Edge-Core ES3528MV2 Management Manual Download Page 965

Page: 965 / 1480

HAPTER

| Access Control Lists

MAC ACLs

– 965 –

XAMPLE

Console(config)#access-list mac jerry

Console(config-mac-acl)#

ELATED

OMMANDS

permit, deny (965)

mac access-group (968)

show mac access-list (969)

permit

deny

(MAC ACL)

This command adds a rule to a MAC ACL. The rule filters packets matching

a specified MAC source or destination address (i.e., physical layer address),

or Ethernet protocol type. Rules can also filter packets based on IPv4/v6

addresses, including Layer 4 ports and protocol types. Use the

form to

remove a rule.

YNTAX

{

permit

deny

}

{

any

host

source

source address-bitmask

}

{

any

host

destination

destination address-bitmask

}

[

vid

vid vid-bitmask

] [

ethertype

ethertype

[

ethertype

bitmask

]]

{{

{

any

host

source-ip

source-ip network-mask

}

{

any

host

destination-ip

destination-ip network-mask

}

{

ipv6

{

any

host

source-ipv6

source-ipv6/prefix-length

}

{

any

host

destination-ipv6

destination-ipv6/prefix-length

}}

[

protocol

protocol

]

[

l4-source-port

sport

[

port-bitmask

]]

[

l4-destination-port

dport

[

port-bitmask

]}]

[

time-range

time-range-name

]

{

permit

deny

}

{

any

host

source

source address-bitmask

}

{

any

host

destination

destination address-bitmask

}

[

vid

vid vid-bitmask

] [

ethertype

ethertype

[

ethertype

bitmask

]]

{{

{

any

host

source-ip

source-ip network-mask

}

{

any

host

destination-ip

destination-ip network-mask

}

{

ipv6

{

any

host

source-ipv6

source-ipv6/prefix-length

}

{

any

host

destination-ipv6

destination-ipv6/prefix-length

}}

[

protocol

protocol

]

[

l4-source-port

sport

[

port-bitmask

]]

[

l4-destination-port

dport

[

port-bitmask

]}]

Note:

The default is for Ethernet II packets.

Summary of Contents for ES3528MV2

Page 1: ...Management Guide www edge core com ES3528MV2 ES3528MV2 DC 28 Port Fast Ethernet Layer 2 Switch...

Page 2: ......

Page 3: ...h with 24 10 100BASE TX RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP ES3528MV2 DC FAST ETHERNET SWITCH Layer 2 Switch with DC power input with 24 10 100BASE TX RJ 45 Ports and 4 Gigabit Combi...

Page 4: ......

Page 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Page 6: ...c Trunk on page 173 Added the section Creating CVLAN to SPVLAN Mapping Entries on page 211 Added the section Configuring MAC Address Learning on page 227 Added the parameters Action and Shutdown Inter...

Page 7: ...page 563 Added description of RA Guard parameters under Configuring IPv6 Interface Settings on page 571 Added the section Specifying A DHCP Client Identifier on page 595 Added the section Configuring...

Page 8: ...scription of new command port security mac address as permanent on page 877 Added description of new command ip dhcp snooping limit rate on page 904 Added description of new command ipv6 dhcp snooping...

Page 9: ...mand loopback detection action on page 1048 and removed the command loopback detection mode Updated information in Command Usage section for the command show mac address table on page 1061 Added descr...

Page 10: ...ent log on page 1366 Added the section DHCP Relay Option 82 on page 1389 Updated the description of command ip address on page 1396 to include using classless subnet format for the ip address subnet m...

Page 11: ...witch 79 Configuration Options 79 Required Connections 80 Remote Connections 81 Basic Configuration 81 Console Connection 81 Setting Passwords 82 Setting an IP Address 83 Downloading a Configuration F...

Page 12: ...ystem Files 126 Automatic Operation Code Upgrade 127 Setting the System Clock 131 Setting the Time Manually 131 Setting the SNTP Polling Interval 132 Configuring NTP 133 Configuring Time Servers 134 S...

Page 13: ...93 IEEE 802 1Q VLANs 193 Configuring VLAN Groups 196 Adding Static Members to VLANs 198 Configuring Dynamic VLAN Registration 203 IEEE 802 1Q Tunneling 206 Enabling QinQ Tunneling on the Switch 210 Cr...

Page 14: ...Timers 266 Configuring ATC Thresholds and Responses 267 10 CLASS OF SERVICE 271 Layer 2 Queue Settings 271 Setting the Default Priority for Interfaces 271 Selecting the Queue Mode 272 Mapping CoS Val...

Page 15: ...ink Detection 334 Configuring a MAC Address Filter 335 Displaying Secure MAC Address Information 337 Configuring HTTPS 338 Configuring Global Settings for HTTPS 338 Replacing the Default Secure site C...

Page 16: ...P Source Guard 399 Configuring Static Bindings for IP Source Guard 401 Displaying Information for Dynamic IPv4 Source Guard Bindings 403 IPv6 Source Guard 404 Configuring Ports for IPv6 Source Guard 4...

Page 17: ...mote Monitoring 474 Configuring RMON Alarms 475 Configuring RMON Events 477 Configuring RMON History Samples 479 Configuring RMON Statistical Samples 482 Switch Clustering 484 Configuring General Sett...

Page 18: ...Remote Interfaces 556 Configuring a Remote Loop Back Test 557 Displaying Results of Remote Loop Back Testing 559 15 IP CONFIGURATION 561 Using the Ping Function 561 Using the Trace Route Function 563...

Page 19: ...ifying Static Interfaces for a Multicast Router 614 Assigning Interfaces to Multicast Services 616 Setting IGMP Snooping Status per Interface 618 Filtering IGMP Query Packets and Multicast Data 623 Di...

Page 20: ...ssigning Static MVR6 Multicast Groups to Interfaces 669 Displaying MVR6 Receiver Groups 670 Displaying MVR6 Statistics 671 SECTION III COMMAND LINE INTERFACE 677 18 USING THE COMMAND LINE INTERFACE 67...

Page 21: ...nner configure dc power info 703 banner configure department 703 banner configure equipment info 704 banner configure equipment location 705 banner configure ip lan 705 banner configure lp number 706...

Page 22: ...Commands 725 upgrade opcode auto 725 upgrade opcode path 726 upgrade opcode reload 727 show upgrade 728 Line 728 line 729 databits 730 exec timeout 730 login 731 parity 732 password 733 password thres...

Page 23: ...il 749 Time 749 SNTP Commands 750 sntp client 750 sntp poll 751 sntp server 752 show sntp 752 NTP Commands 753 ntp authenticate 753 ntp authentication key 753 ntp client 754 ntp server 755 show ntp 75...

Page 24: ...er location 776 show snmp 777 SNMP Target Host Commands 778 snmp server enable traps 778 snmp server host 779 snmp server enable port traps mac notification 781 show snmp server enable port traps 782...

Page 25: ...flow polling instance 805 sflow sampling instance 806 show sflow 807 24 AUTHENTICATION COMMANDS 809 User Accounts and Privilege Levels 810 enable password 810 username 811 privilege 812 show privilege...

Page 26: ...ounting dot1x 830 accounting commands 830 accounting exec 831 authorization exec 831 show accounting 832 Web Server 833 ip http port 833 ip http server 834 ip http secure port 834 ip http secure serve...

Page 27: ...re authentication 853 dot1x timeout quiet period 854 dot1x timeout re authperiod 854 dot1x timeout supp timeout 855 dot1x timeout tx period 856 dot1x re authenticate 856 Supplicant Commands 857 dot1x...

Page 28: ...ging 880 network access mac filter 881 mac authentication reauth time 882 network access dynamic qos 882 network access dynamic vlan 883 network access guest vlan 884 network access link detection 885...

Page 29: ...formation option circuit id 906 ip dhcp snooping trust 907 clear ip dhcp snooping binding 908 clear ip dhcp snooping database flash 908 ip dhcp snooping database flash 909 show ip dhcp snooping 909 sh...

Page 30: ...inspection validate 935 ip arp inspection vlan 936 ip arp inspection limit 937 ip arp inspection trust 937 show ip arp inspection configuration 938 show ip arp inspection interface 938 show ip arp ins...

Page 31: ...6 ACLs 958 access list ipv6 958 permit deny Standard IPv6 ACL 959 permit deny Extended IPv6 ACL 960 ipv6 access group 962 show ipv6 access group 963 show ipv6 access list 963 MAC ACLs 964 access list...

Page 32: ...threshold auto 989 transceiver monitor 990 transceiver threshold current 990 transceiver threshold rx power 992 transceiver threshold temperature 993 transceiver threshold tx power 994 transceiver th...

Page 33: ...ce 1022 rspan destination 1023 rspan remote vlan 1024 no rspan session 1025 show rspan 1025 30 CONGESTION CONTROL COMMANDS 1027 Rate Limit Commands 1027 rate limit 1028 Storm Control Commands 1029 sto...

Page 34: ...l 1044 show auto traffic control interface 1044 31 LOOPBACK DETECTION COMMANDS 1047 loopback detection 1048 loopback detection action 1048 loopback detection recover time 1049 loopback detection trans...

Page 35: ...rt 1080 spanning tree link type 1081 spanning tree loopback detection 1081 spanning tree loopback detection action 1082 spanning tree loopback detection release mode 1083 spanning tree loopback detect...

Page 36: ...rt 1110 rpl neighbor 1111 rpl owner 1112 version 1113 wtr timer 1114 clear erps statistics 1114 erps clear 1115 erps forced switch 1115 erps manual switch 1117 show erps 1119 36 VLAN COMMANDS 1125 GVR...

Page 37: ...1145 show dot1q tunnel 1146 Configuring L2CP Tunneling 1147 l2protocol tunnel tunnel dmac 1147 switchport l2protocol tunnel 1150 show l2protocol tunnel 1151 Configuring VLAN Translation 1151 switchpo...

Page 38: ...default 1172 show queue mode 1173 show queue weight 1173 Priority Commands Layer 3 and 4 1174 qos map cos dscp 1174 qos map dscp mutation 1176 qos map phb queue 1177 qos map trust mode 1178 show qos...

Page 39: ...211 ip igmp snooping version 1212 ip igmp snooping version exclusive 1212 ip igmp snooping vlan general query suppression 1213 ip igmp snooping vlan immediate leave 1214 ip igmp snooping vlan last mem...

Page 40: ...icast data drop 1238 MLD Snooping 1239 ipv6 mld snooping 1240 ipv6 mld snooping querier 1240 ipv6 mld snooping query interval 1241 ipv6 mld snooping query max response time 1241 ipv6 mld snooping robu...

Page 41: ...pv6 mld query drop 1256 show ipv6 mld throttle interface 1257 MVR for IPv4 1258 mvr 1259 mvr associated profile 1259 mvr domain 1260 mvr profile 1261 mvr proxy query interval 1261 mvr priority 1262 mv...

Page 42: ...ear mvr6 statistics 1288 show mvr6 1289 show mvr6 associated profile 1290 show mvr6 interface 1290 show mvr6 members 1291 show mvr6 profile 1292 show mvr6 statistics 1293 40 LLDP COMMANDS 1295 lldp 12...

Page 43: ...dp info local device 1314 show lldp info remote device 1315 show lldp info statistics 1317 41 CFM COMMANDS 1319 Defining CFM Structures 1322 ethernet cfm ais level 1322 ethernet cfm ais ma 1323 ethern...

Page 44: ...t cfm maintenance points remote crosscheck 1348 Link Trace Operations 1348 ethernet cfm linktrace cache 1348 ethernet cfm linktrace cache hold time 1349 ethernet cfm linktrace cache size 1349 ethernet...

Page 45: ...43 DOMAIN NAME SERVICE COMMANDS 1373 ip domain list 1373 ip domain lookup 1374 ip domain name 1375 ip host 1376 ip name server 1377 ipv6 host 1378 clear dns cache 1378 clear host 1379 show dns 1379 s...

Page 46: ...imeout 1403 clear arp cache 1403 show arp 1404 IPv6 Interface 1404 Interface Address Configuration and Utilities 1405 ipv6 default gateway 1405 ipv6 address 1406 ipv6 address autoconfig 1408 ipv6 addr...

Page 47: ...ng 1435 ipv6 nd snooping trust 1435 clear ipv6 nd snooping binding 1436 clear ipv6 nd snooping prefix 1436 show ipv6 nd snooping 1437 show ipv6 nd snooping binding 1437 show ipv6 nd snooping prefix 14...

Page 48: ...CONTENTS 48...

Page 49: ...ring NTP 134 Figure 15 Specifying SNTP Time Servers 135 Figure 16 Adding an NTP Time Server 136 Figure 17 Showing the NTP Time Server List 136 Figure 18 Adding an NTP Authentication Key 137 Figure 19...

Page 50: ...nk 173 Figure 48 Showing Information for Static Trunks 173 Figure 49 Configuring Dynamic Trunks 173 Figure 50 Configuring the LACP Aggregator Admin Key 176 Figure 51 Enabling LACP on a Port 177 Figure...

Page 51: ...otocol VLANs 216 Figure 84 Displaying Protocol VLANs 216 Figure 85 Assigning Interfaces to Protocol VLANs 218 Figure 86 Showing the Interface to Protocol Group Mapping 218 Figure 87 Configuring IP Sub...

Page 52: ...re 119 Adding a VLAN to an MST Instance 258 Figure 120 Displaying Members of an MST Instance 258 Figure 121 Configuring MSTP Interface Settings 260 Figure 122 Displaying MSTP Interface Settings 260 Fi...

Page 53: ...314 Figure 158 Showing AAA Server Groups 315 Figure 159 Configuring Global Settings for AAA Accounting 317 Figure 160 Configuring AAA Accounting Methods 318 Figure 161 Showing AAA Accounting Methods 3...

Page 54: ...owing the Rules Configured for a Time Range 353 Figure 192 Showing TCAM Utilization 354 Figure 193 Creating an ACL 355 Figure 194 Showing a List of ACLs 356 Figure 195 Configuring a Standard IPv4 ACL...

Page 55: ...Global Settings for DHCP Snooping 413 Figure 229 Configuring DHCP Snooping on a VLAN 414 Figure 230 Configuring the Port Mode for DHCP Snooping 416 Figure 231 Displaying the Binding Table for DHCP Sno...

Page 56: ...Pv1 469 Figure 264 Configuring Trap Managers SNMPv2c 469 Figure 265 Configuring Trap Managers SNMPv3 470 Figure 266 Showing Trap Managers 470 Figure 267 Creating SNMP Notification Logs 472 Figure 268...

Page 57: ...ains 526 Figure 301 Creating Maintenance Associations 529 Figure 302 Showing Maintenance Associations 530 Figure 303 Configuring Detailed Settings for Maintenance Associations 531 Figure 304 Configuri...

Page 58: ...336 Configuring an IPv6 Address 578 Figure 337 Showing Configured IPv6 Addresses 580 Figure 338 Showing IPv6 Neighbors 581 Figure 339 Showing IPv6 Statistics IPv6 586 Figure 340 Showing IPv6 Statistic...

Page 59: ...Figure 373 Showing the IGMP Filtering Profiles Created 631 Figure 374 Adding Multicast Groups to an IGMP Filtering Profile 632 Figure 375 Showing the Groups Assigned to an IGMP Filtering Profile 632...

Page 60: ...an MVR6 Group Address Profile to a Domain 666 Figure 405 Showing MVR6 Group Address Profiles Assigned to a Domain 666 Figure 406 Configuring Interface Settings for MVR6 668 Figure 407 Assigning Static...

Page 61: ...ority Mapping 275 Table 15 CoS Priority Levels 275 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 276 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 280 Table 18 De...

Page 62: ...evice Designation Commands 699 Table 48 Banner Commands 700 Table 49 System Status Commands 709 Table 50 Frame Size Commands 717 Table 51 Flash File Commands 718 Table 52 File Directory Information 72...

Page 63: ...ermediate Agent Commands 865 Table 85 show pppoe intermediate agent statistics display description 871 Table 86 General Security Commands 873 Table 87 Port Security Commands 874 Table 88 show port sec...

Page 64: ...Commands 1031 Table 121 Loopback Detection Commands 1047 Table 122 UniDirectional Link Detection Commands 1053 Table 123 show udld display description 1056 Table 124 Address Table Commands 1059 Table...

Page 65: ...s vlan query display description 1226 Table 157 Static Multicast Interface Commands 1226 Table 158 IGMP Filtering and Throttling Commands 1227 Table 159 IGMP Authentication RADIUS Attribute Value Pair...

Page 66: ...Table 186 OAM Commands 1361 Table 187 Address Table Commands 1373 Table 188 show dns cache display description 1380 Table 189 show hosts display description 1381 Table 190 DHCP Commands 1383 Table 19...

Page 67: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 68: ...SECTION I Getting Started 68...

Page 69: ...eneral Security Measures AAA ARP Inspection DHCP Snooping with Option 82 relay information IP Source Guard PPPoE Intermediate Agent Port Authentication IEEE 802 1X Port Security MAC address filtering...

Page 70: ...an be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE Store and Forward Switching Supported to en...

Page 71: ...GURATION You can manually configure the speed duplex mode and flow control used on specific ports or use auto negotiation to detect the connection settings used by the attached device Use full duplex...

Page 72: ...1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addre...

Page 73: ...k The switch supports tagged VLANs based on the IEEE 802 1Q standard Members of VLAN groups can be dynamically learned via GVRP or ports can be manually assigned to a specific set of VLANs This allows...

Page 74: ...traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding ETHERNET RING PRO...

Page 75: ...device location details The LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology SYSTEM DEFA...

Page 76: ...negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 64 kbits sec Multicast Dis...

Page 77: ...nt Enabled DNS Proxy service Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled MLD Snooping Layer 2 IPv6 Snooping Enabled Querier Disabled Multicast V...

Page 78: ...CHAPTER 1 Introduction System Defaults 78...

Page 79: ...lorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by...

Page 80: ...configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a terminal emulation program to the switch You can use the console cabl...

Page 81: ...here within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web bro...

Page 82: ...p to 32 alphanumeric characters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password ad...

Page 83: ...subnet can only be manually configured as described in Assigning an IPv6 Address on page 84 MANUAL CONFIGURATION You can manually assign an IP address to the switch You may also need to specify a def...

Page 84: ...ion 6 on page 570 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6 for all d...

Page 85: ...r For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 73 8 To generate an IPv6 global unicast address for the switch complete th...

Page 86: ...r BOOTP and DHCP values can include the IP address subnet mask and default gateway If the DHCP BOOTP server is slow to respond you may need to use the ip dhcp restart client command to re start broadc...

Page 87: ...ddress There are several ways to configure IPv6 addresses The simplest method is to automatically generate a link local address identified by an address prefix of FE80 This address type makes the swit...

Page 88: ...ter 2 From the interface prompt type ipv6 address autoconfig and press Enter 3 Type ipv6 enable and press Enter to enable IPv6 on an interface that has not been configured with an explicit IPv6 addres...

Page 89: ...lient requests If the switch fails to download the bootup configuration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not rec...

Page 90: ...2 168 255 160 192 168 255 200 option routers 192 168 255 101 option tftp server name 192 168 255 100 Default Option 66 option bootfile name bootfile Default Option 67 class Option66 67_2 DHCP Option 6...

Page 91: ...ages from the switch You therefore need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are...

Page 92: ...ONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign...

Page 93: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 122 for more information Diagnostic Code Software that is run during system boot up also know...

Page 94: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Page 95: ...Interface Configuration on page 149 VLAN Configuration on page 193 Address Table Settings on page 227 Spanning Tree Algorithm on page 237 Rate Limit Configuration on page 227 Storm Control Configurat...

Page 96: ...SECTION II Web Configuration 96...

Page 97: ...page 83 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setti...

Page 98: ...for most configuration parameters Refer to Configuring User Accounts on page 324 for more details HOME PAGE When your web browser connects with the switch s web agent the home page is displayed as sho...

Page 99: ...s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Figure 2 Fro...

Page 100: ...ows the transfer and copying files 122 Set Startup Sets the startup file 125 Show Shows the files stored in flash memory allows deletion of files 126 Automatic Operation Code Upgrade Automatically upg...

Page 101: ...any cable faults short open etc and report the cable length 168 Trunk Static 171 Configure Trunk 171 Add Creates a trunk along with the first port member 171 Show Shows the configured trunk identifier...

Page 102: ...Static Add Creates VLAN groups 196 Show Displays configured VLAN groups 196 Modify Configures group name and administrative status 196 Edit Member by VLAN Specifies VLAN attributes per VLAN 198 Edit M...

Page 103: ...29 Add Configures static entries in the address table 229 Show Displays static entries in the address table 229 Dynamic Configure Aging Sets timeout for dynamically learned entries 231 Show Dynamic MA...

