broad...

Page 1663: ...E PE show ipv6 traffic Displays statistics about IPv6 traffic NE PE clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE trac...

Page 1664: ...nterfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identi...

Page 1665: ...NTAX no ipv6 address ipv6 address prefix length ipv6 address A full IPv6 address including the network prefix and host address bits prefix length A decimal value indicating how many contiguous bits fr...

Page 1666: ...ress for an IPv4 virtual interface is formed by appending the interface identifier as defined above to the prefix FE80 64 If a duplicate address is detected a warning message is sent to the console EX...

Page 1667: ...priate number of zeros required to fill the undefined fields If a link local address has not yet been assigned to this interface this command will dynamically generate a global unicast address and a l...

Page 1668: ...the interface identifier is not globally unique When the host has more than one IPv4 address in use on the physical interface concerned the primary address for that interface is used The IPv6 link loc...

Page 1669: ...the address prefix must be in the range of FE80 FEBF The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multipl...

Page 1670: ...is command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 and the host portion of the address is generated by converti...

Page 1671: ...smission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Specifies the MTU size Range 1280 65535 bytes DEFAULT SETTI...

Page 1672: ...6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined field...

Page 1673: ...d by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A node is also required to compute and join the associated solic...

Page 1674: ...le MTU to this switch COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows the MTU cache for this device Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000...

Page 1675: ...grams 15 requests discards no routes generated fragments fragment succeeded fragment failed ICMPv6 Statistics ICMPv6 received input errors destination unreachable messages packet too big messages time...

Page 1676: ...ddresses with unallocated prefixes For entities which are not IPv6 routers and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a lo...

Page 1677: ...encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipv6IfStatsOutForwDatagra...

Page 1678: ...al number of ICMP messages which this interface attempted to send Note that this counter includes all those counted by icmpOutErrors destination unreachable messages The number of ICMP Destination Unr...

Page 1679: ...to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain name server count Number of packets to send Range 1 16 group membership response m...

Page 1680: ...g is sent When pinging a host name be sure the DNS server has been enabled see page 1616 If necessary local devices can also be specified in the DNS static host table see page 1618 When using ping6 wi...

Page 1681: ...stination The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VL...

Page 1682: ...Trace completed Console Neighbor Discovery ipv6 hop limit This command configures the maximum number of hops used in router advertisements that are originated by this router Use the no form to restor...

Page 1683: ...ormatted as six hexadecimal pairs separated by hyphens DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Address Resolution Protocol ARP has been replaced in IPv6 with the Neighbor...

Page 1684: ...6 nd dad attempts count no ipv6 nd dad attempts count The number of neighbor solicitation messages sent to determine whether or not a duplicate address exists on this interface Range 0 600 DEFAULT SET...

Page 1685: ...addresses configured on VLAN 1 The show ipv6 interface command indicates that the duplicate address detection process is still on going Console config interface vlan 1 Console config if ipv6 nd dad at...

Page 1686: ...ess autoconfiguration based on IPv6 prefixes found in router advertisements The managed address configuration flag is only a suggestion to attached hosts They may still use stateful and or stateless a...

Page 1687: ...non address information from a DHCPv6 server Console config interface vlan 1 Console config ipv6 nd other config flag Console config ipv6 nd ns interval This command configures the interval between t...

Page 1688: ...attempts 1 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND ad...

Page 1689: ...ng SYNTAX ipv6 nd reachable time milliseconds no ipv6 nd reachable time milliseconds The time that a node can be considered reachable after receiving confirmation of reachability Range 0 3600000 DEFAU...

Page 1690: ...the local link that the specified prefix cannot be used for IPv6 autoconfiguration off link Indicates that the specified prefix is assigned to the link Nodes sending traffic to addresses that contain...

Page 1691: ...v6 nd ra interval interval The interval between IPv6 router advertisements Range 3 1800 seconds COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 600 seconds COMMAND USAGE The interval between...

Page 1692: ...not be considered a default router Set the lifetime to a non zero value to indicate that it should be considered a default router When a non zero value is used the lifetime should not be less than th...

Page 1693: ...high Console config ipv6 nd ra suppress This command suppresses router advertisement transmissions on an interface Use the no form to re enable router advertisements SYNTAX no ipv6 nd ra suppress COM...

Page 1694: ...ort unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd raguard interface ethernet 1 1 Interface RA Gua...

Page 1695: ...entry from the indicated mapping RFC 4293 R Reachable Positive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH sta...

Page 1696: ...o host or host to host connections using the tunnel mode ipv6ip command Table 243 IPv6 to IPv4 Tunnelling Commands Command Function Mode interface tunnel Configures a tunnel interface and enters tunne...

Page 1697: ...ber no interface tunnel tunnel number tunnel number Tunnel interface identifier Range 1 16 DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Although this command is labeled with th...

Page 1698: ...dress of an IPv6 IPv4 router bordering the IPv6 backbone is known this can be used as the tunnel end point address This tunnel can be configured into the routing table as an IPv6 default route That is...

Page 1699: ...no form to restore the default setting SYNTAX tunnel mode ipv6ip configured 6to4 no tunnel mode ipv6ip configured Configured IPv6 over IPv4 tunneling using point to point tunnels by encapsulating IPv6...

Page 1700: ...o4 node or native IPv6 host Router to Host IPv6 IPv4 routers can tunnel IPv6 packets to their final destination IPv6 IPv4 host This tunnel spans only the last segment of the end to end path Tunneling...

Page 1701: ...eeded removes the IPv4 header updates the IPv6 header and processes the received IPv6 packet EXAMPLE Console config interface tunnel 2 Console config if tunnel mode ipv6ip configured Console config if...

Page 1702: ...lating packet However note that IPv6 over IPv4 tunnels are modeled as a single hop That is the IPv6 hop limit is decremented by only one when an IPv6 packet traverses the tunnel The single hop model s...

Page 1703: ...D advertised reachable time is 0 milliseconds Tunnel 1 is up IPv6 is stale Link local address FE80 C0A8 3 64 Global unicast address es 2002 DB9 2222 7272 72 48 subnet is 2002 DB9 2222 48 Joined group...

Page 1704: ...ding This section describes commands used to configure ND Snooping Table 244 ND Snooping Commands Command Function Mode ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or range of...

Page 1705: ...le according to the Prefix Information option in the RA message The prefix table records prefix prefix length valid lifetime as well as the VLAN and port interface which received the message If an RA...

Page 1706: ...ally and on VLAN 1 Console config ipv6 nd snooping Console config ipv6 nd snooping vlan 1 Console config ipv6 nd snooping vlan 1 4094 VLAN ID Console config ipv6 nd snooping auto detect This command e...

Page 1707: ...f no RA message is received is set to the retransmit count x the retransmit interval see the ipv6 nd snooping auto detect retransmit interval command Based on the default settings this is 3 seconds EX...

Page 1708: ...ssage before deleting an entry in the prefix table Use the no form to restore the default setting SYNTAX ipv6 nd snooping prefix timeout timeout no ipv6 nd snooping prefix timeout timeout The time to...

