Home
/
Edge-Core
/
ES4524M-PoE
/
Management Manual

Edge-Core ES4524M-PoE, Management Manual, Page: 113 / 560

Share

Page: 113 / 560

Edge-Core ES4524M-PoE Management Manual Download Page 113

User Authentication

3-69

Configuring 802.1X Port Authentication

Network switches can provide open and easy access to network resources by
simply attaching a client PC. Although this automatic configuration and access is a
desirable feature, it also allows unauthorized personnel to easily intrude and
possibly gain access to sensitive network data.

The IEEE 802.1X (dot1x) standard defines a port-based access control procedure
that prevents unauthorized access to a network by requiring users to first submit
credentials for authentication. Access to all switch ports in a network can be
centrally controlled from a server, which means that authorized users can use the
same credentials for authentication from any point within the network.

This switch uses the
Extensible Authentication
Protocol over LANs (EAPOL)
to exchange authentication
protocol messages with the
client, and a remote RADIUS
authentication server to verify
user identity and access
rights. When a client (i.e.,
Supplicant) connects to a
switch port, the switch (i.e.,
Authenticator) responds with an EAPOL identity request. The client provides its
identity (such as a user name) in an EAPOL response to the switch, which it
forwards to the RADIUS server. The RADIUS server verifies the client identity and
sends an access challenge back to the client. The EAP packet from the RADIUS
server contains not only the challenge, but the authentication method to be used.
The client can reject the authentication method and request another, depending on
the configuration of the client software and the RADIUS server. The current version
of the firmware supports only the MD5 authentication method. TLS, TTLS, and
PEAP will be supported in future releases. The client responds to the appropriate
method with its credentials, such as a password or certificate. The RADIUS server
verifies the client credentials and responds with an accept or reject packet. If
authentication is successful, the switch allows the client to access the network.
Otherwise, network access is denied and the port remains blocked.

The operation of 802.1X on the switch requires the following:

• The switch must have an IP address assigned.

• The IP address of the RADIUS server specified.

• 802.1X must be enabled globally for the switch.

• Each switch port that will be used must be set to dot1x “Auto” mode.

• Each client that needs to be authenticated must have dot1x client software

installed and properly configured.

• The RADIUS server and client also have to support the same EAP authentication

type. The current version of the firmware supports only the EAP-MD5

«
...
111
112
113
114
115
...
»

Summary of Contents for ES4524M-PoE

Page 1: ...Powered by Accton Management Guide ES4524M PoE 24 Port Layer 2 4 Gigabit Ethernet Switch with PoE...

Page 2: ......

Page 3: ...Management Guide ES4524M PoE Gigabit Ethernet Switch with PoE Layer 2 4 Switch with 22 10 100 1000BASE T RJ 45 Ports and 2 Gigabit Combination Ports RJ 45 SFP...

Page 4: ...ES4524M PoE F1 0 0 5 E012008 ST R01 149100037400A...

Page 5: ...unity Strings for SNMP version 1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Managing System Files 2 8 Saving Configuration Settings 2 9 Configuring Power o...

Page 6: ...ypes 3 40 Configuring SNMPv3 Management Access 3 43 Setting the Local Engine ID 3 43 Specifying a Remote Engine ID 3 44 Configuring SNMPv3 Users 3 45 Configuring Remote SNMPv3 Users 3 47 Configuring S...

Page 7: ...ed Ports 3 107 Configuring LACP Parameters 3 110 Displaying LACP Port Counters 3 113 Displaying LACP Settings and Status for the Local Side 3 114 Displaying LACP Settings and Status for the Remote Sid...

Page 8: ...s 3 174 Configuring the Protocol VLAN System 3 175 Link Layer Discovery Protocol 3 176 Setting LLDP Timing Attributes 3 176 Configuring LLDP Interface Attributes 3 178 Displaying LLDP Local Device Inf...

Page 9: ...atic Multicast Groups to Interfaces 3 217 Switch Clustering 3 219 Cluster Configuration 3 219 Cluster Member Configuration 3 221 Cluster Member Information 3 222 Cluster Candidate Information 3 223 UP...

Page 10: ...n 4 21 Frame Size Commands 4 22 jumbo frame 4 22 File Management Commands 4 23 copy 4 24 delete 4 26 dir 4 27 whichboot 4 28 boot system 4 28 Line Commands 4 29 line 4 30 login 4 30 password 4 31 time...

Page 11: ...Commands 4 53 cluster 4 54 cluster commander 4 54 cluster ip pool 4 55 cluster member 4 56 rcommand 4 56 show cluster 4 57 show cluster members 4 57 show cluster candidates 4 57 UPnP Commands 4 58 upn...

Page 12: ...server port 4 84 tacacs server key 4 84 show tacacs server 4 85 Web Server Commands 4 85 ip http port 4 85 ip http server 4 86 ip http secure server 4 86 ip http secure port 4 87 Telnet Server Comman...

Page 13: ...CP Snooping Commands 4 115 ip dhcp snooping 4 115 ip dhcp snooping vlan 4 117 ip dhcp snooping trust 4 118 ip dhcp snooping verify mac address 4 119 ip dhcp snooping information option 4 120 ip dhcp s...

Page 14: ...rity 4 153 show lacp 4 154 Mirror Port Commands 4 157 port monitor 4 157 show port monitor 4 158 Rate Limit Commands 4 159 rate limit 4 159 Power over Ethernet Commands 4 160 power mainpower maximum a...

Page 15: ...ort priority 4 186 spanning tree protocol migration 4 186 show spanning tree 4 187 show spanning tree mst configuration 4 189 VLAN Commands 4 189 GVRP and Bridge Extension Commands 4 190 bridge ext gv...

Page 16: ...delay 4 217 lldp admin status 4 218 lldp notification 4 218 lldp mednotification 4 219 lldp basic tlv management ip address 4 220 lldp basic tlv port description 4 221 lldp basic tlv system capabilit...

Page 17: ...show policy map interface 4 251 Multicast Filtering Commands 4 252 IGMP Snooping Commands 4 252 ip igmp snooping 4 253 ip igmp snooping vlan static 4 253 ip igmp snooping version 4 254 ip igmp snoopi...

Page 18: ...default gateway 4 269 ip dhcp restart 4 270 show ip interface 4 271 show ip redirects 4 271 ping 4 272 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A...

Page 19: ...ls 3 188 Table 3 3 Mapping DSCP Priority 3 193 Table 4 1 Command Modes 4 6 Table 4 2 Configuration Commands 4 7 Table 4 3 Keystroke Commands 4 8 Table 4 4 Command Group Index 4 9 Table 4 5 General Com...

Page 20: ...Control List Commands 4 122 Table 4 5 IP ACL Commands 4 123 Table 4 2 MAC ACL Commands 4 128 Table 4 1 ACL Information 4 132 Table 4 2 Interface Commands 4 135 Table 4 3 show interfaces switchport dis...

Page 21: ...6 Mapping IP DSCP to CoS Values 4 241 Table 3 7 Quality of Service Commands 4 243 Table 3 8 Multicast Filtering Commands 4 252 Table 3 9 IGMP Snooping Commands 4 252 Table 3 10 IGMP Query Commands La...

Page 22: ...xviii Tables...

Page 23: ...ng and Configuring SMTP 3 33 Figure 3 18 Resetting the System 3 34 Figure 3 19 SNTP Configuration 3 35 Figure 3 20 Setting the Time Zone 3 36 Figure 3 21 Enabling the SNMP Agent 3 38 Figure 3 22 Confi...

Page 24: ...t Configuration 3 111 Figure 3 59 Displaying LACP Port Counters 3 113 Figure 3 60 Displaying Local LACP Port Information 3 115 Figure 3 61 Displaying Remote LACP Port Information 3 116 Figure 3 62 Por...

Page 25: ...re 3 94 Setting the Queue Mode 3 190 Figure 3 95 Configuring Queue Scheduling 3 191 Figure 3 96 IP DSCP Priority Status 3 192 Figure 3 97 Mapping IP DSCP Priority to Class of Service Values 3 193 Figu...

Page 26: ...xxii Figures...

Page 27: ...to 256 ACLs 60 rules per ACL DHCP Client Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One port mirrored to singl...

Page 28: ...tion Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the switch and the authentication server to verify the client s right to access the netwo...

Page 29: ...ll be throttled until the level falls back beneath the threshold Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned int...

Page 30: ...Ns you can Eliminate broadcast storms which severely degrade performance in a flat network Simplify network management for node changes moves by remotely configuring VLAN membership for any port rathe...

Page 31: ...formance The switch uses IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg T...

Page 32: ...Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Span...

Page 33: ...k 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Lo...

Page 34: ...Introduction 1 8 1...

Page 35: ...ct connection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol Th...

Page 36: ...tor 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port...

Page 37: ...d program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Co...

Page 38: ...agement access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in t...

Page 39: ...are broadcast every few minutes using exponential backoff until IP configuration information is obtained from a BOOTP or DHCP server If the BOOTP or DHCP server is slow to respond the ip dhcp restart...

Page 40: ...SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the defa...

Page 41: ...here are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To config...

Page 42: ...types of files are Configuration This file stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a system start up f...

Page 43: ...e start up configuration file using the copy command New startup configuration files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not cont...

Page 44: ...e centrally managed preventing overload conditions at the power source If the power demand from devices connected to the switch exceeds the power budget setting the switch uses port power priority set...

Page 45: ...n page 2 4 2 Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Set...

Page 46: ...atistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page...

Page 47: ...visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent...

Page 48: ...lows the transfer and copying files 3 21 Delete Allows deletion of files from the flash memory 3 21 Set Start Up Sets the start up file 3 21 Line 3 25 Console Sets console port connection parameters 3...

Page 49: ...Security Configures per port security including status response for security breach and maximum allowed MAC addresses 3 78 802 1X Port authentication 3 69 Information Displays global configuration set...

Page 50: ...guration Sets the output rate limit for each trunks 3 121 Port Statistics Lists Ethernet and RMON port statistics 3 122 PoE Power over Ethernet 3 127 Power Status Displays the status of global power p...

Page 51: ...ting VLAN 3 164 Static Membership by Port Configures membership type for interfaces including tagged untagged or forbidden 3 165 Port Configuration Specifies default PVID and VLAN attributes 3 166 Tru...

Page 52: ...efault Port Priority Sets the default priority for each port 3 186 Default Trunk Priority Sets the default priority for each trunk 3 186 Traffic Classes Maps IEEE 802 1p priority tags to output queues...

Page 53: ...type and immediate leave status 3 216 Group Member Configuration Statically assigns MVR multicast streams to an interface 3 217 DHCP Snooping 3 88 Configuration Enables DHCP Snooping and DHCP Snooping...

Page 54: ...Configuring the Switch 3 10 UPNP Universal Plug and Play 3 224 Configuration Configures basic UPnP parameters 3 225 Table 3 2 Main Menu Continued Menu Description Page...

Page 55: ...Administrator responsible for the system System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address fo...

Page 56: ...nsole config snmp server contact Geoff 4 63 Console config exit Console show system 4 19 System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System OID String 1 3 6 1 4 1 259 8...

Page 57: ...n RJ 45 ports and expansion ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version nu...

Page 58: ...Static Addresses on page 3 132 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to ov...

Page 59: ...k You may also need to a establish a default gateway between the switch and management stations that exist on another network segment You can manually configure a specific IP address or direct the dev...

Page 60: ...the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is allowed management access Valid IP addresses consist of four numbers 0 to 255 separated by periods Defau...

Page 61: ...gure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection to the switch and enter show ip interface to determine the new address CLI Specify the management in...

Page 62: ...he switch In this case you can reboot the switch or submit a client request to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to ren...

Page 63: ...frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two...

Page 64: ...this switch For details see the Batch Upgrade document in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a fi...

Page 65: ...ss of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced t...

Page 66: ...ress of the TFTP server select config or opcode file type then enter the source and destination file names set the new file to start up the system and then restart the switch Console copy tftp file 4...

Page 67: ...nning configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the running config st...

Page 68: ...tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then...

Page 69: ...ge 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system...

Page 70: ...for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No pass...

Page 71: ...interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Passwo...

Page 72: ...ection parameters for Telnet access then click Apply Figure 3 2 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as requ...

Page 73: ...bles disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specif...

Page 74: ...to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to...

Page 75: ...e facility type and set the logging trap Console config logging host 192 168 1 15 4 41 Console config logging facility 23 4 41 Console config logging trap 4 4 42 Console config end Console show loggin...

Page 76: ...ers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used fo...

Page 77: ...ation Address List Specifies the email recipients of alert messages You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the l...

Page 78: ...irm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 4 4 45 Console config logging sendmail le...

Page 79: ...ree time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to specific time...

Page 80: ...rs 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone...

Page 81: ...nts This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as...

Page 82: ...none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Community stri...

Page 83: ...at acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access...

Page 84: ...ceipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is re...

Page 85: ...vailable for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The numbe...

Page 86: ...settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 23 Configuring SNMP Trap Ma...

Page 87: ...bination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred t...

Page 88: ...o it See Specifying Trap Managers and Trap Types on page 3 40 and Configuring Remote SNMPv3 Users on page 3 47 The engine ID can be specified by entering 10 to 64 hexadecimal characters If less than 6...

Page 89: ...r noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only...

Page 90: ...p of a user click Change Group in the Actions column of the users table and select the new group Figure 3 26 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user name...

Page 91: ...r for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on...

Page 92: ...ick Delete Figure 3 27 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d remote...

Page 93: ...4 characters Notify View The configured view for notifications Range 1 64 characters Table 3 1 Supported Notification Messages Object Label Object ID Description RFC 1493 Traps newRoot 1 3 6 1 2 1 17...

Page 94: ...message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generat...

Page 95: ...ick Delete Figure 3 28 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and w...

Page 96: ...IB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Click...

Page 97: ...ver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 69 Console config exit Console show snmp view 4 70 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile Row...

Page 98: ...eb SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboa...

Page 99: ...and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication Dial in User Servic...

Page 100: ...5 Message Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security You can specify up to three authentication methods for any user to indicate the authentication sequence For ex...

Page 101: ...CACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum lengt...

Page 102: ...g radius server retransmit 5 4 82 Console config radius server timeout 10 4 82 Console config radius server 1 host 192 168 1 25 4 80 Console config exit Console show radius server 4 82 Remote RADIUS S...

Page 103: ...ng to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note...

Page 104: ...secure site certificate enter the TFTP Server IP Address the Source Certificate File Name the Source Private File Name and the Private Password then click Copy Certificate Figure 3 31 HTTPS Settings...

Page 105: ...r TACACS remote authentication server as specified on the Authentication Settings page page 3 55 If public key authentication is specified by the client then you must configure authentication keys on...

Page 106: ...c If a match is found the connection is allowed Note To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually ent...

Page 107: ...ibutes Public Key of Host Key The public key for the host RSA The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string...

Page 108: ...010252487896597759216832222558465238779154647980739631403 3869257931051057652122430528078658854857892726029378660892368414232759121 27603259196836970534393364384452233351882871738968945117292905108139...

Page 109: ...ndicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus User Name The user type used for the public key pair Public Key Ty...

Page 110: ...k Security SSH User Public Key Settings Select the user type and public key type from the drop down box enter the TFTP server IP address input the source file name and then click Copy Public Key Figur...

Page 111: ...mber of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies th...

Page 112: ...on It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 91 Console config ip ssh timeout 100 4 92 Console config ip ssh authen...

Page 113: ...rwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the challenge but th...

Page 114: ...l setting for 802 1X Web Click Security 802 1X Information Figure 3 35 802 1X Global Information CLI This example shows the default global setting for 802 1X Console show dot1x 4 104 Global 802 1X Par...

Page 115: ...and authentication server These parameters are described in this section Command Attributes Port Port number Status Indicates if authentication is enabled or disabled on the port Default Disabled Ope...

Page 116: ...quire a new client Range 1 65535 seconds Default 60 seconds Re authen Period Sets the time period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds Tx...

Page 117: ...auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 23 disabled Single Host ForceAu...

Page 118: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx E...

Page 119: ...ng 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 104 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Log...

Page 120: ...to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address range...

Page 121: ...nt access for Telnet clients Console config management telnet client 192 168 1 19 4 107 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management al...

Page 122: ...e IP Source Guard Filters untrusted DHCP messages on unsecure ports by building and maintaining a DHCP snooping binding table See IP Source Guard on page 3 95 DHCP Snooping Filters IP traffic on unsec...

Page 123: ...ount from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 102 Command Attrib...

Page 124: ...on a port and click Apply Figure 3 40 Configuring Port Security CLI This example sets the command mode to Port 5 sets the port security action to send a trap and disable the port and then enables por...

Page 125: ...d on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified pac...

Page 126: ...L Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 41 Selecting ACL Type CLI...

Page 127: ...8 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Source Destination Addr...

Page 128: ...ber representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal...

Page 129: ...ing packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes throug...

Page 130: ...xidecimal mask for source or destination MAC address VID VLAN ID Range 1 4095 VID Bit Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets...

Page 131: ...he destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Binding a Port to an Access Control List After configuring the Access Control Lists ACL you can bind the ports that need to fil...

Page 132: ...HCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port related information to a DHCP server This information can be useful in tracking an IP address...

Page 133: ...CP packet is from a client such as a DECLINE or RELEASE message the switch forwards the packet only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as...

Page 134: ...ket Default Enabled Web Click DHCP Snooping Configuration Select the required options and click Apply Figure 3 46 DHCP Snooping Configuration CLI This example first enables DHCP Snooping and MAC addre...

Page 135: ...ntermediate relay agent that has used the information fields to describe itself can be identified in the DHCP request packets forwarded by the switch and in reply packets sent back from the DHCP serve...

Page 136: ...ation or replace it with the switch s relay information Command Attributes DHCP Snooping Information Option Status Enables or disables DHCP Option 82 information relay Default Disabled DHCP Snooping I...

Page 137: ...sted state Set all other ports outside the local network or firewall to untrusted state Command Attributes Trust Status Enables or disables port as trusted Default Disabled Web Click DHCP Snooping Inf...

Page 138: ...P Snooping DHCP Snooping Binding Information Figure 3 50 DHCP Snooping Binding Information CLI This example shows how to display the DHCP Snooping binding table entries Console config interface ethern...

Page 139: ...tatic addresses configured in the source guard binding table If the IP source guard is enabled an inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac op...

Page 140: ...rd Binding Configuration Adds a static addresses to the source guard binding table Table entries include a MAC address IP address lease time entry type Static Dynamic VLAN identifier and port identifi...

Page 141: ...try is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guard binding Command Attributes Static Binding Table Counts The...

Page 142: ...nts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Web Click IP Source Guard Dynamic In...

Page 143: ...d Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in u...

Page 144: ...hows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring I...

Page 145: ...or disabled Port Security Shows if port security is enabled or disabled Max MAC Count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port Security Action Shows...

Page 146: ...ributes Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and...

Page 147: ...s are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operat...

Page 148: ...ig if description RD SW 13 4 136 Console config if shutdown 4 141 Console config if no shutdown Console config if no negotiation 4 137 Console config if speed duplex 100half 4 136 Console config if fl...

Page 149: ...one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load...

Page 150: ...re connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port N...

Page 151: ...s of an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 106...

Page 152: ...New Includes entry fields for creating new trunks Port Port identifier Range 1 24 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After yo...

Page 153: ...nfig if lacp Console config if end Console show interfaces status port channel 1 4 143 Information of Trunk 1 Basic Information Port Type 1000T Mac Address 00 16 B6 F0 3B EF Configuration Name Port Ad...

Page 154: ...to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be configured with the same system prio...

Page 155: ...Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed sett...

Page 156: ...sole config if exit Console config interface ethernet 1 8 Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Conso...

Page 157: ...Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received th...

Page 158: ...formation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be en...

Page 159: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 154 Port Channel 1 Oper Key 120 Admin Key 0 Eth 1 3 LACPDUs Internal 30 sec LACP S...

Page 160: ...d by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation...

Page 161: ...ighbors Eth 1 3 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 77 6D E0 Partner Admin Port Number 3 Partner Oper Port Number 1 Port Admin Priority 32768 Port Ope...

Page 162: ...l then be dropped Command Usage Broadcast control does not effect IP multicast traffic The specified threshold applies to each individual port on the switch Note Multicast and unknown unicast storm th...

Page 163: ...exit Console config broadcast packet rate 64000 4 141 Console config exit Console show interfaces switchport ethernet 1 2 4 145 Information of Eth 1 2 Broadcast Threshold Enabled 64000 Kbits second Mu...

Page 164: ...mand Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 24 Type Allows you to select which traffic to mirror to the targ...

Page 165: ...hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Configuration Use the rate limit configuration pages to apply rate limiti...

Page 166: ...Table 3 7 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including framing characters Received Unicast Packets The num...

Page 167: ...ntegral number of octets in length but do not pass the FCS check This count does not include frames received with frame too long or frame too short error Excessive Collisions A count of frames for whi...

Page 168: ...The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and w...

Page 169: ...ration 3 125 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 65 Displaying Port...

Page 170: ...rrors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal m...

Page 171: ...hole switch power is not supplied Ports can be set to one of three power priority levels critical high or low To control the power supply within the switch s budget ports set at critical or high prior...

Page 172: ...lobal PoE Status CLI This example displays the current power status for the switch Console show power mainpower 4 165 Unit 1 Mainpower Status Maximum Available Power 180 watts System Operation Status...

Page 173: ...o control the supplied power Range 37 180 watts Default 180 Watts Web Click PoE Power Config Specify the desired power budget for the switch Click Apply Figure 3 67 Setting the Switch Power Budget CLI...

Page 174: ...e is connected to a low priority port and causes the switch to exceed its budget port power is not turned on If a device is connected to a critical or high priority port and causes the switch to excee...

Page 175: ...Allocation Sets the power budget for the port Range 3000 15400 milliwatts Default 15400 milliwatts Web Click PoE Power Port Configuration Enable PoE power on selected ports set the priority and the po...

Page 176: ...s are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attribut...

Page 177: ...re forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this inte...

Page 178: ...method of sorting the displayed addresses and then click Query Figure 3 71 Displaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac...

Page 179: ...s disables the function Aging Time The time after which a learned entry is discarded Range 10 630 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click App...

Page 180: ...ce All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all o...

Page 181: ...interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees on page 3 151 An MST R...

Page 182: ...ion message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive...

Page 183: ...from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device...

Page 184: ...ward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0016B6F03BEC Current Root Port 0 Current Root Cost 0 Number of Topology Changes 0 Last Topology Change Time sec 4291 Transmissio...

Page 185: ...PDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing the...

Page 186: ...s and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing state...

Page 187: ...the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision12 The revision for this MSTI Range 0 65535 Default 0 Region Name The name for this MS...

Page 188: ...Configuring the Switch 3 144 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 74 STA Global Configuration...

Page 189: ...packets and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this po...

Page 190: ...are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated p...

Page 191: ...tch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port Yo...

Page 192: ...on Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without rece...

Page 193: ...cost takes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost method14 1 200 000 000 for the long path cost method By default the system automatically detect...

Page 194: ...address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However...

Page 195: ...rea of your network However remember that you must configure all bridges within the same MSTI Region page 3 143 with the same set of instances and the same instance on each bridge with the same set of...

Page 196: ...T Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 The other global attributes are...

Page 197: ...rrent Root Port 7 Current Root Cost 10000 Number of Topology Changes 2 Last Topology Change Time sec 10 Transmission Limit 3 Path Cost Method Long Eth 1 1 Information Admin Status Enabled Role Designa...

Page 198: ...displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 138 the settings for other instances only apply to...

Page 199: ...icates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priorit...

Page 200: ...n each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path co...

Page 201: ...erently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs ba...

Page 202: ...me VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic V...

Page 203: ...e same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagg...

Page 204: ...1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page...

Page 205: ...Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows the e...

Page 206: ...groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is...

Page 207: ...g Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 194 Console config vlan vlan 2 name R D media ethernet state active 4 195 Console config vlan end Console show vlan 4...

Page 208: ...he VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Trunk Trunk identifier Memb...

Page 209: ...Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tag...

Page 210: ...P VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Pr...

Page 211: ...ved on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer16 The interval between transmitting requests queries to participate in...

Page 212: ...ondary VLAN and with any of the promiscuous ports in the associated primary VLAN In all cases the promiscuous ports are designed to provide open access to an external network such as the Internet whil...

Page 213: ...er traffic through promiscuous ports Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN Displaying Current Private VLANs The Private VLAN Information page displays...

Page 214: ...Ns Primary Conveys traffic between promiscuous ports and to their community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports i...

Page 215: ...primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN ca...

Page 216: ...en promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community ports and from community...

Page 217: ...private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs If PVLAN type is Promiscuous then specify t...

Page 218: ...The available options are IP ARP and RARP If LLC Other is chosen for the Frame Type the only available Protocol Type is IPX Raw Note Traffic which matches IP Protocol Ethernet Frames is mapped to the...

Page 219: ...tocol VLAN System Configuration menu to map a Protocol VLAN Group to a VLAN Command Attributes Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN t...

Page 220: ...ageout time and setting the frequency for broadcasting general advertisements or reports about changes in the LLDP MIB Command Attributes LLDP Enables LLDP globally on the switch Default Enabled Trans...

Page 221: ...ime of a notification are included in the transmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification eve...

Page 222: ...ns see Specifying Trap Managers and Trap Types on page 3 40 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exis...

Page 223: ...ystem Capabilities The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in...

Page 224: ...ot3 TLV parameters to advertise Console config interface ethernet 1 1 4 135 Console config if lldp admin status tx rx 4 218 Console config if lldp notification 4 218 Console config if lldp medNotifica...

Page 225: ...ion Chassis Type MAC Address Chassis ID 00 16 B6 F0 3B EC System Name System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System Capabilities Support Bridge System Capabilities...

Page 226: ...Trunk Information Figure 3 1 LLDP Remote Port Information CLI This example displays LLDP information for remote devices attached to this switch which are advertising information through LLDP Console s...

Page 227: ...Information Details CLI This example displays LLDP information for an LLDP enabled remote device attached to a specific port on this switch Console show lldp info remote device detail ethernet 1 1 4 2...

Page 228: ...lays LLDP statistics received from all LLDP enabled remote devices connected directly to this switch Console show lldp info statistics 4 233 LLDP Device Statistics Neighbor Entries List Last Updated 2...

Page 229: ...ice Statistics Details Figure 3 8 LLDP Device Statistics Details CLI This example displays detailed LLDP statistics for an LLDP enabled remote device attached to a specific port on this switch Console...

Page 230: ...y and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blo...

Page 231: ...le show interfaces switchport ethernet 1 3 4 145 Information of Eth 1 3 Broadcast Threshold Enabled 64 Kbits second Multicast Threshold Disabled Unknown unicast Threshold Disabled LACP Status Disabled...

Page 232: ...applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attribute...

Page 233: ...ing specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 135 C...

Page 234: ...vents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for que...

Page 235: ...will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table19 Displays a list of weights for...

Page 236: ...y mapping is IP DSCP Priority and then Default Port Priority Selecting IP DSCP Priority The switch allows you to enable or disable IP DSCP priority Command Attributes Disabled Disables IP DSCP priorit...

Page 237: ...ty and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field...

Page 238: ...for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information ca...

Page 239: ...l for traffic exceeding the specified rate 7 Use the Service Policy to assign a policy map to a specific interface Configuring a Class Map A class map is used for matching packets to a specified class...

Page 240: ...the criteria specified by the lone match command Description A brief description of a class map Range 1 64 characters Add Adds the specified class Back Returns to previous page without making any chan...

Page 241: ...it Rules to change the rules of an existing class Figure 3 98 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Con...

Page 242: ...orts Also note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is...

Page 243: ...licy Options Class Name Name of class map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settin...

Page 244: ...ch 3 200 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 99 Con...

Page 245: ...Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from...

Page 246: ...r the ports that want to join a multicast group and set its filters accordingly If there is no multicast router attached to the local subnet multicast traffic and query messages may not be received by...

Page 247: ...d In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may...

Page 248: ...uerier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one...

Page 249: ...are shown below Figure 3 101 Configuring IGMP CLI This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 253 Console config...

Page 250: ...ached to it Command Attributes VLAN ID ID of configured VLAN 1 4094 Immediate Leave Sets the status for immediate leave on the specified VLAN Default Disabled Web Click IGMP Snooping IGMP Immediate Le...

Page 251: ...d to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or tho...

Page 252: ...or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web...

Page 253: ...Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagat...

Page 254: ...ace in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to pr...

Page 255: ...port common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the user isolation and data security provided by VLAN segregation by p...

Page 256: ...ration MVR include enabling or disabling MVR for the switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the mult...

Page 257: ...that will stream traffic to attached hosts and then click Apply Figure 3 107 MVR Global Configuration CLI This example first enables IGMP snooping enables MVR globally and then configures a range of M...

Page 258: ...subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Tr...

Page 259: ...groups assigned to the MVR VLAN Group Port List Shows the interfaces with subscribers for multicast services provided through the MVR VLAN Web Click MVR Group IP Information Figure 3 109 MVR Group IP...

Page 260: ...faces on page 3 217 Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave i...

Page 261: ...that will run for a long term and be associated with a stable set of hosts you can statically bind the multicast group to the participating interfaces Command Usage Any multicast groups that use the M...

Page 262: ...to the selected interface Web Click MVR Group Member Configuration Select a port or trunk from the Interface field and click Query to display the assigned multicast groups Select a multicast address...

Page 263: ...nection to the Commander From the Commander CLI prompt use the rcommand command see page 4 56 to connect to the Member switch Cluster Configuration To create a switch cluster first be sure that cluste...

Page 264: ...ome Members Web Click Cluster Configuration Figure 3 112 Cluster Configuration CLI This example first enables clustering on the switch sets the switch as the cluster Commander and then configures the...

Page 265: ...C Address Select a discovered switch MAC address from the Candidate Table or enter a specific MAC address of a known switch Web Click Cluster Member Configuration Figure 3 113 Cluster Member Configura...

Page 266: ...IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch Web Click Cluster Member Information Figure 3...

Page 267: ...k MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 115 Cluster Candidate Informati...

Page 268: ...next step is to learn more about the device and its capabilities by retrieving the device s description from the URL provided by the device in the discovery message After a control point has retrieved...

Page 269: ...ime to live TTL value for UPnP messages transmitted by this device Range 1 255 Default 4 Web Click UPNP Configuration and enter the desired variables Figure 3 116 UPnP Configuration CLI This example e...

Page 270: ...Configuring the Switch 3 226...

Page 271: ...ole prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec...

Page 272: ...he Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that y...

Page 273: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Page 274: ...og Login records logging Logging setting mac MAC access list mac address table Configuration of the address table management Show management information map Maps priority mvr Show mvr interface inform...

Page 275: ...o the default value For example the logging command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applica...

Page 276: ...console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the com...

Page 277: ...and databits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple...

Page 278: ...config vlan 4 194 Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shift...

Page 279: ...terface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 4 135 Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggre...

Page 280: ...Command Modes on page 4 6 Syntax enable level level Privilege level to log into the device The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Enter level 15 to access Priv...

Page 281: ...word 4 77 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gai...

Page 282: ...6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 14 show history This command shows the contents of the command history buffer Default Setting None Command Mode Norm...

Page 283: ...Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Us...

Page 284: ...he Interface Configuration mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to r...

Page 285: ...es this switch 4 15 System Status Displays system configuration active managers and version information 4 16 Frame Size Enables support for jumbo frames 4 22 File Management Manages code image or swit...

Page 286: ...d Exec Command Usage Use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory Console config h...

Page 287: ...figured for the switch Spanning tree settings Interface settings Any configured settings for the console port and Telnet Example Related Commands show running config 4 18 Console show startup config b...

Page 288: ...ands This command displays the following information SNTP server settings SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configurati...

Page 289: ...ommunity public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 08...

Page 290: ...tion 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System OID String 1 3 6 1 4 1 259 8 1 7 System Information System Up Time 0 days 0 hours 7 minutes and 48 43 seconds System Name NONE Syste...

Page 291: ...ge Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Page 292: ...ncapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switch...

Page 293: ...settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded to restore switch settings The configuration file can be downloaded under a new file na...

Page 294: ...yword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy an HTTPS secure site certificate from an TFTP server to the switch public key Keyword that allows...

Page 295: ...ollowing example shows how to upload the configuration settings to a file on the TFTP server The following example shows how to copy the running configuration to a startup file Console copy tftp file...

Page 296: ...guration file or image name Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup Startup configuration file name startup Write...

Page 297: ...m Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on...

Page 298: ...rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or...

Page 299: ...password checking at login LC 4 30 password Specifies a password on a line LC 4 31 timeout login response Sets the interval that the system waits for a login attempt LC 4 32 exec timeout Sets the int...

Page 300: ...screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Comm...

Page 301: ...selects no authentication When using this method the management interface starts in Normal Exec NE mode This command controls login authentication via the switch itself To configure user names and pas...

Page 302: ...to manually configure encrypted passwords Example Related Commands login 4 30 password thresh 4 33 timeout login response This command sets the interval that the system waits for a user to log into th...

Page 303: ...sion is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifyi...

Page 304: ...ter this command Related Commands silent time 4 34 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the t...

Page 305: ...mand can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data...

Page 306: ...nd Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port...

Page 307: ...Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privile...

Page 308: ...Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console show line Console Configuration Password Threshold 3 times Interactive Ti...

Page 309: ...to control the type of error messages that are sent to specified syslog servers Example Related Commands logging history 4 40 logging trap 4 42 clear log 4 42 Table 4 13 Event Logging Commands Comman...

Page 310: ...ode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 14 Logging Levels Level...

Page 311: ...he facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog se...

Page 312: ...ting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this comm...

Page 313: ...Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 and the message...

Page 314: ...OTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 4 16 show...

Page 315: ...specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection Console show log ram 1 00 01 3...

Page 316: ...40 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshol...

Page 317: ...The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages How...

Page 318: ...endmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this c...

Page 319: ...ds the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues...

Page 320: ...e updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via t...

Page 321: ...time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours...

Page 322: ...u have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec S...

Page 323: ...es using the cluster s internal IP addresses Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate switch...

Page 324: ...et the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and ar...

Page 325: ...address for IP addresses assigned to cluster Members The IP address must start 10 x x x Default Setting 10 254 254 1 Command Mode Global Configuration Command Usage An internal IP address pool is used...

Page 326: ...nd Usage The maximum number of cluster Members is 36 The maximum number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member CLI for configuration Syntax rcomm...

Page 327: ...s command shows the discovered Candidate switches in the network Command Mode Privileged Exec Console rcommand id 1 CLI session with the SMC8124PL2 is opened To end the CLI session enter Exit Console...

Page 328: ...nd the web management interface accessed upnp device This command enables UPnP on the device Use the no form to disable UPnP Syntax no upnp device Default Setting Enabled Command Mode Global Configura...

Page 329: ...is within the TTL value for multicast messages Example In the following example sets the TTL to 6 hops upnp device advertise duration This command sets the duration for which the switch will advertise...

Page 330: ...uthentication and privacy passwords Console show upnp UPnP global settings Status Enabled Advertise duration 200 TTL 20 Console Table 4 21 SNMP Commands Command Function Mode Page snmp server Enables...

Page 331: ...communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and out...

Page 332: ...ts rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabled Link up down En...

Page 333: ...erver contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string String that describes...

Page 334: ...ress of the host the targeted recipient Maximum host addresses 5 recipient destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for v...

Page 335: ...host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp se...

Page 336: ...terpreted as an SNMP user name If you use the V3 auth or priv options the user name must first be defined with the snmp server user command Otherwise the authentication password and or privacy passwor...

Page 337: ...k up and link down traps are legacy notifications and therefore when used for SNMP Version 3 hosts they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the...

Page 338: ...ine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 0123456789 is equivalent to 0123456789 followed...

Page 339: ...command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes the MI...

Page 340: ...nsole show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type nonvola...

Page 341: ...w for notifications 1 64 characters Default Setting Default groups public22 read only private23 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is define...

Page 342: ...ew Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status...

Page 343: ...cation md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight cha...

Page 344: ...remote agent s SNMP engine ID before you can send proxy requests or informs to it Example show snmp user This command shows information on SNMP users Command Mode Privileged Exec Example Console confi...

Page 345: ...ith an SNMP engine on a remote device Table 4 26 Authentication Commands Command Group Function Page User Accounts Configures the basic user names and passwords for management access 4 75 Authenticati...

Page 346: ...assword password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The factor...

Page 347: ...8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null passwor...

Page 348: ...t packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pai...

Page 349: ...lso note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication as...

Page 350: ...es host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters auth_port RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number o...

Page 351: ...er key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon...

Page 352: ...r timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radi...

Page 353: ...efault Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Console show radius server Remote RADIUS Server Configu...

Page 354: ...fault Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no t...

Page 355: ...t number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Console config tacacs server key green Console config Console show tacacs server Remote TACACS server configu...

Page 356: ...d Mode Global Configuration Example Related Commands ip http port 4 85 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providin...

Page 357: ...a Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 58...

Page 358: ...ies the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet se...

Page 359: ...ver Console config ip telnet server Console config ip telnet port 123 Console config Table 4 35 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4...

Page 360: ...current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA key 1024 35 1341081685609893921040944920155425347631641921872958921143173880...

Page 361: ...gorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to...

Page 362: ...120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase...

Page 363: ...guration Example Related Commands show ip ssh 4 96 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Page 364: ...1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 client...

Page 365: ...mand clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Ex...

Page 366: ...ample Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Conn...

Page 367: ...on the Digital Signature Standard DSS and the last string is the encoded modulus Username The user name of the client Encryption The encryption method is automatically negotiated between the client an...

Page 368: ...rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 w0W Console Table 4 37 802 1X Po...

Page 369: ...port settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity pack...

Page 370: ...ration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to single host...

Page 371: ...e dot1x re authenticate This command forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit Always unit 1 por...

Page 372: ...client is re authenticated after the interval specified by the dot1x timeout re authperiod command The default is 3600 seconds Example Related Commands dot1x timeout re authperiod 4 103 dot1x timeout...

Page 373: ...od This command sets the time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x tim...

Page 374: ...control mode page 4 100 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reau...

Page 375: ...te including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State...

Page 376: ...st Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10...

Page 377: ...ement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be confi...

Page 378: ...snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Console co...

Page 379: ...has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action b...

Page 380: ...Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC addresses on the specified por...

Page 381: ...command configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Use the no form to disable this function Syntax no ip source guard s...

Page 382: ...ally configured with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself static entries include a manually configured lease time If the IP source...

Page 383: ...Range 1 24 Default Setting No configured entries Command Mode Global Configuration Command Usage Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP...

Page 384: ...hcp snooping vlan 4 117 show ip source guard This command shows whether source guard is enabled or disabled on each interface Command Mode Privileged Exec Example show ip source guard binding This com...

Page 385: ...168 0 99 0 Static 1 Eth 1 5 Console Table 4 3 DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DHCP snooping globally GC 4 115 ip dhcp snooping vlan Enables DHCP snooping on...

Page 386: ...ly and also enabled on the VLAN where the DHCP packet is received all DHCP packets are forwarded for a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also a...

Page 387: ...ple enables DHCP snooping globally for the switch Related Command ip dhcp snooping vlan 4 117 ip dhcp snooping trust 4 118 ip dhcp snooping vlan This command enables DHCP snooping on the specified VLA...

Page 388: ...usted interface is an interface that is configured to receive messages from outside the network or firewall Set all ports connected to DHCP servers within the local network or firewall to trusted and...

Page 389: ...mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verification is enabled and the source MAC address in the Ethernet header of the packet is not same a...

Page 390: ...onnected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire VLAN DHCP snooping...

Page 391: ...elay agent itself insert the relay agent s address when DHCP snooping is enabled and unicast the packet to the DHCP server Default Setting replace Command Mode Global Configuration Command Usage When...

Page 392: ...obal DHCP Snooping status disable DHCP Snooping Information Option Status disable DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Addres...

Page 393: ...mand Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To crea...

Page 394: ...are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0...

Page 395: ...A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a spe...

Page 396: ...to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example acc...

Page 397: ...access group acl_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Eth...

Page 398: ...t and enters MAC ACL configuration mode Use the no form to remove the specified ACL Syntax no access list mac acl_name acl_name Name of the ACL Maximum length 16 characters Default Setting None Consol...

Page 399: ...urce or destination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination dest...

Page 400: ...sk Range 1 4093 protocol A specific Ethernet protocol number Range 600 fff hex protocol bitmask Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL Command Usage New rules are...

Page 401: ..._name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A...

Page 402: ...n Command Function Mode Page show access list Shows all ACLs and associated rules PE 4 132 show access group Shows the ACLs assigned to each port PE 4 133 Console show access list IP standard access l...

Page 403: ...s 4 133 4 show access group This command shows the port assignments of ACLs Command Mode Privileged Executive Example Console show access group Interface ethernet 1 25 IP standard access list david MA...

Page 404: ...Command Line Interface 4 134 4...

Page 405: ...guration IC 4 136 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 136 negotiation Enables autonegotiation of a given interface IC 4 13...

Page 406: ...The following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the...

Page 407: ...disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed d...

Page 408: ...the port capabilities of a given interface during autonegotiation Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Sy...

Page 409: ...to 100half 100full and flow control Related Commands negotiation 4 137 speed duplex 4 136 flowcontrol 4 139 flowcontrol This command enables flow control Use the no form to disable flow control Synta...

Page 410: ...a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands nego...

Page 411: ...asons Example The following example disables port 5 switchport packet rate This command configures broadcast and multicast and unknown unicast storm control Use the no form to restore the default sett...

Page 412: ...at 600 kilobits per second clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1...

Page 413: ...Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec...

Page 414: ...0T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast Storm Enabled Broadcast Storm Limit 64 Kbits second Mu...

Page 415: ...Input 0 Discard Output 0 Error Input 0 Error Output 0 Unknown Protos Input 0 QLen Output 0 Extended Iftable Stats Multi cast Input 178 Multi cast Output 14715 Broadcast Input 607 Broadcast Output 4 E...

Page 416: ...pression is enabled or disabled if enabled it also shows the threshold level page 4 141 Multicast Threshold Shows if multicast storm suppression is enabled or disabled if enabled it also shows the thr...

Page 417: ...201 Private VLAN Mode Shows the private VLAN mode as host promiscuous or none Private VLAN Host association Shows the secondary or community VLAN with which this port is associated Private VLAN Mappin...

Page 418: ...Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethe...

Page 419: ...isabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation A trunk formed with another switch u...

Page 420: ...AG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 10 Console config if lacp Console config if...

Page 421: ...y Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Page 422: ...LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority mat...

Page 423: ...cates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port...

Page 424: ...er Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 5 show lacp counters display description Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this c...

Page 425: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Page 426: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partne...

Page 427: ...8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F 2C A7 4 32768 00 30 F1 8F 2C A7 5 32768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 7 32768 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4 73 A0 9 32768 0...

Page 428: ...affic may be dropped from the monitor port You can create multiple mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destin...

Page 429: ...c is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to res...

Page 430: ...a power budget for the switch i e the power available to all switch ports Use the no form to restore the default setting Syntax power mainpower maximum allocation watts watts The power budget for the...

Page 431: ...ault Setting Disabled Command Mode Global Configuration Command Usage The switch automatically detects attached PoE devices by periodically transmitting test voltages that over the 10 100BASE TX ports...

Page 432: ...utomatically supplied when a device is detected on the port providing that the power demanded does not exceed switch s power budget Example Console config power inline compatible Console config end Co...

Page 433: ...ice is connected to a switch port and the switch detects that it requires more than the maximum power allocated to the port no power is supplied to the device i e port power remains off Example power...

Page 434: ...le Related Commands power mainpower maximum allocation 4 160 show power inline status This command displays the current power status for all ports or for specific ports Syntax show power inline status...

Page 435: ...lliwatts Priority The port s power priority setting see power inline priority on page 4 163 Console show power mainpower Unit 1 Mainpower Status Maximum Available Power 180 watts System Operation Stat...

Page 436: ...er Range 1 24 port channel channel id Range 1 8 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No stat...

Page 437: ...ommand Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entr...

Page 438: ...bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address...

Page 439: ...r MSTP mode GC 4 171 spanning tree forward time Configures the spanning tree bridge forward time GC 4 172 spanning tree hello time Configures the spanning tree bridge hello time GC 4 173 spanning tree...

Page 440: ...Disables spanning tree for an interface IC 4 179 spanning tree cost Configures the spanning tree path cost of an interface IC 4 180 spanning tree port priority Configures the spanning tree priority of...

Page 441: ...re implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend select...

Page 442: ...ures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in secon...

Page 443: ...al in seconds at which the root device transmits a configuration message Example Related Commands spanning tree forward time 4 172 spanning tree max age 4 173 spanning tree max age This command config...

Page 444: ...is command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of t...

Page 445: ...Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports w...

Page 446: ...LAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 4094 vlan range Range of VLANs Range 1 4093 Default Setting no...

Page 447: ...y priority no mst instance_id priority instance_id Instance identifier of the spanning tree Range 0 4094 priority Priority of the a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096...

Page 448: ...same region must be configured with the same MST instances Example Related Commands revision 4 178 revision This command configures the revision number for this multiple spanning tree configuration of...

Page 449: ...tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decremen...

Page 450: ...nterface ethernet 1 5 Console config if spanning tree spanning disabled Console config if 26 Use the spanning tree pathcost method command on page 4 175 to set the path cost method Table 4 3 Recommend...

Page 451: ...higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 175 is set to short the maximum value for path cost is 65...

Page 452: ...onfiguration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot ca...

Page 453: ...tate changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout pr...

Page 454: ...cify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the sw...

Page 455: ...ed to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The defa...

Page 456: ...face in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the...

Page 457: ...ree interface mst instance_id interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 instance_id Instance identifier of the multiple spannin...

Page 458: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0013F7123456 Current Root Port 25 Current Root Cost 5000 Number of Top...

Page 459: ...iguration Name R D Revision Level 0 Instance VLANs 0 2 4094 1 1 Console Table 4 1 VLAN Commands Command Groups Function Page GVRP and Bridge Extension Configures GVRP settings that permit automatic VL...

Page 460: ...o exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond...

Page 461: ...enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridge ext Max...

Page 462: ...command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall...

Page 463: ...Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 193 show garp timer This...

Page 464: ...N settings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the...

Page 465: ...Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id...

Page 466: ...interface configuration mode for a specified VLAN IC 4 196 switchport mode Configures VLAN membership mode for an interface IC 4 197 switchport acceptable frame types Configures frame types to be acc...

Page 467: ...ociated with the PVID are also transmitted as tagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example...

Page 468: ...led Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs f...

Page 469: ...is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as a...

Page 470: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Page 471: ...signate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Page 472: ...mation for VLAN 1 Table 4 3 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 202 show interfaces status vlan Displays status for the specified VLAN inter...

Page 473: ...e community groups 2 Use the private vlan association command to map the community VLAN s to the primary VLAN 3 Use the switchport mode private vlan command to configure ports as promiscuous i e havin...

Page 474: ...Ns and other locations Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same community VLAN and channel traffic passing...

Page 475: ...for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources o...

Page 476: ...ssociation secondary vlan id ID of secondary i e community VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports a...

Page 477: ...communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN...

Page 478: ...low these steps 1 First configure VLAN groups for the protocols you want to use page 4 195 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network...

Page 479: ...he following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types protocol vlan protocol group vlan This command maps a protocol group to a VLAN for the current interf...

Page 480: ...mple maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol type associate...

Page 481: ...the VLANs mapped to a protocol group Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console...

Page 482: ...nd Function Mode Page lldp Enables LLDP globally on the switch GC 4 214 lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC 4 214 lldp medFastStartCount Confi...

Page 483: ...t to advertise its Power over Ethernet capabilities IC 4 226 lldp medtlv extpoe Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage information IC...

Page 484: ...rm to restore the default setting Syntax lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 10 D...

Page 485: ...tive for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Example lldp notification interval This comma...

Page 486: ...sChange notification events missed due to throttling or transmission loss Example lldp refresh interval This command configures the periodic transmit interval for LLDP advertisements Use the no form t...

Page 487: ...all information in the remote systems LLDP MIB associated with this port is deleted Example lldp tx delay This command configures a delay time between the successive transmission of advertisements in...

Page 488: ...no lldp admin status rx only Only receive LLDP PDUs tx only Only transmit LLDP PDUs tx rx Both transmit and receive LLDP Protocol Data Units PDUs Default Setting tx rx Command Mode Interface Configur...

Page 489: ...enables the transmission of SNMP trap notifications about LLDP MED changes Use the no form to disable LLDP MED notifications Syntax no lldp mednotification Default Setting Enabled Command Mode Interf...

Page 490: ...ess and an object identifier indicating the type of hardware component or protocol entity associated with this address The interface number and OID are included to assist SNMP applications perform net...

Page 491: ...lldp basic tlv system capabilities This command configures an LLDP enabled port to advertise its system capabilities Use the no form to disable this feature Syntax no lldp basic tlv system capabiliti...

Page 492: ...ing system and networking software Example lldp basic tlv system name This command configures an LLDP enabled port to advertise the system name Use the no form to disable this feature Syntax no lldp b...

Page 493: ...igures an LLDP enabled port to advertise port related VLAN information Use the no form to disable this feature Syntax no lldp dot1 tlv proto vid Default Setting Enabled Command Mode Interface Configur...

Page 494: ...199 Example lldp dot1 tlv vlan name This command configures an LLDP enabled port to advertise its VLAN name Use the no form to disable this feature Syntax no lldp dot1 tlv vlan name Default Setting E...

Page 495: ...tly a link aggregation member Example lldp dot3 tlv mac phy This command configures an LLDP enabled port to advertise its MAC and physical layer capabilities Use the no form to disable this feature Sy...

Page 496: ...led port to advertise its Power over Ethernet PoE capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv power via mdi Default Setting Disabled Command Mode Interface Configurati...

Page 497: ...erating from primary or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities Example lldp medt...

Page 498: ...nfigures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disable this feature Syntax no lldp medtlv med cap Default Setting Enabled Command Mode Interfa...

Page 499: ...ation mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example show lldp config This command shows LLDP configu...

Page 500: ...us NotificationEnabled Eth 1 1 Tx Rx True Eth 1 2 Tx Rx True Eth 1 3 Tx Rx True switch show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin Status Tx Rx Notification...

Page 501: ...ess Chassis ID 00 16 B6 F0 3B EC System Name System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System Capabilities Support Bridge System Capabilities Enable Bridge Management...

Page 502: ...Command Mode Privileged Exec Example Console show lldp info remote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show l...

Page 503: ...ileged Exec Example Consold show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 978725 seconds New Neighbor Entries Count 0 Neighbor Entries Deleted Count 0 Neighbor En...

Page 504: ...ic in the higher priority queues before servicing lower priority queues wrr Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for queues 0 3 respectively Ta...

Page 505: ...command sets a priority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority...

Page 506: ...round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight1 weight4 no queue bandwidth weight1 weight4 The...

Page 507: ...arated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Ro...

Page 508: ...th This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 1 Console...

Page 509: ...ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID...

Page 510: ...ax no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP DSCP and default switchport priority Example The following example...

Page 511: ...ode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Servi...

Page 512: ...rt number Range 1 24 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 240 map ip dscp Interface Configura...

Page 513: ...et command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce...

Page 514: ...lass map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the...

Page 515: ...Map configuration mode Then use the match command to specify the fields within ingress packets that must match to qualify for this class map Up to 16 match commands are permitted per class map Example...

Page 516: ...a Class Map page 4 246 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command...

Page 517: ...y the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the bu...

Page 518: ...is lower burst byte Burst in bytes Range 64 524288 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of p...

Page 519: ...policy map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode...

Page 520: ...S policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name N...

Page 521: ...hernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 port channel channel id Range 1 8 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_clas...

Page 522: ...nd group members 4 252 IGMP Query Configures IGMP query parameters for multicast filtering 4 256 Static Multicast Routing Configures static multicast router ports 4 260 Multicast VLAN Registration Con...

Page 523: ...no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit...

Page 524: ...port Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The fo...

Page 525: ...ice either a service host or a neighbor running IGMP snooping This command is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Example show ip igmp snooping This comman...

Page 526: ...rough IGMP snooping for VLAN 1 IGMP Query Commands Layer 2 This section describes commands used to configure Layer 2 IGMP query on the switch Console show mac address table multicast vlan 1 igmp snoop...

Page 527: ...ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default...

Page 528: ...ange 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This c...

Page 529: ...ip igmp snooping query max response time 4 258 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip igmp snooping router...

Page 530: ...ed Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multic...

Page 531: ...nt to all subscribers This can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN Also note that MVR maintains...

Page 532: ...up command to statically configure all multicast group addresses that will join an MVR VLAN Any multicast data associated with an MVR group is sent from all source ports and to all receiver ports that...

Page 533: ...ceiver Configures the interface as a subscriber port that can receive multicast data source Configure the interface as an uplink port that can send and receive multicast data for the configured multic...

Page 534: ...o another receiver port mvr immediate This command causes the switch to immediately removes an interface from a multicast stream as soon as it receives a leave message for that group Use the no form t...

Page 535: ...wing shows the global MVR settings Console config interface ethernet 1 5 Console config if mvr immediate Console config if Console show mvr MVR Status enable MVR running status TRUE MVR multicast vlan...

Page 536: ...eth1 1 SOURCE ACTIVE UP Disable eth1 2 RECEIVER ACTIVE UP Disable eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INACTIVE DOWN Disable Console Table 4 1 s...

Page 537: ...MVR Group IP Status Members 225 0 0 1 ACTIVE eth1 1 d eth1 2 s 225 0 0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIV...

Page 538: ...address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address f...

Page 539: ...1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP address to any other VLAN the new IP address overrides the original IP...

Page 540: ...CP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DH...

Page 541: ...71 show ip redirects This command shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 4 269 Console show...

Page 542: ...nse The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The...

Page 543: ...estination port Rate Limits Input Limit Output limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Pro...

Page 544: ...NMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 80...

Page 545: ...nterface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 3636 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private...

Page 546: ...Software Specifications A 4 A...

Page 547: ...um number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of...

Page 548: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 549: ...Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding T...

Page 550: ...tations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC brid...

Page 551: ...ast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Man...

Page 552: ...within the subnet and to national time standards via wire or radio Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1X Port...

Page 553: ...fers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol NTP server Updates can be reque...

Page 554: ...that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share...

Page 555: ...CoS configuring 3 186 3 194 4 234 4 243 DSCP 3 192 4 240 layer 3 4 priorities 3 192 4 240 queue mapping 3 188 4 237 queue mode 3 190 4 234 traffic class weights 3 191 4 236 D default gateway configur...

Page 556: ...4 80 RADIUS server 3 55 4 80 TACACS client 3 55 4 83 TACACS server 3 55 4 83 logon authentication sequence 3 56 4 78 4 79 M main menu 3 4 Management Information Bases MIBs A 3 media type 3 103 mirror...

Page 557: ...9 remote logging 4 42 restarting the system 4 13 RSTP 3 136 4 171 global configuration 3 138 4 171 S secure shell 3 61 4 89 Secure Shell configuration 3 61 4 92 4 93 security client 3 78 serial port c...

Page 558: ...unicast storm threshold 4 141 upgrading software 3 21 4 24 UPnP configuration 3 224 user password 3 54 4 76 4 77 V VLANs 3 157 4 189 4 205 adding static members 3 164 3 165 4 200 creating 3 162 4 195...

Page 559: ......

Page 560: ...ES4524M PoE E012008 ST R01 149100037400A...

Reviews:

No comments