Page 104: ...eded the upper threshold and the time to release the control response after traffic has fallen beneath the lower threshold 266 Configure Interface Sets the storm control mode broadcast or multicast th...

Page 105: ...to the VoIP device manufacturer 303 Show Shows the OUI telephony list 303 Configure Interface Configures VoIP traffic settings for ports including the way in which a port is added to the Voice VLAN f...

Page 106: ...ation and access to the network when 802 1X or Network Access authentication are infeasible or impractical 326 Configure Global Configures general protocol settings 326 Configure Interface Enables Web...

Page 107: ...es packet filtering based on IP or MAC addresses and other packet attributes 354 Show Rule Shows the rules specified for an ACL 354 Configure Interface Binds a port to the specified ACL and time range...

Page 108: ...IPv6 traffic based on static entries in the IP Source Guard table or dynamic entries in the DHCP Snooping table 404 Port Configuration Enables IPv6 source guard and selects filter type per port 404 St...

Page 109: ...iew 452 Show OID Subtree Shows the subtrees assigned to each view 452 Configure Group 455 Add Adds a group with access policies for assigned users 455 Show Shows configured groups and access policies...

Page 110: ...les clustering for the switch sets Commander status 485 Configure Member Adds switch Members to the cluster 486 Show Member Shows cluster switch member managed switch members 488 ERPS Ethernet Ring Pr...

Page 111: ...e connectivity faults by requesting a target node to echo the message back to the source 536 Transmit Delay Measure Sends periodic delay measure requests to a specified MEP within a maintenance associ...

Page 112: ...in the IPv6 neighbor discovery cache 580 Show Statistics 581 IPv6 Shows statistics about IPv6 traffic 581 ICMPv6 Shows statistics about ICMPv6 messages 581 UDP Shows statistics about UDP messages 581...

Page 113: ...ures parameters for multicast snooping 610 Multicast Router 614 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 614 Show Static Multicast Router Displays...

Page 114: ...es the immediate leave status of a VLAN 636 Multicast Router Statically attach an interface to an IPv6 multicast router 637 Add Specifies the interface to be attached to the IPv6 multicast router 637...

Page 115: ...e Profile 663 Add Configures multicast stream addresses 663 Show Shows multicast stream addresses 663 Associate Profile 663 Add Maps an address profile to a domain 663 Show Shows addresses profile to...

Page 116: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 116...

Page 117: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring The Console Port Sets console port connection parameters Configuring Telnet Settings...

Page 118: ...e Name assigned to the switch system System Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To configure general system information 1 Click...

Page 119: ...Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number of EEPROM Programmable Logic De...

Page 120: ...ystem Management Commands on page 699 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is...

Page 121: ...st addresses Refer to Setting Static Addresses on page 229 VLAN Version Number Based on IEEE 802 1Q 1 indicates Bridges that support only single spanning tree SST operation and 2 indicates Bridges tha...

Page 122: ...ystem File Copy page to upload download firmware or configuration settings using FTP TFTP or HTTP By backing up a file to an FTP TFTP server or management station that file can later be downloaded to...

Page 123: ...firmware File Name The file name should not contain slashes or and the maximum length for file names is 32 characters for files on the switch or 128 characters for files on the server Valid characters...

Page 124: ...tion settings are not automatically saved by the system for subsequent use when the switch is rebooted You must save these settings to the current startup file or to another file which can be subseque...

Page 125: ...5 Then click Apply Figure 8 Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING...

Page 126: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Page 127: ...he file name of the code stored on the remote server must be es3528mv2 bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this ma...

Page 128: ...switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgra...

Page 129: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Page 130: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Page 131: ...time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on t...

Page 132: ...S Time on page 749 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time u...

Page 133: ...between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers The authentication keys and their a...

Page 134: ...address for up to three SNTP time servers CLI REFERENCES sntp server on page 752 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three...

Page 135: ...time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by the serve...

Page 136: ...key list CLI REFERENCES ntp authentication key on page 753 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key List to us...

Page 137: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Page 138: ...You can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 760 PARAMETERS The following...

Page 139: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Page 140: ...E To configure parameters for the console port 1 Click System then Console 2 Specify the connection parameters as required 3 Click Apply Figure 21 Console Port Settings CONFIGURING TELNET SETTINGS Use...

Page 141: ...detected within the timeout interval the current session is terminated Range 60 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of f...

Page 142: ...cpu on page 711 PARAMETERS The following parameters are displayed Time Interval The interval at which to update the displayed utilization rate Options 1 5 10 30 60 seconds Default 1 second CPU Utiliza...

Page 143: ...utilization parameters CLI REFERENCES show memory on page 710 PARAMETERS The following parameters are displayed Free Size The amount of memory currently free for use Used Size The amount of memory al...

Page 144: ...lays information on the next scheduled reload and selected reload mode as shown in the following example The switch will be rebooted at March 9 12 00 00 2012 Remaining Time 0 days 2 hours 46 minutes 5...

Page 145: ...ularly Specifies a periodic interval at which to reload the switch Time HH The hour at which to reload Range 00 23 MM The minute at which to reload Range 00 59 Period Daily Every day Weekly Day of the...

Page 146: ...CHAPTER 4 Basic Management Tasks Resetting the System 146 Figure 25 Restarting the Switch Immediately Figure 26 Restarting the Switch In...

Page 147: ...CHAPTER 4 Basic Management Tasks Resetting the System 147 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Page 148: ...CHAPTER 4 Basic Management Tasks Resetting the System 148...

Page 149: ...Displaying Transceiver Data Displays identifying information and operational parameters for optical transceivers which support DDM Configuring Transceiver Thresholds Configures thresholds for alarm a...

Page 150: ...under auto negotiation the required operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be u...

Page 151: ...ation 10f Supports 10 Mbps full duplex operation 100h Supports 100 Mbps half duplex operation 100f Supports 100 Mbps full duplex operation 1000f Gigabit ports only Supports 1000 Mbps full duplex opera...

Page 152: ...ce capabilities to advertise or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page...

Page 153: ...rameters are displayed Port Port identifier Type Indicates the port type 100BASE TX 1000BASE T 100BASE SFP or 1000BASE SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Stat...

Page 154: ...ng as described in this section or from one or more source ports on remote switches to a destination port on this switch remote port mirroring as described in Configuring Remote Port Mirroring on page...

Page 155: ...or the traffic on the source port Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Both WEB INTERFACE To configure a local mirror session 1 C...

Page 156: ...to any RSPAN destination port monitoring the RSPAN VLAN as shown in the figure below Figure 35 Configuring Remote Port Mirroring CLI REFERENCES RSPAN Mirroring Commands on page 1020 COMMAND USAGE Traf...

Page 157: ...this switch RSPAN Ports Only ports can be configured as an RSPAN source destination or uplink static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface so...

Page 158: ...ed traffic from one or more sources to one or more destinations Destination Specifies this device as a switch configured with a destination port which is to receive mirrored traffic for this session R...

Page 159: ...d and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the traffic exiting the destination port to the monitoring device car...

Page 160: ...statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per seco...

Page 161: ...el protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Received Unknown Packets The number of packets r...

Page 162: ...ets Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long e...

Page 163: ...rop down list 4 Use the Refresh button at the bottom of the page if you need to update the screen Figure 39 Showing Port Statistics Table To show a chart of port statistics 1 Click Interface Port Char...

Page 164: ...and operational for optical transceivers which support Digital Diagnostic Monitoring DDM CLI REFERENCES show interfaces transceiver on page 996 PARAMETERS These parameters are displayed Port Port num...

Page 165: ...nctional parameters for optical transceivers 1 Click Interface Port Transceiver 2 Select a port from the scroll down list Figure 41 Displaying Transceiver Data CONFIGURING TRANSCEIVER THRESHOLDS Use t...

Page 166: ...tal Diagnostic Monitoring DDM provides information on transceiver parameters Trap Sends a trap when any of the transceiver s operation values falls outside of specified thresholds Default Disabled Aut...

Page 167: ...eshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be generated until the sampled value has risen above the low thresh...

Page 168: ...USAGE Cable diagnostics are performed using Digital Signal Processing DSP test methods DSP analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that pulse...

Page 169: ...or the approximate cable length if no fault is found To ensure more accurate measurement of the length to a fault first disable power saving mode on the link partner before running cable diagnostics...

Page 170: ...aced in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trunk the...

Page 171: ...s switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the po...

Page 172: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 46 Adding Static Trunks Members To configure connection parame...

Page 173: ...3 Select Show Information from the Action list Figure 48 Showing Information for Static Trunks CONFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic pages to set the administrative key for an ag...

Page 174: ...admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that group N...

Page 175: ...mined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the Partner System Priority LACP system priority...

Page 176: ...he command attributes have the same meaning as those used for the port actor WEB INTERFACE To configure the admin key for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Aggregator...

Page 177: ...igure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 52 Configuring LACP Parameters on a Po...

Page 178: ...re from the Action List 4 Modify the required interface settings See Configuring by Port List on page 150 for a description of the interface settings 5 Click Apply Figure 54 Configuring Connection Set...

Page 179: ...Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marke...

Page 180: ...CPDU information Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive m...

Page 181: ...rnal 5 Select a group member from the Port list Figure 57 Displaying LACP Port Internal Information Admin State Oper State continued Aggregation The system considers this link to be aggregatable i e a...

Page 182: ...n Information Parameter Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port...

Page 183: ...IP Address All traffic with the same destination IP address is output on the same link in a trunk This mode works best for switch to router trunk links where traffic through the switch is destined fo...

Page 184: ...C Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from man...

Page 185: ...on exists When using power savings mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and m...

Page 186: ...rs are displayed Port Power saving mode only applies to the Gigabit Ethernet ports using copper media Power Saving Status Adjusts the power provided to ports based on the length of the cable used to c...

Page 187: ...ts allowing different clients to share access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Globa...

Page 188: ...ed on the settings specified by other functions such as VLANs and spanning tree protocol A port cannot be configured in both an uplink and downlink list A port can only be assigned to one traffic segm...

Page 189: ...rface to the segmented group by setting the direction to uplink or downlink Default Uplink Interface Displays a list of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 1...

Page 190: ...ge 1138 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Page 191: ...nstance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be all...

Page 192: ...CHAPTER 5 Interface Configuration VLAN Trunking 192 Figure 65 Configuring VLAN Trunking...

Page 193: ...n Maps VLAN IDs between the customer and the service provider IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provid...

Page 194: ...oup s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate...

Page 195: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Page 196: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Page 197: ...ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows if RSPAN is enabled on this VLAN see Configuring Remote Port Mirroring on page 156 WE...

Page 198: ...howing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a range of interfaces Use the menus for editing port memb...

Page 199: ...unk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the...

Page 200: ...ort will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is fo...

Page 201: ...et the Interface type to display as Port or Trunk 4 Modify the settings for any interface as required 5 Click Apply Figure 71 Configuring Static Members by VLAN Index To configure static members by in...

Page 202: ...e Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress filterin...

Page 203: ...globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets received on this port will be discarded and no GVRP registrations wi...

Page 204: ...tch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch 1 Click VLAN Dynamic 2 Select Co...

Page 205: ...N Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 76 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click V...

Page 206: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Page 207: ...tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags...

Page 208: ...l to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If...

Page 209: ...3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tun...

Page 210: ...D This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example if 0x1234 is set as the custom 802...

Page 211: ...ag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes ac...

Page 212: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 80 Configuring CVLAN to SPVLAN Mapp...

Page 213: ...e attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set t...

Page 214: ...uired protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure protocol based VLAN...

Page 215: ...VLAN Group Range 1 2147483647 NOTE Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet tra...

Page 216: ...he VLAN Protocol Configure Interface Add page to map a protocol group to a VLAN for each interface that will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces...

Page 217: ...of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 12 Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which m...

Page 218: ...nterfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a po...

Page 219: ...P subnet consists of an IP address and a mask The specified VLAN need not be an existing VLAN When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLA...

Page 220: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Page 221: ...MAC addresses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VL...

Page 222: ...e VLANs to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source VLAN s in a completely unobtrusive manne...

Page 223: ...t cannot be set to the same target ports as that used for port mirroring see Configuring Local Port Mirroring on page 154 When traffic matches the rules for both port mirroring and for mirroring of VL...

Page 224: ...evice can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream traffic For...

Page 225: ...PARAMETERS These parameters are displayed Old VLAN The original VLAN ID Range 1 4094 New VLAN The new VLAN ID Range 1 4094 WEB INTERFACE To configure VLAN translation 1 Click VLAN Translation 2 Selec...

Page 226: ...CHAPTER 6 VLAN Configuration Configuring VLAN Translation 226...

Page 227: ...ed source address to a target port CONFIGURING MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on pa...

Page 228: ...ity Status see Configuring Port Security on page 382 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range...

Page 229: ...ollowing characteristics Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be writt...

Page 230: ...m the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 97 Configuring Static MAC Addresses...

Page 231: ...ddress table aging time on page 1059 PARAMETERS These parameters are displayed Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 844 seco...

Page 232: ...RENCES show mac address table on page 1061 PARAMETERS These parameters are displayed Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk MAC Address Ph...

Page 233: ...parameters are displayed Clear by All entries can be cleared or you can clear the entries for a specific MAC address all the entries in a VLAN or all the entries associated with a port or trunk WEB I...

Page 234: ...get port will be mirrored to the destination port All mirror sessions must share the same destination port Spanning Tree BPDU packets are not mirrored to the target port When mirroring port traffic th...

Page 235: ...packets based on a MAC address 1 Click MAC Address Mirror 2 Select Add from the Action list 3 Specify the source MAC address and destination port 4 Click Apply Figure 102 Mirroring Packets Based on th...

Page 236: ...CHAPTER 7 Address Table Settings Configuring MAC Address Mirroring 236...

Page 237: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Page 238: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Page 239: ...cations with STP or RSTP nodes in the global network Figure 106 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Commo...

Page 240: ...f loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection w...

Page 241: ...e will be automatically enabled when the shutdown interval has expired If an interface is shut down due to a detected loopback and the release mode is set to Manual the interface can be re enabled usi...

Page 242: ...he RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridg...

Page 243: ...y is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the...

Page 244: ...lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconverge All device ports except for desi...

Page 245: ...ure key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision3 The revision for this MSTI Range 0 65535 Default 0 Region Name3...

Page 246: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 246 Figure 108 Configuring Global Settings for STA STP Figure 109 Configuring Global Settings for STA RSTP...

Page 247: ...ing tree on page 1090 show spanning tree mst configuration on page 1092 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique ide...

Page 248: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 111 Displaying Global Settings for STA CO...

Page 249: ...network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter i...

Page 250: ...ing tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding...

Page 251: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Page 252: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Page 253: ...designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tre...

Page 254: ...Step list 3 Select Show Information from the Action list Figure 114 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Page 255: ...bridges within the same MSTI Region page 242 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Page 256: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Page 257: ...e priority for an MSTP Instance 5 Click Apply Figure 117 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Page 258: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 11...

Page 259: ...in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree Thi...

Page 260: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 121 Co...

Page 261: ...e Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface Rat...

Page 262: ...e Traffic Storm Control page to configure broadcast multicast and unknown unicast storm control thresholds Traffic storms may occur when a device on your network is malfunctioning or if application pr...

Page 263: ...rol on the same interface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface PARAMETERS These parameters are displayed Interface Displays...

Page 264: ...esholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port CLI REFERENCES Automatic Traffic Control Commands on page 1031 COMMAND USAGE ATC includes sto...

Page 265: ...Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using Manual Control Release see page 267 The traffic control response of...

Page 266: ...se it must be manually re enabled using the Manual Control Release see page 267 PARAMETERS These parameters are displayed in the web interface Broadcast Apply Timer The interval after the upper thresh...

Page 267: ...d Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be a...

Page 268: ...ets per second Default 250 pps If rate limiting has been configured as a control response and Auto Control Release is enabled rate limiting will be discontinued after the traffic rate has fallen benea...

Page 269: ...omatic Storm Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response...

Page 270: ...CHAPTER 9 Congestion Control Automatic Traffic Control 270...

Page 271: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Page 272: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 129 Setting the Default Port Priority...

Page 273: ...time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode applies to all int...

Page 274: ...weighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first...

Page 275: ...and weighted queuing Up to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in Table...

Page 276: ...queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Select a port 4 Map an internal PHB to a hardware queue Depe...

Page 277: ...s 277 Figure 133 Mapping CoS Values to Egress Queues To show the internal PHB to hardware queue map 1 Click Traffic Priority PHB to Queue 2 Select Show from the Action list 3 Select an interface Figur...

Page 278: ...ne the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It should not be ne...

Page 279: ...S Use the Traffic Priority DSCP to DSCP page to map DSCP values in incoming packets to per hop behavior and drop precedence values for internal priority processing The DSCP is six bits wide allowing c...

Page 280: ...DSCP value in ingress packets Range 0 63 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for Random Early Detection in controlling traffic...

Page 281: ...Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any DSCP value 5 Click Apply Figure 136 Configuring DSCP to DSCP Internal Mapping To show the DSCP to intern...

Page 282: ...of three bits for per hop behavior PHB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used by Random Early Detection RED to control traffi...

Page 283: ...o DSCP 2 Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any of the CoS CFI combinations 5 Click Apply Figure 138 Configuring CoS to DSCP Internal Mapping T...

Page 284: ...e Layer 3 4 Priority Settings 284 To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list 3 Select a port Figure 139 Showing CoS...

Page 285: ...ies different kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pa...

Page 286: ...lso be configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface pag...

Page 287: ...an access control list Any type of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6...

Page 288: ...t the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic for t...

Page 289: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Page 290: ...excess burst size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that som...

Page 291: ...throughput exceeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control qu...

Page 292: ...Tp is decremented by B else the packet is green and both Tp and Tc are decremented by B The trTCM can be used to mark a IP packet stream in a service where different decreasing levels of assurances e...

Page 293: ...DSCP value for a matching packet as specified in rule settings for a class map Range 0 63 Meter Check this to define the maximum throughput burst rate and the action that results from a policy violat...

Page 294: ...es that the incoming packets are pre colored The functional differences between these modes is described at the beginning of this section under srTCM Police Meter Committed Information Rate CIR Rate i...

Page 295: ...lor Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional differences between these modes is described at the b...

Page 296: ...t of conformance traffic Violate Specifies whether the traffic that exceeds the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority...

Page 297: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Page 298: ...Policies 298 Figure 146 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Page 299: ...vice policy to the required interface PARAMETERS These parameters are displayed Port Specifies a port Ingress Applies the selected rule to ingress traffic Egress Applies the selected rule to egress tr...

Page 300: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 300...

Page 301: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Page 302: ...hip is not set to access mode see Adding Static Members to VLANs on page 198 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Page 303: ...I REFERENCES Configuring Voice VLANs on page 1161 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 8...

Page 304: ...fine a MAC address range 6 Enter a description for the devices 7 Click Apply Figure 150 Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment 1 Click Traffic VoIP 2 Sel...

Page 305: ...Auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1AB LLDP When OUI is se...

Page 306: ...ning Age starts to count down when the OUI s MAC address expires from the MAC address table Therefore the MAC address aging time should be added to the overall aging time For example if you configure...

Page 307: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Page 308: ...Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for services that us...

Page 309: ...access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentication server based on RADIUS or TACACS protocols to verify management ac...

Page 310: ...urity AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Service RADIUS and Terminal Access Contr...

Page 311: ...he authentication server The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authen...

Page 312: ...pecifies the index number of the server to be configured The switch currently supports only one TACACS server Server IP Address Address of the TACACS server A Server Index entry must be selected to di...

Page 313: ...fined see Configuring Local Remote Logon Authentication on page 309 WEB INTERFACE To configure the parameters for RADIUS or TACACS authentication 1 Click Security AAA Server 2 Select Configure Server...

Page 314: ...TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server...

Page 315: ...methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 824 COMMAND USAGE AAA authentication through a RADIUS or TACA...

Page 316: ...cal Remote Logon Authentication on page 309 Any other group name refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the ser...

Page 317: ...and associated server group has not been assigned to an interface Show Information Statistics User Name Displays a registered user name Accounting Type Displays the accounting service Interface Displ...

Page 318: ...the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 160 Configuring...

Page 319: ...ific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select...

Page 320: ...igure 164 Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types 1 Click Security AAA Acco...

Page 321: ...This feature performs authorization to determine if a user is allowed to run an Exec shell AAA authentication through a RADIUS or TACACS server must be enabled before authorization is enabled PARAMET...

Page 322: ...ctions Show Information Authorization Type Displays the authorization service Method Name Displays the user defined or default accounting method Server Group Name Displays the authorization server gro...

Page 323: ...onfigure Method from the Step list 3 Select Show from the Action list Figure 168 Showing AAA Authorization Methods To configure the authorization method applied to local console Telnet or SSH connecti...

Page 324: ...admin with the password admin The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should ther...

Page 325: ...onfigure encrypted passwords Password Specifies the user password Range 0 32 characters case sensitive Confirm Password Re type the string entered in the previous field to ensure no errors were made T...

Page 326: ...n is successful the web browser is forwarded on to the originally requested web page Successful authentication is valid for all hosts connected to the port NOTE RADIUS authentication must be activated...

Page 327: ...ttempts Default 3 attempts WEB INTERFACE To configure global parameters for web authentication 1 Click Security Web Authentication 2 Select Configure Global from the Step list 3 Enable web authenticat...

Page 328: ...thenticate Ends all authenticated web sessions for selected host IP addresses in the Authenticated Host List and forces the users to re authenticate WEB INTERFACE To enable web authentication for a po...

Page 329: ...nly if the source MAC address is successfully authenticated by a central RADIUS server While authentication for a MAC address is in progress all traffic is blocked until authentication is completed On...

Page 330: ...ingress rate limit profile value is 100 kbps If duplicate profiles are passed in the Filter ID attribute then only the first profile is used For example if the attribute is service policy in p1 servic...

Page 331: ...basis however there are two configurable parameters that apply globally to all ports on the switch Use the Security Network Access Configure Global page to configure MAC address authentication aging...

Page 332: ...ts including enabling address authentication setting the maximum MAC count and enabling dynamic VLAN or dynamic QoS assignments CLI REFERENCES Network Access MAC Address Authentication on page 879 PAR...

Page 333: ...ANs Default Enabled The VLAN settings specified by the first authenticated MAC address are implemented for a port Other authenticated MAC addresses on the port must have the same VLAN configuration or...

Page 334: ...FERENCES Network Access MAC Address Authentication on page 879 PARAMETERS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condi...

Page 335: ...e to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port C...

Page 336: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Page 337: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Page 338: ...CES Web Server on page 833 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Page 339: ...local address PARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used f...

Page 340: ...nique certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earlies...

Page 341: ...g the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Page 342: ...both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentica...

Page 343: ...onal Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Settings p...

Page 344: ...eed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whet...

Page 345: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Page 346: ...y pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch an...

Page 347: ...Click Clear Figure 185 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Page 348: ...a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version...

Page 349: ...4 protocol port number or TCP control code IPv6 frames based on address DSCP or next header type or any frames based on MAC address or Ethernet type To filter incoming packets first create an access l...

Page 350: ...entries in TCAM where n is the fixed number of TCAM entries needed for one ACE When compression is employed before writing the ACE into TCAM the software compresses the ACEs to reduce the number of re...

Page 351: ...and one of the periodic time ranges PARAMETERS These parameters are displayed Add Time Range Name Name of a time range Range 1 16 characters Add Rule Time Range Name of a time range Mode Absolute Spe...

Page 352: ...t 3 Select Show from the Action list Figure 189 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Page 353: ...Time Range SHOWING TCAM UTILIZATION Use the Security ACL Configure ACL Show TCAM page to show utilization parameters for TCAM Ternary Content Addressable Memory including the number policy control ent...

Page 354: ...he number of policy control entries available for use Entries Used by System The number of policy control entries used by the operating system Entries Used by User The number of policy control entries...

Page 355: ...P control code IPv6 Standard IPv6 ACL mode filters packets based on the source IPv6 address IPv6 Extended IPv6 ACL mode filters packets based on the source or destination IP address as well as DSCP an...

Page 356: ...n page 953 show ip access list on page 957 Time Range on page 762 PARAMETERS These parameters are displayed Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching...

Page 357: ...ich this ACL has been assigned Time Range Name of a time range WEB INTERFACE To add rules to an IP Standard ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from th...

Page 358: ...Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 356 Source Destination Port Source destination port number for the specified protocol...

Page 359: ...code 2 control bit mask 18 Time Range Name of a time range WEB INTERFACE To add rules to an IPv4 Extended ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the...

Page 360: ...permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specif...

Page 361: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Page 362: ...exadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Destination Prefix Length A decimal value indicat...

Page 363: ...Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefix 8 If you sele...

Page 364: ...with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source or desti...

Page 365: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Page 366: ...Default IP Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or...

Page 367: ...e Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you selec...

Page 368: ...group on page 957 mac access group on page 968 show mac access group on page 969 Time Range on page 762 PARAMETERS These parameters are displayed Type Selects the type of ACLs to bind to a port Port...

Page 369: ...ssing the source VLAN s in a completely unobtrusive manner CLI REFERENCES Local Port Mirroring Commands on page 1017 COMMAND USAGE ACL based mirroring is only used for ingress traffic To mirror an ACL...

Page 370: ...m the Step list 3 Select Add Mirror from the Action list 4 Select a port 5 Select the name of an ACL from the ACL list 6 Click Apply Figure 202 Configuring ACL Mirroring To show the ACLs to be mirrore...

Page 371: ...egress traffic Name The ACL bound this port Action Shows if action is to permit or deny specified packets Rules Shows the rules for the ACL bound to this port Time Range The time during which this ACL...

Page 372: ...database see DHCP Snooping Configuration on page 412 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection can also validate ARP...

Page 373: ...EFERENCES ARP Inspection on page 931 COMMAND USAGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspectio...

Page 374: ...will be replaced with the newest entry PARAMETERS These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP I...

Page 375: ...ARP Inspection on page 931 COMMAND USAGE ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the AR...

Page 376: ...s selected and static mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not...

Page 377: ...P Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets th...

Page 378: ...rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP...

Page 379: ...og page to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 939 PARAMETERS These parameters...

Page 380: ...Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the swi...

Page 381: ...ddress es for the Telnet group All Configures IP address es for all groups Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFA...

Page 382: ...uthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message CLI REFERENCES Port S...

Page 383: ...terconnection device PARAMETERS These parameters are displayed Port Port number Security Status Enables or disables port security on an interface Default Disabled Port Status The operational status Se...

Page 384: ...curity CONFIGURING 802 1X PORT AUTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is...

Page 385: ...etwork Otherwise non EAP traffic on the port is blocked or assigned to a guest VLAN based on the intrusion action setting In multi host mode only one host connected to a port needs to pass authenticat...

Page 386: ...L frames from other switches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is fun...

Page 387: ...X Use the Security Port Authentication Configure Interface Authenticator page to configure 802 1X port settings for the switch as the local authenticator When 802 1X is enabled you need to configure t...

Page 388: ...tatus is disabled if the control mode is set to Force Authorized Authorized Displays the 802 1X authorization status of connected clients Yes Connected client is authorized N A Connected client is not...

Page 389: ...an EAP packet Range 1 65535 Default 30 seconds This command attribute sets the timeout for EAP request frames other than EAP request identity frames If dot1x authentication is enabled on a port the sw...

Page 390: ...thenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Current Identifier Identifier sent in each EAP Success Failure or Request pack...

Page 391: ...you need to configure the parameters for the client supplicant process if the client must be authenticated through another device in the network CLI REFERENCES 802 1X Port Authentication on page 848...

Page 392: ...atus cannot be enabled if a port is a member of trunk or LACP is enabled on the port Authentication Period The time that a supplicant port waits for a response from the authenticator Range 1 65535 sec...

Page 393: ...Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that ha...

Page 394: ...ress carried in the most recent EAPOL frame received by this Supplicant Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Supplicant Rx EAP Resp Oth The number of valid E...

Page 395: ...rt Authentication 395 WEB INTERFACE To display port authenticator statistics for 802 1X 1 Click Security Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 21...

Page 396: ...iciently or at all In general DoS attacks are implemented by either forcing the target to reset to consume most of its resources so that it can no longer provide its intended service or to obstruct th...

Page 397: ...ult Enabled TCP SYN FIN Scan A TCP SYN FIN scan message is used to identify listening TCP ports The scan uses a series of strangely configured TCP packets which contain SYN synchronize and FIN finish...

Page 398: ...ACE To protect against DoS attacks 1 Click Security DoS Protection 2 Enable protection for specific DoS attacks and set the maximum allowed rate as required 3 Click Apply Figure 219 Protecting Against...

Page 399: ...ce Guard on page 404 or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address SIP option or both its IP address and corresponding M...

Page 400: ...ed in the binding table Max Binding Entry The maximum number of entries that can be bound to an interface Range 1 5 Default 5 This parameter sets the maximum number of address entries that can be mapp...

Page 401: ...he same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry...

Page 402: ...ure static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 221 Con...

Page 403: ...VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which this entry is bound MAC Addre...

Page 404: ...ration page to filter inbound traffic based on the source IPv6 address stored in the binding table IPv6 Source Guard is used to filter traffic on an insecure port which receives messages from outside...

Page 405: ...ry is found in the binding table and the entry type is static IPv6 source guard binding the packet will be forwarded If ND snooping or DHCP snooping is enabled IPv6 source guard will check the VLAN ID...

Page 406: ...ded to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries lear...

Page 407: ...eplace the old one If there is an entry with same MAC address and IPv6 address and the type of the entry is either a dynamic ND snooping binding or DHCPv6 snooping binding then the new entry will repl...

Page 408: ...B INTERFACE To configure static bindings for IPv6 Source Guard 1 Click Security IPv6 Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 C...

Page 409: ...of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IPv6 Address A valid global unicast IPv6 address Dynamic Binding List VLAN VLAN to which this entry is bound MAC Address Phys...

Page 410: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Page 411: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Page 412: ...ion CLI REFERENCES DHCPv4 Snooping on page 899 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globally Default Disabled DHCP Snooping MAC Address Verification Ena...

Page 413: ...s to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inserts the relay agent s address wh...

Page 414: ...is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table PARAMETERS The...

Page 415: ...a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other...

Page 416: ...types include DHCP Snooping Dynamically snooped VLAN VLAN to which this entry is bound Interface Port or trunk to which this entry is bound Store Writes all dynamically learned snooping entries to fla...

Page 417: ...CHAPTER 13 Security Measures DHCP Snooping 417 3 Use the Store or Clear function if required Figure 231 Displaying the Binding Table for DHCP Snooping...

Page 418: ...CHAPTER 13 Security Measures DHCP Snooping 418...

Page 419: ...Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over...

Page 420: ...sh or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 739 PARAMETERS These parameters are displayed S...

Page 421: ...source WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select Configure Global from the Step list 3 Enable or disable system logging set...

Page 422: ...ages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facili...

Page 423: ...ggered by logging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 746 PARAM...

Page 424: ...the minimum severity level Specify the source and destination email addresses and one or more SMTP servers 3 Click Apply Figure 235 Configuring SMTP Alert Messages LINK LAYER DISCOVERY PROTOCOL Link L...

Page 425: ...ult 30 seconds Hold Time Multiplier Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 4 The time to live tells the receiving LLDP agent...

Page 426: ...astChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss MED Fast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit...

Page 427: ...see Specifying Trap Managers on page 466 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a...

Page 428: ...full name and version identification of the system s hardware type software operating system and networking software System Name The system name is taken from the sysName object in RFC 3418 which con...

Page 429: ...advertises device details useful for inventory management such as manufacturer model software version and other pertinent information Location This option advertises location identification details Ne...

Page 430: ...GURING LLDP INTERFACE CIVIC ADDRESS Use the Administration LLDP Configure Interface Add CA Type page to specify the physical location of the device attached to an interface CLI REFERENCES lldp med loc...

Page 431: ...n LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from the Port or Trunk list 5 Specify a CA Type and CA Value pair 6 Click Apply T...

Page 432: ...al ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the speci...

Page 433: ...ly to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Description A string that indicates the port or trunk description If R...

Page 434: ...the interface LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory WEB INTERFACE To display LLDP information for the local devic...

Page 435: ...tocols Link Layer Discovery Protocol 435 Figure 239 Displaying Local Device Information for LLDP General Figure 240 Displaying Local Device Information for LLDP Port Figure 241 Displaying Local Device...

Page 436: ...e system s administratively assigned name Port Details Port Port identifier on local switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP c...

Page 437: ...ed frames are associated Remote Port Protocol VLAN List The port based protocol VLANs configured on this interface whether the given port associated with the remote system supports port based protocol...

Page 438: ...re in use and Spare means that the spare pairs only are in use Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Con...

Page 439: ...in octets on the port component associated with the remote system Port Details LLDP MED Capability 7 Device Class Any of the following categories of endpoint devices Class 1 The most basic class of e...

Page 440: ...ired by the device but is currently unknown VLAN ID The VLAN identifier VID for the port as defined in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that...

Page 441: ...n PSE Local PSE and Local PSE Unknown Primary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power...

Page 442: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk Details 4 When the next page opens select a port on this switch a...

Page 443: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 443 Figure 243 Displaying Remote Device Information for LLDP Port Details...

Page 444: ...P capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1317 PARAMETERS These parameter...

Page 445: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Page 446: ...nt as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A de...

Page 447: ...ups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings NOTE The predefined default groups and view can be deleted...

Page 448: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Page 449: ...rap types 4 Click Apply Figure 247 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engine ID An SNM...

Page 450: ...red WEB INTERFACE To configure the local SNMP engine ID 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Set Engine ID from the Action list 4 Enter an ID of a least 9...

Page 451: ...l format If an odd number of characters are specified a trailing zero is added to the value to fill in the last octet For example the value 123456789 is equivalent to 1234567890 Remote IP Host The IP...

Page 452: ...nch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the object identif...

Page 453: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 252 Showing SNMP...

Page 454: ...an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Page 455: ...of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups...

Page 456: ...the down state from some other state but not from the notPresent state This other state is indicated by the included value of ifOperStatus linkUp 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the S...

Page 457: ...PortLinkDetection event is triggered dot1agCfmMepUpTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 97 This trap is sent when a new remote MEP is discovered dot1agCfmMepDownTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 98 Thi...

Page 458: ...e SFP s A D values are not within alarm warning thresholds udldPortShutdownTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 192 This trap is sent when the port is shut down by UDLD userAuthenticationFailureTrap 1 3...

Page 459: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 255 Creating an SN...

Page 460: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Page 461: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 785 PARAMETERS T...

Page 462: ...t DES is currently available Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2 Select Configure User fr...

Page 463: ...d notify view CLI REFERENCES snmp server user on page 785 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent...

Page 464: ...minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text...

Page 465: ...anagement Protocol 465 Figure 261 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Page 466: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider t...

Page 467: ...tification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifica...

Page 468: ...0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specified u...

Page 469: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Page 470: ...agers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 790 snmp server notify filter on page 7...

Page 471: ...d on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time...

Page 472: ...nput and output protocol data units CLI REFERENCES show snmp on page 777 PARAMETERS The following counters are displayed SNMP packets input The total number of messages delivered to the SNMP entity fr...

Page 473: ...er of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total number of SNMP Messages which were passed from the SNMP protoc...

Page 474: ...automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any specified ta...

Page 475: ...y be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes etherS...

Page 476: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Page 477: ...ered The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems CLI REFERENC...

Page 478: ...and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see Setting Community Access Strings on page...

Page 479: ...RMON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Page 480: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Page 481: ...Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 275 Showing Configured RMON History S...

Page 482: ...istics collection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets m...

Page 483: ...index number and the name of the owner for this entry 7 Click Apply Figure 277 Configuring an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select C...

Page 484: ...t Switches that support clustering can be grouped together regardless of physical location or switch type as long as they are connected to the same local network COMMAND USAGE A switch cluster has a p...

Page 485: ...AGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with the network IP subnet Cl...

Page 486: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 280 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Page 487: ...idates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 281 Configuring a Cluster Members To show the cluster members 1 Click Administration Cluster 2 Select Conf...

Page 488: ...RENCES Switch Clustering on page 766 PARAMETERS These parameters are displayed Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP...

Page 489: ...tion and service availability The G 8032 recommendation also referred to as Ethernet Ring Protection Switching ERPS can be used to increase the availability and robustness of Ethernet rings An Etherne...

Page 490: ...tomatic Protection Switching protocol request R APS as defined in Y 1731 is received which has a higher priority than any other local request A link node failure is detected by the nodes adjacent to t...

Page 491: ...nk between the interconnection nodes that is controlled by ERP1 ERP2 is a sub ring Ring node A is the RPL owner node for ERP1 and ring node E is the RPL owner node for ERP2 These ring nodes A and E ar...

Page 492: ...onnectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated R APS messa...

Page 493: ...switch supports up to six ERPS rings each ring must have one Control VLAN and at most 255 Data VLANs Ring ports can not be a member of a trunk nor an LACP enabled port Dynamic VLANs are not supported...

Page 494: ...tion An ERPS ring containing one Control VLAN and one or more protected Data VLANs must be configured and the global ERPS function enabled on the switch see ERPS Global Configuration on page 493 befor...

Page 495: ...nk failure has occurred This state will switch to idle state if all the failed links recover Type Shows node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertive recove...

Page 496: ...ddress is disabled for the R APS Def MAC parameter then the Domain ID will be used in R APS PDUs Admin Status Activates the current ERPS ring Default Disabled Before enabling a ring the global ERPS fu...

Page 497: ...ed VLAN used for sending and receiving E APS protocol messages Range 1 4094 Configure one control VLAN for each ERPS ring First create the VLAN to be used as the control VLAN see Configuring VLAN Grou...

Page 498: ...itch is set as the RPL neighbor for an ERPS domain the east ring port is set as the other end of the RPL The east and west connections to the ring must be specified for all ring nodes When this switch...

Page 499: ...igher priority request the RPL Owner Node initiates reversion by blocking its traffic channel over the RPL transmitting an R APS NR RB message over both ring ports informing the ring that the RPL is b...

Page 500: ...Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority request than NR is accepted by the RPL Owner Node or is declared locally at the RPL Owner Nod...

Page 501: ...t no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another higher priority request is received If the ring node...

Page 502: ...al port on a secondary ring must be the west port In other words if a domain has two physical ring ports this ring can only be a major ring not a secondary ring or sub domain which can have only one p...

Page 503: ...l RAPS messages of the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can...

Page 504: ...ust be configured as 1 If this command is disabled the following strings are used as the node identifier ERPSv1 01 19 A7 00 00 01 ERPSv2 01 19 A7 00 00 Ring ID Propagate TC Enables propagation of topo...

Page 505: ...It does not use the normal procedure of waiting to receive an R APS NR no request message from nodes adjacent to the recovered link Instead it waits to see if the non standard health check packets loo...

Page 506: ...ering from an FS or MS command the delay timer must be long enough to receive any latent remote FS or MS commands This delay timer called the WTB timer is defined to be 5 seconds longer than the guard...

Page 507: ...is allowed transmission reception and forwarding of R APS messages is allowed Unknown The interface is not in a known state Local SF Shows if a signal fault exists on a link to the local node Local FS...

Page 508: ...eters for a ring 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanni...

Page 509: ...et Ring Protection Switching 509 Figure 291 Creating an ERPS Ring To show the configure ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Actio...

Page 510: ...ommand was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s highest pri...

Page 511: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Page 512: ...riority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without...

Page 513: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Page 514: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Page 515: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 294 Single CFM Maintenance Domain The...

Page 516: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Page 517: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Page 518: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Page 519: ...forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has re...

Page 520: ...ng CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cro...

Page 521: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Page 522: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Page 523: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Page 524: ...IP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 65535 MEP Archive Hold Time The time that data from a missin...

Page 525: ...thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click Apply Figure 298 Configuring Maintenance Domains To show...

Page 526: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Page 527: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Page 528: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Page 529: ...sables suppression of the AIS Default Disabled WEB INTERFACE To create a maintenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4...

Page 530: ...y from the MD Index list Figure 302 Showing Maintenance Associations To configure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 S...

Page 531: ...g order 1 maintenance domain at the same level as the MEP to be configured see Configuring CFM Maintenance Domains 2 maintenance association within the domain see Configuring CFM Maintenance Associati...

Page 532: ...figure a maintenance end point 1 Click Administration CFM 2 Select Configure MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the MEPs as...

Page 533: ...on should be statically configured to ensure full connectivity through the cross check process Remote MEPs can only be configured if local domain service access points DSAPs have already been created...

Page 534: ...Remote MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the remote MEPs which exist on other devices within the same MA 6 Click Apply Fig...

Page 535: ...s its destination or can no longer be forwarded LTMs are used to isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Faul...

Page 536: ...C address and set the maximum number of hops allowed in the TTL field 5 Click Apply 6 Check the results in the Link Trace cache see Displaying the Link Trace Cache Figure 308 Transmitting Link Trace M...

Page 537: ...in index Range 1 65535 MA Index MA identifier Range 1 2147483647 Source MEP ID The identifier of a source MEP that will send the loopback message Range 1 8191 Target MEP ID The identifier of a remote...

Page 538: ...is enabled to generate frames with delay measurement DM information it periodically sends DM frames to its peer MEP in the same MA and expects to receive DM frames back from it Frame delay measuremen...

Page 539: ...is address can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Counts The number of times to retry sending the message if no response is received before the specified t...

Page 540: ...ame Maintenance domain name Level Authorized maintenance level for this domain Direction Direction in which the MEP communicates CFM messages Down indicates that the MEP is facing away from the switch...

Page 541: ...e continuity check database CLI REFERENCES show ethernet cfm maintenance points local detail mep on page 1335 PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA...

Page 542: ...ng detection of defect conditions AIS Period The interval at which AIS information is sent AIS Transmit Level The maintenance level at which AIS information will be sent for the specified MEP Suppress...

Page 543: ...red by the CFM protocol For a description of MIPs refer to the Command Usage section under Configuring CFM Maintenance Domains CLI REFERENCES show ethernet cfm maintenance points local on page 1334 PA...

Page 544: ...or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1337 clear ethernet cfm maintenance poi...

Page 545: ...gh continuity check messages or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1337 PARAM...

Page 546: ...n received or no interface status TLV was received in the last CCM Up The interface is ready to pass packets Down The interface cannot pass packets Testing The interface is in some test mode Unknown T...

Page 547: ...cfm linktrace cache on page 1352 clear ethernet cfm linktrace cache on page 1351 PARAMETERS These parameters are displayed Hops The number hops taken to reach the target MEP MA Maintenance associatio...

Page 548: ...nabled so the target data frame was filtered by ingress filtering Egress Action Action taken on the egress port EgrOk The targeted data frame was forwarded EgrDown The Egress Port can be identified bu...

Page 549: ...age 1357 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD Name Maintenance domain name MA Name Maintenance association name Highest Defect The highest defect that w...

Page 550: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Page 551: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 318 Showing Continuity Check Errors OAM...

Page 552: ...terface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local T...

Page 553: ...events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reached or exceeded within the specified period If reporting is enabled...

Page 554: ...the various types of OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1369 PARAMETERS These parameters are displayed Port Port identifier Range 1 28 Clear Cl...

Page 555: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Page 556: ...ion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where tr...

Page 557: ...1368 COMMAND USAGE You can use this command to perform an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of e...

Page 558: ...The number of loop back frames transmitted during the last loopback test on this interface Packets Received The number of loop back frames received during the last loopback test on this interface Los...

Page 559: ...op Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loop Back Show Test Result page to display the results of remote loop back testing for each port for which...

Page 560: ...INTERFACE To display the results of remote loop back testing for each port for which this information is available 1 Click Administration OAM Remote Loop Back 2 Select Show Test Result from the Action...

Page 561: ...etwork Trace Route Sends ICMP echo request packets to another node on the network Address Resolution Protocol Describes how to configure ARP aging time Also shows how to display the ARP cache IPv4 Con...

Page 562: ...network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is u...

Page 563: ...set at one This causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round tri...

Page 564: ...each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry for an IP add...

Page 565: ...ES arp timeout on page 1403 PARAMETERS These parameters are displayed Timeout Sets the aging time for dynamic entries in the ARP cache Range 300 86400 seconds Default 1200 seconds or 20 minutes The AR...

Page 566: ...VERSION 4 This section describes how to configure an IPv4 interface for management access over the network This switch supports both IPv4 and IPv6 and can be managed through either of these address t...

Page 567: ...with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment You can direct the device to obtain an address fro...

Page 568: ...the primary address cannot be removed if a secondary address is still present Also if any router or switch in a network segment uses a secondary address all other routers switches in that segment must...

Page 569: ...t 4 Select the VLAN through which the management station is attached set the IP Address Mode to DHCP or BOOTP 5 Click Apply to save your changes 6 Then click Restart DHCP to immediately request a new...

Page 570: ...rface SETTING THE SWITCH S IP ADDRESS IP VERSION 6 This section describes how to configure an IPv6 interface for management access over the network This switch supports both IPv4 and IPv6 and can be m...

Page 571: ...E To configure an IPv6 default gateway for the switch 1 Click IP IPv6 Configuration 2 Select Configure Global from the Action list 3 Enter the IPv6 default gateway 4 Click Apply Figure 333 Configuring...

Page 572: ...ment station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4094 Address Autoconfig Enables stateless autoconfiguration of IPv6 addresses...

Page 573: ...duplicate address detection for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a t...

Page 574: ...ation is known as DHCPv6 stateful autoconfiguration in which a DHCPv6 server assigns stateful addresses to IPv6 hosts The M flag is set to 0 and the O flag is set to 1 DHCPv6 is used only for other co...

Page 575: ...matically configure a link local address and enable IPv6 on the selected interface Set the MTU size the maximum number of duplicate address detection messages the neighbor solicitation message interva...

Page 576: ...ally generate a link local unicast address The prefix length for a link local address is fixed at 64 bits and the host portion of the default address is based on the modified EUI 64 Extended Universal...

Page 577: ...full IPv6 address including the network prefix and host address bits followed by a forward slash and a decimal value indicating how many contiguous bits from the left of the address comprise the prefi...

Page 578: ...ifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as long as those interfaces are attached to di...

Page 579: ...local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF0...

Page 580: ...cated by the value Permanent Link layer Addr Physical layer MAC address State The following states are used for dynamic entries Incomplete Address resolution is being carried out on the entry A neighb...

Page 581: ...ly of long packets if necessary for transmission through small packet networks State continued Delay More than the ReachableTime interval has elapsed since the last positive confirmation was received...

Page 582: ...input datagrams discarded due to errors in their IPv6 headers including version number mismatch other format errors hop count exceeded IPv6 options etc Too Big Errors The number of input datagrams th...

Page 583: ...ch were Source Routed via this entity and the Source Route processing was successful Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented Requests The t...

Page 584: ...Group Membership Query messages received by the interface Group Membership Response Messages The number of ICMPv6 Group Membership Response messages received by the interface Group Membership Reducti...

Page 585: ...s The number of ICMPv6 Group Membership Response messages sent Group Membership Reduction Messages The number of ICMPv6 Group Membership Reduction messages sent Multicast Listener Discovery Version 2...

Page 586: ...Address IP Version 6 586 WEB INTERFACE To show the IPv6 statistics 1 Click IP IPv6 Configuration 2 Select Show Statistics from the Action list 3 Click IPv6 ICMPv6 or UDP Figure 339 Showing IPv6 Statis...

Page 587: ...w ipv6 mtu on page 1416 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure...

Page 588: ...CHAPTER 15 IP Configuration Setting the Switch s IP Address IP Version 6 588...

Page 589: ...SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network When a client device designates this...

Page 590: ...or DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of domain names to be tried in sequential order CLI REFERENCES ip domain list on page...

Page 591: ...Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add...

Page 592: ...until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status P...

Page 593: ...OMMAND USAGE Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are dis...

Page 594: ...ve been learned via the designated name servers CLI REFERENCES show dns cache on page 1380 COMMAND USAGE Servers or other network devices may support one or more connections via multiple IP addresses...

Page 595: ...p If a subnet does not already include a BOOTP or DHCP server you can relay DHCP client requests to a DHCP server on another subnet SPECIFYING A DHCP CLIENT IDENTIFIER Use the IP Service DHCP Client p...

Page 596: ...ING DHCP RELAY OPTION 82 Use the IP Service DHCP Relay page to configure DHCP relay service for attached host devices including DHCP option 82 information DHCP provides an option for sending informati...

Page 597: ...IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then passes the DHCP response rec...

Page 598: ...ut is not relayed DHCP reply packets received by the relay agent are handled as follows When the relay agent receives a DHCP reply packet with Option 82 information over the management VLAN it first e...

Page 599: ...acket onto the VLAN that received it instead of relaying it This is the default Keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet t...

Page 600: ...the remote ID 6 Enter up to five IP addresses for DHCP servers or relay servers in order of preference 7 Click Apply Figure 353 Configuring DHCP Relay Information Option 82 Service CONFIGURING THE PP...

Page 601: ...globally before it can be enabled on an interface Access Node Identifier String identifying this switch as an PPPoE IA to the PPPoE server Range 1 48 ASCII characters Default IP address of first IPv4...

Page 602: ...aces connecting the switch to a PPPoE Server as trusted Interfaces that connect the switch to users PPPoE clients should be set as untrusted At least one trusted interface must be configured on the sw...

Page 603: ...D tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients Operational Circuit ID The configured circuit identifier Remote ID...

Page 604: ...covery Initiation messages PADO PPPoE Active Discovery Offer messages PADR PPPoE Active Discovery Request messages PADS PPPoE Active Discovery Session Confirmation messages PADT PPPoE Active Discovery...

Page 605: ...CHAPTER 16 IP Services Configuring the PPPoE Intermediate Agent 605 Figure 356 Showing PPPoE Intermediate Agent Statistics g...

Page 606: ...CHAPTER 16 IP Services Configuring the PPPoE Intermediate Agent 606...

Page 607: ...ion for IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation OVERVIEW Multicasting is used to s...

Page 608: ...s only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering is to...

Page 609: ...be forwarded from any source except for those specified In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources NOTE When the switch is configu...

Page 610: ...ast traffic only to the ports that request it This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance CLI REFERENCES IGMP Snooping on page 1204...

Page 611: ...sion means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device When proxy reporting is disabled all IGMP reports received by the switch are f...

Page 612: ...e spanning tree change occurred When an upstream multicast router receives this solicitation it immediately issues an IGMP general query A query solicitation can be sent whenever the switch notices a...

Page 613: ...the new upstream interface This command only applies when proxy reporting is enabled Router Port Expire Time The time the switch waits after the previous querier stops before it considers it to have...

Page 614: ...erface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate...

Page 615: ...ect the VLAN which will forward all the corresponding multicast traffic and select the port or trunk attached to the multicast router 4 Click Apply Figure 359 Configuring a Static Interface for a Mult...

Page 616: ...can be dynamically configured using IGMP Snooping and IGMP Query messages see Configuring IGMP Snooping and Query Parameters on page 610 However for certain applications that require tighter control i...

Page 617: ...ion list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an IGMP enabled switch or multicast router and enter the multicast IP...

Page 618: ...messages to discover multicast routers is insufficient due to query suppression MRD therefore provides a standardized way to identify multicast routers without relying on any particular multicast rou...

Page 619: ...ed Otherwise this kind of packet is only forwarded to known multicast routing ports PARAMETERS These parameters are displayed VLAN ID of configured VLANs Range 1 4094 IGMP Snooping Status When enabled...

Page 620: ...uery suppression is enabled then these messages are forwarded only to downstream ports which have joined a multicast service Proxy Reporting Enables IGMP Snooping with Proxy Reporting Default Based on...

Page 621: ...31744 tenths of a second Default 10 seconds This command applies when the switch is serving as the querier page 610 or as a proxy host when IGMP snooping proxy reporting is enabled page 610 Last Membe...

Page 622: ...ll address in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not...

Page 623: ...ulticast data drop on page 1234 PARAMETERS These parameters are displayed Interface Specifies port or trunk selection IGMP Query Drop Configures an interface to drop any IGMP query packets received on...

Page 624: ...610 PARAMETERS These parameters are displayed VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group...

Page 625: ...display IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1224 PARAMETERS These parameters are displayed VLAN VLAN identifie...

Page 626: ...ry messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query...

Page 627: ...essages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN Figure 368 Displaying IGMP Snooping Statistics Query To display IGMP snooping pro...

Page 628: ...igure 369 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Act...

Page 629: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Page 630: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Page 631: ...and set its access mode 5 Click Apply Figure 372 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step li...

Page 632: ...h to display this information Figure 375 Showing the Groups Assigned to an IGMP Filtering Profile CONFIGURING IGMP FILTERING AND THROTTLING FOR INTERFACES Use the Multicast IGMP Snooping Filter Config...

Page 633: ...mber of multicast groups an interface can join at the same time Range 1 1023 Default 1023 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode...

Page 634: ...ry and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time CONFIGURING MLD...

Page 635: ...e multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10 seconds This attribute controls how long the host...

Page 636: ...d immediate leave is enabled for the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave mess...

Page 637: ...REFERENCES ipv6 mld snooping vlan mrouter on page 1245 COMMAND USAGE MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 634 before a multica...

Page 638: ...Select the VLAN for which to display this information Figure 380 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multicas...

Page 639: ...ace in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN PARAMETERS These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast s...

Page 640: ...3 Select the VLAN for which to display this information Figure 383 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Page 641: ...Filter Mode The filter mode is used to summarize the total listening state of a multicast address to a minimum set such that all nodes listening states are respected In Include mode the router only u...

Page 642: ...h as television channels or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to...

Page 643: ...up to the participating interfaces see Assigning Static MVR Multicast Groups to Interfaces on page 652 Although MVR operates on the underlying mechanism of IGMP snooping the two features operate indep...

Page 644: ...port and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes occurring in the downstream MVR groups are learned by t...

Page 645: ...a domain The multicast streams are sent to all source ports on the switch and to all receiver ports that have elected to receive data on that multicast address Dynamic When dynamic mode is enabled th...

Page 646: ...VLAN see Adding Static Members to VLANs on page 198 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether or not all necessar...

Page 647: ...Associate Profile pages to assign the multicast group address for required services to one or more MVR domains CLI REFERENCES MVR for IPv4 on page 1258 COMMAND USAGE Use the Configure Profile page to...

Page 648: ...icast group Range 224 0 1 0 239 255 255 255 Associate Profile Domain ID An independent multicast domain Range 1 5 Profile Name The name of a profile to be assigned to this domain Range 1 21 characters...

Page 649: ...To assign an MVR group address profile to a domain 1 Click Multicast MVR 2 Select Associate Profile from the Step list 3 Select Add from the Action list 4 Select a domain from the scroll down list and...

Page 650: ...eave multicast groups within an MVR VLAN Multicast groups can also be statically assigned to a receiver port see Assigning Static MVR Multicast Groups to Interfaces on page 652 Receiver ports should n...

Page 651: ...configured as an receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an attached host requesting any of the designated multicast services supp...

Page 652: ...SIGNING STATIC MVR MULTICAST GROUPS TO INTERFACES Use the Multicast MVR Configure Static Group Member page to statically bind multicast groups to a port which will receive long term multicast streams...

Page 653: ...signed from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR group to an interface 1 Click Multicast MVR 2 Select Configure Static Group Member from th...

Page 654: ...RS These parameters are displayed Domain ID An independent multicast domain Range 1 5 Group IP Address Multicast groups assigned to the MVR VLAN VLAN The VLAN through which the service is received Not...

Page 655: ...play MVR protocol related statistics for the specified interface CLI REFERENCES show mvr statistics on page 1275 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Ran...

Page 656: ...ce G Query The number of general query messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The numb...

Page 657: ...r IPv4 657 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Page 658: ...IPv4 658 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR dom...

Page 659: ...r similar to that described for MRV see Multicast VLAN Registration for IPv4 on page 642 COMMAND USAGE General Configuration Guidelines for MVR6 1 Enable MVR6 for a domain on the switch and select the...

Page 660: ...uter interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on...

Page 661: ...efault the switch forwards any multicast streams within the address range set by a profile and bound to a domain The multicast streams are sent to all source ports on the switch and to all receiver po...

Page 662: ...the channel for streaming multicast services using MVR6 MVR6 source ports should be configured as members of the MVR6 VLAN see Adding Static Members to VLANs on page 198 but MVR6 receiver ports should...

Page 663: ...eros required to fill the undefined fields Note that the IP address ff02 X is reserved WEB INTERFACE To configure settings for an MVR6 domain 1 Click Multicast MVR6 2 Select Configure Domain from the...

Page 664: ...nge assigned to a profile cannot overlap with the group address range of any other profile MRV6 domains can be associated with more than one MVR6 profile But since MVR6 domains cannot share the group...

Page 665: ...p Address Profile To show the configured MVR6 group address profiles 1 Click Multicast MVR6 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure 403 Displaying MVR6...

Page 666: ...ached to an interface is receiving multicast services you can enable the immediate leave function CLI REFERENCES MVR for IPv6 on page 1277 COMMAND USAGE A port configured as an MVR6 receiver or source...

Page 667: ...determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only be enabled on a...

Page 668: ...ve an interface from a multicast stream as soon as it receives a leave message for that group This option only applies to an interface configured as an MVR6 receiver WEB INTERFACE To configure interfa...

Page 669: ...te the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings PARAMETE...

Page 670: ...5 Select the port or trunk for which to display this information Figure 408 Showing the Static MVR6 Groups Assigned to a Port DISPLAYING MVR6 RECEIVER GROUPS Use the Multicast MVR6 Show Member page t...

Page 671: ...been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Count The number of multicast services currently being...

Page 672: ...ce Number of Reports Sent The number of reports sent from this interface Number of Leaves Sent The number of leaves sent from this interface VLAN Port and Trunk Statistics Input Statistics Report The...

Page 673: ...The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface WEB INTERFACE To display sta...

Page 674: ...Pv6 674 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Page 675: ...Pv6 675 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Page 676: ...CHAPTER 17 Multicast Filtering Multicast VLAN Registration for IPv6 676...

Page 677: ...n page 773 Remote Monitoring Commands on page 795 Authentication Commands on page 809 General Security Measures on page 873 Access Control Lists on page 951 Interface Commands on page 975 Link Aggrega...

Page 678: ...1169 Quality of Service Commands on page 1183 Multicast Filtering Commands on page 1203 LLDP Commands on page 1295 CFM Commands on page 1319 OAM Commands on page 1361 Domain Name Service Commands on...

Page 679: ...onsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the C...

Page 680: ...254 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isol...

Page 681: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Page 682: ...n dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile feature erps Displays ERPS configuration...

Page 683: ...traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hardware and software ver...

Page 684: ...n effect for all applicable commands USING COMMAND HISTORY The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow k...

Page 685: ...ode by entering the enable command followed by the privileged level password super To enter Privileged Exec mode enter the following user names and passwords Username admin Password admin login passwo...

Page 686: ...examining end to end connections between Provider Edge devices or between Customer Edge devices Class Map Configuration Creates a DiffServ class map for a specified traffic type ERPS Configuration Th...

Page 687: ...ig Table 42 Configuration Command Modes Mode Command Prompt Page Access Control List access list arp access list ip standard access list ip extended access list ipv6 standard access list ipv6 extended...

Page 688: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Page 689: ...traffic for clients attached to common data ports and prevents unauthorized access by configuring valid static or dynamic addresses web authentication MAC address authentication filtering DHCP request...

Page 690: ...Differentiated Services 1183 Multicast Filtering Configures IGMP multicast filtering query profile and proxy parameters specifies ports attached to a multicast router also configures multicast VLAN r...

Page 691: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Page 692: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Page 693: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Page 694: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Page 695: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Page 696: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 693 reload Privileged Exec This command restarts the system NOT...

Page 697: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Page 698: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Page 699: ...gers and version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port includi...

Page 700: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 48 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Page 701: ...ted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Edge Core Networks Responsible de...

Page 702: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Page 703: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Page 704: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Page 705: ...None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersco...

Page 706: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Page 707: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Page 708: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Page 709: ...on describes commands used to display system information Table 49 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show memory Sh...

Page 710: ...er rule for a port the system will also use two PCEs EXAMPLE Console show access list tcam utilization Total Policy Control Entries 1024 Free Policy Control Entries 836 Entries Used by System 188 Entr...

Page 711: ...lization in the past 60 seconds Average Utilization 16 Maximum Utilization 19 Alarm Status Current Alarm Status Off Last Alarm Start Time Sep 26 01 39 04 2011 Last Alarm Duration Time 4 seconds Alarm...

Page 712: ...panning tree instances name and interfaces IP address configured for management VLAN Interface settings Any configured settings for the console port and Telnet EXAMPLE Console show running config Buil...

Page 713: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for the switch SNMP community stri...

Page 714: ...ailed list of system settings designed to help technical support resolve configuration or functional problems COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command generates a long list...

Page 715: ...ounts User Name Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online Users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH...

Page 716: ...Operation Code Version 1 4 0 0 Console show watchdog This command shows if watchdog debugging is enabled COMMAND MODE Privileged Exec EXAMPLE Console show watchdog Software Watchdog Information Status...

Page 717: ...frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination...

Page 718: ...a new file name and then set as the startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg...

Page 719: ...OM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE...

Page 720: ...ning configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword that allows you to copy the HTTPS secure site...

Page 721: ...command When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note that anonymous is set as the default user name EXAMPLE The following exa...

Page 722: ...s example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19 So...

Page 723: ...word indicating a file filename Name of configuration file or code image public key Keyword that allows you to delete a SSH key on the switch See Secure Shell on page 838 username Name of an SSH user...

Page 724: ...tem displays all files File information is shown below EXAMPLE The following example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes ES3528MV2_V1 3...

Page 725: ...10 04 10 46 20 1580 Console Automatic Code Upgrade Commands upgrade opcode auto This command automatically upgrades the current operational code when a new version is detected on the server indicated...

Page 726: ...nning config or show startup config commands EXAMPLE Console config upgrade opcode auto Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config If a new image is found at the specified...

Page 727: ...e following syntax must be used where filedir indicates the path to the directory containing the new image ftp username password 192 168 0 1 filedir If the user name is omitted anonymous will be used...

Page 728: ...port or Telnet i e a virtual terminal Table 53 Line Commands Command Function Mode line Identifies a specific line for configuration and starts the line configuration mode GC accounting exec Applies...

Page 729: ...mode enter the following command Console config line console Console config line RELATED COMMANDS show line 738 show users 715 silent time Sets the amount of time the management console is inaccessibl...

Page 730: ...nput from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character EXAMPLE To specify 7 d...

Page 731: ...local Selects local password checking Authentication is based on the user name specified with the username command DEFAULT SETTING login local COMMAND MODE Line Configuration COMMAND USAGE There are t...

Page 732: ...TED COMMANDS username 811 password 733 parity This command defines the generation of a parity bit Use the no form to restore the default setting SYNTAX parity none even odd no parity none No parity ev...

Page 733: ...ction the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect p...

Page 734: ...time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down EXAMPLE To set the passwor...

Page 735: ...inal speeds Use the no form to restore the default setting SYNTAX speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps DEFAULT SETTING 115200 bps COMMAND MODE...

Page 736: ...d sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default setting SYNTAX timeout login response seconds no timeout login response seconds Integer...

Page 737: ...connect an SSH or Telnet connection EXAMPLE Console disconnect 1 Console RELATED COMMANDS show ssh 847 show users 715 terminal This command configures terminal settings including escape character line...

Page 738: ...Type VT100 Width 80 COMMAND MODE Privileged Exec EXAMPLE This example sets the number of lines displayed by commands with lengthy output such as show running config to 48 lines Console terminal length...

Page 739: ...s Use the no form to return the type to the default SYNTAX logging facility type no logging facility type A number that indicates the facility used by the syslog server to dispatch log messages to an...

Page 740: ...ault level SYNTAX logging history flash ram level no logging history flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flus...

Page 741: ...ress that will receive logging messages Use the no form to remove a syslog server host SYNTAX no logging host host ip address host ip address The IP address of a syslog server DEFAULT SETTING None COM...

Page 742: ...ing trap This command enables the logging of system messages to a remote server or limits the syslog messages saved to a remote server based on severity Use this command without a specified level to e...

Page 743: ...tory stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING Flash and RAM COMMAND MODE Privileged Exec EXAMPLE Console clear log Console RELATED COMMANDS show log 743 show log This...

Page 744: ...is command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server SYNTAX show logging flash ram sendmail trap flash Displ...

Page 745: ...nd History Logging in Flash The message level s reported based on the logging history command History Logging in RAM The message level s reported based on the logging history command Table 57 show log...

Page 746: ...ill be sent alert messages Use the no form to remove an SMTP server SYNTAX no logging sendmail host ip address ip address IPv4 or IPv6 address of an SMTP server that will be sent alert messages for ev...

Page 747: ...n If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection EXAMPLE Console config logging sendmail host...

Page 748: ...ers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient EX...

Page 749: ...resses ted this company com SMTP Source E mail Address bill this company com SMTP Status Enabled Console TIME The system clock can be dynamically set by polling a set of specified time servers NTP or...

Page 750: ...interval set via the sntp poll command NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP clien...

Page 751: ...0 0 0 0 0 0 Current Server 137 92 140 80 Console RELATED COMMANDS sntp server 752 sntp poll 751 show sntp 752 sntp poll This command sets the interval between sending time requests when the switch is...

Page 752: ...servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchron...

Page 753: ...that reliable updates are received from only authorized NTP servers The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clien...

Page 754: ...t NTP authentication key numbers and values must match on both the server and client NTP authentication is optional When enabled with the ntp authenticate command you must also configure at least one...

Page 755: ...the servers to which NTP time requests are issued Use the no form of the command to clear a specific time server or all servers from the current list SYNTAX ntp server ip address key key number no ntp...

Page 756: ...current time and configuration settings for the NTP client and indicates whether or not the local time has been properly updated COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command di...

Page 757: ...l begin b hour The hour summer time will begin Range 0 23 hours b minute The minute summer time will begin Range 0 59 minutes e date Day of the month when summer time will end Range 1 31 e month The m...

Page 758: ...form to disable summer time SYNTAX clock summer time name predefined australia europe new zealand usa no clock summer time name Name of the timezone while summer time is in effect usually an acronym R...

Page 759: ...en summer time will begin Range 1 5 b day The day of the week when summer time will begin Options sunday monday tuesday wednesday thursday friday saturday b month The month when summer time will begin...

Page 760: ...gs Time DST Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn This command sets the summer time time zone relative to the currently configured...

Page 761: ...a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC EXAMPLE Console config clock timezone Japan hours 8 minute...

Page 762: ...ileged Exec EXAMPLE Console show calendar Current Time Aug 23 11 51 23 2012 Time Zone UTC 00 00 Summer Time MESZ Australia region Summer Time in Effect No Console TIME RANGE This section describes the...

Page 763: ...ccess Control Lists EXAMPLE Console config time range r d Console config time range RELATED COMMANDS Access Control Lists 951 absolute This command sets the time range for the execution of a command U...

Page 764: ...ngle occurrence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets the time r...

Page 765: ...ent time is within the absolute time range and one of the periodic time ranges EXAMPLE This example configures a time range for the periodic occurrence of an event Console config time range sales Cons...

Page 766: ...Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate swit...

Page 767: ...k Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broad...

Page 768: ...pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Confi...

Page 769: ...tion COMMAND USAGE The maximum number of cluster Members is 36 The maximum number of cluster Candidates is 100 EXAMPLE Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config r...

Page 770: ...OMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates 2 Console show cluster members Thi...

Page 771: ...dates This command shows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active me...

Page 772: ...CHAPTER 20 System Management Commands Switch Clustering 772...

Page 773: ...s up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Displays t...

Page 774: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Page 775: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Page 776: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Page 777: ...input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication E...

Page 778: ...page 1319 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 0 3600 seconds Default 1 se...

Page 779: ...the host the targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and...

Page 780: ...mp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notif...

Page 781: ...ing is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will be automatically created by the snmp server host command us...

Page 782: ...Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show snmp server enable port traps interface Interface MAC Notification Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine...

Page 783: ...en the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need...

Page 784: ...write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public15 read only private16 read write readview Every object belonging to the...

Page 785: ...remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha...

Page 786: ...emote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Page 787: ...nsole config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engine...

Page 788: ...ype volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1...

Page 789: ...ption Field Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view stor...

Page 790: ...the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification l...

Page 791: ...host parameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a m...

Page 792: ...ation log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network ma...

Page 793: ...X memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshold...

Page 794: ...in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Globa...

Page 795: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Page 796: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Page 797: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Page 798: ...he polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 28 Buckets 50 Interval 30...

Page 799: ...24 interval 60 Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon collection...

Page 800: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Page 801: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Page 802: ...CHAPTER 22 Remote Monitoring Commands 802...

Page 803: ...of this chapter all refer to a remote server capable of receiving the sFlow datagrams generated by the sFlow agent of the switch sflow owner This command creates an sFlow collector on the switch Use...

Page 804: ...version v4 v5 Sends either v4 or v5 sFlow datagrams to the receiver DEFAULT SETTING No owner is configured UDP Port 6343 Version v4 Maximum Datagram Size 1400 bytes COMMAND MODE Privileged Exec COMMA...

Page 805: ...he samples will be taken at specified intervals and sent to a collector ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 instance id An instance ID used to identify the sampling...

Page 806: ...source Range 1 owner name The associated receiver to which the samples will be sent Range 1 30 alphanumeric characters sample rate The packet sampling rate or the number of packets out of which one s...

Page 807: ...30 alphanumeric characters interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console show sflow interface ethernet 1 2 Receiver Owne...

Page 808: ...CHAPTER 23 Flow Sampling Commands 808...

Page 809: ...cified command groups or individual commands Authentication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS...

Page 810: ...sword no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password Password for this privilege level...

Page 811: ...ies or changes a user s access level Use the no form to remove a user name SYNTAX username name access level level nopassword password 0 7 password no username name name The name of the user Maximum l...

Page 812: ...mode all level level command no privilege mode all command mode The configuration mode containing the specified command See Understanding Command Modes on page 684 and Configuration Commands on page...

Page 813: ...vileged Exec EXAMPLE This example shows the privilege level for any command modified by the privilege command Console show privilege command privilege line all level 0 accounting privilege exec level...

Page 814: ...ly the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level...

Page 815: ...the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user nam...

Page 816: ...e the default SYNTAX radius server acct port port number no radius server acct port port number RADIUS server UDP port used for accounting messages Range 1 65535 DEFAULT SETTING 1813 COMMAND MODE Glob...

Page 817: ...restore the default values SYNTAX no radius server index host host ip address acct port acct port auth port auth port key key retransmit retransmit timeout timeout index Allows you to specify up to f...

Page 818: ...erver key key string no radius server key key string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters DEFAULT SETTING None...

Page 819: ...imeout number of seconds no radius server timeout number of seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 DEFAULT SETTING 5 COMMAND MODE Global Config...

Page 820: ...management access to a switch tacacs server host This command specifies the TACACS server and other optional parameters Use the no form to remove the server or to restore the default values SYNTAX tac...

Page 821: ...equest Range 1 540 DEFAULT SETTING authentication port 49 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server 1 host 192 168 1 25 port 181 timeout 10...

Page 822: ...TING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server retransmit This command sets the number of retries Use the no form to restore the d...

Page 823: ...ng a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console config show tacacs server This command displays the current setting...

Page 824: ...unting from starting point and stopping point Table 76 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x Enables accounting of...

Page 825: ...nting method s configured on the specified TACACS server and do not actually send any information to the server about the methods to use EXAMPLE Console config aaa accounting commands 15 default start...

Page 826: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Page 827: ...ethod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to us...

Page 828: ...64 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Page 829: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Page 830: ...d list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config if accounting dot1x tps Cons...

Page 831: ...a method list created with the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console con...

Page 832: ...dot1x statistics username user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable com...

Page 833: ...form to use the default port SYNTAX ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configura...

Page 834: ...833 show system 713 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port SYNTAX ip http se...

Page 835: ...ervice can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specif...

Page 836: ...connection can be made from this switch to another device by entering the telnet command at the Privileged Exec configuration level Table 78 HTTPS System Support Web Browser Operating System Internet...

Page 837: ...obal Configuration COMMAND USAGE A maximum of eight sessions can be concurrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number or eight sessions EXAMPLE Console con...

Page 838: ...xec EXAMPLE Console show ip telnet IP Telnet Configuration Telnet Status Enabled Telnet Service Port 23 Telnet Max Session 4 Console SECURE SHELL This section describes the commands used to configure...

Page 839: ...own hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 156849954...

Page 840: ...arameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh server command to enable the SSH server on the switch 6 Authentication...

Page 841: ...ifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives thi...

Page 842: ...ports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions The SSH server uses DSA or RSA for key exchange when the client first esta...

Page 843: ...client and is fixed at 1024 bits EXAMPLE Console config ip ssh server key size 512 Console config ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the...

Page 844: ...e rsa RSA public key type DEFAULT SETTING Deletes both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console delete public key admin dsa Console ip ssh crypto host key generate This command...

Page 845: ...n method with the client trying to connect to it EXAMPLE Console ip ssh crypto host key generate dsa Console RELATED COMMANDS ip ssh crypto zeroize 845 ip ssh save host key 846 ip ssh crypto zeroize T...

Page 846: ...dsa Console RELATED COMMANDS ip ssh crypto host key generate 844 show ip ssh This command displays the connection settings used when authenticating client access to the SSH server COMMAND MODE Privile...

Page 847: ...02149888661921595568598879891919505883940181387440468908779160305837768 185490002831341625008348718449522087429212255691665655296328163516964040831 5547660664151657116381 DSA ssh dss AAAB3NzaC1kc3MAAA...

Page 848: ...Authenticator Commands dot1x intrusion action Sets the port response to intrusion when authentication fails IC dot1x max reauth req Sets the maximum number of times that the switch sends an EAP reques...

Page 849: ...tion the dot1x eapol pass through command can be used to forward EAPOL frames from Supplicant Commands dot1x identity profile Configures dot1x supplicant user name and password GC dot1x max start Sets...

Page 850: ...e config dot1x eapol pass through Console config dot1x system auth control This command enables IEEE 802 1X port authentication globally on the switch Use the no form to restore the default SYNTAX no...

Page 851: ...s that the switch sends an EAP request identity frame to the client before restarting the authentication process Use the no form to restore the default SYNTAX dot1x max reauth req count no dot1x max r...

Page 852: ...for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 mac based Allows multiple hosts to connect to this port with each host needing to be...

Page 853: ...he port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise DEFAULT force authorized COM...

Page 854: ...ort waits after the maximum request count see page 851 has been exceeded before attempting to acquire a new client Use the no form to reset the default SYNTAX dot1x timeout quiet period seconds no dot...

Page 855: ...ut supp timeout seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration COMMAND USAGE This command sets the timeout for EAP request frames other than EAP re...

Page 856: ...h 1 2 Console config if dot1x timeout tx period 300 Console config if dot1x re authenticate This command forces re authentication on all ports or a specific interface SYNTAX dot1x re authenticate inte...

Page 857: ...nd password are used to identify this switch as a supplicant when responding to an MD5 challenge from the authenticator These parameters must be set when this switch passes client authentication reque...

Page 858: ...command on page 857 which identify this switch as a supplicant and enable dot1x supplicant mode for those ports which must authenticate clients through a remote authenticator using this command In th...

Page 859: ...upplicant waits for a response from the authenticator for packets other than EAPOL Start EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout auth period 60 Console config if dot1x...

Page 860: ...config if dot1x timeout start period 60 Console config if Information Display Commands show dot1x This command shows general port authentication related settings on the switch or a specific interface...

Page 861: ...transmitting EAP packet page 856 Supplicant Timeout Supplicant timeout Server Timeout Server timeout A RADIUS server must be set before the correct operational value of 10 seconds will be displayed i...

Page 862: ...ummary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 27 Disabled Single Host Force Authoriz...

Page 863: ...ttp client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting a...

Page 864: ...s EXAMPLE This example restricts management access to the indicated addresses Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console s...

Page 865: ...e Agent Commands Command Function Mode pppoe intermediate agent Enables the PPPoE IA globally on the switch GC pppoe intermediate agent format type Sets the access node identifier and generic error me...

Page 866: ...g the pppoe intermediate agent port enable command EXAMPLE Console config pppoe intermediate agent Console config pppoe intermediate agent format type This command sets the access node identifier and...

Page 867: ...erface Configuration Ethernet Port Channel COMMAND USAGE PPPoE IA must also be enabled globally on the switch for this command to tack effect EXAMPLE Console config int ethernet 1 5 Console config if...

Page 868: ...g the switch or access node where the intermediate agent resides Outgoing PAD Offer PADO and Session confirmation PADS packets sent from the PPPoE Server include the Circuit Id tag inserted by the swi...

Page 869: ...Configuration Ethernet Port Channel COMMAND USAGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification informati...

Page 870: ...t info PPPoE Intermediate Agent Global Status Enabled PPPoE Intermediate Agent Admin Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Intermedi...

Page 871: ...1 Eth 1 1 statistics Received All PADI PADO PADR PADS PADT 3 0 0 0 0 3 Dropped Response from untrusted Request towards untrusted Malformed 0 0 0 Console Table 85 show pppoe intermediate agent statisti...

Page 872: ...CHAPTER 24 Authentication Commands PPPoE Intermediate Agent 872...

Page 873: ...figures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control List...

Page 874: ...and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enab...

Page 875: ...nsole config interface ethernet 1 2 Console config if no mac learning Console config if RELATED COMMANDS show interfaces status 987 port security This command enables or configures port security Use t...

Page 876: ...ddress pairs source MAC address VLAN for frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additiona...

Page 877: ...t interface ethernet unit port unit This is unit 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE This example shows the switch saving the MAC addresses learned by port security on e...

Page 878: ...eld is configured by the network access port mac filter command If this field displays Disabled then any unknown source MAC address can be learned as a secure MAC address If it displays a filter ident...

Page 879: ...ific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server While authentication for a MAC address is in progress all traffic is...

Page 880: ...work access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac count Sets the maximum number of MAC ad...

Page 881: ...es a MAC address filter table Range 1 64 mac address Specifies a MAC address entry Format xx xx xx xx xx xx mask Specifies a MAC address bit mask for a range of addresses DEFAULT SETTING Disabled COMM...

Page 882: ...tion time is a global setting and applies to all ports When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process...

Page 883: ...onfiguration file EXAMPLE The following example enables the dynamic QoS feature on port 1 Console config interface ethernet 1 1 Console config if network access dynamic qos Console config if network a...

Page 884: ...untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table EXAMPLE The following example enables dynamic VLAN...

Page 885: ...ig interface ethernet 1 1 Console config if network access link detection Console config if network access link detection link down Use this command to detect link down events When detected the switch...

Page 886: ...hutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console...

Page 887: ...a port interface via all forms of authentication Use the no form of this command to restore the default SYNTAX network access max mac count count no network access max mac count count The maximum num...

Page 888: ...aging time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MAC addresses are added to the secure address table when seen on a switch port S...

Page 889: ...s filter table can be configured with the network access mac filter command Only one filter table can be assigned to a port EXAMPLE Console config interface ethernet 1 1 Console config if network acce...

Page 890: ...Interface Configuration EXAMPLE Console config if mac authentication max mac count 32 Console config if clear network access Use this command to clear entries from the secure MAC addresses table SYNT...

Page 891: ...NG Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ethernet 1 1 Global secure port information Reauthentication Time 1800 MAC Addres...

Page 892: ...ange 1 port Port number Range 1 28 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask...

Page 893: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Page 894: ...ole config web auth system auth control Enables web authentication globally for the switch GC web auth Enables web authentication for an interface IC web auth re authenticate Port Ends all web authent...

Page 895: ...MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid W...

Page 896: ...and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web auth...

Page 897: ...OMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the des...

Page 898: ...mpts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfa...

Page 899: ...y GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy Sets the informat...

Page 900: ...namic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snoo...

Page 901: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Page 902: ...for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub option for the DHCP snooping agent that is the IP address of the manageme...

Page 903: ...th option 82 information enabling the DHCP snooping information option will remove option 82 information from the packet DHCP Snooping Information Option 82 and DHCP Relay Information Option 82 see pa...

Page 904: ...ch for DHCP snooping Use the no form to restore the default setting SYNTAX ip dhcp snooping limit rate rate no dhcp snooping limit rate rate The maximum number of DHCP packets that may be trapped for...

Page 905: ...form to restore the default setting SYNTAX no ip dhcp snooping vlan vlan id vlan id ID of a configured VLAN Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE When D...

Page 906: ...thernet Port Channel COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server DHCP Option 82 allows compatible DHCP servers to use...

Page 907: ...ce ethernet 1 1 Console config if ip dhcp snooping information option circuit id string mv2 Console config if ip dhcp snooping trust This command configures the specified interface as trusted Use the...

Page 908: ...dhcp snooping trust Console config if RELATED COMMANDS ip dhcp snooping 900 ip dhcp snooping vlan 905 clear ip dhcp snooping binding This command clears DHCP snooping binding table entries from RAM Us...

Page 909: ...rom flash memory will no longer be valid EXAMPLE Console config ip dhcp snooping database flash Console config show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND...

Page 910: ...snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy Sets the info...

Page 911: ...d via DHCPv6 snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IPv6 address lease time binding type VLAN identifier and port identifier When DHCPv6 snoop...

Page 912: ...yes continue to C If not check failed and forward packet to trusted port C Check status code in IA option If successful and entry is in binding table update lease time and forward to original destinat...

Page 913: ...relay mechanism for sending information about the switch and its DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning...

Page 914: ...information in DHCPv6 client request packets the switch s MAC address hexadecimal is used for the remote ID EXAMPLE This example enables the DHCPv6 Snooping Remote ID Option Console config ipv6 dhcp...

Page 915: ...pv6 dhcp snooping vlan This command enables DHCPv6 snooping on the specified VLAN Use the no form to restore the default setting SYNTAX no ipv6 dhcp snooping vlan vlan id vlan range vlan id ID of a co...

Page 916: ...tored in the binding database for an interface Use the no form to restore the default setting SYNTAX ipv6 dhcp snooping max binding count no ipv6 dhcp snooping max binding count Maximum number of entr...

Page 917: ...g trust command When an untrusted port is changed to a trusted port all the dynamic DHCPv6 snooping bindings associated with this port are removed Additional considerations when the switch itself is a...

Page 918: ...DHCPv6 Snooping remote id option status disabled DHCPv6 Snooping remote id policy drop DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max binding Current binding Eth 1 1 No...

Page 919: ...he IPv4 Source Guard table or dynamic entries in the DHCPv4 Snooping table when enabled see DHCPv4 Snooping on page 899 IPv4 source guard can be used to prevent traffic attacks caused when a host trie...

Page 920: ...EFAULT SETTING No configured entries COMMAND MODE Global Configuration COMMAND USAGE If the binding mode is not specified in this command the entry is bound to the ACL table by default Table entries i...

Page 921: ...ple configures a static source guard binding on port 5 Since the binding mode is not specified the entry is bound to the ACL table by default Console config ip source guard binding 11 22 33 44 55 66 v...

Page 922: ...ed with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself If the IP source guard is enabled an inbound packet s IP address sip option or both it...

Page 923: ...es for addresses in the ACL table mac Searches for addresses in the MAC address table number The maximum number of IP addresses that can be mapped to an interface in the binding table Range 1 5 for AC...

Page 924: ...net EXAMPLE This command sets the binding table mode for the specified interface to MAC mode Console config interface ethernet 1 5 Console config if ip source guard mode mac Console config if clear ip...

Page 925: ...Eth 1 4 DISABLED ACL 5 1024 Eth 1 5 DISABLED ACL 5 1024 show ip source guard binding This command shows the source guard binding table SYNTAX show ip source guard binding dhcp snooping static acl mac...

Page 926: ...se the no form to remove a static entry SYNTAX ipv6 source guard binding mac address vlan vlan id ipv6 address interface interface no ipv6 source guard binding mac address vlan vlan id mac address A v...

Page 927: ...g DHCPv6 snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same and MAC address and IPv6 ad...

Page 928: ...guard is enabled on an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A p...

Page 929: ...v6 source bindings dynamically learned via ND snooping or DHCPv6 snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packets and DHC...

Page 930: ...source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries learned through DHCP...

Page 931: ...ing each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an...

Page 932: ...their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit...

Page 933: ...ndom group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DHCP snooping database is not checked DEFAULT SETTING A...

Page 934: ...nspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log...

Page 935: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and response...

Page 936: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Page 937: ...command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Console config in...

Page 938: ...on Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspe...

Page 939: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Page 940: ...he echo service repeats anything sent to it and the chargen character generator service generates a continuous stream of data When used together they create an infinite loop and result in a denial of...

Page 941: ...se packets Use the no form to disable this feature SYNTAX no dos protection smurf DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection smurf Console config d...

Page 942: ...NULL scan Use the no form to disable this feature SYNTAX no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp null scan C...

Page 943: ...tcp xmas scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp xmas scan Console config dos protection udp flooding This command protects against DoS...

Page 944: ...tack but the OOB packets still put the service in a tight loop that consumed all available CPU time Use the no form to disable this feature SYNTAX dos protection win nuke bit rate in kilo rate no dos...

Page 945: ...traffic segmentation This command enables traffic segmentation Use the no form to disable traffic segmentation SYNTAX no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuratio...

Page 946: ...ar the configuration settings for segmented groups EXAMPLE This example enables traffic segmentation globally on the switch Console config traffic segmentation Console config traffic segmentation sess...

Page 947: ...or a segmented group of ports Use the no form to remove a port from the segmented group SYNTAX no traffic segmentation session session id uplink interface list downlink interface list downlink interfa...

Page 948: ...as the uplink and ports 5 8 as downlinks Console config traffic segmentation Console config traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink...

Page 949: ...ntation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding Sessio...

Page 950: ...CHAPTER 25 General Security Measures Port based Traffic Segmentation 950...

Page 951: ...Pv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACL...

Page 952: ...her more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Page 953: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Page 954: ...address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags f...

Page 955: ...ied source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if...

Page 956: ...port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any con...

Page 957: ...ip access list 957 Time Range 762 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP acc...

Page 958: ...list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP address an...

Page 959: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Page 960: ...ipv6 address source ipv6 address prefix length any destination ipv6 address prefix length dscp dscp next header next header time range time range name no permit deny any host source ipv6 address sourc...

Page 961: ...oded in separate headers that may be placed between the IPv6 header and the upper layer header in a packet There are a small number of such extension headers each identified by a distinct Next Header...

Page 962: ...group acl name in out acl name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets time range na...

Page 963: ...command displays the rules for configured IPv6 ACLs SYNTAX show ipv6 access list standard extended acl name standard Specifies a standard IPv6 ACL extended Specifies an extended IPv6 ACL acl name Nam...

Page 964: ...SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of...

Page 965: ...ethertype ethertype bitmask ip any host source ip source ip network mask any host destination ip destination ip network mask ipv6 any host source ipv6 source ipv6 prefix length any host destination ip...

Page 966: ...rt sport port bitmask l4 destination port dport port bitmask permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype ethertype ether...

Page 967: ...tmask19 Bitmask for MAC address in hexadecimal format network mask Network mask for IP subnet This mask identifies the host address bits used for routing to specific subnets prefix length Length of IP...

Page 968: ...ress 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 Console config mac acl RELATED COMMANDS access list mac 964 Time Range 76...

Page 969: ...access list 969 Time Range 762 show mac access group This command shows the ports assigned to MAC ACLs COMMAND MODE Privileged Exec EXAMPLE Console show mac access group Interface ethernet 1 5 MAC acc...

Page 970: ...ACL Maximum length 16 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny c...

Page 971: ...bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask...

Page 972: ...mac any any Console config mac acl RELATED COMMANDS access list arp 970 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Page 973: ...ernet unit port unit Unit identifier Range 1 port Port number Range 1 28 acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware c...

Page 974: ...ngress egress rules for Standard IPv6 ACLs mac Shows ingress egress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Na...

Page 975: ...lear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show interfaces brief Displays a summary of key information including operationa...

Page 976: ...eiver power level of the transmitted signal which can be used to trigger an alarm or warning message IC transceiver threshold voltage Sets thresholds for the transceiver voltage which can be used to t...

Page 977: ...le An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example adds an alias...

Page 978: ...e switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcon...

Page 979: ...description RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cd...

Page 980: ...essure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no ne...

Page 981: ...SFP port has a valid link DEFAULT SETTING RJ 45 copper forced Combination sfp preferred auto COMMAND MODE Interface Configuration Ethernet Ports 25 28 COMMAND USAGE Ports 1 24 are fixed at copper forc...

Page 982: ...EXAMPLE The following example configures port 10 to use auto negotiation Console config interface ethernet 1 10 Console config if negotiation Console config if RELATED COMMANDS capabilities 977 speed...

Page 983: ...nterface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T por...

Page 984: ...Privileged Exec COMMAND USAGE Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log...

Page 985: ...duplex mode and port type for all ports COMMAND MODE Privileged Exec EXAMPLE Console show interfaces brief Interface Name Status PVID Pri Speed Duplex Type Trunk Eth 1 1 Up 1 0 Auto 100full 100TX None...

Page 986: ...put 5525 Multi cast Output 170 Broadcast Input 11 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred T...

Page 987: ...tus for all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed For a description of the items displayed by this c...

Page 988: ...28 port channel channel id Range 1 12 DEFAULT SETTING Shows all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displaye...

Page 989: ...d or disabled page 1006 Ingress Egress Rate Limit Shows if rate limiting is enabled and the current rate limit page 971 VLAN Membership Mode Indicates membership mode as Trunk or Hybrid page 1136 Ingr...

Page 990: ...ration Ethernet EXAMPLE Console config interface ethernet 1 25 Console config if transceiver monitor Console transceiver threshold current This command sets thresholds for transceiver current which ca...

Page 991: ...age is sent if the current value is less than or equal to the threshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be...

Page 992: ...nal Range 4000 820 in units of 0 01 dBm DEFAULT SETTING High Alarm 3 00 dBm HIgh Warning 3 50 dBm Low Warning 21 00 dBm Low Alarm 21 50 dBm COMMAND MODE Interface Configuration Ethernet COMMAND USAGE...

Page 993: ...eshold value The threshold of the transceiver temperature Range 12800 12800 in units of 0 01 Celsius DEFAULT SETTING High Alarm 75 00 C HIgh Warning 70 00 C Low Alarm 123 00 C Low Warning 0 00 C COMMA...

Page 994: ...ignal Range 4000 820 in units of 0 01 dBm DEFAULT SETTING High Alarm 9 00 dBm HIgh Warning 9 50 dBm Low Warning 21 00 dBm Low Alarm 21 50 dBm COMMAND MODE Interface Configuration Ethernet COMMAND USAG...

Page 995: ...value The threshold of the transceiver voltage Range 0 655 in units of 0 01 Volt DEFAULT SETTING High Alarm 3 50 Volts HIgh Warning 3 45 Volts Low Warning 3 15 Volts Low Alarm 3 10 Volts COMMAND MODE...

Page 996: ...SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This information allows administrators to remotely diagnose problems with optical devices This feature referred to...

Page 997: ...allows administrators to remotely diagnose problems with optical devices This feature referred to as Digital Diagnostic Monitoring DDM in the command display provides information on transceiver parame...

Page 998: ...es 7 140 meters long The test takes approximately 5 seconds The switch displays the results of the test immediately upon completion including common cable failures as well as the status and approximat...

Page 999: ...port Port number Range 1 28 COMMAND MODE Privileged Exec COMMAND USAGE The results include common cable failures as well as the status and approximate distance to a fault or the approximate cable leng...

Page 1000: ...ngs mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and most of the receive circuitry en...

Page 1001: ...an 60 meters EXAMPLE Console config interface ethernet 1 28 Console config if power save Console config if show power save This command shows the configuration settings for power savings SYNTAX show p...

Page 1002: ...CHAPTER 27 Interface Commands Power Savings 1002...

Page 1003: ...8 ports Table 109 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC port...

Page 1004: ...s not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the...

Page 1005: ...or many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination...

Page 1006: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Page 1007: ...ace ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface ethernet 1 3 Console config if lacp Console config if end Console sh...

Page 1008: ...COMMAND USAGE Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chan...

Page 1009: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Page 1010: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Page 1011: ...reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3 Console config if lacp timeout This command configures the timeout to wait for the next LACP data unit LA...

Page 1012: ...again that timeout value will be used EXAMPLE Console config interface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands show lacp This command displa...

Page 1013: ...s received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown...

Page 1014: ...protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or...

Page 1015: ...Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current adm...

Page 1016: ...CHAPTER 28 Link Aggregation Commands Trunk Status Display Commands 1016...

Page 1017: ...dress access list acl name no port monitor interface vlan vlan id mac address mac address access list acl name interface ethernet unit port source port unit Unit identifier Range 1 port Port number Ra...

Page 1018: ...configuration command and then use the port monitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match other...

Page 1019: ...xample configures port 2 to monitor packets matching the MAC address 00 12 CF XX XX XX received by port 1 Console config access list mac m1 Console config mac acl permit 00 12 cf 00 00 00 ff ff ff 00...

Page 1020: ...he following steps to configure an RSPAN session 1 Use the vlan rspan command to configure a VLAN to use for RSPAN Default VLAN 1 is prohibited 2 Use the rspan source command to specify the interfaces...

Page 1021: ...ic Only one mirror session is allowed including both local and remote mirroring If local mirroring is enabled then no session can be configured for RSPAN Spanning Tree If the spanning tree is disabled...

Page 1022: ...te a consecutive list of ports or a comma between non consecutive ports ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmitted pac...

Page 1023: ...tag untagged Traffic exiting the destination port is untagged DEFAULT SETTING Traffic exiting the destination port is untagged COMMAND MODE Global Configuration COMMAND USAGE Only one destination por...

Page 1024: ...intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations destination Specifies this device as a switch configured with a destination port which...

Page 1025: ...ession is allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then no session can be configured for RSPAN COMMAND MODE Global Configuration CO...

Page 1026: ...nsole show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Switch Role Dest...

Page 1027: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Page 1028: ...Output rate for specified interface rate Maximum value in Kbps Range 64 100000 Kbps for Fast Ethernet ports 64 1000000 Kbps for Gigabit Ethernet ports DEFAULT SETTING Disabled COMMAND MODE Interface C...

Page 1029: ...t packet rate to be either kilobits per second or packets per second SYNTAX storm sample type octet packet octet Threshold in kbit second packet Threshold in packets second DEFAULT SETTING packets sec...

Page 1030: ...xceeds the threshold specified for broadcast and multicast or unknown unicast traffic packets exceeding the threshold are dropped until the rate falls back down beneath the threshold Traffic storms ca...

Page 1031: ...ond which a storm control response is triggered after the apply timer expires IC Port auto traffic control auto control release Automatically releases a control response IC Port auto traffic control c...

Page 1032: ...control response can be automatically terminated after the release timer snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper threshold for...

Page 1033: ...ng can be released automatically or manually The control response of shutting down a port can only be released manually Figure 414 Storm Control by Shutting Down a Port The key elements of this diagra...

Page 1034: ...tion COMMAND USAGE After the apply timer expires a control action may be triggered as specified by the auto traffic control action command and a trap message sent as specified by the snmp server enabl...

Page 1035: ...nsole config auto traffic control broadcast release timer 800 Console config auto traffic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to di...

Page 1036: ...threshold configured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic c...

Page 1037: ...omatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control tra...

Page 1038: ...rm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second...

Page 1039: ...triggered and the release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the auto traffi...

Page 1040: ...le port traps atc broadcast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port t...

Page 1041: ...ps atc broadcast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Page 1042: ...ed Use the no form to disable this trap SYNTAX no snmp server enable port traps atc multicast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config...

Page 1043: ...ps atc multicast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Page 1044: ...ontrol This command shows global configuration settings for automatic storm control COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control Storm control Broadcast Apply timer sec 300 r...

Page 1045: ...ation Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128...

Page 1046: ...CHAPTER 30 Congestion Control Commands Automatic Traffic Control Commands 1046...

Page 1047: ...nterface or when an interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Page 1048: ...ded for the spanning tree protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no span...

Page 1049: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Page 1050: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Page 1051: ...detection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Page 1052: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Page 1053: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Page 1054: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Page 1055: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Page 1056: ...1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDLD...

Page 1057: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Page 1058: ...CHAPTER 32 UniDirectional Link Detection Commands 1058...

Page 1059: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 124 Address Table Commands Command Function Mode mac address...

Page 1060: ...e switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Page 1061: ...ac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interfa...

Page 1062: ...ns to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPL...

Page 1063: ...SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show mac address table count interface ethernet 1 1 MAC Entries for Port ID 1 Dynamic Address Count 2 Total MAC Addresses 2 Total MAC Address...

Page 1064: ...CHAPTER 33 Address Table Commands 1064...

Page 1065: ...ystem bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission li...

Page 1066: ...ing tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPD...

Page 1067: ...co IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner com...

Page 1068: ...sole config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the de...

Page 1069: ...onverge All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Page 1070: ...1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and rec...

Page 1071: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 1079 takes precedence over...

Page 1072: ...e lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tree...

Page 1073: ...port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU flooding is...

Page 1074: ...stance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the h...

Page 1075: ...tance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the s...

Page 1076: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Page 1077: ...isable this feature SYNTAX no spanning tree bpdu filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command filters all Bridge Protocol Data...

Page 1078: ...s DEFAULT SETTING BPDU Guard Disabled Auto Recovery Disabled Auto Recovery Interval 300 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be con...

Page 1079: ...method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAG...

Page 1080: ...enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to t...

Page 1081: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Page 1082: ...on action block shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400...

Page 1083: ...hen the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to lin...

Page 1084: ...nce identifier of the spanning tree Range 0 4094 cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method24 1 200 000 000 for long path cost method The recomme...

Page 1085: ...panning Tree Use the no form to restore the default SYNTAX spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the sp...

Page 1086: ...n the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Page 1087: ...Port Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch recei...

Page 1088: ...t Channel EXAMPLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree t...

Page 1089: ...ge 1 12 COMMAND MODE Privileged Exec COMMAND USAGE Use this command to release an interface from discarding state if loopback detection release mode is set to manual by the spanning tree loopback dete...

Page 1090: ...ic instance within the multiple spanning tree MST SYNTAX show spanning tree interface mst instance id brief stp enabled only interface ethernet unit port unit Unit identifier Range 1 port Port number...

Page 1091: ...panning Tree Enabled Disabled Enabled Instance 0 VLANs Configured 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec...

Page 1092: ...gnated Root 32768 0000E89382A0 Current Root Port 0 Current Root Cost 0 Interface Pri Designated Designated Oper STP Role State Oper Bridge ID Port ID Cost Status Edge Eth 1 1 128 32768 0000E89382A0 12...

Page 1093: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Page 1094: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Page 1095: ...for a specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS m...

Page 1096: ...for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configur...

Page 1097: ...exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable the current ring SYNTAX no en...

Page 1098: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Page 1099: ...kets Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMA...

Page 1100: ...continuity check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized mai...

Page 1101: ...own this information is passed to ERPS which in turn processes it as a ring node failure For more information on how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on pa...

Page 1102: ...packets when an owner node enters protection state without any link down event having been detected through SF messages Use the no form to disable this feature SYNTAX no non erps dev protect DEFAULT S...

Page 1103: ...the RPL the owner node will still transmit an R APS NR RB ring blocked message ERPS compliant nodes receiving this message flush their forwarding database and unblock previously blocked ports The rin...

Page 1104: ...ther higher priority request is received Recovery with Revertive Mode When all ring links and ring nodes have recovered and no external requests are active reversion is handled in the following way a...

Page 1105: ...ge on both ring ports informing other nodes that no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another highe...

Page 1106: ...ocked until the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring The Ethernet Ring Node where the Manual Switch...

Page 1107: ...ndication all ring nodes flush their FDB This action unblocks the ring port which was blocked as result of an operator command EXAMPLE Console config erps non revertive Console config erps propagate t...

Page 1108: ...ing nodes running ERPSv1 and ERPSv2 co exist on the same ring the Ring ID of each ring node must be configured as 1 If this command is disabled the following strings are used as the node identifier ER...

Page 1109: ...the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can be achieved by for...

Page 1110: ...essary to take precautions against forming a loop which is potentially composed of a whole interconnected network Figure 417 Sub ring without Virtual Channel EXAMPLE Console config erps raps without v...

Page 1111: ...any member ports spanning tree will be disabled for the first member port assigned to the static trunk EXAMPLE Console config erps ring port east interface ethernet 1 12 Console config erps rpl neighb...

Page 1112: ...ink RPL owner Use the no form to restore the default setting SYNTAX rpl owner no rpl DEFAULT SETTING None that is neither owner nor neighbor COMMAND MODE ERPS Configuration COMMAND USAGE Only one RPL...

Page 1113: ...amount of flush FDB operations in the ring Support of multiple ERP instances on a single ring Version 2 is backward compatible with Version 1 If version 2 is specified the inputs and commands are forw...

Page 1114: ...ion COMMAND USAGE If the switch goes into ring protection state due to a signal failure after the failure condition is cleared the RPL owner will start the wait to restore timer and wait until it expi...

Page 1115: ...ual switch state 1 Issue an erps clear command to remove the forced switch command on the node where a local forced switch command is active 2 Issue an erps clear command on the RPL owner node to trig...

Page 1116: ...R APS messages e The ring node receiving an R APS FS message flushes its FDB Protection switching on a forced switch request is completed when the above actions are performed by each ring node At thi...

Page 1117: ...a FS command at the ring node under maintenance in order to avoid falling into the above mentioned unrecoverable situation EXAMPLE Console erps forced switch domain r d west Console erps manual switc...

Page 1118: ...ch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without any local higher priority requests unblocks any blocked ring port which does not have an S...

Page 1119: ...tatus information for all configured rings or for a specified ring SYNTAX show erps domain ring name statistics domain Keyword to display ERPS ring configuration settings ring name Name of a specific...

Page 1120: ...link failure has occurred This state will switch to idle state if all the failed links recover Type Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertiv...

Page 1121: ...this ring node R APS with VC The R APS Virtual Channel is the R APS channel connection used to tunnel R APS messages between two interconnection nodes of a sub ring in another Ethernet ring or network...

Page 1122: ...to block timer expires WTR Expire The time before the wait to restore timer expires Table 132 show erps statistics detailed display description Field Description Interface The direction and port or t...

Page 1123: ...Commands 1123 EVENT Any request state message excluding FS SF MS and NR HEALTH The number of non standard health check messages Table 132 show erps statistics detailed display description Continued Fi...

Page 1124: ...CHAPTER 35 ERPS Commands 1124...

Page 1125: ...ng ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 8...

Page 1126: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Page 1127: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Page 1128: ...in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN...

Page 1129: ...rivileged Exec COMMAND USAGE See Displaying Bridge Extension Capabilities on page 121 for a description of the displayed items EXAMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maxim...

Page 1130: ...eave All Timer 1000 centiseconds Console RELATED COMMANDS garp timer 1127 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit...

Page 1131: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Page 1132: ...the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets rspan Keyword to create a VLAN used for mirroring traffic from remote switches The VLAN used for...

Page 1133: ...tion Table 136 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchport acceptable frame types Configures fr...

Page 1134: ...estore the default SYNTAX switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged fram...

Page 1135: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Page 1136: ...iltering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames such as GMRP EXAMPLE The following example shows how to set the interface to...

Page 1137: ...Console config if switchport mode hybrid Console config if RELATED COMMANDS switchport acceptable frame types 1134 switchport native vlan This command configures the PVID i e default VLAN ID for a po...

Page 1138: ...ollowing figure shows VLANs 1 and 2 configured on switches A and B with VLAN trunking being used to pass traffic for these VLAN groups across switches C D and E Figure 418 Configuring VLAN Trunking Wi...

Page 1139: ...to establish a path across the switch for unknown VLAN groups Console config interface ethernet 1 9 Console config if vlan trunking Console config if interface ethernet 1 10 Console config if vlan tru...

Page 1140: ...are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN IDs QinQ tunneling expands VLAN space by using...

Page 1141: ...tive vlan 7 Configure the QinQ tunnel uplink port to dot1Q tunnel uplink mode switchport dot1q tunnel mode 8 Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member switchport allo...

Page 1142: ...led COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE QinQ tunneling must be enabled on the switch using the dot1q tunnel system tunnel control command before the switchport dot...

Page 1143: ...that will carry this traffic across the 802 1Q tunnel This process is performed in a transparent manner as described under IEEE 802 1Q Tunneling on page 206 When priority bits are found in the inner...

Page 1144: ...chport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode uplink 4 Configures port 1 as an untagged member of VLANs 100 200 and 300 using access mode Console config int...

Page 1145: ...1q tunnel tpid tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Page 1146: ...tunnel interface interface service svid service svid interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 svid VLAN ID for the outer VLAN...

Page 1147: ...upstream L2PT protocol packets i e STP BPDUs to this value and forwards them on to uplink ports The MAC address must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx DEFAULT SETTING 01 12...

Page 1148: ...2PT processes packets is based on the following criteria 1 packet is received on a QinQ uplink port 2 packet is received on a QinQ access port or 3 received packet is Cisco compatible L2PT i e as indi...

Page 1149: ...received on an access port and recognized as a CDP VTP STP PVST protocol packet and L2PT is enabled on this port it is forwarded to the following ports in the same S VLAN a other access ports for whic...

Page 1150: ...ee Plus spanning tree Spanning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol DEFAULT SETTING Disabled for all protocols COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE R...

Page 1151: ...ed to that device can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream...

Page 1152: ...ries is 8 per port and up to 96 for the system However note that configuring a large number of entries may degrade the performance of other processes that also use the TCAM such as IP Source Guard fil...

Page 1153: ...n standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of...

Page 1154: ...cific protocols to a group Use the no form to remove a protocol group SYNTAX protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group gr...

Page 1155: ...hing protocol traffic is forwarded Range 1 4094 priority The priority assigned to untagged ingress traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING No protocol groups are mapped for a...

Page 1156: ...l group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMAND MODE Privileged Exec EXAMPLE This shows protocol group 1 co...

Page 1157: ...ssification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source ad...

Page 1158: ...ty 0 COMMAND MODE Global Configuration COMMAND USAGE Each IP subnet can be mapped to only one VLAN ID An IP subnet consists of an IP address and a subnet mask The specified VLAN need not be an existin...

Page 1159: ...192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based VLAN classification all...

Page 1160: ...y value 1 means relevant and 0 means ignore vlan id VLAN to which the matching source MAC address traffic is forwarded Range 1 4094 priority The priority assigned to untagged ingress traffic Range 0 7...

Page 1161: ...tically assigns the port to the Voice VLAN Alternatively switch ports can be manually configured voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to...

Page 1162: ...When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member of the Voice VLAN Only one Voice VLAN is supported and it must already be created on the...

Page 1163: ...ng 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Use the no form to remove an entry from the list SYNTAX voice vlan mac address...

Page 1164: ...must be manually added to the Voice VLAN auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port DEFAULT SETTING Disabled COMMAND MODE Interface Con...

Page 1165: ...active for the port EXAMPLE The following example sets the CoS priority to 5 on port 1 Console config interface ethernet 1 1 Console config if switchport voice vlan priority 5 Console config if switc...

Page 1166: ...oIP traffic on a port Use the no form to disable filtering on a port SYNTAX no switchport voice vlan security DEFAULT SETTING Disabled COMMAND MODE Interface Configuration COMMAND USAGE Security filte...

Page 1167: ...aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Auto Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 1...

Page 1168: ...CHAPTER 36 VLAN Commands Configuring Voice VLANs 1168...

Page 1169: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Page 1170: ...icates a strict queue DEFAULT SETTING WRR COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of strict and w...

Page 1171: ...eights to the eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore the de...

Page 1172: ...ority mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged...

Page 1173: ...Console config if RELATED COMMANDS show interfaces switchport 988 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queue Mode Wei...

Page 1174: ...al format Range 0 1 Table 147 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Page 1175: ...processing Note that priority tags in the original packet are not modified by this command The internal DSCP consists of three bits for per hop behavior PHB which determines the queue to which a pack...

Page 1176: ...ust mode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one set of DSCP values to...

Page 1177: ...onfig interface ethernet 1 5 Console config if qos map dscp mutation 3 1 from 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per...

Page 1178: ...l be based on the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used for priori...

Page 1179: ...CoS CFI 0 1 0 0 0 0 0 1 1 0 1 0 2 2 0 2 0 3 3 0 3 0 4 4 0 4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Console show qos map dscp mutation This command shows the ingress DSCP to internal DSCP map SYNTAX show qos...

Page 1180: ...3 4 5 0 5 1 5 0 5 3 5 0 5 1 6 0 5 3 6 0 6 1 5 6 0 6 3 6 0 6 1 6 0 6 3 7 0 7 1 7 0 7 3 6 7 0 7 1 7 0 7 3 Console show qos map phb queue This command shows internal per hop behavior to hardware queue m...

Page 1181: ...Priority Commands Layer 3 and 4 1181 COMMAND MODE Privileged Exec EXAMPLE The following shows that the trust mode is set to CoS Console show qos map trust mode interface ethernet 1 5 Information of E...

Page 1182: ...CHAPTER 37 Class of Service Commands Priority Commands Layer 3 and 4 1182...

Page 1183: ...er for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an en...

Page 1184: ...set ip dscp command to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the poli...

Page 1185: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Page 1186: ...e unit port unit Unit identifier Range 1 port Port number Range 1 28 vlan A VLAN Range 1 4094 DEFAULT SETTING None COMMAND MODE Class Map Configuration COMMAND USAGE First enter the class map command...

Page 1187: ...map rd class 2 match any Console config cmap match ip precedence 5 Console config cmap This example creates a class map call rd class 3 and sets it to match packets marked for VLAN 1 Console config c...

Page 1188: ...ass Map page 1188 before assigning it to a Policy Map EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set command to c...

Page 1189: ...sets the IP DSCP value in matching packets This modifies packet priority in the IP header police commands define parameters such as the maximum throughput burst rate and response to non conforming tra...

Page 1190: ...ket the packet is set red transmit Transmits without taking any action drop Drops packet as required by violate action new dscp Differentiated Service Code Point DSCP value Range 0 63 DEFAULT SETTING...

Page 1191: ...ng packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set phb 3 Console config pmap c police flow 100000 4000 conform action transmit violate action d...

Page 1192: ...cannot exceed 16 Mbytes The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters Committed Information Rate CIR Committed Burst Size BC...

Page 1193: ...en precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented The meterin...

Page 1194: ...r second Range 0 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower peak burst Peak burst size BP in bytes Range 0 16000000 at a granularity of 4k bytes conform action A...

Page 1195: ...the packet The behavior of the meter is specified in terms of its mode and two token buckets P and C which are based on the rates PIR and CIR respectively The maximum size of the token bucket P is BP...

Page 1196: ...sole config pmap class rd class Console config pmap c set phb 3 Console config pmap c police trtcm color blind 100000 4000 100000 6000 conform action transmit exceed action 0 violate action drop Conso...

Page 1197: ...d Use the no form to remove this traffic classification SYNTAX no set ip dscp new dscp new dscp New Differentiated Service Code Point DSCP value Range 0 63 DEFAULT SETTING None COMMAND MODE Policy Map...

Page 1198: ...to control queue congestion by the police srtcm color command and police trtcm color command The set cos and set phb command function at the same level of priority Therefore setting either of these co...

Page 1199: ...ce Configuration Ethernet Port Channel COMMAND USAGE Only one policy map can be assigned to an interface First define a class map then define a policy map and finally use the service policy command to...

Page 1200: ...classification criteria for incoming traffic and may include policers for bandwidth limitations SYNTAX show policy map policy map name class class map name policy map name Name of the policy map Range...

Page 1201: ...assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 COM...

Page 1202: ...CHAPTER 38 Quality of Service Commands 1202...

Page 1203: ...ing displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffi...

Page 1204: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Page 1205: ...p snooping Console config ip igmp snooping vlan static Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping...

Page 1206: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Page 1207: ...ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip igmp snooping querier DEFAULT SE...

Page 1208: ...outer Alert option 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option...

Page 1209: ...ived and all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Page 1210: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Page 1211: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Page 1212: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Page 1213: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Page 1214: ...ssage is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The time out for this release is currently defined by Last...

Page 1215: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Page 1216: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Page 1217: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Page 1218: ...address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for pro...

Page 1219: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Page 1220: ...AGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EXAMPLE...

Page 1221: ...ort channel channel id Range 1 12 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ip igmp snooping statistics Console show ip igmp snooping This command sh...

Page 1222: ...Disabled Immediate Leave Disabled Last Member Query Interval 10 unit 1 10s Last Member Query Count 2 General Query Suppression Disabled Query Interval 125 Query Response Interval 100 unit 1 10s Proxy...

Page 1223: ...t Forwarding Entry Count 1 Flag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h...

Page 1224: ...SYNTAX show ip igmp snooping statistics input interface interface output interface interface query vlan vlan id interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 p...

Page 1225: ...is interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and...

Page 1226: ...ip igmp snooping statistics vlan query display description Field Description Querier IP Address The IP address of the querier on this interface Querier Expire Time The time after which this querier i...

Page 1227: ...n The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a p...

Page 1228: ...ofile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP filtering and throttling onl...

Page 1229: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Page 1230: ...TTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE Console config ip i...

Page 1231: ...ejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type is...

Page 1232: ...er An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND USAGE The IGMP filtering profile must first be created with the ip igmp profile co...

Page 1233: ...wo actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it w...

Page 1234: ...if ip igmp query drop This command drops any received IGMP query packets Use the no form to restore the default setting SYNTAX no ip igmp query drop DEFAULT SETTING Disabled COMMAND MODE Interface Co...

Page 1235: ...entication This command displays the interface settings for IGMP authentication SYNTAX show ip igmp authentication interface interface interface ethernet unit port unit Unit identifier Range 1 port Po...

Page 1236: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239...

Page 1237: ...ber Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Con...

Page 1238: ...lticast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interfa...

Page 1239: ...tch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configure...

Page 1240: ...e SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected The querier is responsible for ask...

Page 1241: ...G 125 seconds COMMAND MODE Global Configuration COMMAND USAGE This command applies when the switch is serving as the querier An MLD general query message is sent by the switch at the interval specifie...

Page 1242: ...command configures the MLD Snooping robustness variable Use the no form to restore the default value SYNTAX ipv6 mld snooping robustness value no ipv6 mld snooping robustness value The number of the...

Page 1243: ...rt i e the interface that had been receiving query packets to have expired EXAMPLE Console config ipv6 mld snooping router port expire time 300 Console config ipv6 mld snooping unknown multicast mode...

Page 1244: ...AND MODE Global Configuration EXAMPLE Console config ipv6 mld snooping version 1 Console config ipv6 mld snooping vlan immediate leave This command immediately deletes a member port of an IPv6 multica...

Page 1245: ...atically configures an IPv6 multicast router port Use the no form to remove the configuration SYNTAX no ipv6 mld snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet...

Page 1246: ...X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config ipv...

Page 1247: ...ifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ipv6 mld snooping statistics Console show ipv6 mld snooping This command shows the current MLD Snooping configuration SYNTAX show...

Page 1248: ...roup source list This command shows known multicast groups member ports the means by which each group was learned and the corresponding source list SYNTAX show ipv6 mld snooping group source list COMM...

Page 1249: ...ltering feature fulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join T...

Page 1250: ...permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD filtering and throttling only applies to dynamically learned multicast...

Page 1251: ...but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ipv6 mld profile 19 Console config mld profile RELATED COMMANDS...

Page 1252: ...id IPv6 address X X X X X for the end of a multicast group range DEFAULT SETTING None COMMAND MODE MLD Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one mu...

Page 1253: ...ast groups an interface can join at the same time Range 1 1023 DEFAULT SETTING 1023 COMMAND MODE Interface Configuration Ethernet COMMAND USAGE MLD throttling sets a maximum number of multicast groups...

Page 1254: ...Configuration Ethernet COMMAND USAGE When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join...

Page 1255: ...to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT SETTING Disabled COMMAND MODE Interfac...

Page 1256: ...number profile number An existing MLD filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 mld profile MLD Profile 19 MLD Profile 50 Co...

Page 1257: ...and displays the interface settings for MLD throttling SYNTAX show ipv6 mld throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port chan...

Page 1258: ...ry interval Configures the interval at which the receiver port sends out general queries GC mvr proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port a...

Page 1259: ...e MVR group addresses specified in a profile to an MVR domain Use the no form of this command to remove the binding SYNTAX no mvr domain domain id associated profile profile name domain id An independ...

Page 1260: ...c domain Use the no form of this command to disable MVR for a domain SYNTAX no mvr domain domain id domain id An independent multicast domain Range 1 5 DEFAULT SETTING Disabled COMMAND MODE Global Con...

Page 1261: ...ed an MVR group is sent from all source ports to all receiver ports that have registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for mu...

Page 1262: ...ig mvr priority This command assigns a priority to all multicast traffic in the MVR VLAN Use the no form of this command to restore the default setting SYNTAX mvr priority priority no mvr priority pri...

Page 1263: ...l MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port receives report and leave...

Page 1264: ...f times report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes...

Page 1265: ...t the requested streams are still restricted to the address range which has been specified in a profile and bound to a domain EXAMPLE Console config mvr source port mode dynamic Console config mvr ups...

Page 1266: ...is the VLAN to which all source ports must be assigned The VLAN specified by this command must be an existing VLAN configured with the vlan command MVR source ports can be configured as members of the...

Page 1267: ...ly to multicast groups which have been statically assigned to a port with the mvr vlan group command EXAMPLE The following enables immediate leave on a receiver port Console config interface ethernet...

Page 1268: ...configures one source port and several receiver ports on the switch Console config interface ethernet 1 5 Console config if mvr domain 1 type source Console config if exit Console config interface et...

Page 1269: ...multicast groups must be statically assigned using the mvr vlan group command The MVR VLAN cannot be specified as the receiver VLAN for static bindings EXAMPLE The following statically assigns a multi...

Page 1270: ...ation about MVR domain settings including MVR operational status the multicast VLAN the current number of group addresses and the upstream source IP address SYNTAX show mvr domain domain id domain id...

Page 1271: ...into the MVR VLAN MVR Proxy Switching Shows if MVR proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR Proxy Query I...

Page 1272: ...Source Inactive Discarding Eth1 1 Receiver Active Forwarding Disabled 225 0 0 1 VLAN1 225 0 0 9 VLAN3 Eth1 4 Receiver Active Discarding Disabled Console Table 164 show mvr interface display descriptio...

Page 1273: ...ddress The subscriber IP addresses sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel cha...

Page 1274: ...6 7 1 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console show mvr profile This command shows all configured MVR profiles COMMAND MODE Privileged Exec EXAMPLE The following shows all configured MVR profiles Console...

Page 1275: ...ays statistics for all domains COMMAND MODE Privileged Exec EXAMPLE The following shows MVR protocol related statistics received Console show mvr domain 1 statistics input MVR Domain 1 Input Statistic...

Page 1276: ...rt received Join Succ The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Table 167 show mvr statistics output display description Fie...

Page 1277: ...ued Field Description Table 169 Multicast VLAN Registration for IPv6 Commands Command Function Mode mvr6 associated profile Binds the MVR group addresses specified in a profile to an MVR domain GC mvr...

Page 1278: ...oup address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config clear mvr6 statistics Clears the MVR statistics globally or on a per interface basis PE show mvr6 Show...

Page 1279: ...E The following example enables MVR for domain 1 Console config mvr6 domain 1 Console config mvr6 profile This command maps a range of MVR group addresses to a profile Use the no form of this command...

Page 1280: ...to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 group address range assigned to a profile cannot overlap with the group address range of any other profile EXAMPLE Th...

Page 1281: ...ly disables MVR router functions Receiver ports are known as downstream or router interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptio...

Page 1282: ...queries Use the no form to restore the default setting SYNTAX mvr6 robustness value value no mvr6 robustness value value The robustness used for all interfaces Range 1 10 DEFAULT SETTING 2 COMMAND MOD...

Page 1283: ...ich the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream is forwarded to any attached client Note...

Page 1284: ...cast data is received Use the no form of this command to restore the default MVR VLAN SYNTAX mvr6 domain domain id vlan vlan id no mvr6 domain domain id vlan domain id An independent multicast domain...

Page 1285: ...or a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only...

Page 1286: ...as a member of the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to access mode see the switchport mode command One or more interfaces may be configured as MVR source p...

Page 1287: ...address bits DEFAULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically...

Page 1288: ...r6 groups dynamic Console clear mvr6 statistics Use this command to clear the MVR6 statistics SYNTAX clear mvr6 statistics interface ethernet unit port port channel channel id vlan vlan id ethernet un...

Page 1289: ...m Source IP FF05 25 Console Table 170 show mvr6 display description Field Description MVR6 802 1p Forwarding Priority Priority assigned to multicast traffic forwarded into the MVR6 VLAN MVR Proxy Swit...

Page 1290: ...ed profile Domain ID 1 MVR Profile Name Start IPv6 Addr End IPv6 Addr rd FF00 1 FF00 9 Console show mvr6 interface This command shows MVR configuration settings for interfaces attached to the MVR VLAN...

Page 1291: ...or all domains and all forwarding entries COMMAND MODE Privileged Exec EXAMPLE The following shows information about the number of multicast forwarding entries currently active in domain 1 Console sho...

Page 1292: ...t H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h m s Expire Group remaining time m s Group Address VLAN Port Up t...

Page 1293: ...nterface interface query domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 vl...

Page 1294: ...is interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and...

Page 1295: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Page 1296: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Page 1297: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Page 1298: ...ED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Console config lld...

Page 1299: ...e periodic transmit interval for LLDP advertisements Use the no form to restore the default setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval a...

Page 1300: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Page 1301: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Page 1302: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Page 1303: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Page 1304: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Page 1305: ...age 1153 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Page 1306: ...e 1155 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise lin...

Page 1307: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Page 1308: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Page 1309: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Page 1310: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Page 1311: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Page 1312: ...policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificatio...

Page 1313: ...onfig detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 COMMAND MODE Privileg...

Page 1314: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Page 1315: ...t 0 port 3 Eth 1 4 MAC Address 00 12 CF DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC Address...

Page 1316: ...unit 0 port 1 SystemCapSupported Bridge SystemCapEnabled Bridge Remote Management Address 192 168 0 5 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1...

Page 1317: ...Address LCI Country Name TW What 2 Extended Power via MDI Power Type PSE Power Source Unknown Power Priority Unknown Power Value 0 Watts Inventory Hardware Revision R0A Firmware Revision 1 2 6 0 Soft...

Page 1318: ...Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Port NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 0 83 0 Eth 1 2 11 12 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp...

Page 1319: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Page 1320: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Page 1321: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Page 1322: ...events discovered by continuity check messages page 1341 or cross check messages page 1345 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Page 1323: ...aintenance association name Range 1 43 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AI...

Page 1324: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Page 1325: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Page 1326: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Page 1327: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1328 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Page 1328: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Page 1329: ...2147483647 character string IEEE 802 1ag defined character string format This is an IETF RFC 2579 DisplayString icc based ITU T SG13 SG15 Y 1731 defined ICC based format DEFAULT SETTING character str...

Page 1330: ...ance domain at the same level as the MEP to be configured using the ethernet cfm domain command 2 maintenance association within the domain using the ma index name command and 3 finally the MEP using...

Page 1331: ...le config interface ethernet 1 1 Console config if ethernet cfm port enable Console config if clear ethernet cfm ais mpid This command clears AIS defect information for the specified MEP SYNTAX clear...

Page 1332: ...fier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethern...

Page 1333: ...received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a...

Page 1334: ...rimary VID CC Interval MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ether...

Page 1335: ...rd Console show ethernet cfm maintenance points local mep MPID MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance...

Page 1336: ...format of the Maintenance Association name including primary VID character string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction...

Page 1337: ...AULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this command to display information about a specific maintenance point or use the mac keyword to display informat...

Page 1338: ...he last CCM message about this MEP has been in the CCM database Frame Loss Percentage of transmitted frames lost CC Packet Statistics received error The number of CCM packets received successfully and...

Page 1339: ...ute 7 10 minutes DEFAULT SETTING 4 100 ms COMMAND MODE Global Configuration COMMAND USAGE CCMs provide a means to discover other MEPs and to detect connectivity failures in an MA If any MEP fails to r...

Page 1340: ...connectivity to all other MEPs MIPs in the MA Each CCM received is checked to verify that the MEP identifier field sent in the message does not match its own MEPID which would indicate a duplicate MEP...

Page 1341: ...trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has recovered from an error condition mep up Sends a trap if a remote MEP is discovere...

Page 1342: ...ts the aging time for missing MEPs in the CCM database to 30 minutes Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep archive hold time 30 Console config ether...

Page 1343: ...AND MODE Privileged Exec COMMAND USAGE Use this command without any keywords to clear all entries in the error database Use the domain keyword to clear the error database for a specific domain or the...

Page 1344: ...associated with a specific VID list one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a...

Page 1345: ...CFM continuity check events in relation to the cross check operations between statically configured MEPs and those learned via continuity check messages CCMs Use the no form to restore disable these...

Page 1346: ...move a remote MEP SYNTAX no mep crosscheck mpid mpid ma ma name mpid Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 ma name Maintenan...

Page 1347: ...ain name ma ma name enable Starts the cross check process disable Stops the cross check process domain name Domain name Range 1 43 alphanumeric characters ma name MA name Range 1 43 alphanumeric chara...

Page 1348: ...k MPID MA Name Level VLAN MEP Up Remote MAC 2 downtown 4 2 Yes 00 0D 54 FC A2 73 Console Link Trace Operations ethernet cfm linktrace cache This command enables caching of CFM data learned through lin...

Page 1349: ...time minutes minutes The aging time for entries stored in the link trace cache Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE Global Configuration COMMAND USAGE Before setting the agin...

Page 1350: ...Console config ethernet cfm linktrace This command sends CFM link trace messages to the MAC address of a remote MEP SYNTAX ethernet cfm linktrace dest mep destination mpid src mep source mpid dest me...

Page 1351: ...isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Fault isolation is even more challenging since the MAC address of th...

Page 1352: ...could be returned for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be fals...

Page 1353: ...nce association name Range 1 43 alphanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes DE...

Page 1354: ...NTAX mep fault notify alarm time alarm time no fault notify alarm time alarm time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING...

Page 1355: ...mand The state machine transmits no further fault alarms until it is reset by the passage of a configured time period see the mep fault notify reset time command without a defect indication The normal...

Page 1356: ...generated Range 3 10 seconds DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration EXAMPLE This example sets the reset time after which another fault alarm can be generated Console config e...

Page 1357: ...rm Time Reset Time voip rd none macRemErrXcon 3sec 10sec Console Table 185 show fault notify generator display description Field Description MD Name The maintenance domain for this entry MA Name The m...

Page 1358: ...xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to retry...

Page 1359: ...p at the time of transmitting a frame with DM reply information Frame Delay RxTimeStampb TxTimeStampf TxTimeStampb RxTimeStampf The MEP can also make two way frame delay variation measurements based o...

Page 1360: ...CHAPTER 41 CFM Commands Delay Measure Operations 1360...

Page 1361: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Page 1362: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Page 1363: ...itical link event dying gasp Console config if efm oam link monitor frame This command enables reporting of errored frame link events Use the no form to disable this function SYNTAX no efm oam link mo...

Page 1364: ...LV includes the number of errored frames detected during the specified period EXAMPLE Console config interface ethernet 1 1 Console config if efm oam link monitor frame threshold 5 Console config if e...

Page 1365: ...sets the OAM mode on the specified port Use the no form to restore the default setting SYNTAX efm oam mode active passive no efm oam mode active All OAM functions are enabled passive All OAM functions...

Page 1366: ...of ports Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console clear efm oam counters Console RELATED COMMANDS show efm oam counters interface 1369 clear efm oam event log This command clears all e...

Page 1367: ...to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1368 to start sending test packets Then use the efm oam remote loopback stop...

Page 1368: ...ommand to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mode...

Page 1369: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Page 1370: ...nsole clear efm oam event log Use he clear efm oam event log command to clear the event log Console show efm oam event log interface 1 1 Console This command can show OAM dying gasp changes for link p...

Page 1371: ...9 0 01 Console show efm oam status interface This command displays OAM configuration settings and event counters SYNTAX show efm oam status interface interface list brief interface unit port unit Unit...

Page 1372: ...information about attached OAM enabled devices SYNTAX show efm oam status remote interface interface list interface list unit port unit Unit identifier Range 1 port Port number or list of ports To en...

Page 1373: ...me Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 127 characters DEFAULT SETTING None Table 187 Address Table Commands Command Function Mode...

Page 1374: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Page 1375: ...75 ip name server 1377 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use...

Page 1376: ...ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use the no ip...

Page 1377: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Page 1378: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Page 1379: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Page 1380: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Page 1381: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Page 1382: ...CHAPTER 43 Domain Name Service Commands 1382...

Page 1383: ...roup Function DHCP Client Allows interfaces to dynamically acquire IP address information DHCP Relay Option 82 Relays DHCP requests from local hosts to a remote DHCP server Table 191 DHCP Client Comma...

Page 1384: ...he default setting This command is used to identify the vendor class and configuration of the switch to the DHCP server which then uses this information to decide on how to service the client or the t...

Page 1385: ...me address Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface VLAN 1 is Administrative Up Link Up Address...

Page 1386: ...YNTAX ipv6 dhcp restart client vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4094 DEFAU...

Page 1387: ...clients build a list of servers by sending a solicit message and collecting advertised message replies These servers are then ranked based on their advertised preference value If the client needs to...

Page 1388: ...rmation for the specified interface s SYNTAX show ipv6 dhcp vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated...

Page 1389: ...erts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server on another network When the serve...

Page 1390: ...d ip address encode ascii hex mac address encode ascii hex string string no ip dhcp rely information option encode no subtype remote id ip address encode mac address encode encode no subtype Disables...

Page 1391: ...client server exchange messages to be forwarded between the server and client without having to flood them onto the entire VLAN DHCP request packets received by the switch are handled as follows If a...

Page 1392: ...ce connected to the requesting client and unicasts the reply packet to the client DHCP packets are flooded onto the VLAN which received them if DHCP relay service is enabled on the switch and any of t...

Page 1393: ...e VLAN that received it instead of relaying it keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet to the DHCP server replace Replace...

Page 1394: ...tion option 1390 ip dhcp relay server 1389 ip dhcp snooping 900 show ip dhcp relay This command displays the configuration settings for DHCP relay service COMMAND MODE Privileged Exec EXAMPLE Console...

Page 1395: ...must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and...

Page 1396: ...efault gateway Refer to the ip default gateway command which provides the same function bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP DEFAULT SETTING DHCP COMMAND MODE Interfac...

Page 1397: ...ss space If bootp or dhcp options are selected the system will immediately start broadcasting service requests for all VLANs configured to obtain address assignments through BOOTP or DHCP IP is enable...

Page 1398: ...an only be successfully set when a network interface that directly connects to the gateway has been configured on the switch A gateway must be defined if the management station is located in a differe...

Page 1399: ...255 255 0 Console RELATED COMMANDS ip address 1396 show ipv6 interface 1414 show ip traffic This command displays statistics for IP ICMP UDP TCP and ARP protocols COMMAND MODE Privileged Exec EXAMPLE...

Page 1400: ...mp request messages timestamp reply messages source quench messages address mask request messages address mask reply messages UDP Statistics input no port errors other errors output TCP Statistics 784...

Page 1401: ...the target device If the target device does not respond or other errors are detected the switch will indicate this by one of the following messages No Response H Host Unreachable N Network Unreachable...

Page 1402: ...e page 1374 If necessary local devices can also be specified in the DNS static host table see page 1376 EXAMPLE Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packe...

Page 1403: ...acket is sent to re establish the MAC address The aging time determines how long dynamic entries remain in the cache If the timeout is too short the switch may tie up resources by repeating ARP reques...

Page 1404: ...tal entry 4 Console IPV6 INTERFACE This switch supports the following IPv6 interface commands Table 197 IPv6 Configuration Commands Command Function Mode Interface Address Configuration and Utilities...

Page 1405: ...cs about IPv6 traffic NE PE clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE traceroute6 Shows the route packets take to...

Page 1406: ...fully set when a network interface that directly connects to the gateway has been configured on the switch EXAMPLE The following example defines a default gateway for this device Console config ipv6 d...

Page 1407: ...ess is made with an address prefix of FE80 and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console EXAMP...

Page 1408: ...and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console When DHCPv6 is restarted the switch may attempt...

Page 1409: ...se the prefix i e the network portion of the address DEFAULT SETTING No IPv6 addresses are defined COMMAND MODE Interface Configuration VLAN COMMAND USAGE The prefix must be formatted according to RFC...

Page 1410: ...f 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as long as those interfaces are attached to different...

Page 1411: ...the address prefix must be in the range of FE80 FEBF The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multiple...

Page 1412: ...is command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 and the host portion of the address is generated by converti...

Page 1413: ...4 ipv6 mtu This command sets the size of the maximum transmission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Sp...

Page 1414: ...ity and configured settings for IPv6 interfaces SYNTAX show ipv6 interface brief vlan vlan id ipv6 prefix prefix length brief Displays a brief summary of IPv6 operational status and the addresses conf...

Page 1415: ...terface Joined group address es In addition to the unicast addresses assigned to an interface a node is required to join the all nodes multicast addresses FF01 1 and FF02 1 for all IPv6 nodes within s...

Page 1416: ...onsole show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6 141D Console ND retransmit interval The interval between IPv6 neighbor solicitation retransmi...

Page 1417: ...equests discards no routes generated fragments fragment succeeded fragment failed ICMPv6 Statistics ICMPv6 received input errors destination unreachable messages packet too big messages time exceeded...

Page 1418: ...n their IPv6 headers including version number mismatch other format errors hop count exceeded IPv6 options etc too big errors The number of input datagrams that could not be forwarded because their si...

Page 1419: ...number of output datagrams which this entity received and forwarded to their final destinations In entities which do not act as IPv6 routers this counter will include only those packets which were So...

Page 1420: ...ages The number of Redirect messages received by the interface group membership query messages The number of ICMPv6 Group Membership Query messages received by the interface group membership response...

Page 1421: ...end redirects group membership query messages The number of ICMPv6 Group Membership Query messages sent by the interface group membership response messages The number of ICMPv6 Group Membership Respon...

Page 1422: ...bytes COMMAND MODE Privileged Exec COMMAND USAGE Use the ping6 command to see if another site on the network can be reached or to evaluate delays over the path The same link local address may be used...

Page 1423: ...in name server failure count The maximum number of failures before which the trace route is terminated Range 1 255 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the traceroute6 c...

Page 1424: ...ation messages sent on an interface during duplicate address detection Use the no form to restore the default setting SYNTAX ipv6 nd dad attempts count no ipv6 nd dad attempts count The number of neig...

Page 1425: ...changed duplicate address detection is performed on the new link local address but not for any of the IPv6 global unicast addresses already associated with the interface EXAMPLE The following configu...

Page 1426: ...he reachability of a neighbor Therefore avoid using very short intervals for normal IPv6 operations EXAMPLE The following sets the interval between sending neighbor solicitation messages to 30000 mill...

Page 1427: ...being sent which in turn can cause operational problems for hosts on the network This command can be used to block RAs and Router Redirect RR messages on the specified interface Determine which interf...

Page 1428: ...es all dynamic entries in the IPv6 neighbor discovery cache COMMAND MODE Privileged Exec EXAMPLE The following deletes all dynamic entries in the IPv6 neighbor cache Console clear ipv6 neighbors Conso...

Page 1429: ...as reachable in seconds Link layer Addr Physical layer MAC address State The following states are used for dynamic entries I1 Incomplete Address resolution is being carried out on the entry A neighbor...

Page 1430: ...that the target still exists and updates the lifetime of the binding otherwise it deletes the binding This section describes commands used to configure ND Snooping State continued P1 Probe A reachabil...

Page 1431: ...terface it is dropped If received on a trusted interface the switch adds an entry in the prefix table according to the Prefix Information option in the RA message The prefix table records prefix prefi...

Page 1432: ...e includes the link layer address IPv6 address lifetime as well as the VLAN and port interface which received the message If an RA message is received in response to the original NS message indicating...

Page 1433: ...This command sets the number of times the auto detection process sends an NS message to determine if a dynamic user binding is still valid Use the no form to restore the default setting SYNTAX ipv6 nd...

Page 1434: ...message is received is set to the retransmit count see the ipv6 nd snooping auto detect retransmit count command x the retransmit interval Based on the default settings this is 3 seconds EXAMPLE Conso...

Page 1435: ...t setting SYNTAX ipv6 nd snooping max binding max bindings no ipv6 nd snooping max binding max bindings The maximum number of address entries in the dynamic user binding table which can be bound to a...

Page 1436: ...othing is added to the dynamic user binding table EXAMPLE Console config interface ethernet 1 1 Console config if ipv6 nd snooping trust Console config if clear ipv6 nd snooping binding This command c...

Page 1437: ...g auto detection disabled ND Snooping auto detection retransmit count 3 ND Snooping auto detection retransmit interval 1 second ND Snooping is configured on the following VLANs VLAN 1 Interface Truste...

Page 1438: ...ss prefix table SYNTAX show ipv6 nd snooping prefix interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping prefix Prefix entry timeout 1...

Page 1439: ...1439 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1441 Troubleshooting on page 1445 License Information on page 1447...

Page 1440: ...SECTION IV Appendices 1440...

Page 1441: ...1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttl...

Page 1442: ...oping Layer 2 IPv4 IGMP Layer 3 Multicast VLAN Registration IPv4 IPv6 ADDITIONAL FEATURES BOOTP Client Connectivity Fault Management DHCP Client DNS Client Proxy ERPS Ethernet Ring Protection Switchin...

Page 1443: ...on IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging IEEE 802 1ag Connectivity Fault Mana...

Page 1444: ...1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q QinQ Tunneling IEEE 802 1ad Provider Bri...

Page 1445: ...connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting a...

Page 1446: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Page 1447: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 1448: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Page 1449: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Page 1450: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Page 1451: ...by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce p...

Page 1452: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Page 1453: ...allows switches to assign endstations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks IEEE 802 1P An IEEE standard for providing quality of servi...

Page 1454: ...g to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IN BAND MANAGEMENT Management of the network from a...

Page 1455: ...is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers This process allows IGMP enabled devices to determine where to send m...

Page 1456: ...to provide better service to selected traffic flows using features such as data prioritization queuing congestion avoidance and traffic shaping These features effectively provide preferential treatmen...

Page 1457: ...tion protocol that uses software running on a central server to control access to TACACS compliant devices on the network TCP IP Transmission Control Protocol Internet Protocol Protocol suite that inc...

Page 1458: ...s of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on...

Page 1459: ...gure note 708 boot system 719 bridge ext gvrp 1126 C calendar set 761 capabilities 977 channel group 1006 class 1188 class map 1184 clear access list hardware counters 973 clear arp cache 1403 clear c...

Page 1460: ...t period 860 dot1x timeout supp timeout 855 dot1x timeout tx period 856 E efm oam 1362 efm oam critical link event 1362 efm oam link monitor frame 1363 efm oam link monitor frame threshold 1364 efm oa...

Page 1461: ...it 1210 ip igmp snooping unregistered data flood 1210 ip igmp snooping unsolicited report interval 1211 ip igmp snooping version 1212 ip igmp snooping version exclusive 1212 ip igmp snooping vlan gene...

Page 1462: ...dress 1301 lldp basic tlv port description 1302 lldp basic tlv system capabilities 1303 lldp basic tlv system description 1303 lldp basic tlv system name 1304 lldp dot1 tlv proto ident 1304 lldp dot1...

Page 1463: ...nk detection link up 886 network access link detection link up down 886 network access mac filter 881 network access max mac count 887 network access mode mac authentication 888 network access port ma...

Page 1464: ...ates 771 show cluster members 770 show discard 984 show dns 1379 show dns cache 1380 show dos protection 944 show dot1q tunnel 1146 show dot1x 860 show efm oam counters interface 1369 show efm oam eve...

Page 1465: ...dp config 1313 show lldp info local device 1314 show lldp info remote device 1315 show lldp info statistics 1317 show log 743 show logging 744 show logging sendmail 749 show loopback detection 1051 sh...

Page 1466: ...ver group 784 snmp server host 779 snmp server location 776 snmp server notify filter 791 snmp server user 785 snmp server view 786 sntp client 750 sntp poll 751 sntp server 752 spanning tree 1066 spa...

Page 1467: ...947 traffic segmentation uplink to uplink 948 transceiver monitor 990 transceiver threshold current 990 transceiver threshold rx power 992 transceiver threshold temperature 993 transceiver threshold t...

Page 1468: ...COMMAND LIST 1468...

Page 1469: ...Extended 355 362 958 960 IPv6 Standard 355 360 958 959 MAC 355 364 964 time range 351 762 Address Resolution Protocol See ARP address table 227 1059 aging time 231 1059 aging time displaying 231 1062...

Page 1470: ...es management access 484 767 command line interface See CLI committed burst size QoS policy 293 294 295 1190 1191 1194 committed information rate QoS policy 293 294 295 1190 1191 1194 community string...

Page 1471: ...R and PIR configuring response 295 1194 trTCM metering 295 1194 two rate three color meter 291 1194 violating traffic configuring response 296 1190 1191 1194 DNS default domain name 589 1375 displayin...

Page 1472: ...filter profiles configuration 630 632 1229 filter parameters 630 632 filtering throttling 629 1227 filtering throttling configuring profile 1229 1230 filtering throttling creating profile 630 1229 fil...

Page 1473: ...ry interval IGMP snooping 621 1215 layer 2 protocol tunnel 1150 license information 1447 Link Layer Discovery Protocol Media Endpoint Discovery See LLDP MED Link Layer Discovery Protocol See LLDP link...

Page 1474: ...multicast static router port 637 1245 querier 634 1240 querier enabling 634 1240 query interval 635 1241 query maximum response time 635 1241 robustness value 635 1242 static port assignment 639 1246...

Page 1475: ...552 1365 passive mode 552 1365 remote device information displaying 556 1372 remote loop back test 557 1368 setting to active mode 552 1365 setting to passive mode 552 1365 Operations Administration a...

Page 1476: ...1346 Remote Monitoring See RMON rename DiffServ 1187 restarting the system 144 692 696 at scheduled times 144 692 showing restart time 147 697 RMON 474 795 alarm displaying settings 477 800 alarm sett...

Page 1477: ...19 static addresses setting 229 1060 statistics ARP 1399 ICMP 1399 IP 1399 TCP 1399 UDP 1399 statistics port 160 985 STP 242 1069 Also see STA summary accounting 317 832 summer time setting 757 759 sw...

Page 1478: ...IP subnet based 219 1157 MAC based 221 1159 mirroring 222 1017 port members displaying 1139 protocol 214 1153 protocol configuring 215 1154 1155 protocol configuring groups 215 1154 protocol interface...

Page 1479: ......

Page 1480: ...ES3528MV2 ES3528MV2 DC E112013 ST R03...

Search results

Summary of Contents for ES3528MV2

Reviews:

Edge-Core ES3528MV2, Management Manual, Page: 965 / 1480

Search results

Summary of Contents for ES3528MV2

Reviews: