manualshive.com logo in svg

Edge-Core ES4612, Management Manual, Page: 94 / 666

Share
Download
Edge-Core ES4612 Management Manual Download Page 94

Configuring the Switch

3-46

3

Configuring Local/Remote Logon Authentication 

Use the Authentication Settings menu to restrict management access based on 
specified user names and passwords. You can manually configure access rights on 
the switch, or you can use a remote access authentication server based on RADIUS 
or  protocols.

Remote Authentication Dial-in 
User Service (RADIUS) and 
Terminal Access Controller 
Access Control System Plus 
() are logon 
authentication protocols that use 
software running on a central 
server to control access to 
RADIUS-aware or TACACS- 
aware devices on the network. 
An authentication server contains 
a database of multiple user name/password pairs with associated privilege levels for 
each user that requires management access to the switch.

RADIUS uses UDP while  uses TCP. UDP only offers best effort delivery, 
while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts 
only the password in the access-request packet from the client to the server, while 
 encrypts the entire body of the packet.

Command Usage

• By default, management access is always checked against the authentication 

database stored on the local switch. If a remote authentication server is used, you 
must specify the authentication sequence and the corresponding parameters for 
the remote authentication protocol. Local and remote logon authentication control 
management access via the console port, web browser, or Telnet.

• RADIUS and  logon authentication assign a specific privilege level for 

each user name/password pair. The user name, password, and privilege level 
must be configured on the authentication server.

• You can specify up to three authentication methods for any user to indicate the 

authentication sequence. For example, if you select (1) RADIUS, (2) TACACS and 
(3) Local, the user name and password on the RADIUS server is verified first. If the 
RADIUS server is not available, then authentication is attempted using the 
server, and finally the local user name and password is checked.

Command Attributes

Authentication

 – Select the authentication, or authentication sequence required:

-

Local

 – User authentication is performed only locally by the switch.

-

Radius

 – User authentication is performed using a RADIUS server only.

-

TACACS

 – User authentication is performed using a server only.

- [authentication sequence] – User authentication is performed by up to three 

authentication methods in the indicated sequence.

Web
Telnet

RADIUS/

server

console

1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.

Summary of Contents for ES4612

Page 1: ...there is no edge limit there is no permanent core there is no edge limit there is no permanent core Gigabit Ethernet Switch Management Guide ...

Page 2: ......

Page 3: ...Management Guide Gigabit Ethernet Switch Layer 3 Workgroup Switch with 8 SFP Ports and 4 Gigabit Combination RJ 45 SFP Ports ...

Page 4: ...ES4612 F1 0 2 5 E092004 R01 150000046400A ...

Page 5: ... 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 2 Home Page 3 2 Configuration Options 3 3 Panel Display 3 3 Main Menu 3 4 Basic Configuration 3 11 Displaying System Information 3 11 Displaying Switch Hardware Software Versions 3 ...

Page 6: ...ng Local Remote Logon Authentication 3 46 Configuring HTTPS 3 48 Replacing the Default Secure site Certificate 3 49 Configuring the Secure Shell 3 50 Generating the Host Key Pair 3 52 Configuring the SSH Server 3 54 Configuring Port Security 3 55 Configuring 802 1x Port Authentication 3 57 Displaying 802 1x Global Settings 3 58 Configuring 802 1x Global Settings 3 60 Configuring Port Authorization...

Page 7: ...g Global Settings 3 108 Displaying Interface Settings 3 112 Configuring Interface Settings 3 115 Configuring Multiple Spanning Trees 3 117 Displaying Interface Settings for MSTP 3 120 Configuring Interface Settings for MSTP 3 121 VLAN Configuration 3 123 Configuring IEEE 802 1Q VLANs 3 123 Enabling or Disabling GVRP Global Setting 3 126 Displaying Basic VLAN Information 3 126 Displaying Current VL...

Page 8: ... Query used with Multicast Routing 3 160 Configuring IGMP Interface Parameters 3 160 Displaying Multicast Group Information 3 163 Configuring Domain Name Service 3 164 Configuring General DNS Server Parameters 3 164 Configuring Static DNS Host to Address Entries 3 166 Displaying the DNS Cache 3 168 Dynamic Host Configuration Protocol 3 169 Configuring DHCP Relay Service 3 169 Configuring the DHCP ...

Page 9: ...223 Configuring General Protocol Settings 3 224 Configuring OSPF Areas 3 227 Configuring Area Ranges Route Summarization for ABRs 3 230 Configuring OSPF Interfaces 3 232 Configuring Virtual Links 3 236 Configuring Network Area Addresses 3 238 Configuring Summary Addresses for External AS Routes 3 241 Redistributing External Routes 3 242 Configuring NSSA Settings 3 243 Displaying Link State Databas...

Page 10: ...Keyword Lookup 4 5 Negating the Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 6 Exec Commands 4 6 Configuration Commands 4 7 Command Line Processing 4 9 Command Groups 4 10 Line Commands 4 11 line 4 12 login 4 12 password 4 13 timeout login response 4 14 exec timeout 4 15 password thresh 4 15 silent time 4 16 databits 4 17 parity 4 17 speed 4 18 stopbits 4 18 disco...

Page 11: ... 35 ip ssh server 4 37 ip ssh timeout 4 38 ip ssh authentication retries 4 38 ip ssh server key size 4 39 delete public key 4 39 ip ssh crypto host key generate 4 40 ip ssh crypto zeroize 4 40 ip ssh save host key 4 41 show ip ssh 4 41 show ssh 4 42 show public key 4 43 Event Logging Commands 4 44 logging on 4 44 logging history 4 45 logging host 4 46 logging facility 4 46 logging trap 4 47 clear ...

Page 12: ...4 68 boot system 4 69 Authentication Commands 4 70 Authentication Sequence 4 70 authentication login 4 70 authentication enable 4 71 RADIUS Client 4 72 radius server host 4 72 radius server port 4 73 radius server key 4 73 radius server retransmit 4 74 radius server timeout 4 74 show radius server 4 74 TACACS Client 4 75 tacacs server host 4 75 tacacs server port 4 76 tacacs server key 4 76 show t...

Page 13: ...oup 4 98 map access list ip 4 99 show map access list ip 4 100 match access list ip 4 100 show marking 4 101 MAC ACLs 4 102 access list mac 4 102 permit deny MAC ACL 4 103 show mac access list 4 104 access list mac mask precedence 4 105 mask MAC ACL 4 106 show access list mac mask precedence 4 108 mac access group 4 108 show mac access group 4 109 map access list mac 4 109 show map access list mac...

Page 14: ...ver 4 129 DHCP Server 4 130 service dhcp 4 130 ip dhcp excluded address 4 131 ip dhcp pool 4 131 network 4 132 default router 4 133 domain name 4 133 dns server 4 134 next server 4 134 bootfile 4 135 netbios name server 4 135 netbios node type 4 136 lease 4 136 host 4 137 client identifier 4 138 hardware address 4 139 clear ip dhcp binding 4 139 show ip dhcp binding 4 140 DNS Commands 4 141 ip hos...

Page 15: ...164 Address Table Commands 4 166 mac address table static 4 166 clear mac address table dynamic 4 167 show mac address table 4 167 mac address table aging time 4 168 show mac address table aging time 4 169 Spanning Tree Commands 4 169 spanning tree 4 170 spanning tree mode 4 171 spanning tree forward time 4 172 spanning tree hello time 4 173 spanning tree max age 4 173 spanning tree priority 4 174...

Page 16: ...195 switchport forbidden vlan 4 196 Displaying VLAN Information 4 197 show vlan 4 197 Configuring Private VLANs 4 198 pvlan 4 198 show pvlan 4 199 Configuring Protocol based VLANs 4 199 protocol vlan protocol group Configuring Groups 4 200 protocol vlan protocol group Configuring Interfaces 4 200 show protocol vlan protocol group 4 201 show interfaces protocol vlan protocol group 4 202 GVRP and Br...

Page 17: ...ast 4 223 IGMP Query Commands Layer 2 4 224 ip igmp snooping querier 4 224 ip igmp snooping query count 4 224 ip igmp snooping query interval 4 225 ip igmp snooping query max response time 4 226 ip igmp snooping router port expire time 4 226 Static Multicast Routing Commands 4 227 ip igmp snooping vlan mrouter 4 227 show ip igmp snooping mrouter 4 228 IGMP Commands Layer 3 4 229 ip igmp 4 229 ip i...

Page 18: ...version 4 253 ip rip send version 4 254 ip split horizon 4 255 ip rip authentication key 4 255 ip rip authentication mode 4 256 show rip globals 4 257 show ip rip 4 257 Open Shortest Path First OSPF 4 259 router ospf 4 260 router id 4 260 compatible rfc1583 4 261 default information originate 4 262 timers spf 4 263 area range 4 264 area default cost 4 264 summary address 4 265 redistribute 4 266 n...

Page 19: ...ng 4 293 show ip mroute 4 293 DVMRP Multicast Routing Commands 4 295 router dvmrp 4 295 probe interval 4 296 nbr timeout 4 297 report interval 4 297 flash update interval 4 298 prune lifetime 4 298 default gateway 4 299 ip dvmrp 4 299 ip dvmrp metric 4 300 clear ip dvmrp route 4 301 show router dvmrp 4 301 show ip dvmrp route 4 302 show ip dvmrp neighbor 4 303 show ip dvmrp interface 4 303 PIM DM ...

Page 20: ...uter counters 4 319 clear vrrp interface counters 4 319 Hot Standby Router Protocol Commands 4 320 standby ip 4 321 standby priority 4 322 standby preempt 4 323 standby authentication 4 324 standby timers 4 325 standby track 4 326 show standby 4 327 show standby interface 4 329 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information...

Page 21: ...le 3 16 Address Resolution Protocol 3 199 Table 3 17 ARP Statistics 3 204 Table 3 18 IP Statistics 3 205 Table 3 19 ICMP Statistics 3 207 Table 3 20 USP Statistics 3 209 Table 3 21 TCP Statistics 3 210 Table 3 22 RIP Information and Statistics 3 220 Table 4 1 General Command Modes 4 6 Table 4 2 Configuration Command Modes 4 8 Table 4 3 Keystroke Commands 4 9 Table 4 4 Command Group Index 4 10 Tabl...

Page 22: ...113 Table 4 39 show snmp engine id display description 4 120 Table 4 40 show snmp view display description 4 121 Table 4 41 show snmp group display description 4 124 Table 4 42 show snmp user display description 4 125 Table 4 43 DHCP Commands 4 126 Table 4 44 DHCP Client Commands 4 126 Table 4 45 DHCP Relay Commands 4 128 Table 4 46 DHCP Server Commands 4 130 Table 4 47 DNS Commands 4 141 Table 4 ...

Page 23: ...Shortest Path First Commands 4 259 Table 4 87 show ip ospf border routers display description 4 279 Table 4 86 show ip ospf display description 4 279 Table 4 88 show ip ospf database display description 4 281 Table 4 89 show ip ospf asbr summary display description 4 282 Table 4 90 show ip ospf database summary display description 4 283 Table 4 91 show ip ospf external display description 4 284 Ta...

Page 24: ... vrrp brief display description 4 317 Table 4 109 show vrrp display description 4 317 Table 4 111 HSRP Commands 4 320 Table 4 112 show standby display description 4 327 Table 4 113 show standby brief display description 4 328 Table B 1 Troubleshooting Chart B 1 ...

Page 25: ...Logs 3 32 Figure 3 19 Resetting the System 3 32 Figure 3 20 SNTP Configuration 3 33 Figure 3 21 Clock Time Zone 3 34 Figure 3 22 Enabling the SNMP Agent 3 36 Figure 3 23 Configuring SNMP Community Strings 3 37 Figure 3 24 Configuring SNMP Trap Managers 3 38 Figure 3 25 Setting the SNMPv3 Engine ID 3 39 Figure 3 26 Configuring SNMPv3 Users 3 40 Figure 3 27 Configuring SNMPv3 Groups 3 42 Figure 3 28...

Page 26: ...resses 3 103 Figure 3 62 Address Aging 3 104 Figure 3 63 STA Information 3 107 Figure 3 64 STA Configuration 3 111 Figure 3 65 STA Port Information 3 114 Figure 3 66 STA Port Configuration 3 117 Figure 3 67 MSTP VLAN Configuration 3 118 Figure 3 68 MSTP Port Information 3 120 Figure 3 69 MSTP Port Configuration 3 122 Figure 3 70 Enabling GVRP 3 126 Figure 3 71 VLAN Basic Information 3 126 Figure 3...

Page 27: ...e 3 106 DHCP Server Pool Host Configuration 3 176 Figure 3 107 DHCP Server IP Binding 3 177 Figure 3 108 VRRP Group Configuration 3 182 Figure 3 109 VRRP Group Configuration Detail 3 183 Figure 3 110 VRRP Global Statistics 3 184 Figure 3 111 VRRP Group Statistics 3 186 Figure 3 112 HSRP Group Configuration 3 190 Figure 3 113 HSRP Group Configuration Detail 3 191 Figure 3 114 IP Global Settings 3 1...

Page 28: ... 140 OSPF NSSA Settings 3 244 Figure 3 141 OSPF Link State Database Information 3 246 Figure 3 142 OSPF Border Router Information 3 247 Figure 3 143 OSPF Neighbor Information 3 248 Figure 3 144 Multicast Routing General Settings 3 249 Figure 3 145 Multicast Routing Table 3 251 Figure 3 146 DVMRP General Settings 3 256 Figure 3 147 DVMRP Interface Settings 3 257 Figure 3 148 DVMRP Neighbor Informat...

Page 29: ...Supported DNS Server Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One or more ports mirrored to single analysis port Port Trunking Supports up to 6 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Address Table Up to 16K MAC addresses in the forwarding table 1024 static MAC ...

Page 30: ...02 1x protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1x client and then uses the EAP between the switch and the authentication server to verify the client s right to access the network via an authentication server i e RADIUS server Other authentication options include HTTPS for secure management access via the web SSH for sec...

Page 31: ...fy connection integrity Port Trunking Ports can be combined into an aggregate connection Trunks can be manually set up or dynamically configured using IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 6 trunks ...

Page 32: ...ng segmented from the rest of the group as sometimes occurs with IEEE 802 1D STP Virtual LANs The switch supports up to 255 VLANs A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network The switch supports tagged VLANs based on the IEEE 802 1Q standard Members of VLAN groups can be dynamically lear...

Page 33: ...re quickly than RIP Router Redundancy Hot Standby Router Protocol HSRP and Virtual Router Redundancy Protocol VRRP both use a virtual IP address to support a primary router and multiple backup routers The backups can be configured to take over the workload if the master fails or to load share the traffic The primary goal of these protocols is to allow a host device which has been configured with a...

Page 34: ...is designed for network areas such as the Wide Area Network where the probability of multicast clients is low This switch currently supports DVMRP and PIM DM System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3 23 The following table lists some of ...

Page 35: ...duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled SFP Module Port Capability 1000BASE SX LX LH 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled 100BASE FX 100 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled Rate Limitin...

Page 36: ...raffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings Management VLAN Any VLAN configured with an IP address IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled Relay Disabled Server Disabled DNS Server Disable...

Page 37: ...led Querier Disabled IGMP Layer 3 Disabled Multicast Routing DVMRP Disabled PIM DM Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Disabled SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 38: ...Introduction 1 10 1 ...

Page 39: ...RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView The switch s web interface CLI configuration program and SNMP agent allow you to perform ...

Page 40: ... to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud if want to view all the system initialization messages Set the data format to 8 data bits 1 stop bit and no parity Set flow control to none Set th...

Page 41: ... management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privileged access level Privileged Exec The commands available at...

Page 42: ...gh the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Manual Configuration ...

Page 43: ...ore need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it ...

Page 44: ...ents To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assign new views to version...

Page 45: ...there are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community string version 1 2c 3 auth noauth pri...

Page 46: ...mple Network Management Protocol on page 3 35 or refer to the specific CLI commands for SNMP starting on page 4 113 Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file ...

Page 47: ...d after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces See Managing Firmware on page 3 19 for more information Diagnostic Code Software that is run during system boot up also known as POST Power On Self Test Due to the size limit of the flash memory the switch supports only two operation code files However you can have as...

Page 48: ...Initial Configuration 2 10 2 ...

Page 49: ...2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on page 2 4 3 After you enter a user name and password you will have access to the system configuration program Notes 1 You are allowed three attempts to enter the correct password on the third fa...

Page 50: ...statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statis...

Page 51: ...Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Clicking on...

Page 52: ...les from the flash memory 3 19 Set Startup Sets the startup file 3 19 Line 3 24 Console Sets console port connection parameters 3 24 Telnet Sets Telnet connection parameters 3 26 Log 3 28 Logs Sends error messages to a logging process 3 28 System Logs Stores and displays error messages 3 32 Remote Logs Configures the logging of messages to a remote logging process 3 30 Reset Restarts the switch 3 ...

Page 53: ...ion Controls the order in which ACL rules are checked 3 73 Port Binding Binds a port to the specified ACL 3 77 IP Filter Configures IP addresses that are allowed management access 3 64 Port 3 78 Port Information Displays port connection status 3 78 Trunk Information Displays trunk connection status 3 78 Port Configuration Configures port connection settings 3 81 Trunk Configuration Configures trun...

Page 54: ...nformation Displays individual trunk settings for STA 3 112 Port Configuration Configures individual port settings for STA 3 115 Trunk Configuration Configures individual trunk settings for STA 3 115 MSTP VLAN Configuration Configures priority and VLANs for a spanning tree instance 3 117 Port Information Displays port settings for a specified MST instance 3 120 Trunk Information Displays trunk set...

Page 55: ...ghted Round Robin queueing 3 142 IP Precedence DSCP Priority Status Globally selects IP Precedence or DSCP Priority or disables both 3 144 IP Precedence Priority Sets IP Type of Service priority mapping the precedence tag to a class of service value 3 145 IP DSCP Priority Sets IP Differentiated Services Code Point priority mapping a DSCP tag to a class of service value 3 146 IP Port Priority Statu...

Page 56: ... to DHCP clients 3 177 IP 3 193 General 3 196 Global Settings Enables or disables routing specifies the default gateway 3 196 Routing Interface Configures the IP interface for the specified VLAN 3 197 ARP 3 199 General Sets the protocol timeout and enables or disables proxy ARP for the specified VLAN 3 200 Static Addresses Statically maps a physical address to an IP address 3 201 Dynamic Addresses...

Page 57: ...VRRP group and interface 3 185 HSRP 3 186 Group Configuration Configures HSRP groups including virtual interface address advertisement interval preemption priority authentication and interface tracking 3 186 Routing Protocol 3 195 RIP 3 213 General Settings Enables or disables RIP sets the global RIP version and timer values 3 214 Network Addresses Configures the network interfaces that will use R...

Page 58: ... router s database 3 245 Border Router Information Displays routing table entries for area border routers and autonomous system boundary routers 3 247 Neighbor Information Displays information about neighboring routers on each interface within an OSPF area 3 248 DVMRP 3 253 General Settings Configure global settings for prune and graft messages and the exchange of routing information 3 253 Interfa...

Page 59: ...witch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telnet server port Shows the TCP port used by the Telnet interface Ju...

Page 60: ...hows that this switch is operating as Master i e operating stand alone Console config hostname R D 5 4 26 Console config snmp server location WC 9 4 116 Console config snmp server contact Ted 4 115 Console config exit Console show system 4 61 System description 8 SFP ports 4 Gigabit Combo ports L2 L3 L4 managed standalone switch System OID string 1 3 6 1 4 1 259 6 10 57 System information System U...

Page 61: ... Web Click System Switch Information Figure 3 4 Switch Information CLI Use the following command to display version information Console show version 4 62 Unit1 Serial number A322043872 Hardware version R01 Number of ports 12 Main power status up Redundant power status down Agent master Unit ID 1 Loader version 2 1 0 0 Boot ROM version 2 0 2 1 Operation code version 1 0 2 5 Console ...

Page 62: ...atic filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 101 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Refer to VLAN Configur...

Page 63: ...epted by the CLI program Command Usage This section describes how to configure a single local interface for initial access to the switch To configure multiple IP interfaces on this switch you must set up an IP interface for each VLAN page 3 197 To enable routing between the different interfaces on this switch you must enable IP routing page 3 196 To enable routing between the interfaces defined on...

Page 64: ...an include the IP address subnet mask and default gateway IP Address Address of the VLAN to which the management station is attached Note you can manage the switch through configured IP interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 0 0 0 0 Subnet Mask This mask identifies the host address bits used for routing to specific subnets Default 255 0 0 0 Defau...

Page 65: ...y the default gateway and click Apply Figure 3 7 Default Gateway CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 149 Console config if ip address 10 1 0 253 255 255 255 0 4 236 Console config if exit Console config ip default gateway 10 1 0 254 4 238 Console config ...

Page 66: ...connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart client command Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose management...

Page 67: ...ile Copies a file within the switch directory assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit1 Copies a file from this switch to another unit in the stack unit to file1 Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Ty...

Page 68: ...P address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation code reboot the system via the System Reset menu Figure 3 9 Copy Firmware If you download to a new destination fil...

Page 69: ... as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware enter the reload command or reboot the system Console copy tftp file 4 64 TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1 2 2 Source file name V1025 bix Destination file name V10...

Page 70: ...a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file from a TFTP server to the running config tftp to startup config Copies a file from a TFTP server to the startup config file to u...

Page 71: ...eration Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Apply Figure 3 12 Copy Configuration Settings If you download to a new file name using tftp to startup config or tftp to file the file is automatically set as the start up config...

Page 72: ...e 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the ma...

Page 73: ...password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login3 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name ...

Page 74: ...imeout interval the connection is terminated for the session Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Console config line console 4 12 Console config line login local 4 12 Console confi...

Page 75: ...ssword for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login4 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name ac...

Page 76: ...eeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the logging process Flash Level Limits log messages saved to the switch s permanent flash...

Page 77: ...ing command to display the current settings Table 3 3 Logging Levels Level Name Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpected return errors 3 Error conditions e g invalid input default used critical 2 Critical conditions e g me...

Page 78: ...ch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to t...

Page 79: ...ility type and set the logging trap Console config logging host 10 1 0 9 4 46 Console config logging facility 23 4 46 Console config logging trap 4 4 47 Console config logging trap Console config Console show logging trap 4 48 Syslog logging Enable REMOTELOG status enable REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip address 10 1 0 9 REMOTELOG serv...

Page 80: ...debugging i e default level 7 0 and lists one sample error Resetting the System Web Click System Reset Click the Reset button to restart the switch When prompted confirm that you want reset the switch Figure 3 19 Resetting the System CLI Use the reload command to restart the switch Note When restarting the system it will always run the Power On Self Test Console show logging flash 4 48 Syslog logg...

Page 81: ...p to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one time server to be specified in the SNTP Server field Default Disabled SNTP Poll Inte...

Page 82: ...s 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 21 Clock Time Zone CLI This example shows how to set the time zone for the system clock Console config sntp client 4 53 Co...

Page 83: ...ty strings To communicate with the switch the management station must first submit a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security mod...

Page 84: ...NMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Community String A community string that acts like a password and permits access to the SNMP protocol Default strings public read only access ...

Page 85: ...station using network management platforms such as HP OpenView You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch Command Attributes Trap Manager Capability This switch supports up to five trap managers Trap Manager IP Address IP address of a new management station to receive trap messages Trap Manager Community ...

Page 86: ...hentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 Configure an SNMP engine ID 2 Specify read and write access views for the switch MIB tree 3 Configure SNMP user groups with the required security model i e SNMP v1 v2c or v3 and security level i e authentication and privacy 4 Assign SNMP users to groups along with their s...

Page 87: ... a write view Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Model The user security model SNMP v1 v2c or v3 Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communicat...

Page 88: ...3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 26 Configuring SNMP...

Page 89: ...thNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The c...

Page 90: ...name then click Delete Figure 3 27 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and write views Console config snmp server group v3secure v3 priv read defaultview write defaultview 4 121 Console config exit Console show snmp group 4 123 Group Name v3secure Security Model v...

Page 91: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Click SNMP SNMPv3 Views Click New to configure a new view In the New View page define a name and specify OID subtrees in the switch MIB to be included or excluded in the view Click Back to save the...

Page 92: ...gement access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest with the password guest The def...

Page 93: ...rd Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user Web Click Security User Accounts To configure a new user account enter the user name access level and password then click Add To change the password for a specific user enter the user name and new password confirm the password by entering it again then click Apply Figure 3 29 User Accounts ...

Page 94: ...on sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and TACACS logon authentication assign a specific privilege level for each user name password pair The user name password and privilege level must be configured on the authentication server You can spec...

Page 95: ...re it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The l...

Page 96: ...ent and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 4 x or above Console config authentication login radius 4 70 Console config radius server host 192 168 1 25 4 72 Console config radius server port 181 4 73 Conso...

Page 97: ...ficate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password...

Page 98: ...raveling over the network arrives unaltered Note that you need to install an SSH client on the management station to access the switch for management via the SSH protocol Note The switch supports both SSH Version 1 5 and 2 0 Command Usage The SSH server on this switch supports both password and public key authentication If password authentication is specified by the SSH client then the password ca...

Page 99: ...68631109291232226828519254374603100937187721199 69631781366277414168985132049117204830339254324101637997592371449011938 00609025394840848271781943722884025331159521348610229029789827213532671 31629432532818915045306393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the ...

Page 100: ...ze of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string is the encoded modulus DSA Version 2 The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Versio...

Page 101: ...0102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 60325919683697053439336438445223335188287173896894511729290510813919642025 190932104328579045764891 DSA ssh dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE Re6hlasfEthIwmj hLY4O0jqJZpcEQUgCfYlum0Y2uoLka Py9ieGWQ8f2gobUZKIICuKg6vjO9XTs7XKc05xfzkBi KviDa 2OrIz6...

Page 102: ...ge 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies the SSH server key size Range 512 896 bits The server key is a private key that is never shared outside the switch The ...

Page 103: ...es received on the port Note that you can also manually add secure addresses to the port using the Static Address Table page 3 101 When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the s...

Page 104: ...essage Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Security Status Enables or disables port security on the port Default Disabled Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Trunk Trunk number if port is a member page 3 84 and 3 85 Web Click Security Port Security Set the action to take when an invalid ...

Page 105: ...e client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another ...

Page 106: ... runs between the switch and authentication server These parameters are described in this section Command Attributes 802 1X Re Authentication Indicates if switch port requires a client to be re authenticated after a certain period of time 802 1X Max Request Count The maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication s...

Page 107: ... supp timeout 30 server timeout 30 reauth max 2 max req 2 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 23 disabled Single Host ForceAuthorized yes 1 24 enabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 24 Status Authorized Operatio...

Page 108: ...t packet to the client before it times out the authentication session Range 1 10 Default 2 Timeout for Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 seconds Timeout for Re Authentication Period Sets the time period after which a connected client must be re authentica...

Page 109: ... a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise Force Unauthorized Force...

Page 110: ... config interface ethernet 1 2 4 149 Console config if dot1x port control auto 4 81 Console config if dot1x operation mode multi host max count 10 4 82 Console config if Table 3 6 802 1x Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Auth...

Page 111: ...h the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame Rx Last EAPOLSrc The source MAC address carried in the most recently received EAPOL frame Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator Tx EAP Req Id The number of EAP Req Id frames that have been transmitt...

Page 112: ...i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start addre...

Page 113: ...nagement access for Telnet clients Console config management telnet client 192 168 1 19 4 29 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management all client 4 30 Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 1...

Page 114: ...r packets matching the permit deny rules specified in an ingress ACL You can also configure up to seven user defined masks for an ingress or egress ACL Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 However due to resource restrictions the average number of rules bound to the ports should not exceed 20 You must configur...

Page 115: ...he Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 40 ACL Configuration CLI This example creates a standard IP ACL named bill Configuring a Standard IP ACL Command Attributes Action An ACL can contain all permit rules or all deny rules Default Permit rules Address Type Specifies the source IP address Use Any to i...

Page 116: ...er a specific address If you select IP enter a subnet address and the mask for an address range Then click Add Figure 3 41 ACL Configuration Standard IP CLI This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Console config std acl permit host 10 1 1 21 4 90 Console config std acl permit 168 92 16...

Page 117: ...e others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Source Destination Port Bitmask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0...

Page 118: ...ming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP 3 Permit all TCP packets from class C addresses 192 168 1 0 with the ...

Page 119: ... 4095 VID Bitmask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bitmask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet typ...

Page 120: ...lect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 43 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de etherty...

Page 121: ...der in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an ACL to an interface You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Specifying the Mask Type Use the ACL Mask Configuration page to edit the mask for the Ingress IP ACL Egress IP ACL Ingress ...

Page 122: ... to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Source or destination address of rule must match this bitmask See the description for SubMask on page 3 67 Protocol Bitmask Check the protocol field Service Type Mask Check the rule for the specified priority type Options Precedence ...

Page 123: ...This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host any entry Console config access list ip standard A2 4 89 Console config std acl permit 10 1 1 0 255 255 255 0 4 90 Co...

Page 124: ...y Source Destination Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format Mask A packet format must be specified in the rule Web Configure the mask to match the required rules in the MAC ingress or egress ACLs Set the mask to check for any source or destination address a...

Page 125: ...does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 12 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets...

Page 126: ...control and auto negotiation Field Attributes Web Name Interface label Type Indicates the port type 1000BASE T or SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Press...

Page 127: ...he interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring Interface Connections on page 3 48 The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Support...

Page 128: ...atus Indicates if the link is up or down Operation speed duplex Shows the current speed and duplex mode Flow control type Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or none CLI This example shows the connection status for Port 5 Console show interfaces status ethernet 1 5 4 157 Information of Eth 1 13 Basic information Port type 1000T Mac address 00 30 f1 47 58 4...

Page 129: ...ts 1000 Mbps full duplex operation Sym Gigabit only Check this item to transmit and receive pause frames or clear it to auto negotiate the sender and receiver for asymmetric pause frames The current switch chip only supports symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when i...

Page 130: ...ettings Console config interface ethernet 1 13 4 149 Console config if description RD SW 13 4 150 Console config if shutdown 4 154 Console config if no shutdown Console config if no negotiation 4 151 Console config if speed duplex 100half 4 150 Console config if flowcontrol 4 153 Console config if negotiation Console config if capabilities 100half 4 152 Console config if capabilities 100full Conso...

Page 131: ...ed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on...

Page 132: ...eating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Web Click Trunk Trunk Membership Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding por...

Page 133: ... fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Console config interface port channel 2 4 149 Console config if exit Console config interface ethernet 1 9 4 149 Console config if channel group 1 4 164 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Conso...

Page 134: ...4 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 157 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port admin status Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control status Disabled Port security ...

Page 135: ...ority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 0 Port Priority If a link goes down LACP port priority is used to...

Page 136: ...igure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 52 LACP Aggregation Port CLI This function is not supported by the CLI ...

Page 137: ...roup LACPDUs Received Number of valid LACPDUs received by this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocol...

Page 138: ...ormation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is no...

Page 139: ...uration 3 91 3 Web Click Port LACP Port Internal Information Select a port channel to display the corresponding information Figure 3 54 LACP Port Internal Information CLI This function is not supported by the CLI ...

Page 140: ...rtner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned t...

Page 141: ...hen be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Port Port number Type Indicates the port type 1000BASE T or SFP Protect Status Shows whether or not broadcast storm control has been enabled Def...

Page 142: ...nfig interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 155 Console config if end Console show interfaces switchport ethernet 1 2 4 159 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabl...

Page 143: ...irror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Target Port The port that will duplicate or mirror the traffic on the source port Web Click Port Mirror Specify the source port the traffic type to be mirrored and the monitor port then cli...

Page 144: ...e monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Sets the output rate limit for an interface Default Status Disabled Default Rate 1000 Mbps Range 1 1000 Mbps Web Click Rate Limit Input Output Port Trunk Configuration Set the Input Rate Limit Status or Output Rate Limit Status then set...

Page 145: ...t this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for disca...

Page 146: ...articular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR m...

Page 147: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted t...

Page 148: ...ing the Switch 3 100 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 59 Port Statistics ...

Page 149: ...al address of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 12 4 158 Ethernet 1 12 Iftable stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast out...

Page 150: ...und traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address V...

Page 151: ...ox select the method of sorting the displayed addresses and then click Query Figure 3 61 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 167 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 152: ...imary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a roo...

Page 153: ... trees based on VLAN groups Once you specify the VLANs to include in a Multiple Spanning Tree Instance MSTI the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs MSTP maintains contact with the global network because each instance is treated as an RSTP node in the Common Spanning Tree CST Displaying Global Settings You can display a summary of the curr...

Page 154: ...anning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w MSTP Multiple Spanning Tree IEEE 802 1s Instance Instance identifier of this spanning tree This is always 0 for the CIST VLANs configuration VLANs assigned to the CIST Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest prio...

Page 155: ... this node Max hops The max number of hop counts for the MST region Remaining hops The remaining number of hop counts for the MST instance Transmission limit The minimum interval between the transmission of consecutive RSTP MSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned ...

Page 156: ...essages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration de...

Page 157: ... the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 4...

Page 158: ...ach interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The m...

Page 159: ...Spanning Tree Algorithm Configuration 3 111 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 64 STA Configuration ...

Page 160: ...the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has transitioned from the Learning state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the h...

Page 161: ...y provide connectivity if other bridges bridge ports or LANs fail or are removed The role is set to disabled i e disabled port if a port has no role within the spanning tree Trunk Member Indicates if a port is a member of a trunk STA Port Information only These additional parameters are only displayed for the CLI Admin status Shows if this interface is enabled External path cost The path cost for ...

Page 162: ...rface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild ad...

Page 163: ...adictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this p...

Page 164: ...rmines if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Por...

Page 165: ... area of your network However remember that you must configure all bridges within the same MSTI Region page 3 110 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configu...

Page 166: ... MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 57 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 The other global attributes are described under Displaying Global Settings page 3 108 The attributes displayed by the CLI for individual interfaces are described under Displaying Interface Settings page 3 112 Web Click Spanning Tr...

Page 167: ...ignated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designated root 4096 2 0000E9313131 Designated ...

Page 168: ...displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 105 the settings for other instances only apply to the local spanning tree Console show spanning tree mst 0 4 186 Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 3276...

Page 169: ...tion only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 57 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with...

Page 170: ...rnet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Configuration or Trunk Configuration Enter the priority and path cost for an interface and click Apply Figure 3 69 MSTP Por...

Page 171: ...ets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in ...

Page 172: ...same VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned If an end station or its netw...

Page 173: ...the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that contains any VLAN aware devices the ...

Page 174: ...ick VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 70 Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number10 The VLAN version used by this switch as specified in the IEEE 802 1Q standard Maximum VL...

Page 175: ...e this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 72 VLAN Current Table Console show bridge...

Page 176: ... for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specif...

Page 177: ... a VLAN via the GVRP protocol Notes 1 You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 131 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described...

Page 178: ...t will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 124 None Interface is not a member of the VLAN Packets associated with this VLAN will ...

Page 179: ...VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 75 VLAN Static Membership CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Console config interface ethernet 1 1 4 149 Console config if switchport allowed vlan add 2 tagged 4 195 C...

Page 180: ...ll frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Default Disabled Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these...

Page 181: ...de for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or ...

Page 182: ...he Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 77 Private VLAN Status CLI This example enables private VLANs Console config interface ethernet 1 3 4 149 Console config if switchport acceptable frame types tagged 4 192 Console config if switchport ingress filtering 4 193 Console config if switchport native vlan ...

Page 183: ...vices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can configure this switch with protocol based VLANs that divide the physical network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined...

Page 184: ...with IP and ARP protocol types Mapping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces using any of the other VLAN commands such as VLAN Static Table page 3 129 or VLAN Static Membership page 3 131 these interfaces...

Page 185: ... of this protocol group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Web Click VLAN Protocol VLAN Port Configuration Select a a port or trunk enter a protocol group ID the corresponding VLAN ID and click Apply Figure 3 80 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in p...

Page 186: ...ity and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VL...

Page 187: ...Console config if switchport priority default 5 4 209 Console config if end Console show interfaces switchport ethernet 1 5 4 159 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All frames...

Page 188: ...plications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class13 Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Table 3 11 Mapping CoS Values to Egress Queues Queue...

Page 189: ...s to a one to one mapping Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 149 Console config queue cos map 0 0 4 210 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map ethernet 1 1 4 212 ...

Page 190: ...wer priority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 83 Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue As described in Mapping CoS Values to Egress Que...

Page 191: ...hen click Apply Figure 3 84 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 15 4 210 Console config exit Console show queue bandwidth 4 212 Information of Eth 1 1 Queue ID Weight 0 1 1 3 2 5 3 7 4 9 5 11 6 13 7 15 Information of Eth 1 2 Queue ID Weight ...

Page 192: ... the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be enabled Enabling one of these priority types will automatically disable the other Selecting IP Precedence DSCP Priority The switch allows you to choose between using IP Precedence or DSCP prio...

Page 193: ...s application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value i...

Page 194: ... different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority Note IP DSCP se...

Page 195: ...rt 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 4 216 Console config interface ethernet 1 1 4 149 Console config if map ip dscp 1 cos 0 4 216 Console config if end Console show map ip dscp ethernet 1 1 4 219 DSCP mappin...

Page 196: ...hich the settings apply IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Priority IP Port Status Set IP Port Priority Status to Enabled Figure 3 88 IP Port Prio...

Page 197: ... packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 140 Command Usage You must configure an ACL mask before you can map CoS values to the rule Command Attributes Port Port identifier Name15 Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 Console confi...

Page 198: ...ou must configure an ACL mask before you can change priorities based on a rule Traffic priorities may be included in the IEEE 802 1p priority tag This tag is also incorporated as part of the overall IEEE 802 1Q VLAN tag The 802 1p priority may be set for either Layer 2 or IP frames The IP frame header also includes priority bits in the Type of Service ToS octet The Type of Service octet may contai...

Page 199: ...the scroll down box and enter a priority To specify an 802 1p priority mark the 802 1p Priority check box and enter a priority Then click Add Figure 3 91 ACL Marker CLI This example changes the DSCP priority for packets matching an IP ACL rule and the 802 1p priority for packets matching a MAC ACL rule 16 For information on configuring ACLs see page 3 66 Console config interface ethernet 1 1 4 149...

Page 200: ... to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all ports in the subnet VLAN This switch not only supports IP multicast filtering by passively monitoring IGMP query and report messages and multicast routing probe messages to register end stations as...

Page 201: ...lticast clients and servers and dynamically configure the switch ports which need to forward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can manually designate a known IGMP querier i e a multicast router switch connected over the network to an interface on your switch page 3 157 This interface will then join all the current multicast groups su...

Page 202: ...protocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive multicast traffic This is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to...

Page 203: ...p igmp snooping querier 4 224 Console config ip igmp snooping query count 10 4 224 Console config ip igmp snooping query interval 100 4 225 Console config ip igmp snooping query max response time 20 4 226 Console config ip igmp snooping query time out 300 4 226 Console config ip igmp snooping version 2 4 222 Console config exit Console show ip igmp snooping 4 222 Service status Enabled Querier sta...

Page 204: ...witch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping Multicast Router Port Information Select the required VLAN ID from the scroll down list to display t...

Page 205: ...Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configuration Specify the interfaces attached to a multicast router indicate the VLAN which will forward all the corresponding multicast traffic ...

Page 206: ...rvice Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service Figure 3 95 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corr...

Page 207: ...N ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate ...

Page 208: ...ameters This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service The hosts may respond with several types of IP multicast messages Hosts respond to queries with report messages that indicate which groups they want to join or the groups to which they already belong If a router does not receive a report message within ...

Page 209: ... the Query Interval Query Interval Configures the frequency at which host query messages are sent Range 1 255 Default 125 seconds Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query messages which are addressed to the multicast address...

Page 210: ...onfig if ip igmp 4 229 Console config if ip igmp last memb query interval 10 4 232 Console config if ip igmp max resp interval 20 4 231 Console config if ip igmp query interval 100 4 231 Console config if ip igmp robustval 3 4 230 Console config if ip igmp version 1 4 232 Console config if end Console show ip igmp interface vlan 1 4 233 Vlan 1 is up IGMP is enable version is 2 Robustness variable ...

Page 211: ...rt has been received this object has the value 0 0 0 0 Up time The time elapsed since this entry was created Expire The time remaining before this entry will be aged out Default 260 seconds V1 Timer The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface Default 400 seconds If the switch receives an IGMP Version 1 ...

Page 212: ...l order If there is no domain list the default domain name is used If there is a domain list the default domain name is not used When an incomplete host name is received by the DNS server on this switch and a domain name list has been specified the switch will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a mat...

Page 213: ... and a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 4 142 Console config ip domain list sample com uk 4 143 Console config ip domain list sample com jp Console config ip domain server 192 168 1 55 10 1 0 55 4 144 Console config ip domain lookup 4 145 Console show dns 4 147 Domain Lookup Status DNS enabl...

Page 214: ...may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host device that is mapped to one or more IP addresses Range 1 64 char...

Page 215: ... click Apply Figure 3 100 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 4 141 Console config ip host rd6 10 1 0 55 Console show host 4 146 Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias 1 rd6 ...

Page 216: ... indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Web...

Page 217: ...elay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to the DHCP server When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scope...

Page 218: ...sses of DHCP servers to be used by the switch s DHCP relay agent in order of preference Web Click DHCP Relay Configuration Enter up to five IP addresses for any VLAN then click Restart DHCP Relay to start the relay service Figure 3 102 DHCP Relay Configuration CLI This example specifies one DHCP relay server for VLAN 1 and enables the relay service Console config interface vlan 1 4 149 Console con...

Page 219: ...en configure address pools for the network interfaces You can configure up to 8 network address pools You can also manually bind an address to a specific client if required However any fixed addresses must fall within the range of an existing network address pool You can configure up to 32 fixed host addresses i e entering one address per pool Enabling the Server Setting Excluded Addresses Enable ...

Page 220: ...ngle address or an address range and click Add Figure 3 103 DHCP Server General Configuration CLI This example enables the DHCP and sets an excluded address range Console config service dhcp 4 130 Console config ip dhcp excluded address 10 1 0 250 10 1 0 254 4 131 Console ...

Page 221: ...etwork address pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for DHCP clients Since BOOTP clients cannot transmit a client identifier you must configure a hardware address for this host type If no manual binding has been specified for a host entry with a hardware a...

Page 222: ... type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the client Range 1 32 characters Bootfile The default boot image for a DHCP client This file should placed on the Trivial File Transfer Protocol TFTP server specified as the Next Server Next Server The IP address of the next server in the boot process which is typically a Triv...

Page 223: ...Network Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 4 131 Console config dhcp network 10 1 0 0 255 255 255 0 4 132 Console config dhcp default router 10 1 0 253 4 133 Console config dhcp dns server 10 2 3 4 4 134 Console config dhcp netbios name server 10 1 0 33 4 135 Console config dhcp netbios node type hybrid 4 136 Console config dhcp domain ...

Page 224: ...ess pool Console config ip dhcp pool mgr 4 131 Console config dhcp host 10 1 0 19 255 255 255 0 4 137 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 4 139 Console config dhcp client identifier text bear 4 138 Console config dhcp default router 10 1 0 253 4 133 Console config dhcp dns server 10 2 3 4 4 134 Console config dhcp netbios name server 10 1 0 33 4 135 Console config dhcp ...

Page 225: ... pool or after moving DHCP service to another device Entry Count Number of hosts that have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host In this case the host generally accepts the first address assigned by any DHCP server Web Click DHCP Server IP Binding You may use the Delete button to clear an address from the DHCP server s database...

Page 226: ...s then select the backup routers based on the specified virtual router priority HSRP also includes the ability to dynamically modify the virtual router priority based on the operational state of other interfaces on the router Router redundancy can be set up in any of the following configurations The following examples show configuration settings for VRRP The only difference for HSRP is that the vi...

Page 227: ...mpt feature which allows a router to take over as the master router when it comes on line Command Usage Address Assignment The IP address assigned to the virtual router must already be configured on the router that will be the Owner In other words the IP address for the virtual router exists on one and only one router in the virtual router group and the network mask for the virtual router address ...

Page 228: ...and it will always resume control as the master virtual router when it comes back on line The preempt function only allows a backup router to take over from another backup router that is temporarily acting as the group master If preemption is enabled and this router has a higher priority than the current acting master when it comes on line it will take over as the acting group master You can add a...

Page 229: ... to take over as the master virtual router if it has a higher priority than the acting master virtual router i e another backup router that has taken over from the VRRP group address owner Default Enabled Preempt Delay Time to wait before issuing a claim to become the master Range 0 120 seconds 0 seconds Priority The priority of this router in a VRRP group Range 1 254 Default 100 The priority for ...

Page 230: ...Configuring the Switch 3 182 3 Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 3 108 VRRP Group Configuration ...

Page 231: ...f a real interface on this router to make it the master virtual router for the group Otherwise enter the virtual address for an existing group to make it a backup router Click Add IP to enter an IP address into the Associated IP Table Then set any of the other parameters as required and click Apply Figure 3 109 VRRP Group Configuration Detail ...

Page 232: ...umber VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Web Click IP VRRP Global Statistics Figure 3 110 VRRP Global Statistics Console config interface vlan 1 4 191 Console config if vrrp 1 ip 192 168 1 6 4 312 Console config if vrrp 1 ip 192 168 2 6 secondary Console config if vrrp 1 timers advertise 5 4 314 Console config if vr...

Page 233: ...kets Number of VRRP packets received by the virtual router with IP TTL Time To Live not equal to 255 Received Priority 0 Packets Number of VRRP packets received by the virtual router with priority set to 0 Error Packet Length Packets Number of packets received with a packet length less than the length of the VRRP header Invalid Type Packets Number of VRRP packets received by the virtual router wit...

Page 234: ...ce for assuming the role of master set the appropriate priority on each of these routers Then configure an authentication string to ensure that HSRP messages are only be exchanged between authorized routers You can also dynamically adjust the virtual router priority by tracking the availability of any IP interfaces on the router Console show vrrp 1 interface vlan 1 counters 4 319 Total Number of T...

Page 235: ...with the last octet equal to the group ID When a backup router takes over as the master it continues to forward traffic addressed to this virtual MAC address However the backup router cannot reply to ICMP pings sent to addresses associated with the virtual group because the IP address owner is off line Virtual Router Priority The router with the highest priority is elected as the master virtual ro...

Page 236: ...unicating their state Range 1 254 seconds Default 3 HSRP advertisements from the master and standby virtual router include information about their priority timer values and current state as the master or standby router Routers on which the timer settings have not been configured can learn the current timer values from the master or standby router Timers configured on the master router always overr...

Page 237: ... addresses assigned to the current VLAN interface that is also supported by the HSRP group Range Primary Secondary Default Primary Tracking Interface Specifies an interface to track The HSRP priority of this router will be changed whenever the interface goes down or comes back up by the corresponding tracking priority You can specify up to 32 IP interfaces to be tracked by this command If you spec...

Page 238: ...Configuring the Switch 3 190 3 Web Click IP HSRP Group Configuration Select the VLAN ID enter the HSRP group number and click Add Figure 3 112 HSRP Group Configuration ...

Page 239: ...priority and authentication as required Enter the virtual IP address for the group You can also enter secondary IP addresses that will be supported by the group Enter any IP interfaces for which the status should be tracked and the corresponding value by which to adjust the priority when the interface state changes Then click Apply Figure 3 113 HSRP Group Configuration Detail ...

Page 240: ...3 100 4 326 Console config if standby 1 timers 2 5 4 325 Console config if standby 1 preempt delay 10 4 323 Console config if standby 1 priority 10 4 322 Console config if standby 1 authentication bluebird 4 324 Console show standby 4 327 Vlan 1 Group 1 Local State is Active priority 5 confgd 10 may preempt Preemption delayed for 10 secs Hellotime 6 sec holdtime 18 sec Next hello sent in 0 0 5 Hos...

Page 241: ...d first create VLANs for each unique user group or application traffic page 3 128 assign all ports that belong to the same group to these VLANs page 3 129 and then assign an IP interface to each VLAN page 3 197 By separating the network into different VLANs it can be partitioned into subnetworks that are disconnected at Layer 2 Network traffic within the same subnet is still switched using Layer 2...

Page 242: ...ect path The router can also use the ARP protocol to find out the MAC address of the destination node of the next router as necessary Note In order to perform IP switching the switch should be recognized by other network nodes as an IP router either by setting it as the default gateway or by redirection from another router via the ICMP process When the switch receives an IP packet addressed to its...

Page 243: ...or or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of next hop links which lead to relevant subnets OSPFv2 Dynamic Routing Protocol OSPF overcomes all the problems of RIP It uses a link state routing protocol t...

Page 244: ...nd dynamic unicast routing If IP routing is enabled all IP packets are routed using either static routing or dynamic routing via RIP or OSPF and other packets for all non IP protocols e g NetBuei NetWare or AppleTalk are switched based on MAC addresses If IP routing is disabled all packets are switched with filtering and forwarding decisions based strictly on MAC addresses Default Gateway The rout...

Page 245: ... VLAN for each unique user group or for each network application and its associated users Then assign the ports associated with each of these VLANs Command Attributes VLAN ID ID of configured VLAN 1 4094 no leading zeroes IP Address Mode Specifies whether the IP address for this interface is statically assigned or obtained from a network address server Options Static DHCP Dynamic Host Configuratio...

Page 246: ... enter these addresses one at a time and click Set IP Configuration after entering each address Figure 3 115 IP Routing Interface CLI This example sets a primary IP address for VLAN 1 and then adds a secondary IP address for a different subnet also attached to this router interface Console config interface vlan 1 Console config if ip address 10 1 0 253 255 255 255 0 4 236 Console config if ip addr...

Page 247: ...dress does not match the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to the source hardware address When the source device receives a reply it writes the destination IP address and corresponding MAC address into its cache and forwards the IP traffic on to the next hop As long a...

Page 248: ...ces Extensive use of Proxy ARP can degrade router performance because it may lead to increased ARP traffic and increased search time for larger ARP address tables Command Attributes Timeout Sets the aging time for dynamic entries in the ARP cache Range 300 86400 seconds Default 1200 seconds or 20 minutes Proxy ARP Enables or disables Proxy ARP for specified VLAN interfaces Web Click IP ARP General...

Page 249: ...y via the configuration interface Command Attributes IP Address IP address statically mapped to a physical MAC address Valid IP addresses consist of four numbers 0 to 255 separated by periods MAC Address MAC address statically mapped to the corresponding IP address Valid MAC addresses are hexadecimal numbers in the format xx xx xx xx xx xx Entry Count The number of static entries in the ARP cache ...

Page 250: ...dress IP address of a dynamic entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static18 Changes a selected dynamic entry to a static entry Clear All18 Deletes all dynamic entries from the ARP cache Entry Count The number of dynamic entries in the ARP cache Web Click IP ARP Dynamic Addresses You c...

Page 251: ...Entry Count The number of local entries in the ARP cache Web Click IP ARP Other Addresses Figure 3 119 ARP Other Addresses Console show arp 4 242 Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 1...

Page 252: ...dress Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console Table 3 17 ARP Statistics Parameter Description Received Request Number of ARP Request packets received by the router Received Reply Num...

Page 253: ...sts 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 checksum errors Sent 0 total ARP statistics Rcvd 0 requests 1 replies Sent 1 requests 0 replies Table 3 18 IP Statistics Parameter Description Packets Received The total number of input datagrams received from interfaces incl...

Page 254: ...ng their IP options etc Unknown Protocols Received The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol Received Packets Delivered The total number of input datagrams successfully delivered to IP user protocols including ICMP Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prev...

Page 255: ...ore suitable routes i e the next hop router to use for a specific destination Table 3 19 ICMP Statistics Parameter Description Messages The total number of ICMP messages which the entity received sent Errors The number of ICMP messages which the entity received sent but determined as having ICMP specific errors bad ICMP checksums bad length etc Destination Unreachable The number of ICMP Destinatio...

Page 256: ...r of ICMP Timestamp request messages received sent Timestamp Replies The number of ICMP Timestamp Reply messages received sent Address Masks The number of ICMP Address Mask Request messages received sent Address Mask Replies The number of ICMP Address Mask Reply messages received sent Table 3 19 ICMP Statistics Continued Parameter Description ...

Page 257: ...oo slow or just unnecessary Web Click IP Statistics UDP Figure 3 123 UDP Statistics CLI See the example on page 3 204 Table 3 20 USP Statistics Parameter Description Datagrams Received The total number of UDP datagrams delivered to UDP users Datagrams Sent The total number of UDP datagrams sent from this entity Receive Errors The number of received UDP datagrams that could not be delivered for rea...

Page 258: ...o the SYN SENT state from the CLOSED state Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD state plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN RCVD state Current Connections The number of TCP connections for which the current stat...

Page 259: ... network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets Gateway IP address of the gateway used for this route Metric Cost for this interface This cost is only used if a rout...

Page 260: ...ive link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indicates the default gateway for this router Netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets Next Hop The IP address of ...

Page 261: ... been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Triggered updates Whenever a route gets changed broadcast an update message after waiting for a short random delay but without waiting for the periodic cycle RIP 2 is a compatible upgrade to RIP RIP 2 adds usefu...

Page 262: ...ng protocol messages The update timer is the fundamental timer used to control all basic RIP processes Setting the update timer to a short interval can cause the router to spend an excessive amount of time processing updates On the other hand setting it to an excessively long time will make the routing protocol less sensitive to changes in the network configuration The timers must be set to the sa...

Page 263: ...k Apply Figure 3 127 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 4 249 Console config router version 2 4 252 Console config router timers basic 15 4 249 Console config router end Console show rip globals 4 257 RIP Process Enabled Update Time in Seconds 15 Number of Route Change 0 Number of Queries 1 Con...

Page 264: ...ed 128 19 is class B and the first two fields in the network address are used 192 223 is class C and the first three fields in the network address are used Command Attributes Subnet Address IP address of a network directly connected to this router Web Click Routing Protocol RIP Network Addresses Add all interfaces that will participate in RIP and click Apply Figure 3 128 RIP Network Addresses CLI ...

Page 265: ...ly Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Using this mode allows RIPv1 routers to receive these protocol messages but still allows RIPv2 routers to receive the additional information provided by RIPv2 including subnet mask next hop and authentication...

Page 266: ...n interface RIPv1 Sends only RIPv1 packets RIPv2 Sends only RIPv2 packets RIPv1 Compatible Route information is broadcast to other routers with RIPv2 Default Do Not Send Does not transmit RIP updates The default depends on the setting specified under RIP General Settings Global RIP Version RIPv1 RIPv1 Compatible RIPv2 RIPv2 packets Instability Preventing Specifies the method used to reduce the con...

Page 267: ...tion and corresponding password Then click Apply Figure 3 129 RIP Interface Settings CLI This example sets the receive version to accept both RIPv1 or RIPv2 messages the send mode to RIPv1 compatible i e called v2 broadcast in the CLI sets the method of preventing instability in the network topology to Split Horizon enables authentication via a simple password i e called text mode in the CLI Conso...

Page 268: ...ase queries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1Orv2 InstabilityPreventing Shows if split horizon poison reverse or no instability prevention method is in use AuthType Shows if authentication is set to s...

Page 269: ...IP Routing 3 221 3 Web Click Routing Protocol RIP Statistics Figure 3 130 RIP Statistics ...

Page 270: ...ueries 0 Console show ip rip configuration 4 257 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console show ip rip status 4 257 Interface RcvBadPackets RcvBadRoutes SendUpdates 10 1 0 253 0 0 60 10 1 1 253 0 0 63 Console show ip rip peer 4 257 Peer UpdateTime V...

Page 271: ...to calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 1587 Command Usage OSPF looks at more than just the simple hop count When adding the shortest path to any node into the tree the optimal path is chosen on the basis of delay throughput and connectivity OSPF utilizes IP multicast to reduce the amount of routing traffic ...

Page 272: ...ddresses This is an important technique for limiting the amount of traffic exchanged between Area Border Routers ABRs And finally you must specify a virtual link to any OSPF area that is not physically attached to the OSPF backbone Virtual links can also be used to provide a redundant link between contiguous areas to prevent areas from being partitioned or to merge backbone areas Configuring Gener...

Page 273: ... AS Boundary Router field must be enabled and the Advertise Default Route field properly configured Default Disabled Advertise Default Route20 The router can advertise a default external route into the autonomous system AS Options NotAlways Always Default NotAlways Always The router will advertise itself as a default external route for the AS even if a default external route does not actually exis...

Page 274: ...Configuration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 4 260 Console config router router id 10 1 1 253 4 260 Console config router no compatible rfc1583 4 261 Console config router default information originate always metric 10 metric type 2 4 262 Console config router timers spf 10 4 263 Console ...

Page 275: ...ea border router adjacent to a stub can be configured to send a default external route into the stub for all destinations outside the local area or the autonomous system This route will also be advertised as a single entry point for traffic entering the stub Using a stub can significantly reduce the amount of topology data that has to be exchanged over the network By default a stub can only pass t...

Page 276: ...ntain the same external routing data so that the exit point does not need to be determined for each external destination Command Attributes Area ID Identifier for an area stub or NSSA Area Type Specifies a normal area stub area or not so stubby area NSSA Area ID 0 0 0 0 is set to the backbone by default Default Normal area Default Cost Cost for the default summary route sent into a stub from an ar...

Page 277: ...ea 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default route to 10 Console config router network 10 1 1 0 255 255 255 0 area 0 0 0 1 4 267 Console config router area 0 0 0 2 stub summary 4 268 Console config router area 0 0 0 2 default cost 10 4 264 Console co...

Page 278: ...t Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs imported into your autonomous system i e local routing domain use the Summary Address Configuration screen page 3 241 Command Attributes Area ID Identifies an area for which the routes are summarized The area ID must be in the form of an IP address Range Network Base address ...

Page 279: ... is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1 1 0 255 255 255 0 4 267 Console config router end Console show ip ospf Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route Number of area in this router is 4 Area 0 0 0 0 BACKBONE Number of interfaces in this area ...

Page 280: ...N Note This router supports up 64 OSPF interfaces Detail Interface Configuration VLAN ID The VLAN corresponding to the selected interface Rtr Priority Sets the interface priority for this router Range 0 255 Default 1 A designated router DR and backup designated router BDR is elected for each OSPF area based on Router Priority The DR forms an active adjacency to all other routers in the area to exc...

Page 281: ...icate slower ports Range 1 65535 Default 1 This router uses a default cost of 1 for all ports Therefore if you install a Gigabit module you need to reset the cost for all of the 100 Mbps ports to some value greater than 1 Routes are subsequently assigned a metric equal to the sum of all metrics for each interface link in the route Authentication Type Specifies the authentication type used for an i...

Page 282: ... Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new key Once all the neighboring routers start sending protocol messages back to this router with the new key the router will stop using the old key This rollover process gives the network administrator t...

Page 283: ...erface vlan 1 Console config if ip ospf priority 5 4 276 Console config if ip ospf transmit delay 6 4 278 Console config if ip ospf retransmit interval 7 4 277 Console config if ip ospf hello interval 5 4 276 Console config if ip ospf dead interval 50 4 275 Console config if ip ospf cost 10 4 275 Console config if ip ospf authentication message digest 4 272 Console config if ip ospf message digest...

Page 284: ...te that you cannot configure a virtual link that runs through a stub or NSSA area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitioning or to connect two existing backbone areas into a common backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IP address Neighbo...

Page 285: ...sting link click the Detail button for the required entry modify the link settings and click Set Figure 3 136 OSPF Virtual Link Configuration CLI This example configures a virtual link from the ABR adjacent to area 0 0 0 4 through a transit area to the neighbor router 10 1 1 252 at the other end of the link which is adjacent to the backbone Console config router area 0 0 0 0 virtual link 10 1 1 25...

Page 286: ...connected to the backbone either directly or through a virtual link if a direct physical connection is not possible An area initially configured via the Network Area Address Configuration page is set as a normal area or transit area by default A normal area can send and receive external Link State Advertisements LSAs If necessary you can use the Area Configuration page to configure an area as a st...

Page 287: ...SPF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then click Apply Figure 3 137 OSPF Network Area Address Configuration ...

Page 288: ...spf 4 278 Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route Number of area in this router is 4 Area 0 0 0 0 BACKBONE Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0 0 0 1 Number of interfaces in this area is 1 SPF algorithm executed 5 times Area 0 0 0 2 STUB Number of interfaces in this area is 1 SPF algorithm executed 13 times Area 0 0 0 3 NSSA Nu...

Page 289: ...able external route redistribution via the Redistribute Configuration screen view the routes imported into the routing table and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for advertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 3 230 Command Attribu...

Page 290: ... to destinations outside the autonomous system AS via External LSAs Specify Type 1 to add the internal cost metric to the external route metric In other words the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR plus the cost of the external route Specify Type 2 to only advertise external route metric The metric value specified for ...

Page 291: ...ibutes Area ID Identifier for an not so stubby area NSSA Default Information Originate An NSSA ASBR originates and floods Type 7 external LSAs throughout its area for known network destination outside of the AS However you can also configure an NSSA ASBR to generate a Type 7 default route to areas outside of the AS or an NSSA ABR to generate a Type 7 default route to other areas within the AS Defa...

Page 292: ... NSSA or modify the routing behavior for an existing NSSA and click Apply Figure 3 140 OSPF NSSA Settings CLI This example configures area 0 0 0 1 as a stub and sets the cost for the default summary route to 10 Console config router area 0 0 0 1 nssa default information originate 4 269 Console config router area 0 0 0 2 nssa no redistribution 4 269 Console config router ...

Page 293: ...rea border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an autonomous system boundary router ASBR AS External Type 5 An ASBR can generate an AS External LSA for each known network destination outside the AS NSSA External Type 7 An ASBR within an NSSA generates a...

Page 294: ... Database Information Specify parameters for the LSAs you want to display then click Query Figure 3 141 OSPF Link State Database Information CLI The CLI provides a wider selection of display options for viewing the Link State Database See show ip ospf database on page 4 280 ...

Page 295: ...Rte Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed for this route Web Click Routing Protocol OSPF Border Router Information Figure 3 142 OSPF Border Router Information CLI This example shows one router that serves as both the ABR for the local area and...

Page 296: ...ectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic neighbor S Static neighbor DR Designated router BDR Backup designated router Address IP address of this interface Web Click Routing Protocol OSPF N...

Page 297: ... table making it routing protocol independent Also note that the Dense Mode version of PIM is supported on this router because it is suitable for densely populated multicast groups which occur primarily in the LAN environment If DVMRP and PIM DM are not enabled on this router or another multicast routing protocol is used on your network you can manually configure the switch ports attached to a mul...

Page 298: ... directly attached subnetworks or on subnetworks attached to downstream routers Field Attributes Group Address IP group address for a multicast service Source Address Subnetwork containing the IP multicast source Netmask Network mask for the IP multicast source Interface Interface leading to the upstream neighbor Owner The associated multicast protocol i e DVMRP or PIM Flags The flags associated w...

Page 299: ...Multicast Routing 3 251 3 Web Click IP Multicast Routing Multicast Routing Table Click Detail to display additional information for any entry Figure 3 145 Multicast Routing Table ...

Page 300: ... and another source routed via PIM Console show ip mroute 4 293 IP Multicast Forwarding is enabled IP Multicast Routing Table Flags P Prune F Forwarding 234 5 6 7 10 1 0 0 255 255 255 0 Owner DVMRP Upstream Interface vlan2 Upstream Router 10 1 0 0 Downstream 234 5 6 8 10 1 5 19 255 255 255 255 Owner PIM DM Upstream Interface vlan3 Upstream Router 10 1 5 19 Downstream Console ...

Page 301: ...ource of this multicast traffic When this router receives the multicast message it checks its unicast routing table to locate the port that provides the shortest path back to the source If that path passes through the same port on which the multicast message was received then this router records path information for the concerned multicast group in its routing table and forwards the multicast mess...

Page 302: ... previously sent a prune message now discovers a new group member on one of its connections it sends a graft message to the upstream router When an upstream router receives this message it cancels the prune message If necessary graft messages are propagated back toward the source until reaching the nearest live branch in the multicast tree The global settings that control the prune and graft messa...

Page 303: ...ect for a multicast tree Range 1 65535 Default 7200 seconds Default Gateway23 Specifies the default DVMRP gateway for IP multicast traffic Default none The specified interface advertises itself as a default route to neighboring DVMRP routers It advertises the default route out through its other interfaces Neighboring routers on the other interfaces return Poison Reverse messages for the default ro...

Page 304: ...uting Command Attributes DVMRP Interface Information Interface VLAN interface on this router that has enabled DVMRP Address IP address of this VLAN interface Metric The metric for this interface used to calculate distance vectors Status Shows that DVMRP is enabled on this interface Console config router dvmrp 4 295 Console config router probe interval 30 4 296 Console config router nbr timeout 40 ...

Page 305: ...ownstream group members within the VLAN But if IGMP snooping is disabled then the interface will flood incoming multicast traffic to all ports in the attached VLAN Web Click Routing Protocol DVMRP Interface Settings Select a VLAN from the drop down box under DVMRP Interface Settings modify the Metric if required set the Status to Enabled or Disabled and click Apply Figure 3 147 DVMRP Interface Set...

Page 306: ...hat neighbor to check for changes in neighbor capabilities Refer to DVMRP IETF Draft v3 10 section 3 2 1 for a detailed description of these bits These bits are described below Leaf bit 0 Neighbor has only one interface with neighbors Prune bit 1 Neighbor supports pruning Generation ID bit 2 Neighbor sends its Generation ID in probe messages Mtrace bit 3 Neighbor can handle multicast trace request...

Page 307: ... used to forward IP multicast traffic The routes listed in the table do not reflect actual multicast traffic flows For this information you should look at the IGMP Member Port Table page 3 159 or the IGMP Group Membership Table page 3 163 Command Attributes IP Address IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Netmask Sub...

Page 308: ...of the packet to all the other interfaces for which is has not already received a prune message for this specific source group pair DVMRP holds the prune state for about two hours while PIM DM holds it for only about three minutes This results in more flooding than encountered with DVMRP but this the only major trade off for the lower processing overhead and simplicity of configuration for PIM DM ...

Page 309: ...flooding by default and are only removed from the multicast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a downstream router The interface settings that control the prune and graft messages i e prune holdtime should be configured to the same values on all routers throughout the network to allow PIM to functi...

Page 310: ... stream from a particular source forwards this traffic to all other PIM interfaces on the router If there are no requesting groups on that interface the leaf node sends a prune message upstream and enters a prune state for this multicast stream The prune state is maintained until the prune holdtime timer expires or a graft message is received for the forwarding entry Range 1 65535 seconds Default ...

Page 311: ...lo interval 60 4 306 Console config if ip pim hello holdtime 210 4 306 Console config if ip pim trigger hello interval 10 4 307 Console config if ip pim join prune holdtime 60 4 307 Console config if ip pim graft retry interval 9 4 308 Console config if ip pim max graft retries 5 4 309 Console config if end Console show ip pim interface 2 4 309 Vlan 2 is up PIM is enabled mode is Dense Internet ad...

Page 312: ... DM Interface Information CLI This example shows the PIM DM interface summary for VLAN 1 Displaying Neighbor Information You can display all the neighboring PIM DM routers Command Attributes Neighbor Address IP address of the next hop router Interface VLAN that is attached to this neighbor Up time The duration this entry has been active Expire The time before this entry will be removed Mode PIM mo...

Page 313: ...otocol PIM DM Neighbor Information Figure 3 153 PIM DM Neighbor Information CLI This example displays the only neighboring PIM DM router Console show ip pim neighbor 4 310 Address VLAN Interface Uptime Expire Mode 10 1 0 253 1 613 91 Dense Console ...

Page 314: ...Configuring the Switch 3 266 3 ...

Page 315: ...d access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the quit or exit command After connecting to the system through the console port the login screen displays Telnet Connection Telnet...

Page 316: ...address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty n for the guest to show that you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary command...

Page 317: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is am...

Page 318: ...ation of interfaces ip IP information line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Show management IP filter map Map priority marking Specify marker port Characteristics of the port protocol vlan Protocol VLAN information public key Show information of public key pvlan Information of ...

Page 319: ...m messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and t...

Page 320: ...prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will now display the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by entering the ...

Page 321: ...These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such as parity and databits Router Configuration These commands configure global settings for unicast and multicast routing protocols VLAN Configuration Includes the command to create VLAN groups Multiple Spanning T...

Page 322: ...cess list ip standard access list ip extended access list ip mask precedence access list mac access list mac mask precedence Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl 4 87 DHCP ip dhcp pool Console config dhcp 4 126 Interface interface ethernet port port channel id vlan id Console config if 4 149 VLAN vlan database C...

Page 323: ... Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters th...

Page 324: ...rts aggregated links and VLANs 4 149 Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 160 Rate Limiting Controls the maximum rate for traffic transmitted or received on a port 4 162 Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggregation Control Protocol for ...

Page 325: ...ode GC 4 12 login Enables password checking at login LC 4 12 password Specifies a password on a line LC 4 13 timeout login response Sets the interval that the system waits for a login attempt LC 4 14 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 15 password thresh Sets the password intrusion threshold which limits the number of failed logon att...

Page 326: ... screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 19 show users 4 62 login This command enables password checking at login Use the no form to disable password checking and allow connections without a password Syntax login local no l...

Page 327: ...ontrols login authentication via the switch itself To configure user names and passwords for remote authentication servers you must use the RADIUS or TACACS software installed on those servers Example Related Commands username 4 27 password 4 13 password This command specifies the password for a line Use the no form to remove the password Syntax password 0 7 password no password 0 7 0 means plain ...

Page 328: ...or a user to log into the CLI Use the no form to restore the default setting Syntax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 300 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the conne...

Page 329: ...rminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command password thresh This command sets the password intrusion threshold which limits the number of failed logon attempts Use the no form to remove ...

Page 330: ...ilent time 4 16 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Sett...

Page 331: ...can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 17 parity This command defines the generation of a parity bit Use the no form to restore the default setting ...

Page 332: ...e Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accord...

Page 333: ...d Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 42 show users 4 62 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote ...

Page 334: ...535 Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 21 disable Returns to normal mode from privileged mode PE 4 21 configure Activates global configuration mode PE 4 22 show history Shows the command history buffer NE PE 4 22 reload Restarts the system PE 4 23 end Returns to Privileged Exec mode any config mode 4 24 exit Returns to the previous configura...

Page 335: ...Privileged Exec To set this password see the enable password command on page 4 28 The character is appended to the end of the prompt to indicate that the system is in privileged access mode Example Related Commands disable 4 21 enable password 4 28 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s conf...

Page 336: ...ration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 24 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is...

Page 337: ...load This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch Con...

Page 338: ...d returns to the previous configuration mode or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit comm...

Page 339: ...s that are allowed management access 4 29 Web Server Enables management access via a web browser 4 31 Telnet Server Enables management access via Telnet 4 34 Secure Shell Provides secure replacement for Telnet 4 35 Event Logging Controls logging of error messages 4 44 SMTP Alerts Configures SMTP email alerts 4 49 Time System Clock Sets the system clock automatically via NTP SNTP server or manually...

Page 340: ...haracters Default Setting Console Command Mode Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore the default host name Syntax hostname name no hostname name The name of this host Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config prompt RD2 RD2 config Console con...

Page 341: ...name of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters...

Page 342: ... level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a p...

Page 343: ...f anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges ...

Page 344: ...Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Global Configuration Example Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console Console show management all client Management Ip Filter Http Client Start...

Page 345: ... This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 31 ip http server Allows the switch to be monitored or configur...

Page 346: ...he client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x and Netscape Navigator 4 x...

Page 347: ...p secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ...

Page 348: ...on Example Related Commands ip telnet server 4 34 ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuration Example Command Function Mode Page ip telnet port Specifies the port to be used by the Telnet interface GC 4 31 ip telnet server Allo...

Page 349: ...at you also need to install a SSH client on the management station when using this protocol to configure the switch Note The switch supports both SSH Version 1 5 and 2 0 Table 4 14 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4 37 ip ssh timeout Specifies the authentication timeout for the SSH server GC 4 38 ip ssh authentication retries Sp...

Page 350: ...329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to th...

Page 351: ...key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server...

Page 352: ...negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 15 show ip ssh 4 41 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authenticat...

Page 353: ...mand Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both ...

Page 354: ...t programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 4 40 ip ssh save host key 4 41 ip s...

Page 355: ...save host key 4 41 no ip ssh server 4 37 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 40 show ip ssh This command displays the connection settings used when authe...

Page 356: ...hentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish...

Page 357: ...ring is the encoded modulus Example Console show public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA ...

Page 358: ...Commands logging history 4 45 clear logging 4 47 Table 4 16 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 44 logging history Limits syslog messages saved to switch memory based on severity GC 4 45 logging host Adds a syslog server host IP address that will receive logging messages GC 4 46 logging facility Sets the facility type for remote logg...

Page 359: ...d Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 17 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning condition...

Page 360: ...ts the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog me...

Page 361: ...ing Disabled Level 3 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enables remote logging but restores the minimum severity level to the default Example clear logging This command clears messages from the log buffer Syntax clear logg...

Page 362: ...e level for flash memory is errors i e default level 3 0 the message level for RAM is debugging i e default level 7 0 and lists one sample error Console show logging flash Syslog logging Enable History logging in FLASH level errors Console show logging ram Syslog logging Enable History logging in RAM level debugging 0 0 0 5 1 1 1 PRI_MGR_InitDefault function fails level 3 module 13 function 0 and ...

Page 363: ... logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address...

Page 364: ...loses the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in the list and tries to send mail again If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cann...

Page 365: ...1 41 characters Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will send email alerts for system errors from level 3 through 0 logging sendmail destination email This command specifies the email recipients of alert messages Use th...

Page 366: ...led Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SM...

Page 367: ...rom time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Table 4 2...

Page 368: ...ge This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Console config sntp server 10 1 0 19 Console config sntp poll 60 Console config sntp client C...

Page 369: ...l Configuration Command Usage This command is only applicable when the switch is set to SNTP client mode Example Related Commands sntp client 4 53 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the curren...

Page 370: ...ng None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Rela...

Page 371: ... sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2101 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode N...

Page 372: ...ngs Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs Routing protocol configuration settings Spanning tree settings Any configured settings for the console port and Telnet Table 4 22 System Status Commands Command Function Mode Page show startup conf...

Page 373: ... and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords Console show startup config building startup config please wait username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password...

Page 374: ...erver 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community private rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active ...

Page 375: ...cription 8 SFP ports 4 Gigabit Combo ports L2 L3 L4 managed standalone switch System OID string 1 3 6 1 4 1 259 6 10 57 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 30 f1 47 58 3a Web server enable Web server port 80 Web secure server enable Web secure server port 443 Telnet server enable Teln...

Page 376: ...version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 12 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP add...

Page 377: ...n fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Console show vers...

Page 378: ...g tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https cert...

Page 379: ...ory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must follow the instructions in the release notes for new firmware or contact your distributor for help For information on specifying an https certificate see Rep...

Page 380: ... file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS ce...

Page 381: ...delete the test2 cfg configuration file from flash memory Related Commands dir 4 67 delete public key 4 39 dir This command displays a list of files in flash memory Syntax dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or...

Page 382: ...e information displayed by this command Table 4 25 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte diag_0060 Boot Rom image Y 111360 run_01642 Operation ...

Page 383: ... ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Example Related Commands dir 4 67 whichboot 4 68 Console config boot system ...

Page 384: ... best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet Table 4 26 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 70 RADIUS Client Configures s...

Page 385: ...page 4 21 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection...

Page 386: ...ch radius server host This command specifies the RADIUS server Use the no form to restore the default Syntax radius server host host_ip_address no radius server host host_ip_address IP address of server Default Setting 10 1 0 1 Command Mode Global Configuration Example Console config authentication enable radius Console config Table 4 28 RADIUS Client Commands Command Function Mode Page radius ser...

Page 387: ...mmand Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example C...

Page 388: ... command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This comman...

Page 389: ... the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Console show radius server Server IP address 10 1 0 1 Communication key with radius server Server port number 1812 Retransmit times 2 Request timeout 5 Console Table 4 29 TACACS Client Commands Command Funct...

Page 390: ...mand Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Exampl...

Page 391: ...rt will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message Console show tacacs server Remote TACACS server configuration Server IP ad...

Page 392: ...resses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted First use the port security max mac count command to set the number of add...

Page 393: ...dot1x default Resets all dot1x parameters to their default values GC 4 80 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session GC 4 80 dot1x port control Sets dot1x mode for a port interface IC 4 81 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 82 dot1x re ...

Page 394: ...lobal and port settings to their default values Syntax dot1x default Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum numb...

Page 395: ...d client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config dot1x max re...

Page 396: ...to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port control command page 4 105 In multi host mode only one host connected to a port needs to pass authentication for all other hosts to be granted network access Similarly a port ca...

Page 397: ...od This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Global Configuration Example Console dot1x re authenticate Console Conso...

Page 398: ...bal Configuration Example dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Default 30 seconds Command Mode Global Configuration Example Console config...

Page 399: ...ver timeout Server timeout reauth max Maximum number of reauthentication attempts 802 1X Port Summary Displays the port access control parameters for each interface including the following items Status Administrative state for port access control Mode Dot1x port control mode page 4 81 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays detailed port access contro...

Page 400: ...h period 300 quiet period 350 tx period 300 supp timeout 30 server timeout 30 reauth max 2 max req 2 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 disabled Single Host ForceAuthorized n a 1 11 disabled Single Host ForceAuthorized yes 1 12 disabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is e...

Page 401: ...otocol is specified then you can also filter packets based on the TCP control code MAC ACL mode MAC ACL filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 The following restrictions apply to ACLs This switch supports ACLs for both ingress and egress filtering However you can only bind one IP ACL and one MAC ACL to any port for ingress filtering and ...

Page 402: ...4 32 Access Control List Commands Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 88 MAC ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4 102 ACL Information Displays ACLs and associated rules shows ACLs assigned to each port 4 112 Table 4 33 IP ACL Commands Command Function Mode P...

Page 403: ...uration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 90 ip access group 4 98 show ip access list 4 9...

Page 404: ...d to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example Thi...

Page 405: ...ort sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precedence level Range 0 7 tos Type of Service level Range 0...

Page 406: ... Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x...

Page 407: ...Related Commands permit deny 4 90 ip access group 4 98 access list ip mask precedence This command changes to the IP Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specifie...

Page 408: ... host source bitmask any host destination bitmask precedence tos dscp source port port bitmask destination port port bitmask control flag flag bitmask protocol Check the protocol field any Any address will be matched host The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match th...

Page 409: ... in order of precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the...

Page 410: ...sole config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list A3 ...

Page 411: ...h config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask acl end Console sh access list IP ...

Page 412: ...ration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 93 show ip access group This command shows the ports assigned to IP ACLs Command Mo...

Page 413: ...ange 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map on page 4 210 Example Rela...

Page 414: ...ity of a frame matching the defined ACL rule This feature is commonly referred to as ACL packet marking Use the no form to remove the ACL marker Syntax match access list ip acl_name set priority priority set tos tos_value set dscp dscp_value no match access list ip acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0...

Page 415: ...ecify the IP precedence priority use the set tos keywords To specify the DSCP priority use the set dscp keywords Note that the IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Example Related Commands show marking 4 101 show marking This command displays the curre...

Page 416: ...and enters configuration mode GC 4 102 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 103 show mac access list Displays the rules for configured MAC ACLs PE 4 104 access list mac mask precedence Changes to the mode for configuring access control masks GC 4 105 mask Sets a precedence mask for the ACL rules MAC Mask 4 106 sho...

Page 417: ...host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit ...

Page 418: ...I formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 4 102 show mac access list This command displays the rules...

Page 419: ...tion Command Usage You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule A mask can only be used by all ingress ACLs or all egress ACLs The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determi...

Page 420: ...ce address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask vid Check the VLAN ID field vid bitmask VLAN ID of rule must match this bitmask ethertype Check the Ethernet type field ethertype bitmask Ethernet type of rule must match this bitmask Default Setting None Command Mode MAC Mask Command Usage Up to seven masks can be assigned to an ingr...

Page 421: ...ist MAC access list M4 deny tagged eth2 host 00 11 11 11 11 11 any vid 3 permit any any MAC ingress mask ACL mask pktformat host any vid Console Console config access list mac M5 Console config mac acl deny tagged 802 3 host 00 11 11 11 11 11 any Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 ethertype 0806 Console config mac acl end Console show access list ...

Page 422: ... of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You...

Page 423: ...he packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a rule within the specified ACL ...

Page 424: ...rmines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list mac 4 109 Console config int eth 1 5 Console config if map access list mac M5 cos 0 Console config if Console show map access list mac Access list to COS of Eth 1 ...

Page 425: ...o match access list mac acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Related Commands show marking 4 1...

Page 426: ...list Show all ACLs and associated rules PE 4 112 show access group Shows the ACLs assigned to each port PE 4 112 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code ...

Page 427: ...Setting Enabled Table 4 38 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 113 show snmp Displays the status of SNMP communications NE PE 4 114 snmp server community Sets up the community access string to permit access to SNMP commands GC 4 115 snmp server contact Sets the system contact string GC 4 115 snmp server location Sets the system location string GC 4 116 ...

Page 428: ... Example Console config snmp server Console config Console show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number ...

Page 429: ...tions are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Example snmp server contact This command sets the system contact string Use the no form to remov...

Page 430: ...Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 115 Console config snmp server location WC 19 Console config ...

Page 431: ...ple Network Management Protocol on page 3 35 for further information about these authentication and encryption options port Host UDP port to use Range 1 65535 Default 162 Default Setting Host Address None SNMP Version 1 UDP Port 162 Command Mode Global Configuration Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to send SNMP...

Page 432: ...traps authentication link up down authentication Keyword to issue authentication failure traps link up down Keyword to issue link up or link down traps Default Setting Issue authentication and link up down traps Command Mode Global Configuration Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this devi...

Page 433: ...e engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 1234 is equivalent to 1234 followed by 22 zeroes A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID ...

Page 434: ...p command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes the MIB 2 interfaces table ifDescr The wildcard is used to select all the index values in this table This view includes the MIB 2 interfaces table and the mask selects all index entries Table 4 39 show sn...

Page 435: ...on and privacy See Simple Network Management Protocol on page 3 35 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name defaul...

Page 436: ...de Global Configuration Command Usage A group sets the access policy for the assigned users When authentication is selected the MD5 or SHA algorithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption Example 26 No view is defined 27 Maps to the defaultview Console config snmp server group r d v3 auth write daily Consol...

Page 437: ...ctive Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status...

Page 438: ...e enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with privacy with DES56 encryption priv password Privacy password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password Default Setting None Command Mode Global Configuration Command Usage The SNMP engine ID is used to compute the authentication privacy digests fro...

Page 439: ...s bits to match Default Setting None Command Mode Global Configuration Console config snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config Console show snmp user EngineId 01000000000000000000000000 User Name steve Authentication Protocol md5 Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 42 show snmp user display description ...

Page 440: ...ient IP 10 1 2 3 and client IP group 10 1 3 0 to 10 1 3 255 Related Commands show snmp 4 114 DHCP Commands These commands are used to configure Dynamic Host Configuration Protocol DHCP client relay and server functions You can configure any VLAN interface to be automatically assigned an IP address via DHCP This switch can be configured to relay DHCP client configuration requests to a DHCP server o...

Page 441: ... the requirements of your DHCP server Example Related Commands ip dhcp restart client 4 127 ip dhcp restart client This command submits a BOOTP or DHCP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to re...

Page 442: ...ch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcasts the DHCP response received from the server to the client Console config interface vlan 1 Consol...

Page 443: ...ration VLAN Usage Guidelines You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server To start DHCP relay service enter the ip dhcp restart relay command Example Related Commands ip dhcp restart relay 4 128 Console config interface vlan 1 Console config if ip dhcp relay Console config if end Console show ...

Page 444: ...a DHCP client DC 4 133 dns server Specifies the Domain Name Server DNS servers available to a DHCP client DC 4 134 next server Configures the next server in the boot process of a DHCP client DC 4 134 bootfile Specifies a default boot image for a DHCP client DC 4 135 netbios name server Configures NetBIOS Windows Internet Naming Service WINS name servers available to Microsoft DHCP clients DC 4 135...

Page 445: ... no form to remove the address pool Syntax no ip dhcp pool name name A string or integer Range 1 8 characters Default Setting DHCP address pools are not configured Command Mode Global Configuration Usage Guidelines After executing this command the switch changes to DHCP Pool Configuration mode identified by the config dhcp prompt From this mode first configure address pools for the network interfa...

Page 446: ... by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is found it assigns an address from t...

Page 447: ...outer should be on the same subnet as the client You can specify up to two routers Routers are listed in order of preference starting with address1 as the most preferred router Example domain name This command specifies the domain name for a DHCP client Use the no form to remove the domain name Syntax domain name domain no domain name domain Specifies the domain name of the client Range 1 32 chara...

Page 448: ...ent cannot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred server Example next server This command configures the next server in the boot process of a DHCP client Use the no form to remove the boot server list Syntax no next server address address Specifies the IP address of the next server in the boot process which is typ...

Page 449: ... command configures NetBIOS Windows Internet Naming Service WINS name servers that are available to Microsoft DHCP clients Use the no form to remove the NetBIOS name server list Syntax netbios name server address1 address2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP address of alternate NetBIOS WINS name server Default Setting None...

Page 450: ...ration that an IP address is assigned to a DHCP client Use the no form to restore the default value Syntax lease days hours minutes infinite no lease days Specifies the duration of the lease in numbers of days Range 0 364 hours Specifies the number of hours in the lease A days value must be supplied before you can configure hours Range 0 23 minutes Specifies the number of minutes in the lease A da...

Page 451: ... if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool When searching for a manual binding the switch ...

Page 452: ...x The hexadecimal value Default Setting None Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier and hardware address are configured for a host address the client identifier takes precedence over the hardware address in the search procedure BOOTP clients cannot transmit a client ide...

Page 453: ...net Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bind an address to a BOOTP client you must associate a hardware address with the host entry Example Related Commands host 4 137 clear ip dhcp binding This command deletes an automatic address b...

Page 454: ...CP service to another device Example Related Commands show ip dhcp binding 4 140 show ip dhcp binding This command displays address bindings on the DHCP server Syntax show ip dhcp binding address address Specifies the IP address of the DHCP client for which bindings will be displayed Default Setting None Command Mode Normal Exec Privileged Exec Example Console clear ip dhcp binding Console Console...

Page 455: ...ng IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 4 47 DNS Commands Command Function Mode Page ip host Creates a static host name to address mapping GC 4 141 clear host Deletes entries from the host name to address table PE 4 142 ip domain name Defines a default domain name for incomplete host names GC 4 ...

Page 456: ...ll entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name Syntax ip domain name name no ip domain name name...

Page 457: ...main name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS server on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match If there is no ...

Page 458: ...ddress6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Console config ip domain list sample com jp Console con...

Page 459: ...tax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain Name...

Page 460: ...ileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show hosts Hostname rd5...

Page 461: ...8 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Table 4 48 show dns cache display description Field Description NO The entry number for each resource record FLAG The flag is ...

Page 462: ...d Line Interface 4 148 4 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMAIN Console ...

Page 463: ...nfiguration IC 4 150 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 150 negotiation Enables autonegotiation of a given interface IC 4 151 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 152 flowcontrol Enables flow control on a given interface IC 4 153 media type Force port type selecte...

Page 464: ... The following example adds a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex 1000full 100full 100half 10full 10half no speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps...

Page 465: ...equired mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 4 151 capabilities 4 152 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configur...

Page 466: ...upports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE T...

Page 467: ...IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be in...

Page 468: ...port has a valid link sfp forced Always uses the SFP port even if module not installed sfp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting sfp preferred auto Command Mode Interface Configuration Ethernet Example This forces the switch to use the built in RJ 45 port for the combination port 8 shutdown This command disables an ...

Page 469: ...trol Use the no form to disable broadcast storm control Syntax switchport broadcast packet rate rate no switchport broadcast rate Threshold level as a rate i e packets per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit 500 packets per second Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets ab...

Page 470: ...Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on port 5 C...

Page 471: ...is command see Displaying Connection Status on page 3 78 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled ...

Page 472: ...ard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac t...

Page 473: ...ackets second LACP status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All frames Native VLAN 1 Priority for untagged traffic 0 Gvrp status Disabled Allowed Vlan 1 u Forbidden Vlan Console Table 4 50 show interfaces switchport display description Field Description Br...

Page 474: ...rule Shows if ingress filtering is enabled or disabled page 4 193 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 192 Native VLAN Indicates the default Port VLAN ID page 4 194 Priority for untagged traffic Indicates the default priority for untagged frames page 4 207 Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled pag...

Page 475: ... all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Switch unit 1 po...

Page 476: ...ing traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate output Output rate rate Maximum value in Mbp...

Page 477: ...k can have up to eight ports The ports at both ends of a connection must be configured as trunk ports All ports in a trunk must be configured in an identical manner including communication mode i e speed duplex mode and flow control VLAN assignments and CoS settings All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN via the specified port channel...

Page 478: ...l to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full...

Page 479: ... has been established Console config interface ethernet 1 10 Console config if lacp Console config if exit Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 e8 ...

Page 480: ...t number port channel channel id Range 1 6 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Table 4 54 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a por...

Page 481: ...f this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privileged Exec Example show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table addre...

Page 482: ...0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address table aging time This command sets the aging time for entries in the address table Use the no form to restore the default aging time Syntax mac address table aging time seconds no ...

Page 483: ...gures the spanning tree bridge forward time GC 4 172 spanning tree hello time Configures the spanning tree bridge hello time GC 4 173 spanning tree max age Configures the spanning tree bridge maximum age GC 4 173 spanning tree priority Configures the spanning tree bridge priority GC 4 174 spanning tree path cost method Configures the path cost method for RSTP MSTP GC 4 174 spanning tree transmissi...

Page 484: ...nning tree cost Configures the spanning tree path cost of an interface IC 4 180 spanning tree port priority Configures the spanning tree priority of an interface IC 4 180 spanning tree edge port Enables fast forwarding for edge ports IC 4 181 spanning tree portfast Sets an interface to fast forwarding IC 4 182 spanning tree link type Configures the link type for RSTP MSTP IC 4 183 spanning tree ms...

Page 485: ...are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol mess...

Page 486: ...gures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the ...

Page 487: ...figures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command U...

Page 488: ... Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost method This command configures the path cost method us...

Page 489: ... transmission of consecutive RSTP MSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command chan...

Page 490: ...tance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up...

Page 491: ...sed in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device with the lowest MAC address will then become the root device You can set this switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate...

Page 492: ...vision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Configuration Command Usage The MST region name page 4 177 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such ...

Page 493: ... these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm...

Page 494: ...rface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 174 is set to short the max...

Page 495: ...Interface Configuration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers reta...

Page 496: ...state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tre...

Page 497: ...lex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restriction applies Example spanning tree mst cost This command configures the path cost on a spanning ...

Page 498: ...ce priority Example Related Commands spanning tree mst port priority 4 184 spanning tree mst port priority This command configures the interface priority on a spanning instance in the Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id port priority priority no spanning tree mst instance_id port priority instance_id Instance identifier of the spanning...

Page 499: ...is is device 1 port Port number port channel channel id Range 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the...

Page 500: ... show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning tree confi...

Page 501: ... 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge ...

Page 502: ... show spanning tree mst configuration Mstp Configuration Information Configuration name 00 30 f1 8f d5 50 Revision level 0 Instance VLANs 1 2 Console Table 4 56 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 189 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filter...

Page 503: ...how vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 197 Table 4 57 Commands for Editing VLAN Groups Command Function Mode Page vlan database ...

Page 504: ...he VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs o...

Page 505: ...ers interface configuration mode for a specified VLAN IC 4 191 switchport mode Configures VLAN membership mode for an interface IC 4 192 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 192 switchport ingress filtering Enables ingress filtering on an interface IC 4 193 switchport native vlan Configures the PVID native VLAN of an interface IC 4 194 switch...

Page 506: ...ntagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then set the switchport mode to hybrid Related Commands switchport acceptable frame types 4 192 switchport acceptable frame types This command configures the acceptable frame ty...

Page 507: ...ed Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged fo...

Page 508: ...rface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames enter...

Page 509: ...switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress If none of the intermediate network devices nor the host at the other end of the connection support...

Page 510: ...to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set...

Page 511: ...rivileged Exec Example The following example shows how to display information for VLAN 1 Table 4 59 Commands for Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 197 show interfaces status vlan Displays status for the specified VLAN interface NE PE 4 157 show interfaces switchport Displays the administrative and operational status of an interface NE P...

Page 512: ... A private VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs can exist simultaneously within the same switch Entering the pvlan command without any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables...

Page 513: ... First configure VLAN groups for the protocols you want to use page 4 190 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol ...

Page 514: ... Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types protocol vlan protocol group Configuring Interfaces This command maps a protocol group to a VLAN for the current interface Use the no form to remove the protocol mapping for this interface Syntax protocol vlan protocol group group id vlan vlan id no protoco...

Page 515: ...the protocol type does not match the frame is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax show protocol vlan protocol group group id group i...

Page 516: ...ce interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID VLAN ...

Page 517: ...tches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example Table 4 62 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 203 show bridge ext Shows the global...

Page 518: ...mand enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable Yes ...

Page 519: ...mand sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Ranges join 20 1000 centiseconds leave 60 3000 centiseconds leaveall 500 18000 centiseconds Default Setting join 20 centiseconds leave 60...

Page 520: ...ll leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 206 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Rang...

Page 521: ...y for untagged frames sets queue weights and maps class of service tags to hardware queues 4 207 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4 213 Table 4 64 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 208 switchport priority default Sets a port priori...

Page 522: ...ively Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for e...

Page 523: ...untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags ar...

Page 524: ...idth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues Related Commands show queue bandwidth 4 212 queue cos map This command assigns class of service CoS values to the priority queues i e hardware output queues 0 7 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cos...

Page 525: ...s command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 4 212 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Table 4 65 Default CoS Priority Levels Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Console config inte...

Page 526: ... show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console sh queue mode Wrr status Enabled Console Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 ...

Page 527: ...map ip port Maps TCP UDP socket to a class of service IC 4 214 map ip precedence Enables IP precedence class of service mapping GC 4 214 map ip precedence Maps IP precedence value to a class of service IC 4 215 map ip dscp Enables IP DSCP class of service mapping GC 4 216 map ip dscp Maps IP DSCP value to a class of service IC 4 216 map access list ip Sets the CoS value and corresponding output qu...

Page 528: ... Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration This command enables IP precedence mapping i e IP Type of Service Use the...

Page 529: ...e value Range 0 7 Default Setting The list below shows the default priority mapping Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p st...

Page 530: ... switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally map ip dscp Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map i...

Page 531: ... IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port This command shows the IP port priority map Syntax show map ip port interface interface ethernet unit port unit This is device 1 port Port number port channel...

Page 532: ... 4 213 map ip port Interface Configuration 4 214 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 ...

Page 533: ...rity map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Console ...

Page 534: ...Layer 2 or enabled for specific VLAN interfaces at Layer 3 Layer 2 query is disabled if Layer 3 query is enabled Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 69 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups ...

Page 535: ...an id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Table 4 70 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 221 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 221 ip igmp sn...

Page 536: ...Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This co...

Page 537: ...entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for VLAN 1 Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query in...

Page 538: ...ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Table 4 71 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 224 ip igmp sn...

Page 539: ... have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 226 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch ...

Page 540: ...sponded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 222 ip igmp snooping query max response time 4 226 ip igmp sno...

Page 541: ... port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting No static multicast router ports are configured Command Mode Global Configuration Console config ip igmp snooping router port expire time 300 Con...

Page 542: ...p igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The...

Page 543: ...0 ip igmp query interval Configures frequency for sending host query messages IC 4 230 ip igmp max resp interval Configures the maximum host response time IC 4 231 ip igmp last memb query interval Configures frequency for sending group specific host query messages IC 4 232 ip igmp version Configures IGMP version used on this interface IC 4 232 show ip igmp interface Displays the IGMP configuration...

Page 544: ...ss value is used in calculating the appropriate range for other IGMP variables such as the Group Membership Interval ip igmp last memb query interval page 4 232 as well as the Other Querier Present Interval and the Startup Query Count RFC 2236 Example ip igmp query interval This command configures the frequency at which host query messages are sent Use the no form to restore the default Syntax ip ...

Page 545: ... default Syntax ip igmp max resp interval seconds no ip igmp max resp interval seconds The report delay advertised in IGMP queries Range 1 255 Default Setting 10 seconds Command Mode Interface Configuration VLAN Command Usage The switch must be using IGMPv2 for this command to take effect This command defines how long any responder i e client or router still in the group has to respond to a query ...

Page 546: ...hen checks to see if this was the last host in the group by sending an IGMP query and starting a timer based on this command If no reports are received before the timer expires the group is deleted This value may be tuned to modify the leave latency of the network A reduced value results in reduced time to detect the loss of the last member of a group Example The following shows how to configure t...

Page 547: ...s the IGMP configuration for a specific VLAN interface or for all interfaces Syntax show ip igmp interface vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting None Command Mode Normal Exec Privileged Exec Example The following example shows the IGMP configuration for VLAN 1 as well as the device currently serving as the IGMP querier for this multicast service Console config if ip igmp versio...

Page 548: ...groups from the cache Example The following example clears all multicast group entries for VLAN 1 show ip igmp groups This command displays information on multicast groups active on this switch Syntax show ip igmp groups group address interface vlan vlan id group address IP address of the multicast group vlan id VLAN ID Range 1 4094 Default Setting Displays information for all known groups Command...

Page 549: ...ith subscribers directly attached or downstream from this switch InterfaceVlan The interface on this switch that has received traffic directed to the multicast group address Lastreporter The IP address of the source of the last membership report received for this multicast group address on this interface If no membership report has been received this object has the value 0 0 0 0 Uptime The time el...

Page 550: ...cp secondary no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP secondary Specifies a secondary IP address Table 4 75 IP Interface Commands Command Group Function Page Basic IP Configuration Configures the IP addres...

Page 551: ...s over the network or to connect the router to existing IP subnets You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program An interface can have only one primary IP address but can have...

Page 552: ...blished Command Mode Global Configuration Command Usage The gateway specified in this command is only valid if routing is disabled with the no ip routing command If IP routing is disabled you must define a gateway if the target device is located in a different subnet If routing is enabled you must define the gateway with the ip route command Example The following example defines a default gateway ...

Page 553: ...MP echo request packets to another node on the network Syntax ping host count count size size host IP address or IP alias of the host count Number of packets to send Range 1 16 default 5 size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than the size specified because the router adds header information Console show ip interface Vlan 1 is up ...

Page 554: ... seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 149 Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms r...

Page 555: ... other routers on local network interfaces defined on this router The maximum number of static entries allowed in the ARP cache is 128 You may need to enter a static entry in the cache if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Example Related Commands clea...

Page 556: ...splay the current cache timeout value Example This example sets the ARP cache timeout for 15 minutes i e 900 seconds clear arp cache This command deletes all dynamic entries from the Address Resolution Protocol ARP cache Command Mode Privileged Exec Example This example clears all dynamic entries in the ARP cache show arp Use this command to display entries in the Address Resolution Protocol ARP c...

Page 557: ...on Protocol ARP Use the no form to disable proxy ARP Syntax no ip proxy arp Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage Proxy ARP allows a non routing device to determine the MAC address of a host on another subnet or network Example Console show arp Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 2...

Page 558: ... no form to disable IP routing Syntax no ip routing Default Setting Enabled Command Mode Global Configuration Table 4 78 IP Routing Commands Command Group Function Page Global Routing Configuration Configures global parameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange routing information 4 244 Routing Information Protocol RIP Configures...

Page 559: ... destination network subnetwork or host netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets default Sets this entry as the default route gateway IP address of the gateway used for this route metric Selected RIP cost for this interface Range 1 5 default 1 Removes all static routing table entries Default Setting No static ...

Page 560: ...ocal interface Use the no ip route command to remove a static route Example show ip route This command displays information in the IP routing table Syntax show ip route config address netmask config Displays all static routing entries address IP address of the destination network subnetwork or host for which routing information is to be displayed netmask Network mask for the associated IP subnet T...

Page 561: ...his router Netmask Network mask for the associated IP subnet Next Hop IP address of the next hop or gateway used for this route Protocol The protocol which generated this route information Values static local RIP OSPF Metric Cost for this interface Interface VLAN interface through which this address can be reached Console show ip host route Total count 0 IP address Mac address VLAN Port 192 168 1 ...

Page 562: ... 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 checksum errors Sent 0 total ARP statistics Rcvd 0 requests 1 replies Sent 1 requests 0 replies Console Table 4 82 Routing Information Protocol Commands Command Function Mode Page router rip Enables the RIP routing protocol GC 4 249 timers basic Sets basic timers including update...

Page 563: ... timers basic update seconds no timers basic update seconds Sets the update timer to the specified value sets the timeout time value to 6 times the update time and sets the garbage collection timer to 4 times the update time Range for update timer 15 60 seconds Command Mode Router Configuration ip rip authentication key Enables authentication for RIP2 packets and specifies keys IC 4 255 ipripauthe...

Page 564: ...ry from the routing table This timer allows neighbors to become aware of an invalid route prior to purging it Setting the update timer to a short interval can cause the router to spend an excessive amount of time processing updates These timers must be set to the same values for all routers in the network Example This example sets the update timer to 40 seconds The timeout timer is subsequently se...

Page 565: ...e This example includes network interface 10 1 0 0 in the RIP routing process Related Commands router rip 4 249 neighbor This command defines a neighboring router with which this router will exchange routing information Use the no form to remove an entry Syntax no neighbor ip address ip address IP address to map to a specified hardware address Command Mode Router Configuration Default Setting No n...

Page 566: ...IP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol messages RIP Version 2 configures the unset interfaces to use RIPv2 for both sending and receiving protocol messages When the no form of this command is used to restore the default value any VLAN interface not previously set by the ip rip receive version or ip rip send...

Page 567: ...2 packets Command Usage Use this command to override the global setting specified by the RIP version command You can specify the receive version based on these options Use none if you do not want to add any dynamic entries to the routing table for an interface For example you may only want to allow static routes for a specific interface Use 1 or 2 if all routers in the local network are based on R...

Page 568: ...tting specified by the RIP version command You can specify the receive version based on these options Use none to passively monitor route information advertised by other routers attached to the network Use 1 or 2 if all routers in the local network are based on RIPv1 or RIPv2 respectively Use v2 broadcast to propagate route information by broadcasting to other routers on the network using RIPv2 in...

Page 569: ...etrics to infinity This provides faster convergence Example This example propagates routes back to the source using poison reverse ip rip authentication key This command enables authentication for RIPv2 packets and to specify the key that must be used on an interface Use the no form to prevent authentication Syntax ip rip authentication key key string no ip rip authentication key string A password...

Page 570: ...at a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentication key command page 4 255 This command requires the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For ...

Page 571: ...t the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Console show rip globals RIP Process Enabled Update Time in Seconds 30 Number of Route Change 0 Number of Queries 1 Console Table 4 83 show rip globals display description Field Description RIP Process Indicates if RIP has been...

Page 572: ... RIP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison reverse or no protocol message loopback prevention method is in use Authentication Shows if authentication is set to simple password or none show ip rip status Interface IP address of the interface RcvBadPack...

Page 573: ...ackbone RC 4 270 Interface Configuration ip ospf authentication Specifies the authentication type for an interface IC 4 272 ip ospf authentication key Assigns a simple password to be used by neighboring routers IC 4 273 ip ospf message digest key Enables MD5 authentication and sets the key for an interface IC 4 274 ip ospf cost Specifies the cost of sending a packet on an interface IC 4 275 ip osp...

Page 574: ...mand assigns a unique router ID for this device within the autonomous system Use the no form to use the default router identification method i e the lowest interface address Syntax router id ip address no router id ip address Router ID formatted as an IP address Command Mode Router Configuration Default Setting Lowest interface address show ip ospf summary address Displays all summary address redi...

Page 575: ... the priority values of the routers bidding to be the designated router or backup designated router for an area are equal the router with the highest ID is elected Example Related Commands router ospf 4 260 compatible rfc1583 This command calculates summary route costs using RFC 1583 OSPFv1 Use the no form to calculate costs using RFC 2328 OSPFv2 Syntax no compatible rfc1583 Command Mode Router Co...

Page 576: ... i e an Autonomous System this router automatically becomes an Autonomous System Boundary Router ASBR However an ASBR does not by default generate a default route into the routing domain If you use the always keyword the router will advertise itself as a default external route into the AS even if a default external route does not actually exist To define a default route use the ip route command If...

Page 577: ...s spf spf holdtime no timers spf spf holdtime Minimum time between two consecutive SPF calculations Range 0 65535 seconds Command Mode Router Configuration Default Setting 10 seconds Command Usage Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations Using a low value allows the router to switch to a new path faster but uses more CPU processing time Example Co...

Page 578: ...can be used to advertise routes between areas If routes are set to be advertised the router will issue a Type 3 summary LSA for each address range specified with this command This router supports up 64 summary routes for area ranges Example This example creates a summary address for all area routes in the range of 10 2 x x area default cost This command specifies a cost for the default summary rou...

Page 579: ...dress Summary address covering a range of addresses netmask Network mask for the summary route Command Mode Router Configuration Default Setting Disabled Command Usage An Autonomous System Boundary Router ASBR can redistribute routes learned from other protocols by advertising an aggregate route into all attached autonomous systems This router supports up 16 Type 5 summary routes Example This exam...

Page 580: ...or both RIP and static routes When you redistribute external routes into an OSPF autonomous system AS the router automatically becomes an autonomous system boundary router ASBR If the redistribute command is used in conjunction with the default information originate command to generate a default external route into the AS the metric value specified in this command supersedes the metric specified i...

Page 581: ...work mask to add one or more interfaces to an area Be sure to include the primary address for an interface in the network area otherwise OSPF will not operate for any secondary addresses covered by the command An interface can only be assigned to a single area If an address range is overlapped in subsequent network area commands the router will implement the address range for the area specified in...

Page 582: ...ID Routing table space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that advertise the default route for destinations external to the local area or the autonomous system Use the area default cost command to specify the cost of a default summary route sent into a stub ...

Page 583: ...de Router Configuration Default Setting No NSSA is configured Command Usage All routers in a NSSA must be configured with the same area ID An NSSA is similar to a stub because when the router is an ABR it can send a default route for other areas in the AS into the NSSA using the default information originate keyword However an NSSA is different from a stub because when the router is an ASBR it can...

Page 584: ...authentication key If message digest authentication is specified then the message digest key and md5 parameters must also be specified If the null option is specified then no authentication is performed on any OSPF routing protocol messages message digest Specifies message digest MD5 authentication null Indicates that no authentication is used hello interval seconds Specifies the transmit delay be...

Page 585: ...o be used to authenticate protocol messages passed between neighboring routers and this router when using message digest MD5 authentication The key id is an integer from 1 255 and the key is an alphanumeric string up to 16 characters long If MD5 authentication is used on a virtual link then it must be enabled on all routers within an autonomous system and the key identifier and key must also be th...

Page 586: ...ication Command Usage Before specifying plain text password authentication for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command The plain text authentication key or the MD5 key id and key must be used consistently throughout the ...

Page 587: ...pecifying plain text password authentication for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command A different password can be assigned to each network interface basis but the password must be used consistently on all neighboring ...

Page 588: ...tbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new key Once all the neighboring routers start sending protocol messages back to this router with the new key the router will stop using the old key This...

Page 589: ...than 1 Example ip ospf dead interval This command sets the interval at which hello packets are not seen before neighbors declare the router down Use the no form to restore the default value Syntax ip ospf dead interval seconds no ip ospf dead interval seconds The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down This interval must be set t...

Page 590: ...conds Command Usage Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic Example ip ospf priority This command sets the router priority used when determining the designated router DR and backup designated router BDR for an area Use ...

Page 591: ...pecifies the time between resending link state advertisements LSAs Use the no form to restore the default value Syntax ip ospf retransmit interval seconds no ip ospf retransmit interval seconds Sets the interval at which LSAs are retransmitted from this interface Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 5 seconds Command Usage A router will resend an LSA to a neighbo...

Page 592: ...ay according to link speed using larger values for lower speed links The transmit delay must be the same for all routers attached to an autonomous system Example show ip ospf This command shows basic information about the routing configuration Command Mode Privileged Exec Example Console config interface vlan 1 Console config if ip ospf transmit delay 6 Console config if Console show ip ospf Routi...

Page 593: ...SSA or stub Number of interfaces The number of interfaces attached to this area SPF algorithm executed The number of times the shortest path first algorithm has been executed for this area Console show ip ospf border routers Destination Next Hop Cost Type RteType Area SPF No 10 1 1 252 10 1 1 253 0 ABR INTRA 10 1 0 0 3 10 2 6 252 10 2 9 253 0 ASBR INTER 10 2 0 0 7 Console Table 4 87 show ip ospf b...

Page 594: ...iginate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router ip address show ip ospf area id database summary link state id self originate link state id area id Area defined for which you want to view LSA information This item must be entered in the form of an IP a...

Page 595: ...252 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 28 0X80000001 0X53E1 Console Table 4 88 show ip ospf database display description Field Description Link ID Router ID ADV Router Advertising router ID Age Age of LSA in seconds Seq Sequence number of LSA used to detect older duplicat...

Page 596: ...work Mask 255 255 255 0 Metric 1 Console Table 4 89 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to AS boundary routers Link State ID Interface address of the autonomous system boundary router Advertising Router Advertising router...

Page 597: ...sa 2 1 1 0 0 0 Total LSA Counts 4 Console Table 4 90 show ip ospf database summary display description Field Description Area ID Area identifier Router Number of router LSAs Network Number of network LSAs Sum Net Number of summary LSAs Sum ASBR Number of summary ASBR LSAs External AS Number of autonomous system external LSAs External Nssa Number of NSSA external network LSAs Total LSA Counts Total...

Page 598: ...sociated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Number Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs LS Checksum Checksum of the complete contents of the LSA Length The length of th...

Page 599: ...Router 10 1 1 253 Console Table 4 92 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Network Link LSA describes the routers attached to the network Link State ID Interface address of the designated router Advertising Router Advertising router ID LS Sequence Number Sequence...

Page 600: ...isplay description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Router Link LSA describes the router s interfaces Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs LS Checksum Chec...

Page 601: ...ber 80000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 4 94 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to networks Link State ID Router ID of the router that originated the LSA Advertising Router ...

Page 602: ...s of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which this interface belongs Router ID Router ID Network Type Includes broadcast non broadcast or point to point networks Cost Interface transmit cost Transmit Delay Interface transmit delay in seconds State Disabled OSPF not enabled on this interface Down OSPF is enabled on ...

Page 603: ...router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA datab...

Page 604: ...mmands area virtual link 4 270 Console show ip ospf summary address 10 1 0 0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit Delay is 1 sec Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Table 4 97 show ip ospf virtual links display description Field Description Virtual Link to router OSPF neighbor and ...

Page 605: ...cast Routing Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Table 4 98 Multicast Routing Commands Command Groups Fun...

Page 606: ...1 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port type...

Page 607: ...ting using the ip dvmrp or ip pim dense mode commands Example show ip mroute This command displays the IP multicast routing table Syntax show ip mroute group address source summary group address An IP multicast group address with subscribers directly attached or downstream from this router source The IP subnetwork at the root of the multicast delivery tree This subnetwork contains a known multicas...

Page 608: ...ulticast Routing Table Flags P Prune F Forwarding 192 111 46 0 255 255 255 0 224 0 255 3 Owner DVMPR Upstream Interface vlan1 Upstream Router 148 122 34 9 Downstream vlan2 P vlan3 F Console Table 4 101 show ip mroute display description Field Description Source and netmask Subnetwork containing the IP multicast source Group address IP multicast group address for a requested service Owner The assoc...

Page 609: ...delay before declaring an attached neighbor router down RC 4 297 report interval Sets the interval for propagating the complete set of routing tables to other neighbor routers RC 4 297 flash update interval Sets the interval for sending updates about changes to network topology RC 4 298 prune lifetime Defines how long a prune state remains in effect for a source routed multicast tree RC 4 298 defa...

Page 610: ...01 probe interval This command sets the interval for sending neighbor probe messages to the multicast group address for all DVMRP routers Use the no form to restore the default value Syntax probe interval seconds no probe interval seconds Interval between sending neighbor probe messages Range 1 65535 Default Setting 10 seconds Command Mode Router Configuration Console config router dvmrp Console c...

Page 611: ...before declaring a neighbor dead Range 1 65535 Default Setting 35 seconds Command Mode Router Configuration Command Usage This command is used for timing out routes and for setting the children and leaf flags Example report interval This command specifies how often to propagate the complete set of routing tables to other neighbor DVMRP routers Use the no form to restore the default value Syntax re...

Page 612: ...and Mode Router Configuration Example prune lifetime This command specifies how long a prune state will remain in effect for a multicast tree Use the no form to restore the default value Syntax prune lifetime seconds no prune lifetime seconds Prune state lifetime Range 1 65535 Default Setting 7200 seconds Command Mode Router Configuration Command Usage This command sets the prune state lifetime Af...

Page 613: ...n the router receives these messages it records all the downstream routers for the default route When multicast traffic with an unknown source address i e not found in the route table is received on the default upstream route interface the router forwards this traffic out through the other interfaces with known downstream routers However when multicast traffic with an unknown source address is rec...

Page 614: ...etric used in selecting the reverse path to networks connected directly to an interface on this router Use the no form to restore the default value Syntax ip dvmrp metric interface metric no ip dvmrp metric interface metric Metric used to select the best reverse path Range 1 31 Default Setting 1 Command Mode Interface Configuration VLAN Command Usage The DVMRP interface metric is used to choose th...

Page 615: ...ommand displays the global DVMRP settings described in the preceding pages Admin Status router dvmrp page 4 295 Probe Interval page 4 296 Nbr Expire page 4 297 Minimum Flash Update Interval page 4 298 Prune Lifetime page 4 298 Route Report page 4 297 Default Gateway page 4 299 Metric of Default Gateway page 4 300 Console config interface vlan 1 Console config if ip dvmrp metric 2 Console config if...

Page 616: ...0 10 1 1 0 255 255 255 0 10 1 1 253 vlan2 1 84987 0 10 1 8 0 255 255 255 0 10 1 0 254 vlan1 2 19729 97 Console Table 4 103 show ip dvmrp route display description Field Description Source IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Mask Subnet mask that is used for the source address This mask identifies the host address b...

Page 617: ...icast delivery tree Interface The IP interface on this router that connects to the upstream neighbor Uptime The time since this device last became a DVMRP neighbor Expire The time remaining before this entry will be aged out Capabilities The neighboring router s capabilities may include Leaf bit 0 Neighbor has only one interface with neighbors Prune bit 1 Neighbor supports pruning Generation ID bi...

Page 618: ...e mode Enables PIM on the specified interface IC 4 305 ip pim hello interval Sets the interval between sending PIM hello messages IC 4 306 ip pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead IC 4 306 ip pim trigger hello interval Sets the maximum time before sending a triggered PIM Hello message IC 4 307 ip pim join prune holdtime C...

Page 619: ...IM on an interface you should also enable IGMP on that interface Dense mode interfaces are subject to multicast flooding by default and are only removed from the multicast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a downstream router Example Console config router pim Console show router pim Admin Status E...

Page 620: ...received probes and are used to verify whether or not these neighbors are still active members of the multicast tree Example ip pim hello holdtime This command configures the interval to wait for hello messages from a neighboring PIM router before declaring it dead Use the no form to restore the default value Syntax ip pim hello holdtime seconds no ip pim hello interval seconds The hold time for P...

Page 621: ...ce the hello interval is set to random value between 0 and the trigger hello interval This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is received from a new neighbor the receiving router will send its own Hello message after a random delay between 0 and the trigger hello interval Example ip pim join pru...

Page 622: ... configures the time to wait for a Graft acknowledgement before resending a Graft Use the no form to restore the default value Syntax ip pim graft retry interval seconds no ip pim graft retry interval seconds The time before resending a Graft Range 0 65535 Default Setting 3 seconds Command Mode Interface Configuration VLAN Command Usage A graft message is sent by a router to cancel a prune state W...

Page 623: ... This command displays the global PIM configuration settings Command Mode Normal Exec Privileged Exec Example show ip pim interface This command displays information about interfaces configured for PIM Syntax show ip pim interface vlan id vlan id VLAN ID Range 1 4094 Command Mode Normal Exec Privileged Exec Command Usage This command displays the PIM settings for the specified interface as describ...

Page 624: ...lo time interval is 5 sec Hello holdtime is 105 sec Join Prune holdtime is 210 sec Graft retry interval is 3 sec max graft retries is 2 DR Internet address is 10 1 0 254 neighbor count is 1 Console Console show ip pim neighbor Address VLAN Interface Uptime Expire Mode 10 1 0 254 1 17 38 16 00 01 25 Dense Console Table 4 106 show ip pim neighbor display description Field Description Address IP addr...

Page 625: ...oups Function Page Virtual Router Redundancy Protocol Configures interface settings for VRRP 4 311 Hot Standby Router Protocol Configures interface settings for HSRP 4 320 Table 4 108 VRRP Commands Command Function Mode Page vrrp ip Enables VRRP and sets the IP address of the virtual router IC 4 312 vrrp authentication key Configures a key used to authenticate VRRP packets received from other rout...

Page 626: ...l be the Owner In other words the IP address specified in this command must already exist on one and only one router in the virtual router group and the network mask for the virtual router address is derived from the Owner The Owner will also assume the role of the Master virtual router in the group If you have multiple secondary addresses configured on the current VLAN interface you can use this ...

Page 627: ...cket is received from another router in the group its authentication key is compared to the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to prevent a misconfigured router from participating in VRRP Example vrrp priority This command sets the priority of ...

Page 628: ... on line this backup router will take over as the new acting master However note that if the original master i e the owner of the VRRP IP address comes back on line it will always resume control as the master Example Related Commands vrrp preempt 4 315 vrrp timers advertise This command sets the interval at which the master virtual router sends advertisements communicating its state as the master ...

Page 629: ...p preempt group Identifies the VRRP group Range 1 255 seconds The time to wait before issuing a claim to become the master Range 0 120 seconds Default Setting Preempt Enabled Delay 0 seconds Command Mode Interface VLAN Command Usage If preempt is enabled and this backup router has a priority higher than the current acting master it will take over as the new master However note that if the original...

Page 630: ... router Use this command with the brief keyword to display a summary of status information for all VRRP groups configured on this router Specify a group number to display status information for a specific group Example This example displays the full listing of status information for all groups Console show vrrp Vlan 1 Group 1 state Master Virtual IP address 192 168 1 6 Virtual MAC address 00 00 5E...

Page 631: ...o authenticate VRRP packets received from other routers Master Router IP address of the router currently acting as the VRRP group master Master priority The priority of the router currently acting as the VRRP group master Master Advertisement interval The advertisement interval configured on the VRRP master Master down interval The down interval configured on the VRRP master This interval is used ...

Page 632: ...ers for errors found in VRRP protocol packets Command Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp interface vlan 1 Vlan 1 Group 1 state Master Virtual IP address 192 168 1 6 Virtual MAC address 00 00 5E 00 01 01 Advertisement interval 5 sec Preemption enabled Min delay 10 sec Priority 1 Authent...

Page 633: ...p group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 Console show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER 6 Total Number of Received Advertisements Packets 0 Total Number of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Pa...

Page 634: ...nds Command Function Mode Page standby ip Enables HSRP IC 4 321 standby priority Sets the priority of this router in the HSRP group IC 4 322 standby preempt Configures the router to take over as master virtual router for an HSRP group if it has a higher priority than the current master virtual router IC 4 323 standby authentication Configures a key used to authenticate HSRP packets received from o...

Page 635: ...s is not specified the designated address is learned through the exchange of HSRP messages Note that the designated address cannot be the same as a physical address The subnet mask for the physical interface on which the designated address is configured is used as the subnet mask of the designated address The interfaces of all routers participating in a virtual router group must be within the same...

Page 636: ...riginal master router recovers it will become the active master router again if the configured priorities have not been changed If two or more routers are configured with the same HSRP priority the router with the higher IP address is elected as the new master router if the current master fails The priority setting takes precedence over authentication In other words if a router with a higher prior...

Page 637: ...VLAN Command Usage If preempt is enabled and this router has a priority higher than the current acting master it will take over as the new master If preempt is not enabled this router will only take over if it has the highest priority in the group and the current master stops sending hello messages or sends other messages indicating that it is no longer acting as the designated router The delay ca...

Page 638: ...r in the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded If the authentication strings do not match this router will not be able to learn the designated address for the group and timer values from other routers However even if authentication fails this cannot prevent a router from tak...

Page 639: ...on about their priority timer values and current state as the master or standby router Routers on which the timer settings have not been configured can learn the current timer values from the master or standby router Timers configured on the master router always override any other timer settings All routers in an HSRP group should be configured with the same timer values If the master router stops...

Page 640: ...en a tracked interface goes down the HSRP router priority decreases by the specified value and increases by the same value when it comes back up You can specify up to 32 interfaces to be tracked If you specify a VLAN interface that has not been configured with an IP address this command will not affect the HSRP router priority If you configure multiple tracked interfaces and also set the interface...

Page 641: ...Active router is local Standby router is unknown Standby virtual mac address is 0 0 C 7 AC 1 Authentication text bluebird Tracking interface states for 1 interfaces 0 up Down Vlan2 5 Console Table 4 112 show standby display description Field Description Local state State of the local router Active Current master router Standby Designated backup router next in line to take over as the master router...

Page 642: ...ess is display it indicates the current standby router Standby virtual mac address The virtual MAC address for this HSRP group This is always 0000 0C07 ACxy where xy is the hexadecimal value of the group number Authentication text Key used to authenticate HSRP packets received from other routers Tracking interface states List of interfaces that are being tracked and their corresponding states Cons...

Page 643: ...led information for each group Command Mode Privileged Exec Example This example displays the full listing of status information for VLAN 1 For a description of the displayed information see the preceding show standby command Console show standby interface vlan 1 group 1 Vlan 1 Group 1 Local State is Active priority 5 confgd 10 may preempt Preemption delayed for 10 secs Hellotime 6 sec holdtime 18...

Page 644: ...Command Line Interface 4 330 4 ...

Page 645: ...led above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Protocol Spanning Tree Protocol STP IEEE 802 1D Rapid Spanning Tree Protocol RSTP IEEE 802 1w Multiple Spanning Tree Protocol MS...

Page 646: ...MTP Email Alerts Management Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic p...

Page 647: ...aft ietf idmr pim dm 06 RADIUS RFC 2618 RIP RFC 1058 RIPv2 RFC 2453 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 VRRP RFC 2338 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 DVMRP MIB Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 IP Forwarding Table ...

Page 648: ...IP2 MIB RFC 2453 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP framework MIB RFC 2571 SNMP MPD MIB RFC 2572 SNMP Target MIB SNMP Notification MIB RFC 2573 SNMP User Based SM MIB RFC 2574 SNMP View Based ACM MIB RFC 2575 SNMP Community MIB RFC 2576 TACACS Authentication Client MIB TCP MIB RFC 2013 Trap RFC 1215 UDP MIB RFC 2012 VRRP MIB RFC 2787 ...

Page 649: ...t Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Be sure the control parameters for the SSH server are properly configured on the switch and that the SSH client software is properly configured...

Page 650: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 651: ...m the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Bas...

Page 652: ...ter and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registration Protocol Generic Multicast Registration Protocol GMRP GMRP allows network devices to register end stations with multicast groups GMRP requires that any parti...

Page 653: ...een IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IGMP Query On each subnetwork one IGMP capable device will act as the querier that is the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong The elected querier will be the device with the lowest IP address in the subnetwork Internet Control Me...

Page 654: ...nications Protocol This layer handles the routing functions for data moving from one open system to another Link Aggregation See Port Trunk Link Aggregation Control Protocol LACP Allows ports to automatically negotiate a trunked link with LACP configured ports on another device Management Information Base MIB An acronym for Management Information Base It is a set of database objects that contains ...

Page 655: ...k Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports Protocol Independent Multicasting PIM This m...

Page 656: ...elnet SSH can authenticate users with a cryptographic key and encrypt data connections between management clients and the switch Simple Mail Transfer Protocol SMTP A standard host to host mail transport protocol that operates over TCP port 25 Simple Network Management Protocol SNMP The application protocol in the Internet suite of protocols which offers network management services Simple Network T...

Page 657: ...ed before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as th...

Page 658: ...Glossary Glossary 8 ...

Page 659: ...ities 3 144 4 213 queue mapping 3 140 4 210 queue mode 3 142 4 208 traffic class weights 3 142 4 210 D default gateway configuration 3 16 3 196 4 238 default priority ingress port 3 138 4 209 default settings system 1 6 DHCP 3 18 4 236 address pool 3 173 4 131 client 3 16 4 126 4 141 dynamic configuration 2 5 relay service 3 169 4 128 server 3 171 4 130 Differentiated Code Point Service See DSCP D...

Page 660: ...54 4 224 query Layer 3 3 160 4 229 services displaying 3 163 4 235 snooping 3 153 4 221 snooping configuring 3 154 4 221 ingress filtering 3 132 4 193 IP address BOOTP DHCP 3 18 4 127 4 236 setting 2 4 3 15 4 236 IP port priority enabling 3 148 4 213 mapping priorities 3 148 4 214 IP precedence enabling 3 144 4 214 mapping priorities 3 145 4 215 IP routing 3 193 4 244 configuring interfaces 3 197 ...

Page 661: ...word line 4 13 passwords 2 4 administrator setting 3 44 4 27 path cost 3 106 3 113 method 3 110 4 174 STA 3 106 3 113 4 174 PIM DM 3 260 4 304 configuring 3 260 4 304 global configuration 3 260 4 304 interface settings 3 261 4 305 4 309 neighbor routers 3 264 4 310 port authentication 3 57 4 79 port priority configuring 3 138 4 207 default ingress 3 138 4 209 STA 3 114 4 180 port security configur...

Page 662: ...106 3 113 4 180 path cost method 3 110 4 174 port priority 3 114 4 180 protocol migration 3 116 4 185 transmission limit 3 110 4 175 standards IEEE A 2 startup files creating 3 23 4 64 displaying 3 20 4 58 setting 3 20 4 69 static addresses setting 3 101 4 166 static routes configuring 3 211 4 245 statistics ARP 3 204 4 248 ICMP 3 207 4 248 IP 3 205 4 248 port 3 97 4 158 RIP 3 220 4 258 TCP 3 210 ...

Page 663: ...tication 3 181 4 313 configuration settings 3 179 4 311 group statistics 3 185 4 316 preemption 3 180 3 181 4 315 priority 3 180 3 181 4 313 protocol message statistics 3 184 4 318 timers 3 181 4 314 virtual address 3 179 3 181 4 312 W Web interface access requirements 3 1 configuration buttons 3 3 home page 3 2 menu list 3 4 panel display 3 3 ...

Page 664: ...Index 6 Index ...

Page 665: ......

Page 666: ...ES4612 E092004 R01 150000046400A ...

Reviews:

No comments