Home
/
Edge-Core
/
ES3628C
/
Management Manual

Edge-Core ES3628C, Management Manual, Page: 421 / 674

Share

Page: 421 / 674

Edge-Core ES3628C Management Manual Download Page 421

Access Control List Commands

4-95

4

This shows that the entries in the mask override the precedence in which the rules
are entered into the ACL. In the following example, packets with the source address
10.1.1.1 are dropped because the “deny 10.1.1.1 255.255.255.255” rule has the
higher precedence according the “mask host any” entry.

This shows how to create a standard ACL with an ingress mask to deny access to
the IP host 171.69.198.102, and permit access to any others.

Console(config)#access-list ip standard A2
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#

Console(config)#access-list ip standard A2
Console(config-std-acl)#permit any
Console(config-std-acl)#deny host 171.69.198.102
Console(config-std-acl)#end
Console#show access-list
IP standard access-list A2:

deny host 171.69.198.102
permit any

Console#configure
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#exit
Console(config)#interface ethernet 1/1
Console(config-if)#ip access-group A2 in
Console(config-if)#end
Console#show access-list
IP standard access-list A2:

deny host 171.69.198.102
permit any

Console#

«
...
419
420
421
422
423
...
»

Summary of Contents for ES3628C

Page 1: ...Powered by Accton Management Guide ES3628C 24 10 100 Ports 4GE Intelligent Layer 2 3 4 Fast Ethernet Switch www edge core com...

Page 2: ......

Page 3: ...Management Guide Fast Ethernet Switch Layer 3 Standalone Switch with 24 100BASE TX RJ 45 Ports 2 1000BASE T RJ 45 Ports and 2 SFP Slots...

Page 4: ...ES3628C F3 1 0 18 E032005 R01 149100005100H...

Page 5: ...2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web Inter...

Page 6: ...ID 3 43 Configuring SNMPv3 Users 3 44 Configuring Remote SNMPv3 Users 3 46 Configuring SNMPv3 Groups 3 48 Setting SNMPv3 Views 3 52 User Authentication 3 53 Configuring User Accounts 3 53 Configuring...

Page 7: ...113 Setting Static Addresses 3 113 Displaying the Address Table 3 114 Changing the Aging Time 3 116 Spanning Tree Algorithm Configuration 3 116 Displaying Global Settings 3 117 Configuring Global Set...

Page 8: ...P Snooping and Query Parameters 3 171 Displaying Interfaces Attached to a Multicast Router 3 173 Specifying Static Interfaces for a Multicast Router 3 174 Displaying Port Members of Multicast Services...

Page 9: ...ral Protocol Settings 3 226 Specifying Network Interfaces for RIP 3 228 Configuring Network Interfaces for RIP 3 229 Displaying RIP Information and Statistics 3 232 Configuring the Open Shortest Path...

Page 10: ...lnet Connection 4 1 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4 3 Command Completion 4 3 Getting Help on Commands 4 3 Showing Commands 4 4 Partial Keyword Lookup 4 5 Negati...

Page 11: ...4 31 ip http secure server 4 32 ip http secure port 4 33 Telnet Server Commands 4 34 ip telnet server 4 34 Secure Shell Commands 4 34 ip ssh server 4 37 ip ssh timeout 4 37 ip ssh authentication retri...

Page 12: ...57 show running config 4 59 show system 4 60 show users 4 61 show version 4 62 Frame Size Commands 4 63 jumbo frame 4 63 Flash File Commands 4 64 copy 4 64 delete 4 66 dir 4 67 whichboot 4 68 boot sy...

Page 13: ...ny Extended ACL 4 90 show ip access list 4 92 access list ip mask precedence 4 93 mask IP ACL 4 93 show access list ip mask precedence 4 97 ip access group 4 98 show ip access group 4 98 MAC ACLs 4 99...

Page 14: ...CP Server 4 124 service dhcp 4 125 ip dhcp excluded address 4 125 ip dhcp pool 4 126 network 4 127 default router 4 127 domain name 4 128 dns server 4 128 next server 4 129 bootfile 4 129 netbios name...

Page 15: ...4 160 lacp admin key Ethernet Interface 4 161 lacp admin key Port Channel 4 161 lacp port priority 4 162 show lacp 4 163 Address Table Commands 4 166 mac address table static 4 167 clear mac address...

Page 16: ...pes 4 192 switchport ingress filtering 4 192 switchport native vlan 4 193 switchport allowed vlan 4 194 switchport forbidden vlan 4 195 Displaying VLAN Information 4 195 show vlan 4 196 Configuring Pr...

Page 17: ...p 4 222 class 4 223 set 4 224 police 4 224 service policy 4 225 show class map 4 226 show policy map 4 226 show policy map interface 4 227 Multicast Filtering Commands 4 228 IGMP Snooping Commands 4 2...

Page 18: ...248 clear arp cache 4 249 show arp 4 249 ip proxy arp 4 250 IP Routing Commands 4 250 Global Routing Configuration 4 251 ip routing 4 251 ip route 4 251 clear ip route 4 252 show ip route 4 253 show i...

Page 19: ...show ip ospf border routers 4 285 show ip ospf database 4 286 show ip ospf interface 4 294 show ip ospf neighbor 4 295 show ip ospf summary address 4 296 show ip ospf virtual links 4 296 Multicast Rou...

Page 20: ...neighbor 4 316 Router Redundancy Commands 4 316 Virtual Router Redundancy Protocol Commands 4 317 vrrp ip 4 317 vrrp authentication 4 318 vrrp priority 4 319 vrrp timers advertise 4 320 vrrp preempt 4...

Page 21: ...Table 3 16 Address Resolution Protocol 3 211 Table 3 17 ARP Statistics 3 216 Table 3 18 IP Statistics 3 217 Table 3 19 ICMP Statistics 3 219 Table 3 20 USP Statistics 3 221 Table 3 21 TCP Statistics 3...

Page 22: ...ow snmp view display description 4 116 Table 4 40 show snmp group display description 4 118 Table 4 41 show snmp user display description 4 120 Table 4 42 DHCP Commands 4 121 Table 4 43 DHCP Client Co...

Page 23: ...lay description 4 254 Table 4 86 Routing Information Protocol Commands 4 256 Table 4 87 show rip globals display description 4 264 Table 4 88 show ip rip display description 4 265 Table 4 89 Open Shor...

Page 24: ...st Routing Commands 4 310 Table 4 110 show ip pim neighbor display description 4 316 Table 4 111 Router Redundancy Commands 4 316 Table 4 112 VRRP Commands 4 317 Table 4 113 show vrrp display descript...

Page 25: ...te Logs 3 31 Figure 3 19 Displaying Logs 3 32 Figure 3 20 Enabling and Configuring SMTP Alerts 3 33 Figure 3 21 Resetting the System 3 34 Figure 3 22 SNTP Configuration 3 35 Figure 3 23 Clock Time Zon...

Page 26: ...ion 3 107 Figure 3 62 Rate Limit Configuration 3 108 Figure 3 63 Port Statistics 3 112 Figure 3 64 Static Addresses 3 114 Figure 3 65 Dynamic Addresses 3 115 Figure 3 66 Address Aging 3 116 Figure 3 6...

Page 27: ...che 3 186 Figure 3 107 DHCP Relay Configuration 3 188 Figure 3 108 DHCP Server General Configuration 3 190 Figure 3 109 DHCP Server Pool Configuration 3 192 Figure 3 110 DHCP Server Pool Network Confi...

Page 28: ...Figure 3 142 OSPF Redistribute Configuration 3 255 Figure 3 143 OSPF NSSA Settings 3 256 Figure 3 144 OSPF Link State Database Information 3 258 Figure 3 145 OSPF Border Router Information 3 259 Figu...

Page 29: ...hernet ports 157 lists 4 masks shared by 8 port groups Gigabit Ethernet ports 29 lists 4 masks DHCP Client Relay and Server Supported DNS Server Supported Port Configuration Speed and duplex mode and...

Page 30: ...cation server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user creden...

Page 31: ...eceived on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while pac...

Page 32: ...opology changes to about 3 to 5 seconds compared to 30 seconds or more for the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches...

Page 33: ...ion hassles normally associated with conventional routers Routing for unicast traffic is supported with the Routing Information Protocol RIP and the Open Shortest Path First OSPF protocol RIP This pro...

Page 34: ...affic and to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast grou...

Page 35: ...rt Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Pa...

Page 36: ...orts Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table Aging Time 300 se...

Page 37: ...isabled Unicast Routing RIP Disabled OSPF Disabled Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled IGMP Layer 3 Disabled Multicast Routing D...

Page 38: ...Introduction 1 10 1...

Page 39: ...S 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits...

Page 40: ...to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates...

Page 41: ...management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management soft...

Page 42: ...This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch yo...

Page 43: ...re need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values ca...

Page 44: ...nts To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string...

Page 45: ...here are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To config...

Page 46: ...ple Network Management Protocol on page 3 37 or refer to the specific CLI commands for SNMP starting on page 4 107 Saving Configuration Settings Configuration commands only modify the running configur...

Page 47: ...o boot the stack See Saving or Restoring Configuration Settings on page 3 22 for more information See Saving or Restoring Configuration Settings on page 3 23 for more information Operation Code System...

Page 48: ...Initial Configuration 2 10 2...

Page 49: ...Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwor...

Page 50: ...tistics The default user name and password admin is used for the administrator Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home p...

Page 51: ...ery visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web a...

Page 52: ...y Operation Allows the transfer and copying files 3 20 Delete Allows deletion of files from the flash memory 3 20 Set Startup Sets the startup file 3 20 Line 3 25 Console Sets console port connection...

Page 53: ...maximum allowed MAC addresses 3 65 802 1X Port authentication 3 67 Information Displays global configuration settings 3 68 Configuration Configures global configuration parameters 3 69 Port Configura...

Page 54: ...e output rate limit for each trunk 3 108 Port Statistics Lists Ethernet and RMON port statistics 3 109 Address Table 3 113 Static Addresses Displays entries for interface address or VLAN 3 113 Dynamic...

Page 55: ...specifying the supported protocols 3 148 Port Configuration Maps a protocol group to a VLAN 3 149 Priority 3 150 Default Port Priority Sets the default priority for each port 3 150 Default Trunk Prior...

Page 56: ...ember Port Table Indicates multicast addresses associated with the selected VLAN 3 176 DNS 3 182 General Configuration Enables DNS configures domain name and domain list and specifies IP address of na...

Page 57: ...f traffic protocol errors and the number of echoes timestamps and address masks 3 219 UDP Shows statistics for UDP including the amount of traffic and errors 3 221 TCP Shows statistics for TCP includi...

Page 58: ...nk through a transit area to the backbone 3 248 Network Area Address Configuration Defines OSPF areas and associated interfaces 3 250 Summary Address Configuration Aggregates routes learned from other...

Page 59: ...nterface Settings Enables or disables PIM DM per interface configures protocol settings for hello prune and graft messages 3 273 Interface Information Displays summary information for each interface 3...

Page 60: ...ent access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TC...

Page 61: ...er code Boot ROM Version Version of Power On Self Test POST and boot code Console config hostname R D 5 4 26 Console config snmp server location WC 9 4 110 Console config snmp server contact Ted 4 109...

Page 62: ...undant power supply Web Click System Switch Information Figure 3 4 Switch Information CLI Use the following command to display version information 2 Stacking is not supported in the current firmware C...

Page 63: ...tering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 113 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering data...

Page 64: ...between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo...

Page 65: ...k interfaces you must configure static routes page 3 223 or use dynamic routing i e either RIP page 3 225 or OSPF page 3 235 The precedence for configuring IP interfaces is the IP General Routing Inte...

Page 66: ...igure 3 7 IP Interface Configuration Manual Click IP Global Setting If this switch and management stations exist on other network segments then specify the default gateway and click Apply Figure 3 8 D...

Page 67: ...each power reset Figure 3 9 IP Interface Configuration DHCP Note If you lose your management connection make a console connection and enter show ip interface to determine the new switch address CLI Sp...

Page 68: ...nsfer along with the file type and file names as required Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a file within the switch direct...

Page 69: ...ddress of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replac...

Page 70: ...fig as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmwa...

Page 71: ...a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a fil...

Page 72: ...tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then...

Page 73: ...ge 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system in...

Page 74: ...assword for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default...

Page 75: ...the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Pa...

Page 76: ...nection parameters for Telnet access then click Apply Figure 3 16 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as re...

Page 77: ...ables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the speci...

Page 78: ...s of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This...

Page 79: ...type and set the logging trap Console config logging host 10 1 0 9 4 45 Console config logging facility 23 4 45 Console config logging trap 4 4 46 Console config logging trap Console config exit Cons...

Page 80: ...ers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used fo...

Page 81: ...ecify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click System Log SMTP Enable SMTP specify a source email address and s...

Page 82: ...re 3 21 Resetting the System CLI Use the reload command to restart the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 4...

Page 83: ...to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time se...

Page 84: ...0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Se...

Page 85: ...ludes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management s...

Page 86: ...y View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user...

Page 87: ...that acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the acce...

Page 88: ...ipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is rece...

Page 89: ...vailable for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The numbe...

Page 90: ...trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default engine ID...

Page 91: ...ID Enter an ID of up to 26 hexadecimal characters and then click Save Figure 3 27 Setting the SNMPv3 Engine ID CLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID To send inform m...

Page 92: ...e name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAuthNoPriv T...

Page 93: ...to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return...

Page 94: ...e remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 3 43 Remote IP The I...

Page 95: ...imum of eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save...

Page 96: ...ommunications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encr...

Page 97: ...SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent sta...

Page 98: ...ects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 259 6 10 75 2 1 0 57 This trap is sent when the slide in...

Page 99: ...n click Delete Figure 3 31 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read a...

Page 100: ...MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Clic...

Page 101: ...er Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access f...

Page 102: ...password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user Web Click Security User Accounts To configure a new user account enter the user name...

Page 103: ...sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and...

Page 104: ...n the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a repl...

Page 105: ...uthentication login radius 4 70 Console config radius server port 181 4 73 Console config radius server key green 4 73 Console config radius server retransmit 5 4 74 Console config radius server timeo...

Page 106: ...bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing...

Page 107: ...e certificate and a private key and password from a recognized certification authority Note For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest oppor...

Page 108: ...RADIUS or TACACS remote authentication server as specified on the Authentication Settings page page 3 55 If public key authentication is specified by the client then you must configure authentication...

Page 109: ...tored on the switch can access it The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored i...

Page 110: ...on with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memor...

Page 111: ...Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Console ip ssh crypto host key generate 4 37 Co...

Page 112: ...n It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 37 Console config ip ssh timeout 100 4 37 Console config ip ssh authent...

Page 113: ...rt will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch Co...

Page 114: ...llowed on a port and click Apply Figure 3 38 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count...

Page 115: ...lenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The authe...

Page 116: ...tem Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 3 39 802 1X Global Information CLI This example shows the default global setting for 802 1X Consol...

Page 117: ...atus Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Range Single Host Mu...

Page 118: ...ter which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before re transmi...

Page 119: ...nable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 25 disabled Single Host ForceAuthorized n a 1...

Page 120: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx...

Page 121: ...02 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 84 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff In...

Page 122: ...to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address rang...

Page 123: ...agement access for Telnet clients Console config management telnet client 192 168 1 19 4 29 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show managemen...

Page 124: ...ed in an ingress ACL You can also configure up to seven user defined masks for an ingress or egress ACL Command Usage The following restrictions apply to ACLs The maximum number of ACLs is Fast Ethern...

Page 125: ...me in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 44 Selecting ACL Type CLI This example creates a standar...

Page 126: ...deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP...

Page 127: ...0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a deci...

Page 128: ...g packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through...

Page 129: ...Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in R...

Page 130: ...ect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 47 ACL Configuration MAC...

Page 131: ...der in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an ACL to an interface You must configure a mask for an ACL rule before you can bin...

Page 132: ...to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Source or destination address of r...

Page 133: ...his shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the den...

Page 134: ...Source Destination Bit Mask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bit Mask Ethernet type of rule must match this bitmask Packet Form...

Page 135: ...oes not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking th...

Page 136: ...l and auto negotiation Field Attributes Web Name Interface label Type Indicates the port type 100BASE TX 1000BASE T or SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indica...

Page 137: ...the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring Interf...

Page 138: ...the link is up Operation speed duplex Shows the current speed and duplex mode Flow control type Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or none CLI This example...

Page 139: ...ports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1 Gbps full duplex operation Sym Gigabit only Chec...

Page 140: ...nd then enter the required settings Console config interface ethernet 1 13 4 143 Console config if description RD SW 13 4 144 Console config if shutdown 4 148 Console config if no shutdown Console con...

Page 141: ...the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a...

Page 142: ...he ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new tru...

Page 143: ...t be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 94 C...

Page 144: ...new trunks Unit Stack unit11 Range 1 1 Port Port identifier Range 1 28 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have com...

Page 145: ...if lacp Console config if end Console show interfaces status port channel 1 4 150 Information of Trunk 1 Basic information Port type 100TX Mac address 00 30 F1 D4 73 A2 Configuration Port admin Up Sp...

Page 146: ...Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be...

Page 147: ...can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate...

Page 148: ...0 Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 163 Channel G...

Page 149: ...up Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received...

Page 150: ...nformation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be e...

Page 151: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 163 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP Sys...

Page 152: ...signed by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggrega...

Page 153: ...1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port12 Port number Trunk13 Trunk number Type Indicates the port type 100BASE TX 1000BASE T or SFP Protect S...

Page 154: ...4 143 Console config if no switchport broadcast 4 148 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 148 Console config if end Co...

Page 155: ...ys a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 28 Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both...

Page 156: ...ity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Sets the output rate limit for an interface Default Status Disabled Default Rate...

Page 157: ...t this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Pac...

Page 158: ...rticular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collis...

Page 159: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than...

Page 160: ...ng the Switch 3 112 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 63 Port S...

Page 161: ...l address of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 12 4 151 Ethernet 1 12 Iftable stats Octets input 868453 Octets output 3492...

Page 162: ...nd traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indic...

Page 163: ...x select the method of sorting the displayed addresses and then click Query Figure 3 65 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address t...

Page 164: ...mary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Span...

Page 165: ...designed to support independent spanning trees based on VLAN groups Once you specify the VLANs to include in a Multiple Spanning Tree Instance MSTI the protocol will automatically build an MSTI tree t...

Page 166: ...number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanning tree...

Page 167: ...ion of consecutive RSTP MSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned...

Page 168: ...as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using onl...

Page 169: ...the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will...

Page 170: ...ch interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmissio...

Page 171: ...Spanning Tree Algorithm Configuration 3 123 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 68 STA Global Configuration...

Page 172: ...e other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has transit...

Page 173: ...ated port or is the MSTI regional root i e master port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed The role is set to disa...

Page 174: ...can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through t...

Page 175: ...tional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parame...

Page 176: ...Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000...

Page 177: ...MST region This switch supports up to 65 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all bridges within the same...

Page 178: ...61440 Default 32768 VLANs in MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094...

Page 179: ...root port 7 Current root cost 10000 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master Stat...

Page 180: ...isplays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 117 the settings for other instances only apply to t...

Page 181: ...ributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for al...

Page 182: ...below Path cost 0 is used to indicate auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 fu...

Page 183: ...Ns inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VL...

Page 184: ...ame VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic...

Page 185: ...he same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tag...

Page 186: ...AN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 74 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informati...

Page 187: ...e this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the V...

Page 188: ...he default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID...

Page 189: ...page to configure VLAN groups based on the port index page 3 143 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containi...

Page 190: ...untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from...

Page 191: ...ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 79 VLAN Static Membershi...

Page 192: ...l frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ing...

Page 193: ...mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the sour...

Page 194: ...e Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 81 Private VLAN Status CLI This example enables private VLANs Cons...

Page 195: ...ls cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol...

Page 196: ...nd Attributes Protocol Group ID Group identifier of this protocol group Range 1 2147483647 Frame Type20 Frame type used by this protocol Options Ethernet RFC_1042 LLC_other Protocol Type The only opti...

Page 197: ...processed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame...

Page 198: ...rity and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue...

Page 199: ...onsole config if switchport priority default 5 4 207 Console config if end Console show interfaces switchport ethernet 1 5 4 152 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second L...

Page 200: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Pr...

Page 201: ...r CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 143 Console config queue co...

Page 202: ...er priority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 87 Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the Service...

Page 203: ...en click Apply Figure 3 88 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 15 4 208 Console con...

Page 204: ...t queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be en...

Page 205: ...application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selecte...

Page 206: ...different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority...

Page 207: ...t 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch...

Page 208: ...ty Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high...

Page 209: ...es or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information can be assigned by end hosts or switches or rou...

Page 210: ...rate 6 Use the Service Policy to assign a policy map to a specific interface Configuring a Class Map A class map is used for matching packets to a specified class Command Usage To configure a Class Ma...

Page 211: ...ss Class Configuration Class Name Name of the class map Range 1 32 characters Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone...

Page 212: ...ng Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd_class match any 4 220 Console config cmap matc...

Page 213: ...ngress ports Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the Burst field and the average rate tokens are removed from the b...

Page 214: ...lass map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on page 3 162 Range CoS 0 7 DS...

Page 215: ...3 167 3 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 95 Conf...

Page 216: ...a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select...

Page 217: ...optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all...

Page 218: ...ulticast clients and servers and dynamically configure the switch ports which need to forward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can man...

Page 219: ...otocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive...

Page 220: ...ip igmp snooping querier 4 231 Console config ip igmp snooping query count 10 4 232 Console config ip igmp snooping query interval 100 4 232 Console config ip igmp snooping query max response time 20...

Page 221: ...attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch...

Page 222: ...ts the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit24 Range 1 1 Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP...

Page 223: ...eb Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propag...

Page 224: ...corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traf...

Page 225: ...er 2 snooping and query is disabled if Layer 3 IGMP is enabled Configuring IGMP Interface Parameters This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want...

Page 226: ...icast service The following parameters are used to control Layer 3 IGMP and query functions Command Attributes VLAN Interface VLAN interface bound to a primary IP address Range 1 4094 IGMP Protocol St...

Page 227: ...the Query Interval Query Interval Configures the frequency at which host query messages are sent Range 1 255 Default 125 seconds Multicast routers send host query messages to determine the interfaces...

Page 228: ...nfig if ip igmp 4 236 Console config if ip igmp last memb query interval 10 4 239 Console config if ip igmp max resp interval 20 4 238 Console config if ip igmp query interval 100 4 238 Console config...

Page 229: ...has been received this object has the value 0 0 0 0 Up time The time elapsed since this entry was created Expire The time remaining before this entry will be aged out Default 260 seconds V1 Timer The...

Page 230: ...order If there is no domain list the default domain name is used If there is a domain list the default domain name is not used When an incomplete host name is received by the DNS server on this switc...

Page 231: ...and a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 4 137 Console config ip domain list sample com uk 4 1...

Page 232: ...ay support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client...

Page 233: ...k Apply Figure 3 105 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0...

Page 234: ...indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are m...

Page 235: ...lay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so that the DHCP server will know the subnet...

Page 236: ...itch s DHCP relay agent in order of preference Restart DHCP Relay Use this button to enable or re initialize DHCP relay service Web Click DHCP Relay Configuration Enter up to five IP addresses for any...

Page 237: ...s to a specific client if required However any fixed addresses must fall within the range of an existing network address pool You can configure up to 32 fixed host addresses i e entering one address p...

Page 238: ...gle address or an address range and click Add Figure 3 108 DHCP Server General Configuration CLI This example enables the DHCP and sets an excluded address range Console config service dhcp 4 125 Cons...

Page 239: ...twork address pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for D...

Page 240: ...type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the client Range 1 32 characters Bootfile The default boot image for a DHCP cl...

Page 241: ...etwork Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 4 126 Console config dhcp network 10 1 0 0 255 255 255 0 4 127 Console config dhcp default route...

Page 242: ...ss pool Console config ip dhcp pool mgr 4 126 Console config dhcp host 10 1 0 19 255 255 255 0 4 132 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 4 134 Console config dhcp client id...

Page 243: ...pool or after moving DHCP service to another device Entry Count Number of hosts that have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host I...

Page 244: ...cipating in the virtual group as the address for the master virtual router VRRP then selects the backup routers based on the specified virtual router priority Router redundancy can be set up in any of...

Page 245: ...pt feature which allows a router to take over as the master router when it comes on line Command Usage Address Assignment The IP address assigned to the virtual router must already be configured on th...

Page 246: ...nd it will always resume control as the master virtual router when it comes back on line The preempt function only allows a backup router to take over from another backup router that is temporarily ac...

Page 247: ...to take over as the master virtual router if it has a higher priority than the acting master virtual router i e another backup router that has taken over from the VRRP group address owner Default Enab...

Page 248: ...Configuring the Switch 3 200 3 Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 3 113 VRRP Group Configuration...

Page 249: ...a real interface on this router to make it the master virtual router for the group Otherwise enter the virtual address for an existing group to make it a backup router Click Add IP to enter an IP add...

Page 250: ...mber VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Web Click IP VRRP Global Statistics Figure 3 115 VRRP Global Statistics Conso...

Page 251: ...ets Number of VRRP packets received by the virtual router with IP TTL Time To Live not equal to 255 Received Priority 0 Packets Number of VRRP packets received by the virtual router with priority set...

Page 252: ...Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority 0 VRR...

Page 253: ...first create VLANs for each unique user group or application traffic page 3 140 assign all ports that belong to the same group to these VLANs page 3 141 and then assign an IP interface to each VLAN p...

Page 254: ...ct path The router can also use the ARP protocol to find out the MAC address of the destination node of the next router as necessary Note In order to perform IP switching the switch should be recogniz...

Page 255: ...r or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on...

Page 256: ...d dynamic unicast routing If IP routing is enabled all IP packets are routed using either static routing or dynamic routing via RIP or OSPF and other packets for all non IP protocols e g NetBuei NetWa...

Page 257: ...t create a VLAN for each unique user group or for each network application and its associated users Then assign the ports associated with each of these VLANs Command Attributes VLAN ID of configured V...

Page 258: ...enter these addresses one at a time and click Set IP Configuration after entering each address Figure 3 118 IP Routing Interface CLI This example sets a primary IP address for VLAN 1 and then adds a s...

Page 259: ...ress does not match the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to the sou...

Page 260: ...es Extensive use of Proxy ARP can degrade router performance because it may lead to increased ARP traffic and increased search time for larger ARP address tables Command Attributes Timeout Sets the ag...

Page 261: ...via the configuration interface Command Attributes IP Address IP address statically mapped to a physical MAC address Valid IP addresses consist of four numbers 0 to 255 separated by periods MAC Addre...

Page 262: ...ress IP address of a dynamic entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static27 Changes a...

Page 263: ...ntry Count The number of local entries in the ARP cache Web Click IP ARP Other Addresses Figure 3 122 ARP Other Addresses Console show arp 4 249 Arp cache timeout 1200 seconds IP Address MAC Address T...

Page 264: ...ress Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 othe...

Page 265: ...mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 checksum errors Sent 0 total A...

Page 266: ...g their IP options etc Unknown Protocols Received The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol Received Packets Delivered...

Page 267: ...re suitable routes i e the next hop router to use for a specific destination Table 3 19 ICMP Statistics Parameter Description Messages The total number of ICMP messages which the entity received sent...

Page 268: ...of ICMP Timestamp request messages received sent Timestamp Replies The number of ICMP Timestamp Reply messages received sent Address Masks The number of ICMP Address Mask Request messages received se...

Page 269: ...o slow or just unnecessary Web Click IP Statistics UDP Figure 3 126 UDP Statistics CLI See the example on page 3 216 Table 3 20 USP Statistics Parameter Description Datagrams Received The total number...

Page 270: ...the SYN SENT state from the CLOSED state Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCV...

Page 271: ...network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Netmask Network mask for the associated IP subne...

Page 272: ...ve link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indi...

Page 273: ...been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Triggered up...

Page 274: ...g protocol messages The update timer is the fundamental timer used to control all basic RIP processes Setting the update timer to a short interval can cause the router to spend an excessive amount of...

Page 275: ...Apply Figure 3 130 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 4 256 Console config router version 2 4...

Page 276: ...d 128 191 is class B and the first two fields in the network address are used 192 223 is class C and the first three fields in the network address are used Command Attributes Subnet Address IP address...

Page 277: ...y Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Using thi...

Page 278: ...interface RIPv1 Sends only RIPv1 packets RIPv2 Sends only RIPv2 packets RIPv1 Compatible Route information is broadcast to other routers with RIPv2 Default Do Not Send Does not transmit RIP updates T...

Page 279: ...ion and corresponding password Then click Apply Figure 3 132 RIP Interface Settings CLI This example sets the receive version to accept both RIPv1 or RIPv2 messages the send mode to RIPv1 compatible i...

Page 280: ...se queries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP version recei...

Page 281: ...IP Routing 3 233 3 Web Click Routing Protocol RIP Statistics Figure 3 133 RIP Statistics...

Page 282: ...eries 0 Console show ip rip configuration 4 264 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Or...

Page 283: ...o calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 1587 Command Usage OSPF looks at more than just the simple hop count W...

Page 284: ...resses This is an important technique for limiting the amount of traffic exchanged between Area Border Routers ABRs And finally you must specify a virtual link to any OSPF area that is not physically...

Page 285: ...AS Boundary Router field must be enabled and the Advertise Default Route field properly configured Default Disabled Advertise Default Route29 The router can advertise a default external route into th...

Page 286: ...onfiguration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 4 267 Console config router router id 10 1 1...

Page 287: ...a border router adjacent to a stub can be configured to send a default external route into the stub for all destinations outside the local area or the autonomous system This route will also be adverti...

Page 288: ...tain the same external routing data so that the exit point does not need to be determined for each external destination Command Attributes Area ID Identifier for an area stub or NSSA Area Type Specifi...

Page 289: ...a 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default route...

Page 290: ...Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs imported into your autonomous system i e local routing domain use the Summary...

Page 291: ...is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1 1 0 255 255 255 0 4 273 Console co...

Page 292: ...Note This router supports up 64 OSPF interfaces Detail Interface Configuration VLAN ID The VLAN corresponding to the selected interface Rtr Priority Sets the interface priority for this router Range...

Page 293: ...cate slower ports Range 1 65535 Default 1 This router uses a default cost of 1 for all ports Therefore if you install a Gigabit module you need to reset the cost for all of the 100 Mbps ports to some...

Page 294: ...Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new k...

Page 295: ...rface vlan 1 Console config if ip ospf priority 5 4 282 Console config if ip ospf transmit delay 6 4 284 Console config if ip ospf retransmit interval 7 4 283 Console config if ip ospf hello interval...

Page 296: ...e that you cannot configure a virtual link that runs through a stub or NSSA area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitionin...

Page 297: ...ting link click the Detail button for the required entry modify the link settings and click Set Figure 3 139 OSPF Virtual Link Configuration CLI This example configures a virtual link from the ABR adj...

Page 298: ...onnected to the backbone either directly or through a virtual link if a direct physical connection is not possible An area initially configured via the Network Area Address Configuration page is set a...

Page 299: ...PF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then click Apply Figu...

Page 300: ...pf 4 284 Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route Number of area in this router is 4 Area 0 0 0 0 BACKBONE Number of interfaces in this area is 1 SPF algorithm executed 8...

Page 301: ...ble external route redistribution via the Redistribute Configuration screen view the routes imported into the routing table and then configure one or more summary addresses to reduce the size of the r...

Page 302: ...to destinations outside the autonomous system AS via External LSAs Specify Type 1 to add the internal cost metric to the external route metric In other words the cost of the route from any router with...

Page 303: ...butes Area ID Identifier for an not so stubby area NSSA Default Information Originate An NSSA ASBR originates and floods Type 7 external LSAs throughout its area for known network destination outside...

Page 304: ...NSSA or modify the routing behavior for an existing NSSA and click Apply Figure 3 143 OSPF NSSA Settings CLI This example configures area 0 0 0 1 as a stub and sets the cost for the default summary ro...

Page 305: ...ea border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an auto...

Page 306: ...Database Information Specify parameters for the LSAs you want to display then click Query Figure 3 144 OSPF Link State Database Information CLI The CLI provides a wider selection of display options fo...

Page 307: ...te Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed fo...

Page 308: ...ctional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fu...

Page 309: ...table making it routing protocol independent Also note that the Dense Mode version of PIM is supported on this router because it is suitable for densely populated multicast groups which occur primaril...

Page 310: ...directly attached subnetworks or on subnetworks attached to downstream routers Field Attributes Group Address IP group address for a multicast service Source Address Subnetwork containing the IP multi...

Page 311: ...Multicast Routing 3 263 3 Web Click IP Multicast Routing Multicast Routing Table Click Detail to display additional information for any entry Figure 3 148 Multicast Routing Table...

Page 312: ...and another source routed via PIM Console show ip mroute 4 299 IP Multicast Forwarding is enabled IP Multicast Routing Table Flags P Prune F Forwarding 234 5 6 7 10 1 0 0 255 255 255 0 Owner DVMRP Ups...

Page 313: ...urce of this multicast traffic When this router receives the multicast message it checks its unicast routing table to locate the port that provides the shortest path back to the source If that path pa...

Page 314: ...previously sent a prune message now discovers a new group member on one of its connections it sends a graft message to the upstream router When an upstream router receives this message it cancels the...

Page 315: ...ct for a multicast tree Range 1 65535 Default 7200 seconds Default Gateway32 Specifies the default DVMRP gateway for IP multicast traffic Default none The specified interface advertises itself as a de...

Page 316: ...ting Command Attributes DVMRP Interface Information Interface VLAN interface on this router that has enabled DVMRP Address IP address of this VLAN interface Metric The metric for this interface used t...

Page 317: ...wnstream group members within the VLAN But if IGMP snooping is disabled then the interface will flood incoming multicast traffic to all ports in the attached VLAN Web Click Routing Protocol DVMRP Inte...

Page 318: ...at neighbor to check for changes in neighbor capabilities Refer to DVMRP IETF Draft v3 10 section 3 2 1 for a detailed description of these bits These bits are described below Leaf bit 0 Neighbor has...

Page 319: ...used to forward IP multicast traffic The routes listed in the table do not reflect actual multicast traffic flows For this information you should look at the IGMP Member Port Table page 3 176 or the I...

Page 320: ...f the packet to all the other interfaces for which is has not already received a prune message for this specific source group pair DVMRP holds the prune state for about two hours while PIM DM holds it...

Page 321: ...looding by default and are only removed from the multicast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a dow...

Page 322: ...stream from a particular source forwards this traffic to all other PIM interfaces on the router If there are no requesting groups on that interface the leaf node sends a prune message upstream and ent...

Page 323: ...o interval 60 4 312 Console config if ip pim hello holdtime 210 4 312 Console config if ip pim trigger hello interval 10 4 313 Console config if ip pim join prune holdtime 60 4 313 Console config if i...

Page 324: ...DM Interface Information CLI This example shows the PIM DM interface summary for VLAN 1 Displaying Neighbor Information You can display all the neighboring PIM DM routers Command Attributes Neighbor A...

Page 325: ...tocol PIM DM Neighbor Information Figure 3 156 PIM DM Neighbor Information CLI This example displays the only neighboring PIM DM router Console show ip pim neighbor 4 316 Address VLAN Interface Uptime...

Page 326: ...Configuring the Switch 3 278 3...

Page 327: ...e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your...

Page 328: ...vice you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Privil...

Page 329: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Page 330: ...erfaces Information of interfaces ip IP information lacp Show LACP statistic line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configura...

Page 331: ...sages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of comma...

Page 332: ...er of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with...

Page 333: ...ion These commands modify the console port and Telnet configuration and include command such as parity and databits Router Configuration These commands configure global settings for unicast and multic...

Page 334: ...cess list ip mask precedence access list mac access list mac mask precedence Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl...

Page 335: ...Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one char...

Page 336: ...rors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 154 Rate Limiting Controls the maximum rate for traffic transmitted or rece...

Page 337: ...tarts the line configuration mode GC 4 12 login Enables password checking at login LC 4 12 password Specifies a password on a line LC 4 13 timeout login response Sets the interval that the system wait...

Page 338: ...screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Comm...

Page 339: ...and passwords for remote authentication servers you must use the RADIUS or TACACS software installed on those servers Example Related Commands username 4 27 password 4 13 password This command specif...

Page 340: ...ng Syntax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 300...

Page 341: ...minated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Exam...

Page 342: ...lent time 4 16 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh...

Page 343: ...an be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits...

Page 344: ...Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The s...

Page 345: ...Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show...

Page 346: ...Disabled Login timeout Disabled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Con...

Page 347: ...enable password 4 28 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet stati...

Page 348: ...6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 23 show history This command shows the contents of the command history buffer Default Setting None Command Mode Norm...

Page 349: ...tion information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system E...

Page 350: ...tion mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can bot...

Page 351: ...passwords for management access 4 27 IP Filter Configures IP addresses that are allowed management access 4 29 Web Server Enables management access via a web browser 4 31 Telnet Server Enables managem...

Page 352: ...or this device Use the no form to restore the default host name Syntax hostname name no hostname name The name of this host Maximum length 255 characters Default Setting None Command Mode Global Confi...

Page 353: ...ame of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec...

Page 354: ...level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 e...

Page 355: ...mmand Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap messag...

Page 356: ...Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Exampl...

Page 357: ...his command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration...

Page 358: ...e client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session ke...

Page 359: ...secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same p...

Page 360: ...vironments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications...

Page 361: ...he host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry f...

Page 362: ...eve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh serv...

Page 363: ...nnection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption You must generate DSA and RSA host keys before enabling the SSH server Exam...

Page 364: ...te a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which t...

Page 365: ...username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto h...

Page 366: ...Related Commands ip ssh crypto zeroize 4 40 ip ssh save host key 4 41 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type...

Page 367: ...splays the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command M...

Page 368: ...ion Started Authentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 i...

Page 369: ...AACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw b...

Page 370: ...e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7...

Page 371: ...address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The max...

Page 372: ...verity Use this command without a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the syslog severity levels l...

Page 373: ...ing This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash...

Page 374: ...message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debuggi...

Page 375: ...cipients Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 fun...

Page 376: ...oses the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send m...

Page 377: ...address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch or the addre...

Page 378: ...d Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging...

Page 379: ...om time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001...

Page 380: ...rvers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchroniza...

Page 381: ...how sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged...

Page 382: ...enwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone i...

Page 383: ...one Command Mode Privileged Exec Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console Table 4 23 System Status Commands Command Function Mode Pa...

Page 384: ...nfigured for VLANs Routing protocol configuration settings Spanning tree settings Any configured settings for the console port and Telnet Example 33 Stacking is not supported in the current firmware C...

Page 385: ...iguration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack34 SNTP server settings SNMP community strings Users names acc...

Page 386: ...snmp server community private rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest...

Page 387: ...xecute this command is indicated by a symbol next to the Line i e session index number Console show system System Description 24FE 4GE L2 3 4 Standalone Switch System OID String 1 3 6 1 4 1 259 6 10 7...

Page 388: ...ilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192...

Page 389: ...verhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection...

Page 390: ...onfig https certificate public key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The confi...

Page 391: ...config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must follow the instructions in the release notes for new firmware or contact your distribut...

Page 392: ...ode image Default Setting None Command Mode Privileged Exec Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name...

Page 393: ...image file config Switch configuration file opcode Run time operation code image file filename Name of configuration file or code image If this file exists but contains errors information on this file...

Page 394: ...up the system Syntax boot system boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code file...

Page 395: ...on methods You can also enable port based authentication for network client access using IEEE 802 1X Console config boot system config startup Console config Table 4 27 Authentication Commands Command...

Page 396: ...ic privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a sin...

Page 397: ...ssword in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each...

Page 398: ...s host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS serverUDP port used for authentication messages Range 1 65535 timeout Number o...

Page 399: ...er key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon...

Page 400: ...command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeo...

Page 401: ..._address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Console show radius server Remote RADIUS server configuration...

Page 402: ...on Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used...

Page 403: ...port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch po...

Page 404: ...Maximum Addresses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC addresses on the specified port when it has reached a conf...

Page 405: ...default Resets all dot1x parameters to their default values GC 4 80 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it ti...

Page 406: ...ode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authen...

Page 407: ...ce Configuration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to si...

Page 408: ...tion on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit35 Range 1 1 port Port number Range 1 28 Command Mode Privileged Exec Examp...

Page 409: ...60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re au...

Page 410: ...cs interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit36 Range 1 1 port Port number Range 1 28 Command Mode Privileged Exec Command Usage Th...

Page 411: ...session page 4 80 Status Authorization status authorized or not Operation Mode Shows if single or multiple hosts clients can connect to an 802 1X authorized port Max Count The maximum number of hosts...

Page 412: ...ForceAuthorized yes 1 26 enabled Single Host Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period...

Page 413: ...ts based on the TCP control code MAC ACL mode MAC ACL filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 The following restrictions apply to ACLs This...

Page 414: ...s of the same type IP ACLs Table 4 33 Access Control List Commands Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 8...

Page 415: ...n mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or n...

Page 416: ...for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol n...

Page 417: ...dicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL...

Page 418: ...cess list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_na...

Page 419: ...hat matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with t...

Page 420: ...n which these packets are checked is determined by the mask and not the order in which the ACL rules were entered First create the required ACLs and ingress or egress masks before mapping an ACL to an...

Page 421: ...1 1 1 255 255 255 255 Console config std acl exit Console config access list ip mask precedence in Console config ip mask acl mask host any Console config ip mask acl mask 255 255 255 0 any Console c...

Page 422: ...how access list IP extended access list A3 deny host 171 69 198 5 any deny 171 69 198 0 255 255 255 0 any source port 23 Console config Console config access list ip mask precedence out Console config...

Page 423: ...config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any con...

Page 424: ...and Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask...

Page 425: ...y the exact text of a previously configured rule An ACL can contain up to 32 rules Example Table 4 35 MAC ACL Commands Command Function Mode Page access list mac Creates a MAC ACL and enters configura...

Page 426: ...rotocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged...

Page 427: ...e the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands ac...

Page 428: ...les but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet Example Related Commands mask MAC ACL 4 102 mac access group 4 105...

Page 429: ...shows how to create an Ingress MAC ACL and bind it to a port You can then see that the order of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit...

Page 430: ...ype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console co...

Page 431: ...can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule...

Page 432: ...Show all ACLs and associated rules PE 4 106 show access group Shows the ACLs assigned to each port PE 4 106 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92...

Page 433: ...server Syntax no snmp server Default Setting Enabled Command Mode Global Configuration Table 4 37 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 107 show snmp Display...

Page 434: ...config snmp server Console config Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the...

Page 435: ...ions are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized...

Page 436: ...t port no snmp server host host addr host addr Internet address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform...

Page 437: ...cations are sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types canno...

Page 438: ...or priv options the user name must first be defined with the snmp server user command Otherwise the authentication password and or privacy password will not exist and the switch will not authorize SN...

Page 439: ...e Related Commands snmp server host 4 110 snmp server engine id This command configures an identification string for the SNMPv3 engine Use the no form to restore the default Syntax snmp server engine...

Page 440: ...deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users page 4 118 Example Related Commands snmp server host 4 110 show snmp engine id This command shows the...

Page 441: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefin...

Page 442: ...Simple Network Management Protocol on page 3 37 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines t...

Page 443: ...fication Messages on page 3 49 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command...

Page 444: ...engine on a remote device Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read...

Page 445: ...id command before using this configuration command Before you configure a remote user use the snmp server engine id command page 4 113 to specify the engine ID for the remote device where the user re...

Page 446: ...Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identif...

Page 447: ...hex The hexadecimal value Default Setting None Command Mode Interface Configuration VLAN Command Usage This command is used to include a client identifier in all communications with the DHCP server T...

Page 448: ...t address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the follow...

Page 449: ...it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcas...

Page 450: ...lay server 10 1 0 99 Console config if Table 4 45 DHCP Server Commands Command Function Mode Page service dhcp Enables the DHCP server feature on this switch GC 4 125 ip dhcp excluded address Specifie...

Page 451: ...ress range high address The last IP address in an excluded address range netbios node type Configures NetBIOS node type for Microsoft DHCP clients DC 4 131 lease Sets the duration an IP address is ass...

Page 452: ...anges to DHCP Pool Configuration mode identified by the config dhcp prompt From this mode first configure address pools for the network interfaces using the network command You can also manually bind...

Page 453: ...lient request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is found it assigns an address fro...

Page 454: ...omain Specifies the domain name of the client Range 1 32 characters Default Setting None Command Mode DHCP Pool Configuration Example dns server This command specifies the Domain Name System DNS IP se...

Page 455: ...is typically a Trivial File Transfer Protocol TFTP server Default Setting None Command Mode DHCP Pool Configuration Example Related Commands bootfile 4 129 bootfile This command specifies the name of...

Page 456: ...ess2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP address of alternate NetBIOS WINS name server Default Setting None Command Mode DHCP...

Page 457: ...to a DHCP client Use the no form to restore the default value Syntax lease days hours minutes infinite no lease days Specifies the duration of the lease in numbers of days Range 0 364 hours Specifies...

Page 458: ...client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a m...

Page 459: ...uration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier and hardware address are configured for a host address the c...

Page 460: ...hernet Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client iden...

Page 461: ...vice to another device Example Related Commands show ip dhcp binding 4 135 show ip dhcp binding This command displays address bindings on the DHCP server Syntax show ip dhcp binding address address Sp...

Page 462: ...onding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 4 46 DNS Commands Command Function Mode Page ip host...

Page 463: ...ries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table ip domain name This command defines the default domain name appended to incompl...

Page 464: ...e domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is rec...

Page 465: ...6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The...

Page 466: ...before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Console config ip domain server 192 1...

Page 467: ...lias if it is mapped to the same address es as a previously configured entry show dns This command displays the configuration of the DNS server Command Mode Privileged Exec Example Console show hosts...

Page 468: ...s net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Table 4 47 show dns cache display description Field Description NO The entry number for each reso...

Page 469: ...an interface configuration IC 4 144 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 144 negotiation Enables autonegotiation of a given...

Page 470: ...e The following example adds a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the...

Page 471: ...de under auto negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Comman...

Page 472: ...orts 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames wh...

Page 473: ...ntrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings...

Page 474: ...and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast packet rate This c...

Page 475: ...it42 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This com...

Page 476: ...this command see Displaying Connection Status on page 3 88 Example 43 Stacking is not supported in the current firmware Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic inform...

Page 477: ...ast input 6 Unicast output 5 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadca...

Page 478: ...Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 4 45 Stacking is not supported in the current firmware Cons...

Page 479: ...bership mode as Trunk or Hybrid page 4 191 Ingress rule Shows if ingress filtering is enabled or disabled page 4 192 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged f...

Page 480: ...stination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and stu...

Page 481: ...d Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from port 6 to port 11 Console conf...

Page 482: ...s dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default...

Page 483: ...ode i e speed duplex mode and flow control VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports...

Page 484: ...to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax...

Page 485: ...additional ports will be placed in standby mode and will only be enabled if one of the active links fails Example The following shows LACP enabled on ports 10 12 Because LACP has also been enabled on...

Page 486: ...with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP...

Page 487: ...el is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined...

Page 488: ...no lacp actor partner port priority actor The local side an aggregate link partner The remote side of an aggregate link priority LACP port priority is used to select a backup link Range 0 65535 Defau...

Page 489: ...Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 53 show lacp counters display description Field Description LACPDUs Sent...

Page 490: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Page 491: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Page 492: ...Table 4 56 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC...

Page 493: ...Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Addre...

Page 494: ...tack unit49 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Command Mode Privileged Ex...

Page 495: ...le aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically l...

Page 496: ...ng tree instance MST 4 177 name Configures the name for the multiple spanning tree MST 4 177 revision Configures the revision number for the multiple spanning tree MST 4 178 max hops Configures the ma...

Page 497: ...rovide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command sele...

Page 498: ...To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tre...

Page 499: ...Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Glob...

Page 500: ...configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge...

Page 501: ...values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 180 takes precedence over port priority page 4 180 Example...

Page 502: ...Range 1 4094 Default Setting none Command Mode MST Configuration Command Usage Use this command to group VLANs into spanning tree instances MSTP generates a unique spanning tree for each instance Thi...

Page 503: ...440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest prio...

Page 504: ...ision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Defaul...

Page 505: ...these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches ze...

Page 506: ...half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by th...

Page 507: ...nterface Configuration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes...

Page 508: ...tate changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout pr...

Page 509: ...ex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you d...

Page 510: ...n devices Therefore lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slower media Path cost takes precedence over interface priority...

Page 511: ...spanning tree protocol migration interface interface ethernet unit port unit Stack unit50 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 Command Mode Privileged Exec Command...

Page 512: ...ee command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface comman...

Page 513: ...port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forward...

Page 514: ...D Revision level 0 Instance Vlans 1 2 Console Table 4 59 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 188 Configuring VLAN Interfac...

Page 515: ...ay this file by entering the show running config command Example Related Commands show vlan 4 196 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN S...

Page 516: ...Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Table 4 61 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Ent...

Page 517: ...AN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or unt...

Page 518: ...ple The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 191 switchport ingress filtering This command enables ingress filteri...

Page 519: ...ange 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this...

Page 520: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Page 521: ...Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you can...

Page 522: ...to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Ty...

Page 523: ...ivate VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs...

Page 524: ...ts To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 189 Although not mandatory we suggest configuring a separate VLAN for eac...

Page 525: ...ult Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types protocol vla...

Page 526: ...LAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which mat...

Page 527: ...k unit53 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traff...

Page 528: ...o exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond...

Page 529: ...s command enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridg...

Page 530: ...the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which t...

Page 531: ...n all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 205 show garp timer This command shows the...

Page 532: ...ity for untagged frames sets queue weights and maps class of service tags to hardware queues 4 206 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4...

Page 533: ...er priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percenta...

Page 534: ...tput port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priority tags will be placed in queue 0 of the output port Note that if the output port is an...

Page 535: ...he CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each por...

Page 536: ...This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 1 Console c...

Page 537: ...t Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3...

Page 538: ...etting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Table 4 69 Priority Comma...

Page 539: ...ping i e IP Type of Service Use the no form to disable IP precedence mapping Syntax no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for pri...

Page 540: ...ty IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware...

Page 541: ...restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class of Service value Range 0 7 Default Setting The DSCP default...

Page 542: ...yntax show map ip port interface interface ethernet unit port unit Stack unit57 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Ex...

Page 543: ...nel id Range 1 12 Default Setting None Command Mode Privileged Exec Example Related Commands map ip precedence Global Configuration 4 213 map ip precedence Interface Configuration 4 214 58 Stacking is...

Page 544: ...channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 214 map ip dscp Interface Configuration 4 215 59 Stacking i...

Page 545: ...et command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce...

Page 546: ...lassified under this class map Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command for a class map The class map uses th...

Page 547: ...entered per class map The class map uses the Access Control List filtering engine so you must also set an ACL mask to enable filtering for the criteria specified in the match command See mask IP ACL...

Page 548: ...n be applied to the same interface with the service policy command page 4 225 You must create a Class Map page 4 222 before assigning it to a Policy Map Example This example creates a policy called rd...

Page 549: ...re the set command classifies the service that an IP packet will receive police command defines the maximum throughput burst rate and the action that results from a policy violation Currently you may...

Page 550: ...vice that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any violating pa...

Page 551: ...ommand to the ingress queue of a particular interface Use the no form to remove the policy map from this interface Syntax no service policy input policy map name input Apply to the input traffic polic...

Page 552: ...S policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name N...

Page 553: ...unit60 Range 1 1 port Port number Range 1 28 port channel channel id Range 1 12 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_class set ip dscp 3 Console s...

Page 554: ...Mode Global Configuration Example Table 4 73 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP v...

Page 555: ...el channel id Range 1 12 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port ip igmp snooping version This comman...

Page 556: ...guring IGMP Snooping and Query Parameters on page 3 171 for a description of the displayed items Example The following shows the current IGMP snooping configuration show mac address table multicast Th...

Page 557: ...h will serve as querier if elected The querier is responsible for asking hosts if they want to receive multicast traffic Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP ad...

Page 558: ...s command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not responde...

Page 559: ...and to take effect This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping que...

Page 560: ...s to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how t...

Page 561: ...he IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to jo...

Page 562: ...p igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 77 IGMP Commands Layer 3 Command Function Mode Page ip igmp Enables IGMP for the speci...

Page 563: ...n VLAN Command Usage The robustness value is used in calculating the appropriate range for other IGMP variables such as the Group Membership Interval ip igmp last memb query interval page 4 239 as wel...

Page 564: ...ends host query messages which are addressed to the multicast address 224 0 0 1 For IGMP Version 1 the designated router is elected according to the multicast routing protocol that runs on the LAN But...

Page 565: ...mmand configures the last member query interval Use the no form of this command to restore the default Syntax ip igmp last memb query interval seconds no ip igmp last memb query interval seconds The r...

Page 566: ...ersion However the multicast hosts on the subnet may support either IGMP version 1 or 2 The switch must be set to version 2 to enable the ip igmp max resp interval page 4 238 Example The following con...

Page 567: ...ption to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache Example The following example clears all multicast group entries for VLAN...

Page 568: ...10 1 5 19 7068 220 0 Console Table 4 78 show ip igmp groups display description Field Description GroupAddress IP multicast group address with subscribers directly attached or downstream from this sw...

Page 569: ...p secondary no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP addre...

Page 570: ...address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepte...

Page 571: ...o ip routing command If IP routing is disabled you must define a gateway if the target device is located in a different subnet If routing is enabled you must define the gateway with the ip route comma...

Page 572: ...efault 32 The actual packet size will be eight bytes larger than the size specified because the router adds header information Default Setting This command has no default for the host Command Mode Nor...

Page 573: ...efault entries Command Mode Global Configuration Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms...

Page 574: ...late causing network operations to time out Example Related Commands clear arp cache show arp arp timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol ARP ca...

Page 575: ...ach cache entry including the corresponding IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router Example This exampl...

Page 576: ...ed paths with static routing commands or enable a dynamic routing protocol that exchanges information with other routers on the network to automatically determine the best path to any subnetwork This...

Page 577: ...remove static routes Syntax ip route destination ip netmask default gateway metric metric no ip route destination ip netmask default destination ip IP address of the destination network subnetwork or...

Page 578: ...0 to the router 192 168 5 254 using the default metric of 1 clear ip route This command removes dynamically learned entries from the IP routing table Syntax clear ip route network netmask network Netw...

Page 579: ...s page 4 258 Example Console show ip route Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 2 48 102 static 0 1 10 2 48 2 255 255 252 0 10 2 48 16 local 0 1 10 2 5 6 255 255 25...

Page 580: ...250 00 00 30 01 01 01 3 1 1 10 2 48 2 00 00 30 01 01 02 1 1 1 10 2 5 6 00 00 30 01 01 03 1 1 2 10 3 9 1 00 00 30 01 01 04 2 1 3 Console Table 4 85 show ip host route display description Field Descript...

Page 581: ...t a gateway Frags 0 reassembled 0 timeouts 0 fragmented 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requ...

Page 582: ...to use RIP routing RC 4 258 neighbor Defines a neighboring router with which to exchange information RC 4 258 version Specifies the RIP version to use on all network interfaces if not already specifi...

Page 583: ...meout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable Howev...

Page 584: ...xx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address a...

Page 585: ...ip rip send version command will be set to the following values RIP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol mess...

Page 586: ...v2 packets Command Usage Use this command to override the global setting specified by the RIP version command You can specify the receive version based on these options Use none if you do not want to...

Page 587: ...ing specified by the RIP version command You can specify the receive version based on these options Use none to passively monitor route information advertised by other routers attached to the network...

Page 588: ...metrics to infinity This provides faster convergence Example This example propagates routes back to the source using poison reverse ip rip authentication key This command enables authentication for RI...

Page 589: ...a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentic...

Page 590: ...ut the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Console show rip globals R...

Page 591: ...IP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison reverse or...

Page 592: ...an area border routers to the backbone RC 4 276 Interface Configuration ip ospf authentication Specifies the authentication type for an interface IC 4 278 ip ospf authentication key Assigns a simple p...

Page 593: ...or this device within the autonomous system Use the no form to use the default router identification method i e the lowest interface address Syntax router id ip address no router id ip address Router...

Page 594: ...f the priority values of the routers bidding to be the designated router or backup designated router for an area are equal the router with the highest ID is elected Example Related Commands router osp...

Page 595: ...e an Autonomous System this router automatically becomes an Autonomous System Boundary Router ASBR However an ASBR does not by default generate a default route into the routing domain If you use the...

Page 596: ...ng a low value allows the router to switch to a new path faster but uses more CPU processing time Example area range This command summarizes the routes advertised by an Area Border Router ABR Use the...

Page 597: ...a Border Router ABR Use the no form to remove the assigned default cost Syntax area area id default cost cost no area area id default cost area id Identifier for a stub or NSSA in the form of an IP ad...

Page 598: ...r all routes contained in 192 168 x x Related Commands area range 4 270 redistribute This command imports external routing information from other routing domains i e protocols into the autonomous syst...

Page 599: ...the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR plus the cost of the external route Specify Type 2 to only advertise the external...

Page 600: ...emoved from an area the interface belonging to that range may still remain active if a less specific address range covering that area has been specified This router supports up to 64 OSPF router inter...

Page 601: ...To remove an optional attribute use the no form without the relevant keyword Syntax no area area id nssa no redistribution default information originate area id Identifies the NSSA The area ID must be...

Page 602: ...s are always chosen over Type 7 NSSA external routes This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 3 0 0 and assigns...

Page 603: ...equired to send a link state update packet over the virtual link considering the transmission and propagation delays LSAs have their age incremented by this amount before transmission This value must...

Page 604: ...nks Example This example creates a virtual link using the defaults for all optional parameters This example creates a virtual link using MD5 authentication Related Commands show ip ospf virtual links...

Page 605: ...entication key This command assigns a simple password to be used by neighboring routers Use the no form to remove the password Syntax ip ospf authentication key key no ip ospf authentication key key S...

Page 606: ...ication information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple c...

Page 607: ...have to reset the cost for all of the 100 Mbps ports to a value greater than 1 Example ip ospf dead interval This command sets the interval at which hello packets are not seen before neighbors declare...

Page 608: ...are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing t...

Page 609: ...ommand specifies the time between resending link state advertisements LSAs Use the no form to restore the default value Syntax ip ospf retransmit interval seconds no ip ospf retransmit interval second...

Page 610: ...y according to link speed using larger values for lower speed links The transmit delay must be the same for all routers attached to an autonomous system Example show ip ospf This command shows basic i...

Page 611: ...SA or stub Number of interfaces The number of interfaces attached to this area SPF algorithm executed The number of times the shortest path first algorithm has been executed for this area Console show...

Page 612: ...ginate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router ip ad...

Page 613: ...52 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 28 0X80000001 0X53E1 Console Table...

Page 614: ...ork Mask 255 255 255 0 Metric 1 Console Table 4 93 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities a...

Page 615: ...a 2 1 1 0 0 0 Total LSA Counts 4 Console Table 4 94 show ip ospf database summary display description Field Description Area ID Area identifier Router Number of router LSAs Network Number of network L...

Page 616: ...ociated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Number...

Page 617: ...outer 10 1 1 253 Console Table 4 96 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the L...

Page 618: ...splay description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Router Link LSA describes the router s interface...

Page 619: ...er 80000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 4 98 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in...

Page 620: ...of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which this interface belongs Router ID Router ID Network Type Includes broadc...

Page 621: ...outer priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet bu...

Page 622: ...ands area virtual link 4 276 Console show ip ospf summary address 10 1 0 0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit...

Page 623: ...vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4...

Page 624: ...as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp sn...

Page 625: ...p dvmrp or ip pim dense mode commands Example show ip mroute This command displays the IP multicast routing table Syntax show ip mroute group address source summary group address An IP multicast group...

Page 626: ...nterface vlan1 Upstream Router 148 122 34 9 Downstream vlan2 P vlan3 F Console Table 4 105 show ip mroute display description Field Description Source and netmask Subnetwork containing the IP multicas...

Page 627: ...lay before declaring an attached neighbor router down RC 4 303 report interval Sets the interval for propagating the complete set of routing tables to other neighbor routers RC 4 303 flash update inte...

Page 628: ...ault Setting 10 seconds Command Mode Router Configuration Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes and is used to verify whether or...

Page 629: ...nd is used for timing out routes and for setting the children and leaf flags Example report interval This command specifies how often to propagate the complete set of routing tables to other neighbor...

Page 630: ...on Example prune lifetime This command specifies how long a prune state will remain in effect for a multicast tree Use the no form to restore the default value Syntax prune lifetime seconds no prune l...

Page 631: ...outer receives these messages it records all the downstream routers for the default route When multicast traffic with an unknown source address i e not found in the route table is received on the defa...

Page 632: ...rface on this router Use the no form to restore the default value Syntax ip dvmrp metric interface metric no ip dvmrp metric interface metric Metric used to select the best reverse path Range 1 31 Def...

Page 633: ...vmrp page 4 301 Probe Interval page 4 302 Nbr Expire page 4 303 Minimum Flash Update Interval page 4 304 Prune Lifetime page 4 304 Route Report page 4 303 Default Gateway page 4 305 Metric of Default...

Page 634: ...p route display description Field Description Source IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Mask Subnet mask that is us...

Page 635: ...cast delivery tree Interface The IP interface on this router that connects to the upstream neighbor Uptime The time since this device last became a DVMRP neighbor Expire The time remaining before this...

Page 636: ...interface IC 4 311 ip pim hello interval Sets the interval between sending PIM hello messages IC 4 312 ip pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router befo...

Page 637: ...dense mode command If you enable PIM on an interface you should also enable IGMP on that interface Dense mode interfaces are subject to multicast flooding by default and are only removed from the mult...

Page 638: ...fy whether or not these neighbors are still active members of the multicast tree Example ip pim hello holdtime This command configures the interval to wait for hello messages from a neighboring PIM ro...

Page 639: ...llo interval is set to random value between 0 and the trigger hello interval This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Als...

Page 640: ...erval seconds The time before resending a Graft Range 0 65535 Default Setting 3 seconds Command Mode Interface Configuration VLAN Command Usage A graft message is sent by a router to cancel a prune st...

Page 641: ...displays the PIM settings for the specified interface as described in the preceding pages It also shows the address of the designated PIM router and the number of neighboring PIM routers Example Conso...

Page 642: ...rimary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down Console show ip pim nei...

Page 643: ...terface that are supported by this VRRP group Default Setting No virtual router groups are configured Command Mode Interface VLAN Table 4 112 VRRP Commands Command Function Mode Page vrrp ip Enables V...

Page 644: ...is entered If you need to customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP Example Th...

Page 645: ...ith the same IP address as that used for the virtual router will become the master virtual router The backup router with the highest priority will become the master router if the current master fails...

Page 646: ...dress 224 0 0 8 Using a multicast address reduces the amount of traffic that has to processed by network devices that are not part of the designated VRRP group If the master router stops sending adver...

Page 647: ...it time to gather information for its routing table before actually preempting the currently active router Example Related Commands vrrp priority 4 319 show vrrp This command displays status informati...

Page 648: ...l IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the current actin...

Page 649: ...on Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Virtual address that identifies this VRRP group Int Interval at which the m...

Page 650: ...nsole show vrrp router counters Total Number of VRRP Packets with Invalid Checksum 0 Total Number of VRRP Packets with Unknown Error 0 Total Number of VRRP Packets with Invalid VRID 0 Console Console...

Page 651: ...is command clears VRRP system statistics for the specified group and interface clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configure...

Page 652: ...Command Line Interface 4 326 4...

Page 653: ...trol Traffic throttled above a critical threshold Port Mirroring Single session one source port to one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Sta...

Page 654: ...otocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 con...

Page 655: ...2618 RIP RFC 1058 RIPv2 RFC 2453 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC RAFT 3414 2570 2273 3411 3415 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 VRRP RFC 2338 Manageme...

Page 656: ...FC 2453 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification M...

Page 657: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Page 658: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 659: ...ce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP...

Page 660: ...802 1X Port Authentication standard GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning...

Page 661: ...equests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers...

Page 662: ...3 Network layer in the ISO 7 Layer Data Communications Protocol This layer handles the routing functions for data moving from one open system to another Link Aggregation See Port Trunk Link Aggregatio...

Page 663: ...network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port ba...

Page 664: ...ansmission cost RIP 2 is a compatible upgrade to RIP It adds useful capabilities for subnet routing authentication and multicast transmissions Secure Shell SSH A secure replacement for remote access f...

Page 665: ...s connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection...

Page 666: ...Glossary Glossary 8...

Page 667: ...4 209 queue mode 3 154 4 207 traffic class weights 3 154 4 208 D default gateway configuration 3 17 3 208 4 245 default priority ingress port 3 150 4 207 default settings system 1 7 DHCP 3 19 4 243 a...

Page 668: ...gress filtering 3 144 4 192 IP address BOOTP DHCP 3 19 4 122 4 243 setting 2 4 3 17 4 243 IP port priority enabling 3 160 4 212 mapping priorities 3 160 4 212 IP precedence enabling 3 156 4 213 mappin...

Page 669: ...4 administrator setting 3 53 4 27 path cost 3 118 3 125 method 3 122 4 175 STA 3 118 3 125 4 175 PIM DM 3 272 4 310 configuring 3 272 4 310 global configuration 3 272 4 310 interface settings 3 273 4...

Page 670: ...ocol migration 3 128 4 185 transmission limit 3 122 4 175 standards IEEE A 2 startup files creating 3 24 4 64 displaying 3 21 4 57 setting 3 21 4 68 static addresses setting 3 113 4 167 static routes...

Page 671: ...settings 3 197 4 317 group statistics 3 203 4 321 preemption 3 198 3 199 4 320 priority 3 198 3 199 4 319 protocol message statistics 3 202 4 324 timers 3 199 4 320 virtual address 3 197 3 199 4 317...

Page 672: ...Index 6 Index...

Page 673: ......

Page 674: ...ES3628C E032005 R01 149100005100H...

Reviews:

No comments