Page 1709: ...nfig ipv6 nd snooping trust This command configures a port as a trusted interface from which prefix information in RA messages can be added to the prefix table or NS messages can be forwarded without...

Page 1710: ...d Exec EXAMPLE Console clear ipv6 nd snooping binding Console show ipv6 nd snooping binding MAC Address IPv6 Address Lifetime VLAN Interface Console clear ipv6 nd snooping prefix This command clears a...

Page 1711: ...VLANs VLAN 1 Interface Trusted Max binding Eth 1 1 Yes 1 Eth 1 2 No 5 Eth 1 3 No 5 Eth 1 4 No 5 Eth 1 5 No 5 show ipv6 nd snooping binding This command shows all entries in the dynamic user binding t...

Page 1712: ...D Snooping 1712 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping prefix Prefix entry timeout 100 second Prefix Len Valid Time Expire VLAN Interface 2001 b000 64 2592000 100 1 Eth 1 1...

Page 1713: ...ich allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Table 245 VRRP Commands Command Function Mode vrrp authe...

Page 1714: ...the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to p...

Page 1715: ...customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP EXAMPLE This example creates VRRP g...

Page 1716: ...p priority 1716 vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting SYNTAX vrrp group priority level no vrrp group priority group...

Page 1717: ...advertisements communicating its state as the master Use the no form to restore the default interval SYNTAX vrrp group timers advertise interval no vrrp group timers advertise group Identifies the VR...

Page 1718: ...ifier of configured VLAN interface Range 1 4094 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console clear vrrp 1 interface 1 counters Console clear vrrp router counters This command clears VRRP...

Page 1719: ...rity 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 246 show vrrp display description Field Description State VRRP role of this interface master or backup Virtual IP add...

Page 1720: ...xec Master Advertisement interval The advertisement interval configured on the VRRP master Master down interval The down interval configured on the VRRP master This interval is used by all the routers...

Page 1721: ...ies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console show vrrp 1 interface vlan 1 counters Total Numbe...

Page 1722: ...MMAND MODE Privileged Exec EXAMPLE Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Page 1723: ...s global parameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange routing information Routing Information Protocol RIP Configures global and i...

Page 1724: ...istances used by the dynamic unicast routing protocols is 110 for OSPF 120 for RIP 20 for eBGP and 200 for iBGP Range 1 255 Default 1 Removes all static routing table entries DEFAULT SETTING No static...

Page 1725: ...e 1849 respectively EXAMPLE This example forwards all traffic for subnet 192 168 1 0 to the gateway router 192 168 5 254 using the default metric of 1 Console config ip route 192 168 1 0 255 255 255 0...

Page 1726: ...ed Displays all currently connected entries database All known routes including inactive routes ospf Displays external routes imported from the Open Shortest Path First OSPF protocol into this routing...

Page 1727: ...ing The router must be able to directly reach the next hop so the VLAN interface associated with any dynamic or static route entry must be up Note that routes currently not accessible for forwarding m...

Page 1728: ...ow ip route summary This command displays summary information for the routing table COMMAND MODE Privileged Exec EXAMPLE In the following example the numeric identifier following the routing table nam...

Page 1729: ...essages timestamp request messages timestamp reply messages source quench messages address mask request messages address mask reply messages ICMP sent output errors destination unreachable messages ti...

Page 1730: ...ve distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route Note that the default adm...

Page 1731: ...ation Base FIB SYNTAX show ipv6 route ipv6 address prefix length bgp database interface tunnel tunnel number vlan vlan id local ospf rip static ipv6 address A full IPv6 address including the network p...

Page 1732: ...formation necessary to make a forwarding decision on a particular packet The typical components within a forwarding information base entry are a network prefix a router port identifier and next hop in...

Page 1733: ...routes from one routing domain to another RC timers basic Sets basic timers including update timeout garbage collection RC version Specifies the RIP version to use on all network interfaces if not al...

Page 1734: ...MPLE Console config router rip Console config router RELATED COMMANDS network 1738 default information originate This command generates a default external route into the local RIP autonomous system Us...

Page 1735: ...routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistribut...

Page 1736: ...bits used for the associated routing entries DEFAULT SETTING None COMMAND MODE Router Configuration COMMAND USAGE Administrative distance is used by the routers to select the preferred path when ther...

Page 1737: ...o remove an entry SYNTAX no neighbor ip address ip address IP address of a neighboring router DEFAULT SETTING No neighbors are defined COMMAND MODE Router Configuration COMMAND USAGE This command can...

Page 1738: ...networks are specified COMMAND MODE Router Configuration COMMAND USAGE RIP only sends and receives updates on interfaces specified by this command If a network is not specified the interfaces in that...

Page 1739: ...his feature SYNTAX no redistribute bgp connected ospf static metric metric value bgp Displays external routes imported from the Border Gateway Protocol BGP into this routing domain connected Imports r...

Page 1740: ...point other than that derived from the original source EXAMPLE This example redistributes routes learned from OSPF and sets the metric for all external routes imported from OSPF to a value of 3 Conso...

Page 1741: ...e This timer allows neighbors to become aware of an invalid route prior to it being purged by this device Setting the update timer to a short interval can cause the router to spend an excessive amount...

Page 1742: ...nd and receive version 2 packets Console config router version 2 Console config router RELATED COMMANDS ip rip receive version 1744 ip rip send version 1745 ip rip authentication mode This command spe...

Page 1743: ...p authentication mode text Console config if RELATED COMMANDS ip rip authentication string 1743 ip rip authentication string This command specifies an authentication key for RIPv2 packets Use the no f...

Page 1744: ...receive version 1 Accepts only RIPv1 packets 2 Accepts only RIPv2 packets DEFAULT SETTING RIPv1 and RIPv2 packets COMMAND MODE Interface Configuration VLAN COMMAND USAGE Use this command to override t...

Page 1745: ...ng table for an interface For example when only static routes are to be allowed for a specific interface EXAMPLE Console config interface vlan 1 Console config if ip rip receive packet Console config...

Page 1746: ...which only receive RIP broadcast messages to receive all of the information provided by RIPv2 including subnet mask next hop and authentication information EXAMPLE This example sets the interface ver...

Page 1747: ...N DEFAULT SETTING split horizon poisoned COMMAND USAGE Split horizon never propagates routes back to an interface from which they have been acquired Poison reverse propagates routes back to an interfa...

Page 1748: ...l static entries DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command with the all parameter clears the RIP table of all routes To avoid deleting the entire RIP network u...

Page 1749: ...about RIP routes and configuration settings Use this command without any keywords to display all RIP routes SYNTAX show ip rip interface vlan vlan id interface Shows RIP configuration settings for all...

Page 1750: ...ult metric for external routes imported from other protocols RC redistribute Redistribute routes from one routing domain to another RC summary address Summarizes routes advertised by an ASBR RC Area C...

Page 1751: ...mit interval Specifies the time between resending a link state advertisement IC ip ospf transmit delay Estimates time to send a link state update packet over an interface IC passive interface Suppress...

Page 1752: ...e destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF routi...

Page 1753: ...red to import external routes through other routing protocols or static routing and such a route is known See the redistribute command The metric for the default external route is used to calculate th...

Page 1754: ...ique router ID for this device within the autonomous system for the current OSPF process Use the no form to use the default router identification method i e the highest interface address SYNTAX router...

Page 1755: ...cutive SPF calculations Use the no form to restore the default values SYNTAX timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and star...

Page 1756: ...le Route Metrics and Summaries area default cost This command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assig...

Page 1757: ...Network mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network COMMAND MODE Router...

Page 1758: ...967 Mbps COMMAND MODE Router Configuration DEFAULT SETTING 1 Mbps COMMAND USAGE The system calculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By defaul...

Page 1759: ...ols Range 0 16777214 COMMAND MODE Router Configuration DEFAULT SETTING 20 COMMAND USAGE The default metric must be used to resolve the problem of redistributing external routes from other protocols th...

Page 1760: ...nal route 2 Type 2 external route default Routers do not add internal route metric to external route metric tag value A tag placed in the AS external LSA to identify a specific external routing domain...

Page 1761: ...This example redistributes routes learned from RIP as Type 1 external routes Console config router redistribute rip metric type 1 Console config router RELATED COMMANDS default information originate 1...

Page 1762: ...eger ranging from 0 4294967295 translator role Indicates NSSA ABR translator role for Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never t...

Page 1763: ...is different from a stub because when the router is an ASBR it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using t...

Page 1764: ...eger ranging from 0 4294967295 no summary Stops an Area Border Router ABR from sending summary link advertisements into the stub area COMMAND MODE Router Configuration DEFAULT SETTING No stub is confi...

Page 1765: ...r id authentication message digest null authentication key key message digest key key id md5 key no area area id virtual link router id authentication authentication key message digest key key id area...

Page 1766: ...authentication Specifies the authentication mode If no optional parameters follow this keyword then plain text authentication is used along with the password specified by the authentication key If me...

Page 1767: ...be configured between any two backbone routers that have an interface to a common non backbone area The two routers joined by a virtual link are treated as if they were connected by an unnumbered poin...

Page 1768: ...0 0 0 0 indicates the OSPF backbone for an autonomous system Each router must be connected to the backbone via a direct connection or a virtual link Set the area ID to the same value for all routers...

Page 1769: ...area with the same password or key All neighboring routers on the same network with the same password will exchange routing data This command creates a password key that is inserted into the OSPF hea...

Page 1770: ...address This parameter can be used to indicate a specific IP address connected to the current interface If not specified the command applies to all networks connected to the current interface key Sets...

Page 1771: ...erface If not specified the command applies to all networks connected to the current interface cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 COMMAND MODE...

Page 1772: ...network Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 40 or four times the interval specified by the ip ospf hello interval command COMMAND USAGE The dead interval is advert...

Page 1773: ...assign a key id and key to be used by neighboring routers Use the no form to remove an existing key SYNTAX ip ospf ip address message digest key key id md5 key no ip ospf ip address message digest key...

Page 1774: ...ospf message digest key 1 md5 aiebel Console config if RELATED COMMANDS ip ospf authentication 1769 ip ospf priority This command sets the router priority used when determining the designated router D...

Page 1775: ...ifies the time between resending link state advertisements LSAs Use the no form to restore the default value SYNTAX ip ospf ip address retransmit interval seconds no ip ospf ip address retransmit inte...

Page 1776: ...ted time required to send a link state update Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 1 second COMMAND USAGE LSAs have their age incremented by this delay before transm...

Page 1777: ...lved is set to passive mode The specified interface will appear as a stub in the OSPF domain Also if you configure an OSPF interface as passive where an adjacency already exists the adjacency will dro...

Page 1778: ...TOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so only one cost per interface can be assigned SPF schedule delay Delay between receiving a ch...

Page 1779: ...ured areas attached to this router Number of interfaces in this area is The number of interfaces attached to this area Number of fully adjacent neighbors in this area is The number of neighbors for wh...

Page 1780: ...An IP network number for Type 3 Summary and External LSAs A Router ID for Router Network and Type 4 AS Summary LSAs Also note that when an Type 5 ASBR External LSA is describing a default route its li...

Page 1781: ...68 2 1 LS Seq Number 80000001 Checksum 0x7b67 Length 28 Network Mask 0 TOS 0 Metric 10 Console Table 254 show ip ospf database display description Field Description OSPF Router Process with ID OSPF pr...

Page 1782: ...xternal Network Number Advertising Router 192 168 0 2 LS Seq Number 80000005 Checksum 0xcc95 Length 36 Network Mask 0 Metric Type 2 Larger than any link state path TOS 0 Metric 1 Forward Address 0 0 0...

Page 1783: ...ptions Optional capabilities associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network...

Page 1784: ...ds Options Optional capabilities associated with the LSA LS Type Network Link LSA describes the routers attached to the network Link State ID Interface address of the designated router Advertising Rou...

Page 1785: ...e length of the LSA in bytes Link connected to Link state type including transit network stub network or virtual link Link ID Link type and corresponding Router ID or network address Link Data Router...

Page 1786: ...transmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adjacent neighbor count is 1 Hello received 920 sent 975 DD received 5 sent 4 LS Req received 1 sent 1 LS Upd received 14 sent 18 LS Ack received 1...

Page 1787: ...is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priority Router priority Designated Router De...

Page 1788: ...ed fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 VLAN1 Table 261 show ip ospf neighbor display description Field Description Neighbo...

Page 1789: ...10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 08 Adjacency state Down Console RELATED COMMANDS area virtual link 1765 Table 262 show ip ospf virtual links display description Field Description V...

Page 1790: ...oute redistribution has been enabled with the redistribute command Routing for Networks Networks for which the OSPF is currently registering routing information Routing for Summary Address Shows the n...

Page 1791: ...an interface IC ipv6 ospf dead interval Sets the interval at which hello packets are not seen before neighbors declare the router down IC ipv6 ospf hello interval Specifies the interval between sendi...

Page 1792: ...assign an area to each interface that will participate in the specified OSPF process General Configuration router ipv6 ospf This command creates an Open Shortest Path First OSPFv3 routing process and...

Page 1793: ...SA 2 Checksum 0x00ab4f Console RELATED COMMANDS ipv6 router ospf area 1804 abr type This command sets the criteria used to determine if this router can declare itself an ABR and issue Type 3 and Type...

Page 1794: ...f it is not an ABR but has more than one attached area or it does not have an active backbone connection In other words inter area routes are calculated by examining summary LSAs If the router is an A...

Page 1795: ...default setting SYNTAX router id ip address no router id ip address Router ID formatted as an IPv4 address COMMAND MODE Router Configuration DEFAULT SETTING None COMMAND USAGE This command sets the r...

Page 1796: ...restore the default values SYNTAX timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and starting the SPF calculation Range 0 214748364...

Page 1797: ...st area id Identifies the stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 cost Cost for the default summary route sent to a stub Ra...

Page 1798: ...summary is not sent and the routes remain hidden from the rest of the network COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command can be used to summarize intra area...

Page 1799: ...etric value set by the redistribute command When a metric value has not been configured by the redistribute command the default metric command sets the metric value to be used for all imported externa...

Page 1800: ...router automatically becomes an autonomous system boundary router ASBR Metric type specifies the way to advertise routes to destinations outside the AS through External LSAs When a Type 1 LSA is rece...

Page 1801: ...g Type 4 Inter Area Router and Type 5 AS External LSAs into the stub Since no information on external routes is known inside the stub an ABR will advertise the default route 0 0 0 using a Type 3 Inter...

Page 1802: ...val seconds Specifies the time that neighbor routers will wait for a hello packet before they declare the router down This value must be the same for all routers attached to an autonomous system Range...

Page 1803: ...al path to the backbone for an isolated area or can be configured as a backup connection that can take over if the normal connection to the backbone fails A virtual link can be configured between any...

Page 1804: ...MODE Interface Configuration DEFAULT SETTING None COMMAND USAGE An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous system Each router...

Page 1805: ...meric string up to 16 characters instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 COMMAND MODE Interface Configuration...

Page 1806: ...stance id instance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network se...

Page 1807: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Page 1808: ...econds COMMAND USAGE Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Page 1809: ...d If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elec...

Page 1810: ...o send a link state update packet over an interface Use the no form to restore the default value SYNTAX ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id...

Page 1811: ...interface vlan vlan id ipv6 address vlan id VLAN ID Range 1 4094 ipv6 address A full IPv6 address including the network prefix and host address bits COMMAND MODE Router Configuration DEFAULT SETTING N...

Page 1812: ...identifies the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The time this process has been running Supports only sin...

Page 1813: ...LSA Link State ID ADV Router Age Seq CkSum Console Checksum The sum of the LS checksums of opaque link state advertisements contained in the link state database Number of LSA received The number of l...

Page 1814: ...eceived 0 sent 0 LS Upd received 0 sent 0 LS Ack received 0 sent 0 Discarded 0 Console Table 266 show ip ospf database display description Field Description OSPF Router Process with ID OSPF router ID...

Page 1815: ...is on a multiaccess network but is not the DR or BDR Loopback This is a loopback interface PointToPoint A direct link between two routers Waiting Router is trying to find the DR and BDR Priority Rout...

Page 1816: ...1 L2 IS IS level 2 ia IS IS inter area C 1 128 lo0 O 2001 DB8 2222 7272 64 VLAN1 Table 268 show ipv6 ospf neighbor display description Field Description ID Neighbor s router ID Pri Neighbor s router p...

Page 1817: ...t Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency state Full Console Table 269 show ipv6 ospf virtual links display...

Page 1818: ...tween the source and destination Loops are prevented simply by checking the path vector to see if same AS is listed twice This approach solves many of the scalability problems encountered when applyin...

Page 1819: ...in OPEN messages by a peer with that of its own internal value If it matches then this neighbor is an iBGP speaker and if it does not then it is an eBGP speaker An eBGP speaker can advertise prefixes...

Page 1820: ...he shortest number or AS hops Just note that each AS may be comprised of multiple routers or networks that a packet traverses as it crosses the associated route to the destination so the AS hop count...

Page 1821: ...reflector receives a route with its own cluster ID a potential routing loop can be broken MP_REACH_NLRI This attribute describes routes for network protocols other than IPv4 The attribute identifies...

Page 1822: ...heir capabilities the UPDATE message is used to advertise withdraw prefixes the NOTIFICATION message is used to send errors or close the session and the KEEPALIVE messages is used to keep the BGP sess...

Page 1823: ...This supernetted address block is less specific and only lists the AS number of the AS where the supernetting was done The Atomic_Aggregate attribute indicates that attributes for more specific paths...

Page 1824: ...ngle Route Reflector Route reflector clients are not aware that they are connected to a route reflector and function as though fully meshed within the autonomous system For redundancy a cluster many c...

Page 1825: ...een that routing information learned from an iBGP speaker can be passed to another iBGP speaker This breaks the normal rules for a fully meshed iBGP autonomous system and other steps are now required...

Page 1826: ...ber AS to another member AS This exception to normal practice is allowed within the confederation since this attribute is meant for use by the entire AS The Next Hop for a route set by the first BGP s...

Page 1827: ...es and their attributes are relayed unmodified between client routers they acquire the same routing information as they would via direct peering in a full mesh configuration Figure 559 Connections for...

Page 1828: ...s as shown below Maximum penalty reuse limit 2 max suppress time half life When a route is being damped any updates or withdrawals for this route received from a peer are ignored This limits the effec...

Page 1829: ...er RC timers bgp Sets the Keep Alive time used for maintaining connectivity and the Hold time to wait for Keep Alive messages before declaring a neighbor down RC clear ip bgp Clears connections using...

Page 1830: ...ty negotiation when creating connections RC neighbor ebgp multihop Allows eBGP neighbors to exist in different segments and configures the maximum hop count TTL RC neighbor enforce multihop Enforces t...

Page 1831: ...used for specified neighbors RC neighbor timers connect Sets the time to wait before attempting to reconnect to a neighbor whose TCP connection has failed RC neighbor unsuppress map Allows specified...

Page 1832: ...sing the neighbor remove private as command Note that AS number 23456 is reserved for the AS Transitive attribute which is required when setting up a new BGP speaker Use this command to specify all of...

Page 1833: ...ers no spaces or other special characters deny Permits access for messages with matching path attribute permit Denies access to messages with matching path attribute regular expression Autonomous syst...

Page 1834: ...e Name of standard access list A maximum of 16 communities can be configured in a standard community list Maximum length 32 characters no spaces or other special characters deny Denies access to messa...

Page 1835: ...Standard community lists are used to configure well known communities or community numbers Expanded community lists are used to filter communities using a regular expression When multiple values are e...

Page 1836: ...f communities standard community list name Name of standard access list A maximum of 16 extended communities can be configured in a standard community list Maximum length 32 characters no spaces or ot...

Page 1837: ...community lists the form a logical OR condition where the first list that matches a condition is processed If the criteria specified for a community list is matched then the deny permit condition is a...

Page 1838: ...address netmask any ge min prefix length le max prefix length prefix list name Name of prefix list Maximum length 128 characters no spaces or other special characters sequence number Applies a sequenc...

Page 1839: ...with the match ip address prefix list route map command to implement a more comprehensive filter for policy based routing EXAMPLE This example denies access to routing messages for the specified addre...

Page 1840: ...s avoid advertising routing information in this manner since this route may be frequently withdrawn and updated as AS path reachability information for the summarized routes changes Using the summary...

Page 1841: ...rom a non client peer is advertised to all clients And information from cluster members is reflected to all routing peers both inside and outside of the cluster using this model the local AS can be di...

Page 1842: ...g this attribute an RR can determine if routing information has looped back to the same cluster due to mis configuration If the local cluster ID is found in the cluster list the advertisement is ignor...

Page 1843: ...command to specify the autonomous systems within a confederation EXAMPLE Console config router bgp confederation identifier 600 Console config router RELATED COMMANDS bgp confederation peer 1843 bgp c...

Page 1844: ...uppress limit max suppress time no dampening half life The time after which a penalty is reduced The penalty value is reduced to half of the previous value after the half life time expires Range 1 45...

Page 1845: ...t its own autonomous system number at the beginning of the AS path attribute Use the no form to disable this feature SYNTAX no bgp enforce first as COMMAND MODE Router Configuration DEFAULT SETTING Di...

Page 1846: ...is feature COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command helps detect network problems by indicating if a neighbor connection is flapping A high number of neigh...

Page 1847: ...bgp router id router id no bgp router id router id Router ID formatted as an IPv4 address COMMAND MODE Router Configuration DEFAULT SETTING The highest IP address configured for an interface COMMAND...

Page 1848: ...cause black holes or routing loops to form EXAMPLE Console config router bgp scan time 30 Console config router network This command specifies a network to advertise Use the no form to stop advertisi...

Page 1849: ...r routes learned through eBGP even if the distance of the external route is shorter EXAMPLE Console config router network 172 16 0 0 255 255 0 0 Console config router redistribute This command redistr...

Page 1850: ...ectivity and the Hold time to wait for Keep Alive or Update messages before declaring a neighbor down Use the no form to restore the default settings SYNTAX timers bgp keepalive time hold time no time...

Page 1851: ...nbound sessions prefix list The outbound route filter ORF prefix list This option triggers a new route refresh or soft re configuration which updates the ORF prefix list This option is ignored unless...

Page 1852: ...ound routing tables dynamically by exchanging route refresh requests with peers Route refresh relies on the dynamic exchange of information with supporting peers It is advertised through BGP capabilit...

Page 1853: ...g paths from the same autonomous system This command allows the comparison of MEDs among different paths regardless of the autonomous system from which the paths are received The bgp deterministic med...

Page 1854: ...ig router bgp bestpath compare confed aspath Console config router bgp bestpath compare routerid This command compares similar routes from external peers and gives preference to a route with the lowes...

Page 1855: ...ned from confederation peers is compared only if no external autonomous systems AS appear in the path If an external AS is within the path then the external MED is passed transparently through the con...

Page 1856: ...SETTING Disabled COMMAND USAGE The MED is compared after BGP attributes weight local preference AS path and origin have been compared and are equal When deterministic comparison of the MED is enabled...

Page 1857: ...characters no spaces or other special characters COMMAND MODE Router Configuration DEFAULT SETTING None COMMAND USAGE The route distance indicates the trustworthiness of a router The higher the distan...

Page 1858: ...peer within the local autonomous system Local routes are those configured with the network command as a back door for the router or for the networks being redistributed from another routing process Th...

Page 1859: ...oring router this command is used to enable the exchange of information with the neighbor The exchange of information is enabled by default for each routing session configured with the neighbor remote...

Page 1860: ...ining a list of neighboring routers configured with the neighbor peer group command count Maximum number of times the same AS number can appear in the AS path of a received route Range 1 10 or 3 if th...

Page 1861: ...r MED attribute next hop Next hop attribute COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE If this command is entered without specifying any route attributes then all three o...

Page 1862: ...ion of outbound route filter ORF capabilities with a neighboring router Use the no form to disable negotiation SYNTAX no neighbor ip address group name orf prefix list both receive send ip address IP...

Page 1863: ...e criteria used for sending the default route to a neighbor Range 1 80 characters COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command is used to advertise the local r...

Page 1864: ...ecified EXAMPLE Console config router neighbor 10 1 1 64 description bill s router Console config router neighbor distribute list This command filters route updates to from a neighbor or peer group Us...

Page 1865: ...restore the default setting SYNTAX no neighbor ip address group name dont capability negotiate ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers...

Page 1866: ...AND USAGE This command can be used to allow routers in different network segments to create a BGP neighbor relationship If this command is entered without specifying a count the hop limit is set at 25...

Page 1867: ...t access list in out no neighbor ip address group name filter list in out ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the n...

Page 1868: ...can be received from a neighbor Use the no form to restore the default setting SYNTAX neighbor ip address group name maximum prefix max count threshold restart interval warning no neighbor ip address...

Page 1869: ...nd configures the local router as the next hop for a neighbor in all routing messages it sends Use the no form to disable this feature SYNTAX no neighbor ip address group name next hop self ip address...

Page 1870: ...no form to disable this feature SYNTAX no neighbor ip address group name neighbor override capability ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring r...

Page 1871: ...utes Use the no form to remove a peer group SYNTAX no neighbor group name peer group group name A BGP peer group Range 1 256 characters COMMAND MODE Router Configuration DEFAULT SETTING No peer groups...

Page 1872: ...group use the neighbor group name peer group command EXAMPLE Console config router neighbor 10 1 1 64 peer group RD Console config router neighbor port This command specifies the TCP port number of th...

Page 1873: ...fix list with the ip prefix list command and then use this command to specify the neighbors to which it applies and whether it applies to inbound or outbound messages Filtering routes based on a prefi...

Page 1874: ...MODE Router Configuration DEFAULT SETTING No neighbors are configured COMMAND USAGE BGP neighbors must be manually configured A neighbor relationship can only be established if partners are configured...

Page 1875: ...portion of the AS path EXAMPLE Console config router neighbor 10 1 1 64 remove private as Console config router neighbor route map This command specifies the route mapping policy for inbound outbound...

Page 1876: ...dress IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Di...

Page 1877: ...sed in iBGP Instead of maintaining direct eBGP peering sessions with every other service provider providers can acquire the same routing information through a single connection to a route server at th...

Page 1878: ...OMMAND MODE Router Configuration DEFAULT SETTING No community attributes are sent If community type is not specified then only standard community attributes are sent COMMAND USAGE Community attributes...

Page 1879: ...peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE Use this command to employ...

Page 1880: ...oup name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command...

Page 1881: ...the global timers bgp command EXAMPLE Console config router neighbor 10 1 1 66 timers 50 200 Console config router neighbor timers connect This command sets the time to wait before attempting to recon...

Page 1882: ...the no form to remove this configuration entry SYNTAX no neighbor ip address group name unsuppress map map name ip address IP address of a neighbor group name A BGP peer group containing a list of ne...

Page 1883: ...st interface to the neighbor is used for BGP connections This command can be used to specify any available interface for a TCP connection EXAMPLE Console config router neighbor 10 1 1 66 update source...

Page 1884: ...k mask for the route This mask identifies the network address bits used for the associated routing entries longer prefixes Specified route and all more specific routes COMMAND MODE Privileged Exec EXA...

Page 1885: ...try removed Origin codes Origin of table entry includes these values i Entry originated from an Interior Gateway Protocol IGP and was advertised using a network router configuration command e Entry or...

Page 1886: ...vertise no export exact match AA NN Standard community number to match The 4 byte community number is composed of a 2 byte autonomous system number and a 2 byte network number separated by one colon E...

Page 1887: ...Hop Metric LocPrf Weight Path 100 1 1 0 24 0 0 0 0 32768 700 800 i 172 0 0 0 8 0 0 0 0 32768 700 800 i Total number of prefixes 2 Console show ip bgp community info This command shows community messa...

Page 1888: ...ays only routes that match the specified communities exactly COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp community list rd BGP table version is 0 local router ID is 192 168 0 2 Status cod...

Page 1889: ...damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network From Flaps Duration Reuse Path d 100 1 3 0 24 10 1 1 64 3 00 06 05 00 27 00 100 Total...

Page 1890: ...and chows connection information for neighbor sessions SYNTAX show ip bgp neighbors ip address advertised routes received prefix filter received routes routes ip address IP address of the neighbor adv...

Page 1891: ...ption BGP neighbor IP address of neighbor remote AS Autonomous system number of the neighbor local AS Local autonomous system number external link external link is displayed for external BGP neighbors...

Page 1892: ...ort or export as defined by the match ip address prefix list command Range 1 80 characters COMMAND MODE Privileged Exec Foreign host port IP address and TCP port of the neighbor BGP speaker Nexthop IP...

Page 1893: ...ion indicating the path attributes to match Syntax complies with the IEEE POSIX Basic Regular Expressions BRE standard COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp regexp 100 BGP table ver...

Page 1894: ...TAX show ip bgp scan COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp scan BGP scan is running BGP scan interval is 60 Current BGP nexthop cache 10 10 10 64 valid IGP metric 0 BGP connected ro...

Page 1895: ...y list name Name of standard or expanded access list Maximum length 32 characters no spaces or other special characters COMMAND MODE Privileged Exec EXAMPLE Console show ip community list rd Named Com...

Page 1896: ...notation netmask Network mask for the route This mask identifies the network address bits used for the associated routing entries first match First matched prefix longer All entries more specific than...

Page 1897: ...plied and then based on the policy makes some decision First the traffic is matched according to the policy Second for each match there is something set What is set could be that the traffic matches m...

Page 1898: ...occurs RM description Creates a description of an entry in the route map RM match as path Sets an AS path access list to match RM match community Sets a BGP community access list to match RM match ex...

Page 1899: ...to perform if the criteria enforced by the match commands are met If the match criteria are met for a route map and the permit keyword specified the packet is policy routed based on defined set comma...

Page 1900: ...for an access list if the access list does not exist no routing message will be matched and therefore all routes are skipped For a permit route map if it does not have a match clause any routing mess...

Page 1901: ...nue processing Range 1 65535 COMMAND MODE Route Map COMMAND USAGE If no match statements precede the call entry the call is automatically executed If no sequence number is specified by the call entry...

Page 1902: ...DE Route Map COMMAND USAGE The weights assigned by the match as path and set weight route map commands command override the weight assigned using the BGP neighbor weight command EXAMPLE Console config...

Page 1903: ...config route map set weight 30 Console config route map match extcommunity This command sets a BGP extended community access list to match Use the no form to remove this entry from a route map SYNTAX...

Page 1904: ...le config route map set weight 30 Console config route map RELATED COMMANDS ip prefix list 1838 Access Control Lists 1163 match ip next hop This command specifies the next hop addresses to be matched...

Page 1905: ...list name prefix list access list name Name of standard or extended access list Maximum length 32 characters no spaces or other special characters prefix list name Name of a specific prefix list COMM...

Page 1906: ...Console config route map match origin igp Console config route map set weight 30 Console config route map match pathlimit as This command sets the maximum AS path length allowed for propagation of mo...

Page 1907: ...s counted as a single AS Each instance of an AS number that appears multiple times in an AS_PATH is counted If the AS_PATHLIMIT attribute is attached to a prefix by a private AS then when the prefix i...

Page 1908: ...umber Route map entry Range 1 65535 next Go to next entry COMMAND MODE Route Map COMMAND USAGE Use this command when no set action is for a match clause EXAMPLE Console config route map RD permit 8 Co...

Page 1909: ...te map match pathlimit as 5 Console config route map set aggregator 1 192 168 0 0 Console config route map set as path This command modifies the AS path by prepending or excluding an AS number Use the...

Page 1910: ...atomic aggregate Console config route map set comm list delete This command removes communities from the community attribute of inbound or outbound routing messages Use the no form to remove this ent...

Page 1911: ...twork number separated by one colon Each 2 byte number can range from 0 from 65535 One or more communities can be entered separated by a space Up to 16 community numbers are supported additive Adds co...

Page 1912: ...bute soo The site of origin extended community attribute extended community value The route target or site of origin in one of the following formats AAAA NN or AA NNNN Community number to deny or perm...

Page 1913: ...ommand sets the next hop for a routing message Use the no form to remove this entry from a route map SYNTAX set ip next hop ip address peer address no set ip next hop ip address ip address An IPv4 add...

Page 1914: ...295 COMMAND MODE Route Map COMMAND USAGE The preference is sent only to routers in the local autonomous system To specify the metric for inter autonomous systems use the set metric command A route wit...

Page 1915: ...ems use the bgp always compare med command EXAMPLE Console config route map RD permit 16 Console config route map match peer 192 168 0 99 Console config route map set metric 1 Console config route map...

Page 1916: ...oop prevention by rejecting updates that contain the receiving router s own router ID in the originator ID attribute EXAMPLE Console config route map RD permit 17 Console config route map match peer 1...

Page 1917: ...rom a route map SYNTAX set weight weight no set weight weight The weight assigned to this route Range 0 4294967295 COMMAND MODE Route Map COMMAND USAGE Weights are used to determine the best path avai...

Page 1918: ...ing Commands Policy based Routing for BGP 1918 EXAMPLE Console show route map RD route map RD permit sequence 1 Match clauses peer 102 168 0 99 Set clauses comm list 100 delete Call clause Action Exit...

Page 1919: ...SYNTAX no ip multicast routing DEFAULT SETTING Disabled Table 277 Multicast Routing Commands Command Group Function General Multicast Routing Enables IP multicast routing globally also displays the I...

Page 1920: ...command displays the IPv4 multicast routing table SYNTAX show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or downstream from...

Page 1921: ...ndezvous Point RP which normally indicates a pruned state along the shared tree for a particular source T SPT bit set Multicast packets have been received from a source on the shortest path tree J Joi...

Page 1922: ...outing globally for the router A multicast routing protocol also needs to be enabled on the interfaces that will support multicast routing using the router pim6 command and then specify the interfaces...

Page 1923: ...cast routing If no optional parameters are selected detailed information for each entry in the multicast address table is displayed If you select a multicast group and source pair detailed information...

Page 1924: ...ately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a requested service source Subnetwork containing the IP...

Page 1925: ...n the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration SYNTAX ip igmp snooping vlan vlan id mrouter interface...

Page 1926: ...hin VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned...

Page 1927: ...m a neighboring PIM router before declaring it dead IC ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune s...

Page 1928: ...limit Configures the rate at which register messages are sent by the Designated Router DR GC ip pim register source Configure the IP source address of a register message to an address other than the o...

Page 1929: ...MAND MODE Interface Configuration VLAN COMMAND USAGE To fully enable PIM you need to enable multicast routing globally for the router with the ip multicast routing command enable PIM globally for the...

Page 1930: ...f they have already connected to the source through the SPT or if there are no longer any group members connected to the interface EXAMPLE Console config interface vlan 1 Console config if ip pim dens...

Page 1931: ...ending PIM hello messages Range 1 65535 DEFAULT SETTING 30 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE Hello messages are sent to neighboring PIM routers from which this device has...

Page 1932: ...le this feature SYNTAX no ip pim lan prune delay DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When other downstream routers on the same VLAN are notified that this...

Page 1933: ...d in the message Range 500 6000 milliseconds DEFAULT SETTING 2500 milliseconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The override interval configured by this command and the propagat...

Page 1934: ...te the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time require...

Page 1935: ...le config if show ip pim interface This command displays information about interfaces configured for PIM SYNTAX show ip pim interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Normal Exec...

Page 1936: ...DM Commands ip pim graft retry interval This command configures the time to wait for a Graft acknowledgement before resending a Graft Use the no form to restore the default value SYNTAX ip pim graft r...

Page 1937: ...to resend a Graft message if it has not been acknowledged Use the no form to restore the default value SYNTAX ip pim max graft retries retries no ip pim max graft retries retries The maximum number of...

Page 1938: ...strap Router BSR candidate Use the no form to restore the default value SYNTAX ip pim bsr candidate interface vlan vlan id hash hash mask length priority priority no ip pim bsr candidate vlan id VLAN...

Page 1939: ...wo core routers in diverse locations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP EXAMPLE The following ex...

Page 1940: ...s back toward the rendezvous point RP Use the no form to restore the default setting SYNTAX ip pim register source interface vlan vlan id no ip pim register source vlan id VLAN ID Range 1 4094 DEFAULT...

Page 1941: ...an IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by more than one...

Page 1942: ...nt RP candidate to the bootstrap router BSR Use the no form to remove this router as an RP candidate SYNTAX ip pim rp candidate interface vlan vlan id group prefix group address mask interval seconds...

Page 1943: ...d on the group address RP address priority and hash mask included in the bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provide...

Page 1944: ...he RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree SPT...

Page 1945: ...le election process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with...

Page 1946: ...versely affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested to join this g...

Page 1947: ...RP Use the show ip pim rp mapping command to display active RPs that are cached with associated multicast routing entries EXAMPLE This example clears the RP map Console clear ip pim bsr rp set Consol...

Page 1948: ...umber of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before this entry will be removed Role...

Page 1949: ...via null Console Table 286 show ip pim rp mapping display description Field Description Groups The multicast group address mask length managed by the RP RP address IP address of the RP used for the l...

Page 1950: ...about interfaces configured for PIM NE PE show ipv6 pim neighbor Displays information about PIM neighbors NE PE PIM DM Commands ipv6 pim graft retry interval Configures the time to wait for a Graft ac...

Page 1951: ...routing must be enabled on the switch using the ipv6 multicast routing command To use IPv6 multicast routing MLD proxy cannot be enabled on any interface of the device see the ipv6 mld proxy command...

Page 1952: ...cast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a downstream router Sparse mode interfaces forward multicas...

Page 1953: ...or PIM hello messages Range 1 65535 DEFAULT SETTING 105 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The ip pim hello holdtime should be greater than the value of ipv6 pim hello int...

Page 1954: ...onds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces o...

Page 1955: ...hose advertised by each neighbor including this switch EXAMPLE Console config if ipv6 pim lan prune delay Console config if RELATED COMMANDS ipv6 pim override interval 1955 ipv6 pim propagation delay...

Page 1956: ...on delay milliseconds The time required for a lan prune delay message to reach downstream routers attached to the same VLAN interface Range 100 5000 milliseconds DEFAULT SETTING 500 milliseconds COMMA...

Page 1957: ...lue between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is received fr...

Page 1958: ...s information about PIM neighbors SYNTAX show ipv6 pim neighbor interface vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING Displays information for all known PIM neighbors COMMAND MODE Normal...

Page 1959: ...router receives a graft message it must respond with an graft acknowledgement message If this acknowledgement message is lost the router that sent the graft message will resend it a number of times as...

Page 1960: ...sages Use the no form to restore the default value SYNTAX ipv6 pim state refresh origination interval seconds no ipv6 pim max graft retries seconds The interval between sending PIM DM state refresh co...

Page 1961: ...the mask length is less than 32 then only the first portion of the hash is used and a single RP will be defined for multiple groups Range 0 32 bits priority Priority used by the candidate bootstrap ro...

Page 1962: ...it Console show ipv6 pim bsr router PIMv2 Bootstrap information BSR Address 2001 DB8 2222 7272 72 Uptime 00 00 08 BSR Priority 200 Hash Mask Length 20 Expire 00 00 57 Role Candidate BSR State Elected...

Page 1963: ...N ID Range 1 4094 DEFAULT SETTING The IP address of the DR s outgoing interface that leads back to the RP COMMAND MODE Global Configuration COMMAND USAGE When the source address of a register message...

Page 1964: ...not allowed If an IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by...

Page 1965: ...is router as an RP candidate SYNTAX ipv6 pim rp candidate interface vlan vlan id group prefix group prefix interval seconds priority value no ipv6 pim rp candidate interface vlan vlan id vlan id VLAN...

Page 1966: ...there is a tie use the candidate RP with the highest IP address This distributed election process provides faster convergence and minimal disruption when an RP fails It also serves to provide load ba...

Page 1967: ...ys the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree SPT directly between...

Page 1968: ...ction process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with the hi...

Page 1969: ...y affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested to join this group W...

Page 1970: ...he show ipv6 pim rp mapping command to display active RPs that are cached with associated multicast routing entries EXAMPLE This example clears the RP map Console clear ipv6 pim bsr rp set Console sho...

Page 1971: ...ificant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before this entry will be removed Role Candidate BS...

Page 1972: ...01 via bootstrap Console Table 291 show ip pim rp mapping display description Field Description Groups The multicast group address mask length managed by the RP RP address IP address of the RP used fo...

Page 1973: ...1973 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1975 Troubleshooting on page 1981 License Information on page 1983...

Page 1974: ...SECTION IV Appendices 1974...

Page 1975: ...x SFP 1000BASE SX LX LH 1000 Mbps full duplex SFP 10GBASE SR LR ER 10 Gbps full duplex XFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unica...

Page 1976: ...yer 2 IPv4 MLD Snooping Layer 2 IPv6 IGMP Layer 3 Multicast VLAN Registration IPv4 IPv6 IP ROUTING ARP Proxy ARP Static routes CIDR Classless Inter Domain Routing RIP RIPv2 OSPFv2 OSPFv3 unicast routi...

Page 1977: ...IEEE 802 1AB Link Layer Discovery Protocol IEEE 802 1D 2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802...

Page 1978: ...2576 3410 3411 3413 3414 3415 SNTP RFC 2030 SSH Version 2 0 TELNET RFC 854 855 856 TFTP RFC 1350 VRRP RFC 3768 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS...

Page 1979: ...IEEE 802 1ad Provider Bridges Quality of Service MIB RADIUS Accounting Server MIB RFC 2621 RADIUS Authentication Client MIB RFC 2619 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MI...

Page 1980: ...APPENDIX A Software Specifications Management Information Bases 1980...

Page 1981: ...connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting a...

Page 1982: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Page 1983: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 1984: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Page 1985: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Page 1986: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Page 1987: ...TFTP server that contains the devices system files and the name of the boot file COS Class of Service is supported by prioritizing packets based on the required level of service and then placing them...

Page 1988: ...of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues EAPOL Extensible Authentication Protocol over LAN EAPOL is a client authentication protocol u...

Page 1989: ...otocol is a network layer protocol that reports errors in processing IP packets ICMP is also used by routers to feed back information about better routing choices IEEE 802 1D Specifies a general metho...

Page 1990: ...ls in an simple tree that uses IGMP Proxy IGMP QUERY On each subnetwork one IGMP capable device will act as the querier that is the device that asks all hosts to report on the IP multicast groups they...

Page 1991: ...han the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Inf...

Page 1992: ...ls such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Length Subnet Masks VLSM OUT OF BAND MANAGEMENT Management of the network from a station...

Page 1993: ...et alarms on a variety of traffic conditions including specific error types RSTP Rapid Spanning Tree Protocol RSTP reduces the convergence time for network topology changes to about 10 of that require...

Page 1994: ...hen TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accur...

Page 1995: ...ompany 894 banner configure dc power info 895 banner configure department 895 banner configure equipment info 896 banner configure equipment location 897 banner configure ip lan 897 banner configure l...

Page 1996: ...914 D databits 925 default information originate 1734 default information originate 1753 default metric 1735 default metric 1759 default metric 1799 default router 1636 delete 917 delete public key 1...

Page 1997: ...y server 1629 ip dhcp restart client 1627 ip dhcp restart relay 1630 ip dhcp snooping 1116 ip dhcp snooping database flash 1125 ip dhcp snooping information option 1118 ip dhcp snooping information op...

Page 1998: ...old 1944 ip pim state refresh origination interval 1937 ip pim trigger hello delay 1934 ip prefix list 1838 ip proxy arp 1657 ip rip authentication mode 1742 ip rip authentication string 1743 ip rip r...

Page 1999: ...im lan prune delay 1954 ipv6 pim max graft retries 1960 ipv6 pim override interval 1955 ipv6 pim propagation delay 1956 ipv6 pim register rate limit 1962 ipv6 pim register source 1963 ipv6 pim rp addr...

Page 2000: ...6 mst vlan 1286 mvr 1479 mvr associated profile 1479 mvr domain 1480 mvr immediate leave 1486 mvr priority 1482 mvr profile 1481 mvr proxy query interval 1481 mvr proxy switching 1483 mvr robustness v...

Page 2001: ...e interface 1811 password 928 password thresh 929 periodic 959 permit deny 1450 permit deny 1471 permit deny ARP ACL 1182 permit deny Extended IPv4 ACL 1166 permit deny Extended IPv6 ACL 1172 permit d...

Page 2002: ...n source 1233 S server 1048 service dhcp 1634 service policy 1421 set aggregator as 1908 set as path 1909 set atomic aggregate 1910 set comm list delete 1910 set community 1911 set cos 1419 set extcom...

Page 2003: ...ip dhcp snooping binding 1126 show ip extcommunity list 1895 show ip helper 1662 show ip host route 1726 show ip igmp authentication 1456 show ip igmp filter 1457 show ip igmp groups 1520 show ip igm...

Page 2004: ...how mvr statistics 1494 show mvr6 1507 show mvr6 associated profile 1508 show mvr6 interface 1509 show mvr6 members 1510 show mvr6 profile 1511 show mvr6 statistics 1511 show network access 1107 show...

Page 2005: ...8 spanning tree bpdu filter 1288 spanning tree bpdu guard 1289 spanning tree cost 1290 spanning tree edge port 1291 spanning tree forward time 1279 spanning tree hello time 1279 spanning tree link typ...

Page 2006: ...threshold rx power 1207 transceiver threshold temperature 1208 transceiver threshold tx power 1209 transceiver threshold voltage 1210 transceiver threshold auto 1205 transceiver threshold monitor 1206...

Page 2007: ...1172 IPv6 Standard 395 400 1170 1171 MAC 395 404 1176 time range 391 957 Address Resolution Protocol See ARP address table 263 1271 address count displaying 1275 aging time 267 1271 aging time display...

Page 2008: ...1597 1599 fault verification 548 1561 link trace cache 581 1591 1593 1594 link trace message 548 550 569 1561 1590 1591 1592 loop back messages 548 550 571 1561 1595 maintenance association 548 560 15...

Page 2009: ...licy to interface 339 1421 class map 326 1408 1412 class map description 1409 classifying QoS traffic 326 1410 color aware srTCM 334 1415 color aware trTCM 335 1417 color blind srTCM 334 1415 color bl...

Page 2010: ...s displaying 543 1331 version 530 1325 wait to block timer 540 wait to restore timer 540 1326 WTB timer 540 WTR timer 540 1326 Ethernet Ring Protection Switching See ERPS event logging 454 933 excess...

Page 2011: ...last member query count 625 1437 last member query interval 624 1437 proxy query address 625 1439 proxy query interval 624 1440 proxy query response interval 624 1441 proxy reporting 614 624 1428 quer...

Page 2012: ...ls displaying 480 1560 device statistics displaying 478 1560 display device information 466 470 1557 displaying remote information 470 1557 interface attributes configuring 461 1543 1554 local device...

Page 2013: ...ling 638 1461 query interval 639 1462 query maximum response time 639 1462 robustness value 639 1463 static port assignment 643 1466 static router port 641 1465 unknown multicast handling 639 1464 ver...

Page 2014: ...re MAC information 377 1108 1109 NTP authentication keys specifying 169 948 setting the system clock 168 949 951 specifying servers 168 950 O OAM active mode 586 1607 displaying settings and status 58...

Page 2015: ...ibutes 837 1928 1938 PIM DM 833 1927 configuring 833 1927 global configuration 835 837 840 1928 interface settings 837 1929 1936 neighbor routers 839 1936 PIM SM 833 840 1927 bootstrap router 842 1938...

Page 2016: ...ocol tunnel layer 2 1363 protocol VLANs 251 1371 configuring 252 1371 configuring groups 252 1372 configuring interfaces 253 1373 group configuration 252 1372 interface configuration 253 1373 proxy AR...

Page 2017: ...022 response to alarm setting 511 1019 statistics history collection 513 1020 statistics history displaying 515 1022 statistics collection 516 1021 statistics displaying 517 1023 root guard 284 1298 r...

Page 2018: ...esses setting 265 1272 static routes configuring 753 1724 statistics ARP 753 1652 1728 history for port 196 1199 history for trunk 196 1199 ICMP 1652 1728 IP 1652 1728 port 192 1198 TCP 1652 1728 UDP...

Page 2019: ...port members by interface range 235 displaying port members by VLAN index 234 dynamic assignment 373 1100 egress mode 231 1349 ingress filtering 232 1348 interface configuration 231 1346 1350 IP subne...

Page 2020: ...ECS4660 28F E102013 ST R03 149100000140A...

Search results

Summary of Contents for ECS4660-28F

Reviews:

Edge-Core ECS4660-28F, Management Manual, Page: 1128 / 2020

Search results

Summary of Contents for ECS4660-28F

Reviews: