manualshive.com logo in svg

Edge-Core ES4625, Management Manual, Page: 421 / 674

Share
Download
Edge-Core ES4625 Management Manual Download Page 421

Access Control List Commands

4-93

4

Related Commands

access-list ip (4-89)

show ip access-list 

This command displays the rules for configured IP ACLs.

Syntax

show ip access-list 

{

standard 

extended

} [

acl_name

]

standard

 – Specifies a standard IP ACL.

extended

 – Specifies an extended IP ACL.

acl_name

 – Name of the ACL. (Maximum length: 16 characters)

Command Mode

Privileged Exec

Example 

Related Commands

permit, deny 4-90
ip access-group (4-98)

access-list ip mask-precedence 

This command changes to the IP Mask mode used to configure access control 
masks. Use the 

no

 form to delete the mask table.

Syntax

[

no

]

 access-list ip mask-precedence 

{

in 

out

}

in

 – Ingress mask for ingress ACLs.

out

 – Egress mask for egress ACLs.

Default Setting

Default system mask: Filter inbound packets according to specified IP ACLs.

Command Mode

Global Configuration

Command Usage

• A mask can only be used by all ingress ACLs or all egress ACLs.
• The precedence of the ACL rules applied to a packet is not determined by 

order of the rules, but instead by the order of the masks; i.e., the first mask 
that matches a rule will determine the rule that is applied to a packet.

Console#show ip access-list standard
IP standard access-list david:

permit host 10.1.1.21
permit 168.92.0.0 255.255.15.0

Console#

Summary of Contents for ES4625

Page 1: ...Powered by Accton Management Guide ES4625 ES4649 24 48 Port Gigabit Ethernet Stackable Layer 3 Switch...

Page 2: ......

Page 3: ...Management Guide Gigabit Ethernet Switch Layer 3 Switch with 20 44 RJ 45 Ports 4 Combination Ports SFP RJ 45 1 Extender Module Slot and 2 Stacking Ports...

Page 4: ...ES4625 ES4649 F3 1 1 21 E042005 R01 149100022900A...

Page 5: ...Resilient Configuration 2 5 Renumbering the Stack 2 5 Stack Limitations 2 5 Basic Configuration 2 6 Console Connection 2 6 Setting Passwords 2 7 Setting an IP Address 2 7 Manual Configuration 2 7 Dyn...

Page 6: ...e System Clock 3 35 Configuring SNTP 3 35 Setting the Time Zone 3 36 Simple Network Management Protocol 3 37 Enabling the SNMP Agent 3 39 Setting Community Access Strings 3 39 Specifying Trap Managers...

Page 7: ...arameters 3 97 Displaying LACP Port Counters 3 100 Displaying LACP Settings and Status for the Local Side 3 101 Displaying LACP Settings and Status for the Remote Side 3 103 Setting Broadcast Storm Th...

Page 8: ...Priority 3 158 Mapping IP Port Priority 3 160 Quality of Service 3 161 Configuring Quality of Service Parameters 3 162 Configuring a Class Map 3 162 Creating QoS Policies 3 165 Attaching a Policy Map...

Page 9: ...Local ARP Entries 3 214 Displaying ARP Statistics 3 215 Displaying Statistics for IP Protocols 3 216 IP Statistics 3 216 ICMP Statistics 3 218 UDP Statistics 3 220 TCP Statistics 3 221 Configuring St...

Page 10: ...M Interface Settings 3 272 Displaying Interface Information 3 275 Displaying Neighbor Information 3 275 Chapter 4 Command Line Interface 4 1 Using the Command Line Interface 4 1 Accessing the CLI 4 1...

Page 11: ...sername 4 27 enable password 4 28 IP Filter Commands 4 29 management 4 29 show management 4 30 Web Server Commands 4 31 ip http port 4 31 ip http server 4 31 ip http secure server 4 32 ip http secure...

Page 12: ...4 52 Time Commands 4 53 sntp client 4 53 sntp server 4 54 sntp poll 4 55 show sntp 4 55 clock timezone 4 56 calendar set 4 56 show calendar 4 57 System Status Commands 4 57 show startup config 4 57 sh...

Page 13: ...dot1x timeout quiet period 4 83 dot1x timeout re authperiod 4 84 dot1x timeout tx period 4 84 show dot1x 4 85 Access Control List Commands 4 87 IP ACLs 4 89 access list ip 4 89 permit deny Standard AC...

Page 14: ...mp user 4 120 DHCP Commands 4 121 DHCP Client 4 121 ip dhcp client identifier 4 121 ip dhcp restart client 4 122 DHCP Relay 4 123 ip dhcp restart relay 4 123 ip dhcp relay server 4 124 DHCP Server 4 1...

Page 15: ...t 4 152 Mirror Port Commands 4 154 port monitor 4 154 show port monitor 4 155 Rate Limit Commands 4 156 rate limit 4 156 Link Aggregation Commands 4 157 channel group 4 158 lacp 4 159 lacp system prio...

Page 16: ...ow spanning tree mst configuration 4 188 VLAN Commands 4 188 Editing VLAN Groups 4 188 vlan database 4 189 vlan 4 189 Configuring VLAN Interfaces 4 190 interface vlan 4 190 switchport mode 4 191 switc...

Page 17: ...cedence Interface Configuration 4 213 map ip dscp Global Configuration 4 214 map ip dscp Interface Configuration 4 214 show map ip port 4 215 show map ip precedence 4 216 show map ip dscp 4 217 Qualit...

Page 18: ...ip igmp group 4 239 show ip igmp groups 4 240 IP Interface Commands 4 241 Basic IP Configuration 4 241 ip address 4 242 ip default gateway 4 243 show ip interface 4 244 show ip redirects 4 244 ping 4...

Page 19: ...ospf message digest key 4 278 ip ospf cost 4 279 ip ospf dead interval 4 279 ip ospf hello interval 4 280 ip ospf priority 4 280 ip ospf retransmit interval 4 281 ip ospf transmit delay 4 282 show ip...

Page 20: ...p pim hello holdtime 4 310 ip pim trigger hello interval 4 311 ip pim join prune holdtime 4 311 ip pim graft retry interval 4 312 ip pim max graft retries 4 312 show router pim 4 313 show ip pim inter...

Page 21: ...re Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using...

Page 22: ...Contents xxii...

Page 23: ...Table 3 16 Address Resolution Protocol 3 210 Table 3 17 ARP Statistics 3 215 Table 3 18 IP Statistics 3 216 Table 3 19 ICMP Statistics 3 218 Table 3 20 USP Statistics 3 220 Table 3 21 TCP Statistics...

Page 24: ...ow snmp view display description 4 116 Table 4 40 show snmp group display description 4 118 Table 4 41 show snmp user display description 4 120 Table 4 42 DHCP Commands 4 121 Table 4 43 DHCP Client Co...

Page 25: ...ay description 4 252 Table 4 86 Routing Information Protocol Commands 4 254 Table 4 87 show rip globals display description 4 262 Table 4 88 show ip rip display description 4 263 Table 4 89 Open Short...

Page 26: ...st Routing Commands 4 308 Table 4 110 show ip pim neighbor display description 4 314 Table 4 111 Router Redundancy Commands 4 314 Table 4 112 VRRP Commands 4 315 Table 4 113 show vrrp display descript...

Page 27: ...emote Logs 3 31 Figure 3 19 Displaying Logs 3 32 Figure 3 20 Enabling and Configuring SMTP Alerts 3 33 Figure 3 21 Renumbering the Stack 3 34 Figure 3 22 Resetting the System 3 35 Figure 3 23 SNTP Con...

Page 28: ...105 Figure 3 62 Mirror Port Configuration 3 106 Figure 3 63 Rate Limit Configuration 3 107 Figure 3 64 Port Statistics 3 111 Figure 3 65 Static Addresses 3 113 Figure 3 66 Dynamic Addresses 3 114 Fig...

Page 29: ...Host Table 3 184 Figure 3 107 DNS Cache 3 185 Figure 3 108 DHCP Relay Configuration 3 187 Figure 3 109 DHCP Server General Configuration 3 189 Figure 3 110 DHCP Server Pool Configuration 3 191 Figure...

Page 30: ...Configuration 3 252 Figure 3 143 OSPF Redistribute Configuration 3 254 Figure 3 144 OSPF NSSA Settings 3 255 Figure 3 145 OSPF Link State Database Information 3 257 Figure 3 146 OSPF Border Router Inf...

Page 31: ...rver Supported DNS Client and proxy service Port Configuration Speed and duplex mode Rate Limiting Input and output rate limiting per port Port Mirroring One or more ports mirrored to single analysis...

Page 32: ...tion Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the switch and the authentication server to verify the client s right to access the netwo...

Page 33: ...ditional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 32 trunks Broadcas...

Page 34: ...e same collision domain regardless of their physical location or connection point in the network The switch supports tagged VLANs based on the IEEE 802 1Q standard Members of VLAN groups can be dynami...

Page 35: ...over the workload if the master fails or to load share the traffic The primary goal of this protocol is to allow a host device which has been configured with a fixed gateway to maintain network conne...

Page 36: ...M Dense Mode and Sparse Mode PIM is a very simple protocol that uses the routing table of the unicast routing protocol enabled on an interface Dense Mode is designed for areas where the probability of...

Page 37: ...r 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Community Strings public read only private read write Traps Authentication traps enabled Link up down events enabled...

Page 38: ...tion Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings Manage...

Page 39: ...d Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled There are interoperability proble...

Page 40: ...Introduction 1 10 1...

Page 41: ...S 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits...

Page 42: ...ble to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 seria...

Page 43: ...work The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management softw...

Page 44: ...cted as the Backup unit If you want to ensure a logical fail over to next unit down in the stack place the Slave unit with the lowest MAC address directly beneath the Master unit in the stack Recoveri...

Page 45: ...d include port members on several units within the primary VLAN used for stack management Resilient Configuration If a unit in the stack fails the unit numbers will not change This means that when you...

Page 46: ...aded if the newly added module firmware version is different from the current runtime firmware If you see this message you will have to reload the current firmware to switch as indicating in the previ...

Page 47: ...be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the stack s master uni...

Page 48: ...ore need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values c...

Page 49: ...ts To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string t...

Page 50: ...there are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To confi...

Page 51: ...ple Network Management Protocol on page 3 37 or refer to the specific CLI commands for SNMP starting on page 4 107 Saving Configuration Settings Configuration commands only modify the running configur...

Page 52: ...file which is then used to boot the stack See Saving or Restoring Configuration Settings on page 3 22 for more information See Saving or Restoring Configuration Settings on page 3 23 for more informa...

Page 53: ...Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwor...

Page 54: ...Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Informati...

Page 55: ...ave to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set t...

Page 56: ...ansfer and copying files 3 20 Delete Allows deletion of files from the flash memory 3 20 Set Startup Sets the startup file 3 20 Line 3 25 Console Sets console port connection parameters 3 25 Telnet Se...

Page 57: ...maximum allowed MAC addresses 3 65 802 1X Port authentication 3 67 Information Displays global configuration settings 3 68 Configuration Configures global configuration parameters 3 69 Port Configura...

Page 58: ...e output rate limit for each trunk 3 107 Port Statistics Lists Ethernet and RMON port statistics 3 108 Address Table 3 112 Static Addresses Displays entries for interface address or VLAN 3 112 Dynamic...

Page 59: ...specifying the supported protocols 3 148 Port Configuration Maps a protocol group to a VLAN 3 149 Priority 3 150 Default Port Priority Sets the default priority for each port 3 150 Default Trunk Prior...

Page 60: ...ember Port Table Indicates multicast addresses associated with the selected VLAN 3 176 DNS 3 181 General Configuration Enables DNS configures domain name and domain list and specifies IP address of na...

Page 61: ...f traffic protocol errors and the number of echoes timestamps and address masks 3 218 UDP Shows statistics for UDP including the amount of traffic and errors 3 220 TCP Shows statistics for TCP includi...

Page 62: ...nk through a transit area to the backbone 3 247 Network Area Address Configuration Defines OSPF areas and associated interfaces 3 249 Summary Address Configuration Aggregates routes learned from other...

Page 63: ...nterface Settings Enables or disables PIM DM per interface configures protocol settings for hello prune and graft messages 3 272 Interface Information Displays summary information for each interface 3...

Page 64: ...ent access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TC...

Page 65: ...Test POST and boot code Console config hostname R D 5 4 26 Console config snmp server location WC 9 4 110 Console config snmp server contact Ted 4 109 Console config exit Console show system 4 61 Sys...

Page 66: ...ays the status of the redundant power supply Web Click System Switch Information Figure 3 4 Switch Information CLI Use the following command to display version information Console show version 4 62 Un...

Page 67: ...tering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 112 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering data...

Page 68: ...between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo...

Page 69: ...nterfaces you must configure static routes page 3 222 or use dynamic routing i e either RIP page 3 224 or OSPF page 3 234 The precedence for configuring IP interfaces is the IP General Routing Interfa...

Page 70: ...igure 3 7 IP Interface Configuration Manual Click IP Global Setting If this stack and management stations exist on other network segments then specify the default gateway and click Apply Figure 3 8 De...

Page 71: ...reset Figure 3 9 IP Interface Configuration DHCP Note If you lose your management connection make a console connection to the Master unit and enter show ip interface to determine the new stack addres...

Page 72: ...fy the method of file transfer along with the file type and file names as required Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a file...

Page 73: ...ddress of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replac...

Page 74: ...fig as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmwa...

Page 75: ...e startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP serve...

Page 76: ...tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then...

Page 77: ...ge 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system in...

Page 78: ...assword for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default...

Page 79: ...the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Pa...

Page 80: ...nection parameters for Telnet access then click Apply Figure 3 16 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as re...

Page 81: ...ables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the speci...

Page 82: ...s of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This...

Page 83: ...type and set the logging trap Console config logging host 10 1 0 9 4 45 Console config logging facility 23 4 45 Console config logging trap 4 4 46 Console config logging trap Console config exit Cons...

Page 84: ...ers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used fo...

Page 85: ...ecify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click System Log SMTP Enable SMTP specify a source email address and s...

Page 86: ...ed on the unit identification number You should therefore remember to save the current configuration after renumbering the stack For a line topology the stack is numbered from top to bottom with the f...

Page 87: ...the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time ser...

Page 88: ...of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13...

Page 89: ...ge the device These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB sp...

Page 90: ...le 3 4 SNMPv3 Security Models and Levels Model Level Group Read View Write View Notify View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv privat...

Page 91: ...Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community...

Page 92: ...ption options authNoPriv or authPriv the user name must first be defined in the SNMPv3 Users page page 3 44 Otherwise the authentication password and or privacy password will not exist and the switch...

Page 93: ...in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Version Indicates if the user is running...

Page 94: ...ure 3 27 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch f...

Page 95: ...ID Enter an ID of up to 26 hexadecimal characters and then click Save Figure 3 28 Setting the SNMPv3 Engine ID CLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID To send inform m...

Page 96: ...e name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAuthNoPriv T...

Page 97: ...to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return...

Page 98: ...e remote deivce where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 3 43 Remote IP The I...

Page 99: ...imum of eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save...

Page 100: ...ommunications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encr...

Page 101: ...SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent sta...

Page 102: ...ects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 259 6 10 64 2 1 0 57 This trap is sent when the slide in...

Page 103: ...n click Delete Figure 3 32 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read a...

Page 104: ...MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Clic...

Page 105: ...er Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access f...

Page 106: ...password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user Web Click Security User Accounts To configure a new user account enter the user name...

Page 107: ...sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and...

Page 108: ...n the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a repl...

Page 109: ...uthentication login radius 4 70 Console config radius server port 181 4 73 Console config radius server key green 4 73 Console config radius server retransmit 5 4 74 Console config radius server timeo...

Page 110: ...bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing...

Page 111: ...e certificate and a private key and password from a recognized certification authority Note For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest oppor...

Page 112: ...RADIUS or TACACS remote authentication server as specified on the Authentication Settings page page 3 55 If public key authentication is specified by the client then you must configure authentication...

Page 113: ...tored on the switch can access it The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored i...

Page 114: ...on with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memor...

Page 115: ...Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Console ip ssh crypto host key generate 4 37 Co...

Page 116: ...n It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 37 Console config ip ssh timeout 100 4 37 Console config ip ssh authent...

Page 117: ...rt will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch Co...

Page 118: ...llowed on a port and click Apply Figure 3 39 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count...

Page 119: ...lenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The authe...

Page 120: ...tem Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 3 40 802 1X Global Information CLI This example shows the default global setting for 802 1X Consol...

Page 121: ...atus Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Range Single Host Mu...

Page 122: ...ter which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before re transmi...

Page 123: ...nable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 25 disabled Single Host ForceAuthorized n a 1...

Page 124: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx...

Page 125: ...02 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 85 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff In...

Page 126: ...to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address rang...

Page 127: ...agement access for Telnet clients Console config management telnet client 192 168 1 19 4 29 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show managemen...

Page 128: ...packets matching the permit deny rules specified in an ingress ACL You can also configure up to seven user defined masks for an ingress or egress ACL Command Usage The following restrictions apply to...

Page 129: ...me in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 45 Selecting ACL Type CLI This example creates a standar...

Page 130: ...deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP...

Page 131: ...0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a deci...

Page 132: ...g packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through...

Page 133: ...Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in R...

Page 134: ...ect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 48 ACL Configuration MAC...

Page 135: ...der in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an ACL to an interface You must configure a mask for an ACL rule before you can bin...

Page 136: ...to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Source or destination address of r...

Page 137: ...his shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the den...

Page 138: ...Source Destination Bit Mask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bit Mask Ethernet type of rule must match this bitmask Packet Form...

Page 139: ...oes not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking th...

Page 140: ...face label Type Indicates the port type 1000BASE T SFP or 10G Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the c...

Page 141: ...tem on the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the curren...

Page 142: ...on status Provides detailed information on port state Displayed only when the link is up Operation speed duplex Shows the current speed and duplex mode Flow control type8 Indicates the type of flow co...

Page 143: ...gs for speed and mode The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operati...

Page 144: ...face ethernet 1 13 4 143 Console config if description RD SW 13 4 144 Console config if shutdown 4 148 Console config if no shutdown Console config if no negotiation 4 145 Console config if speed dupl...

Page 145: ...t in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to sp...

Page 146: ...orts and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry f...

Page 147: ...t be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 94 C...

Page 148: ...enabled trunk ports on another switch to form a trunk Console config interface ethernet 1 1 4 143 Console config if lacp 4 159 Console config if exit Console config interface ethernet 1 6 Console conf...

Page 149: ...Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be...

Page 150: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Page 151: ...onsole config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 163 Channel Grou...

Page 152: ...roup Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames receive...

Page 153: ...ormation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be ena...

Page 154: ...e LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 163 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP S...

Page 155: ...gned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregati...

Page 156: ...143 is acceptable However the resolution for the 10 Gigabit port is in steps of 1041 pps Command Attributes Port9 Port number Trunk10 Trunk number Type Indicates the port type 1000BASE T SFP or 10G Pr...

Page 157: ...143 Console config if no switchport broadcast 4 149 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 149 Console config if end Cons...

Page 158: ...monitored Range 1 8 Source Port The port whose traffic will be monitored Range 1 25 49 Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Rx T...

Page 159: ...onforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Sets the output rate limit for an interface Default Status Disabled Default Rate Gigabit E...

Page 160: ...at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded P...

Page 161: ...icular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collisio...

Page 162: ...ber of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less tha...

Page 163: ...nfiguration 3 111 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 64 Port Sta...

Page 164: ...l address of a device mapped to this interface VLAN ID of configured VLAN 1 4093 Console show interfaces counters ethernet 1 12 4 151 Ethernet 1 12 Iftable stats Octets input 868453 Octets output 3492...

Page 165: ...nd traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indic...

Page 166: ...x select the method of sorting the displayed addresses and then click Query Figure 3 66 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address t...

Page 167: ...en a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multi...

Page 168: ...d to support independent spanning trees based on VLAN groups Once you specify the VLANs to include in a Multiple Spanning Tree Instance MSTI the protocol will automatically build an MSTI tree to maint...

Page 169: ...es The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanni...

Page 170: ...onsecutive RSTP MSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each...

Page 171: ...ransmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts u...

Page 172: ...t device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then b...

Page 173: ...ed to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum tra...

Page 174: ...Configuring the Switch 3 122 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 69 STA Global Configuration...

Page 175: ...s and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has...

Page 176: ...t or is the MSTI regional root i e master port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed The role is set to disabled i e...

Page 177: ...rt You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly th...

Page 178: ...information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter wit...

Page 179: ...ration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 10 Gigabit Ethernet 200 20 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000...

Page 180: ...node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MST Instance 0 that conne...

Page 181: ...e MSTI settings Command Attributes MST Instance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192...

Page 182: ...d by settings for each port Console show spanning tree mst 1 4 186 Spanning tree information Spanning tree mode MSTP Spanning tree enabled disabled enabled Instance 1 VLANs configuration 1 Priority 32...

Page 183: ...ernal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 1 0030F1D473A0 Designated bridge 32768 1 0030F1D473A0 Fast forwarding disabled Forward transitions...

Page 184: ...isplays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 116 the settings for other instances only apply to t...

Page 185: ...ributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for al...

Page 186: ...auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 10 Gigabit Ethernet 200 20 000 Default Ethernet Half duplex 2 000 000 full duple...

Page 187: ...Ns inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VL...

Page 188: ...ame VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic...

Page 189: ...he same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tag...

Page 190: ...AN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 75 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informati...

Page 191: ...e this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the V...

Page 192: ...he default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID...

Page 193: ...page to configure VLAN groups based on the port index page 3 143 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containi...

Page 194: ...untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from...

Page 195: ...ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 80 VLAN Static Membershi...

Page 196: ...l frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ing...

Page 197: ...mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the sour...

Page 198: ...e Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 82 Private VLAN Status CLI This example enables private VLANs Cons...

Page 199: ...ls cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol...

Page 200: ...nd Attributes Protocol Group ID Group identifier of this protocol group Range 1 2147483647 Frame Type17 Frame type used by this protocol Options Ethernet RFC_1042 LLC_other Protocol Type The only opti...

Page 201: ...processed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame...

Page 202: ...rity and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue...

Page 203: ...onsole config if switchport priority default 5 4 207 Console config if end Console show interfaces switchport ethernet 1 5 4 152 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second L...

Page 204: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Pr...

Page 205: ...r CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 143 Console config queue co...

Page 206: ...er priority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 88 Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the Service...

Page 207: ...en click Apply Figure 3 89 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 15 4 208 Console con...

Page 208: ...t queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be en...

Page 209: ...application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selecte...

Page 210: ...different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority...

Page 211: ...t 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch...

Page 212: ...ty Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high...

Page 213: ...es or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information can be assigned by end hosts or switches or rou...

Page 214: ...rate 6 Use the Service Policy to assign a policy map to a specific interface Configuring a Class Map A class map is used for matching packets to a specified class Command Usage To configure a Class Ma...

Page 215: ...ss Class Configuration Class Name Name of the class map Range 1 32 characters Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone...

Page 216: ...ng Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd_class match any 4 219 Console config cmap matc...

Page 217: ...policers for 10G Ethernet ingress ports Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the Burst field and the average rate to...

Page 218: ...lass map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on page 3 162 Range CoS 0 7 DS...

Page 219: ...3 167 3 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 96 Conf...

Page 220: ...a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select...

Page 221: ...optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all...

Page 222: ...ulticast clients and servers and dynamically configure the switch ports which need to forward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can man...

Page 223: ...otocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive...

Page 224: ...ip igmp snooping querier 4 230 Console config ip igmp snooping query count 10 4 230 Console config ip igmp snooping query interval 100 4 231 Console config ip igmp snooping query max response time 20...

Page 225: ...attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch...

Page 226: ...oll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit Range 1 8 Port or Trunk Specifies the interface attached to a multic...

Page 227: ...eb Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propag...

Page 228: ...cts the VLAN to propagate all multicast traffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Unit Stack unit Range 1 8 Port or Trunk Sp...

Page 229: ...rs This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service The hosts may respond with several types of IP multicast m...

Page 230: ...n the Query Interval Query Interval Configures the frequency at which host query messages are sent Range 1 255 Default 125 seconds Multicast routers send host query messages to determine the interface...

Page 231: ...fig if ip igmp 4 235 Console config if ip igmp last memb query interval 10 4 237 Console config if ip igmp max resp interval 20 4 237 Console config if ip igmp query interval 100 4 237 Console config...

Page 232: ...rt has been received this object has the value 0 0 0 0 Up time The time elapsed since this entry was created Expire The time remaining before this entry will be aged out Default 260 seconds V1 Timer T...

Page 233: ...tial order If there is no domain list the default domain name is used If there is a domain list the default domain name is not used When an incomplete host name is received by the DNS service on this...

Page 234: ...a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 4 137 Console config ip domain list sample com uk 4 138 C...

Page 235: ...ces may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS cl...

Page 236: ...ply Figure 3 106 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55...

Page 237: ...ys 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which...

Page 238: ...rvice for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so that the DHCP server will know the subnet where...

Page 239: ...the switch s DHCP relay agent in order of preference Restart DHCP Relay Use this button to enable or re initialize DHCP relay service Web Click DHCP Relay Configuration Enter up to five IP addresses f...

Page 240: ...specific client if required However any fixed addresses must fall within the range of an existing network address pool You can configure up to 32 fixed host addresses i e entering one address per poo...

Page 241: ...r a single address or an address range and click Add Figure 3 109 DHCP Server General Configuration CLI This example enables the DHCP and sets an excluded address range Console config service dhcp 4 1...

Page 242: ...address pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for DHCP cl...

Page 243: ...S node type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the client Range 1 32 characters Bootfile The default boot image for a...

Page 244: ...Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 4 126 Console config dhcp network 10 1 0 0 255 255 255 0 4 127 Console config dhcp default router 10 1...

Page 245: ...address pool Console config ip dhcp pool mgr 4 126 Console config dhcp host 10 1 0 19 255 255 255 0 4 132 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 4 134 Console config dhcp cli...

Page 246: ...r after moving DHCP service to another device Entry Count Number of hosts that have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host In this...

Page 247: ...rticipating in the virtual group as the address for the master virtual router VRRP then selects the backup routers based on the specified virtual router priority Router redundancy can be set up in any...

Page 248: ...feature which allows a router to take over as the master router when it comes on line Command Usage Address Assignment The IP address assigned to the virtual router must already be configured on the r...

Page 249: ...t and it will always resume control as the master virtual router when it comes back on line The preempt function only allows a backup router to take over from another backup router that is temporarily...

Page 250: ...take over as the master virtual router if it has a higher priority than the acting master virtual router i e another backup router that has taken over from the VRRP group address owner Default Enabled...

Page 251: ...Configuring Router Redundancy 3 199 3 Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 3 114 VRRP Group Configuration...

Page 252: ...eal interface on this router to make it the master virtual router for the group Otherwise enter the virtual address for an existing group to make it a backup router Click Add IP to enter an IP address...

Page 253: ...n number VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Web Click IP VRRP Global Statistics Figure 3 116 VRRP Global Statistics C...

Page 254: ...Number of VRRP packets received by the virtual router with IP TTL Time To Live not equal to 255 Received Priority 0 Packets Number of VRRP packets received by the virtual router with priority set to 0...

Page 255: ...r of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority 0...

Page 256: ...should first create VLANs for each unique user group or application traffic page 3 140 assign all ports that belong to the same group to these VLANs page 3 141 and then assign an IP interface to each...

Page 257: ...h The router can also use the ARP protocol to find out the MAC address of the destination node of the next router as necessary Note In order to perform IP switching the switch should be recognized by...

Page 258: ...vector or hop count which serves as a rough estimate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all rout...

Page 259: ...mic unicast routing If IP routing is enabled all IP packets are routed using either static routing or dynamic routing via RIP or OSPF and other packets for all non IP protocols e g NetBuei NetWare or...

Page 260: ...d first create a VLAN for each unique user group or for each network application and its associated users Then assign the ports associated with each of these VLANs Command Attributes VLAN ID of config...

Page 261: ...these addresses one at a time and click Set IP Configuration after entering each address Figure 3 119 IP Routing Interface CLI This example sets a primary IP address for VLAN 1 and then adds a seconda...

Page 262: ...ir address does not match the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to t...

Page 263: ...ensive use of Proxy ARP can degrade router performance because it may lead to increased ARP traffic and increased search time for larger ARP address tables Command Attributes Timeout Sets the aging ti...

Page 264: ...entry via the configuration interface Command Attributes IP Address IP address statically mapped to a physical MAC address Valid IP addresses consist of four numbers 0 to 255 separated by periods MAC...

Page 265: ...P address of a dynamic entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static22 Changes a select...

Page 266: ...ntry Entry Count The number of local entries in the ARP cache Web Click IP ARP Other Addresses Figure 3 123 ARP Other Addresses Console show arp 4 247 Arp cache timeout 1200 seconds IP Address MAC Add...

Page 267: ...ype Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10...

Page 268: ...ests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 checksum errors Sent 0 t...

Page 269: ...r IP options etc Unknown Protocols Received The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol Received Packets Delivered The t...

Page 270: ...out more suitable routes i e the next hop router to use for a specific destination Table 3 19 ICMP Statistics Parameter Description Messages The total number of ICMP messages which the entity received...

Page 271: ...MP Timestamp request messages received sent Timestamp Replies The number of ICMP Timestamp Reply messages received sent Address Masks The number of ICMP Address Mask Request messages received sent Add...

Page 272: ...lex too slow or just unnecessary Web Click IP Statistics UDP Figure 3 127 UDP Statistics CLI See the example on page 3 215 Table 3 20 USP Statistics Parameter Description Datagrams Received The total...

Page 273: ...YN SENT state from the CLOSED state Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD stat...

Page 274: ...nsure network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Netmask Network mask for the associated IP...

Page 275: ...k connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indicates...

Page 276: ...have been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Trigge...

Page 277: ...ocol messages The update timer is the fundamental timer used to control all basic RIP processes Setting the update timer to a short interval can cause the router to spend an excessive amount of time p...

Page 278: ...click Apply Figure 3 131 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 4 254 Console config router versio...

Page 279: ...191 is class B and the first two fields in the network address are used 192 223 is class C and the first three fields in the network address are used Command Attributes Subnet Address IP address of a...

Page 280: ...ctively Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Usi...

Page 281: ...face RIPv1 Sends only RIPv1 packets RIPv2 Sends only RIPv2 packets RIPv1 Compatible Route information is broadcast to other routers with RIPv2 Default Do Not Send Does not transmit RIP updates The def...

Page 282: ...on option and corresponding password Then click Apply Figure 3 133 RIP Interface Settings CLI This example sets the receive version to accept both RIPv1 or RIPv2 messages the send mode to RIPv1 compat...

Page 283: ...ries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP version received on...

Page 284: ...Configuring the Switch 3 232 3 Web Click Routing Protocol RIP Statistics Figure 3 134 RIP Statistics...

Page 285: ...0 Console show ip rip configuration 4 262 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 Spl...

Page 286: ...used to calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 1587 Command Usage OSPF looks at more than just the simple hop c...

Page 287: ...This is an important technique for limiting the amount of traffic exchanged between Area Border Routers ABRs And finally you must specify a virtual link to any OSPF area that is not physically attach...

Page 288: ...at the AS Boundary Router field must be enabled and the Advertise Default Route field properly configured Default Disabled Advertise Default Route24 The router can advertise a default external route i...

Page 289: ...ration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 4 265 Console config router router id 10 1 1 253 4...

Page 290: ...an area border router adjacent to a stub can be configured to send a default external route into the stub for all destinations outside the local area or the autonomous system This route will also be a...

Page 291: ...he same external routing data so that the exit point does not need to be determined for each external destination Command Attributes Area ID Identifier for an area stub or NSSA Area Type Specifies a n...

Page 292: ...es area 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default...

Page 293: ...VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs imported into your autonomous system i e local routing domain use the Summary Addre...

Page 294: ...mmand is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1 1 0 255 255 255 0 4 271 Cons...

Page 295: ...This router supports up 64 OSPF interfaces Detail Interface Configuration VLAN ID The VLAN corresponding to the selected interface Rtr Priority Sets the interface priority for this router Range 0 255...

Page 296: ...s indicate slower ports Range 1 65535 Default 1 This router uses a default cost of 1 for all ports Therefore if you install a Gigabit module you need to reset the cost for all of the 100 Mbps ports to...

Page 297: ...or routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new key Onc...

Page 298: ...g interface vlan 1 Console config if ip ospf priority 5 4 280 Console config if ip ospf transmit delay 6 4 282 Console config if ip ospf retransmit interval 7 4 281 Console config if ip ospf hello int...

Page 299: ...you cannot configure a virtual link that runs through a stub or NSSA area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitioning or t...

Page 300: ...n existing link click the Detail button for the required entry modify the link settings and click Set Figure 3 140 OSPF Virtual Link Configuration CLI This example configures a virtual link from the A...

Page 301: ...ed to the backbone either directly or through a virtual link if a direct physical connection is not possible An area initially configured via the Network Area Address Configuration page is set as a no...

Page 302: ...col OSPF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then click Appl...

Page 303: ...82 Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route Number of area in this router is 4 Area 0 0 0 0 BACKBONE Number of interfaces in this area is 1 SPF algorithm executed 8 times...

Page 304: ...st enable external route redistribution via the Redistribute Configuration screen view the routes imported into the routing table and then configure one or more summary addresses to reduce the size of...

Page 305: ...tinations outside the autonomous system AS via External LSAs Specify Type 1 to add the internal cost metric to the external route metric In other words the cost of the route from any router within the...

Page 306: ...Attributes Area ID Identifier for an not so stubby area NSSA Default Information Originate An NSSA ASBR originates and floods Type 7 external LSAs throughout its area for known network destination ou...

Page 307: ...r modify the routing behavior for an existing NSSA and click Apply Figure 3 144 OSPF NSSA Settings CLI This example configures area 0 0 0 1 as a stub and sets the cost for the default summary route to...

Page 308: ...e 3 Area border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to a...

Page 309: ...se Information Specify parameters for the LSAs you want to display then click Query Figure 3 145 OSPF Link State Database Information CLI The CLI provides a wider selection of display options for view...

Page 310: ...both Rte Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been execu...

Page 311: ...l communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully ad...

Page 312: ...table making it routing protocol independent Also note that the Dense Mode version of PIM is supported on this router because it is suitable for densely populated multicast groups which occur primari...

Page 313: ...ectly attached subnetworks or on subnetworks attached to downstream routers Field Attributes Group Address IP group address for a multicast service Source Address Subnetwork containing the IP multicas...

Page 314: ...Configuring the Switch 3 262 3 Web Click IP Multicast Routing Multicast Routing Table Click Detail to display additional information for any entry Figure 3 149 Multicast Routing Table...

Page 315: ...d another source routed via PIM Console show ip mroute 4 297 IP Multicast Forwarding is enabled IP Multicast Routing Table Flags P Prune F Forwarding 234 5 6 7 10 1 0 0 255 255 255 0 Owner DVMRP Upstr...

Page 316: ...source of this multicast traffic When this router receives the multicast message it checks its unicast routing table to locate the port that provides the shortest path back to the source If that path...

Page 317: ...viously sent a prune message now discovers a new group member on one of its connections it sends a graft message to the upstream router When an upstream router receives this message it cancels the pru...

Page 318: ...ffect for a multicast tree Range 1 65535 Default 7200 seconds Default Gateway27 Specifies the default DVMRP gateway for IP multicast traffic Default none The specified interface advertises itself as a...

Page 319: ...g Command Attributes DVMRP Interface Information Interface VLAN interface on this router that has enabled DVMRP Address IP address of this VLAN interface Metric The metric for this interface used to c...

Page 320: ...downstream group members within the VLAN But if IGMP snooping is disabled then the interface will flood incoming multicast traffic to all ports in the attached VLAN Web Click Routing Protocol DVMRP In...

Page 321: ...neighbor to check for changes in neighbor capabilities Refer to DVMRP IETF Draft v3 10 section 3 2 1 for a detailed description of these bits These bits are described below Leaf bit 0 Neighbor has onl...

Page 322: ...s used to forward IP multicast traffic The routes listed in the table do not reflect actual multicast traffic flows For this information you should look at the IGMP Member Port Table page 3 176 or the...

Page 323: ...he packet to all the other interfaces for which is has not already received a prune message for this specific source group pair DVMRP holds the prune state for about two hours while PIM DM holds it fo...

Page 324: ...t flooding by default and are only removed from the multicast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a...

Page 325: ...ream from a particular source forwards this traffic to all other PIM interfaces on the router If there are no requesting groups on that interface the leaf node sends a prune message upstream and enter...

Page 326: ...llo interval 60 4 310 Console config if ip pim hello holdtime 210 4 310 Console config if ip pim trigger hello interval 10 4 311 Console config if ip pim join prune holdtime 60 4 311 Console config if...

Page 327: ...Interface Information CLI This example shows the PIM DM interface summary for VLAN 1 Displaying Neighbor Information You can display all the neighboring PIM DM routers Command Attributes Neighbor Addr...

Page 328: ...Protocol PIM DM Neighbor Information Figure 3 157 PIM DM Neighbor Information CLI This example displays the only neighboring PIM DM router Console show ip pim neighbor 4 314 Address VLAN Interface Upt...

Page 329: ...ed the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal...

Page 330: ...ommand and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are usin...

Page 331: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Page 332: ...rmation of interfaces ip IP information lacp Show LACP statistic line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the...

Page 333: ...sages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of comma...

Page 334: ...r of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with...

Page 335: ...on These commands modify the console port and Telnet configuration and include command such as parity and databits Router Configuration These commands configure global settings for unicast and multica...

Page 336: ...cess list ip mask precedence access list mac access list mac mask precedence Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl...

Page 337: ...Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one char...

Page 338: ...rors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 154 Rate Limiting Controls the maximum rate for traffic transmitted or rece...

Page 339: ...tarts the line configuration mode GC 4 12 login Enables password checking at login LC 4 12 password Specifies a password on a line LC 4 13 timeout login response Sets the interval that the system wait...

Page 340: ...screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Comm...

Page 341: ...and passwords for remote authentication servers you must use the RADIUS or TACACS software installed on those servers Example Related Commands username 4 27 password 4 13 password This command specif...

Page 342: ...ng Syntax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 300...

Page 343: ...minated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Exam...

Page 344: ...lent time 4 16 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh...

Page 345: ...an be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits...

Page 346: ...Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The s...

Page 347: ...Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show...

Page 348: ...Disabled Login timeout Disabled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Con...

Page 349: ...enable password 4 28 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet stati...

Page 350: ...6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 23 show history This command shows the contents of the command history buffer Default Setting None Command Mode Norm...

Page 351: ...tion information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system E...

Page 352: ...tion mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can bot...

Page 353: ...Filter Configures IP addresses that are allowed management access 4 29 Web Server Enables management access via a web browser 4 31 Telnet Server Enables management access via Telnet 4 34 Secure Shell...

Page 354: ...umber This command resets the switch unit identification numbers in the stack All stack members are numbered sequentially starting from the top unit for a non loop stack or starting from the Master un...

Page 355: ...ame of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec...

Page 356: ...level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 e...

Page 357: ...mmand Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap messag...

Page 358: ...Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Exampl...

Page 359: ...his command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration...

Page 360: ...e client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session ke...

Page 361: ...secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same p...

Page 362: ...vironments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications...

Page 363: ...he host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry f...

Page 364: ...eve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh serv...

Page 365: ...nnection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption You must generate DSA and RSA host keys before enabling the SSH server Exam...

Page 366: ...te a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which t...

Page 367: ...username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto h...

Page 368: ...Related Commands ip ssh crypto zeroize 4 40 ip ssh save host key 4 41 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type...

Page 369: ...splays the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command M...

Page 370: ...ion Started Authentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 i...

Page 371: ...AACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw b...

Page 372: ...e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7...

Page 373: ...address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The max...

Page 374: ...verity Use this command without a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the syslog severity levels l...

Page 375: ...ing This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash...

Page 376: ...message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debuggi...

Page 377: ...cipients Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 fun...

Page 378: ...oses the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send m...

Page 379: ...address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch or the addre...

Page 380: ...d Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging...

Page 381: ...om time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001...

Page 382: ...rvers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchroniza...

Page 383: ...how sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged...

Page 384: ...enwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone i...

Page 385: ...one Command Mode Privileged Exec Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console Table 4 23 System Status Commands Command Function Mode Pa...

Page 386: ...for the console port and Telnet Example Console show startup config building startup config please wait stackingDB 0000000000000000 stackingDB stackingMac 01_00 20 1a df 9c a0_00 stackingMac stackingM...

Page 387: ...ls and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP community s...

Page 388: ...00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac phymap 00 30 f1 d4 73 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Page 389: ...able Switch System OID string 1 3 6 1 4 1 259 6 10 64 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE System Location NONE System Contact NONE MAC Addres...

Page 390: ...ersion information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 13 for detailed information on...

Page 391: ...end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the e...

Page 392: ...copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for s...

Page 393: ...ce the startup configuration you must use startup config as the destination Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a...

Page 394: ...file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup c...

Page 395: ...e shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 4 67 delete public key 4 39 dir This command displays a list of files in flash memory Syntax dir unit boot...

Page 396: ...t Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom O...

Page 397: ...ig Configuration file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configur...

Page 398: ...best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts...

Page 399: ...age 4 20 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server password only tacacs Us...

Page 400: ...th_port timeout timeout retransmit retransmit key key index Allows you to specifiy up to five servers These servers are queried in sequence until a server responds or the retransmit period expires hos...

Page 401: ...port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS en...

Page 402: ...Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax r...

Page 403: ...els for each user or group that require management access to a switch Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port num...

Page 404: ...mmand Mode Global Configuration Example tacacs server port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs server port port_number no tacacs...

Page 405: ...blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS ser...

Page 406: ...without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed ad...

Page 407: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port moni...

Page 408: ...GC 4 81 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 81 dot1x port contro...

Page 409: ...nd Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized f...

Page 410: ...eyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The ma...

Page 411: ...le re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request...

Page 412: ...on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx peri...

Page 413: ...port control mode page 4 81 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items r...

Page 414: ...d Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a respo...

Page 415: ...the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP add...

Page 416: ...mac unknown packets The order in which active ACLs are checked is as follows 1 User defined rules in the Egress MAC ACL for egress ports 2 User defined rules in the Egress IP ACL for egress ports 3 Us...

Page 417: ...ule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Table 4 34 IP ACL Commands Command Fu...

Page 418: ...e appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bi...

Page 419: ...rt sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP...

Page 420: ...Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control c...

Page 421: ...control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system...

Page 422: ...Check the protocol field any Any address will be matched host The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask D...

Page 423: ...f precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules...

Page 424: ...ole config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Cons...

Page 425: ...config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any con...

Page 426: ...and Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask...

Page 427: ...y the exact text of a previously configured rule An ACL can contain up to 32 rules Example Table 4 35 MAC ACL Commands Command Function Mode Page access list mac Creates a MAC ACL and enters configura...

Page 428: ...rotocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged...

Page 429: ...e the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands ac...

Page 430: ...les but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet Example Related Commands mask MAC ACL 4 102 mac access group 4 105...

Page 431: ...shows how to create an Ingress MAC ACL and bind it to a port You can then see that the order of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit...

Page 432: ...ype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console co...

Page 433: ...can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule...

Page 434: ...Show all ACLs and associated rules PE 4 106 show access group Shows the ACLs assigned to each port PE 4 106 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92...

Page 435: ...server Syntax no snmp server Default Setting Enabled Command Mode Global Configuration Table 4 37 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 107 show snmp Display...

Page 436: ...config snmp server Console config Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the...

Page 437: ...ions are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized...

Page 438: ...t port no snmp server host host addr host addr Internet address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform...

Page 439: ...cations are sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types canno...

Page 440: ...or priv options the user name must first be defined with the snmp server user command Otherwise the authentication password and or privacy password will not exist and the switch will not authorize SN...

Page 441: ...Related Commands snmp server host 4 110 snmp server engine id This command configures an identification string for the SNMPv3 engine Use the no form to restore the default Syntax snmp server engine i...

Page 442: ...deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users page 4 119 Example Related Commands snmp server host 4 110 show snmp engine id This command shows the...

Page 443: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefin...

Page 444: ...Simple Network Management Protocol on page 3 37 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines t...

Page 445: ...thm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported...

Page 446: ...e Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Nam...

Page 447: ...password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with pri...

Page 448: ...mmand Mode Privileged Exec Example Console config snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config snmp server user mark group r d remote 192 168 1 19 v3 auth...

Page 449: ...ient identifier text A text string Range 1 15 characters hex The hexadecimal value Default Setting None Command Mode Interface Configuration VLAN Row Status The row status of this entry SNMP remote us...

Page 450: ...server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on th...

Page 451: ...it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcas...

Page 452: ...lay server 10 1 0 99 Console config if Table 4 45 DHCP Server Commands Command Function Mode Page service dhcp Enables the DHCP server feature on this switch GC 4 125 ip dhcp excluded address Specifie...

Page 453: ...ress range high address The last IP address in an excluded address range netbios node type Configures NetBIOS node type for Microsoft DHCP clients DC 4 131 lease Sets the duration an IP address is ass...

Page 454: ...anges to DHCP Pool Configuration mode identified by the config dhcp prompt From this mode first configure address pools for the network interfaces using the network command You can also manually bind...

Page 455: ...lient request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is found it assigns an address fro...

Page 456: ...omain Specifies the domain name of the client Range 1 32 characters Default Setting None Command Mode DHCP Pool Configuration Example dns server This command specifies the Domain Name System DNS IP se...

Page 457: ...is typically a Trivial File Transfer Protocol TFTP server Default Setting None Command Mode DHCP Pool Configuration Example Related Commands bootfile 4 129 bootfile This command specifies the name of...

Page 458: ...ess2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP address of alternate NetBIOS WINS name server Default Setting None Command Mode DHCP...

Page 459: ...to a DHCP client Use the no form to restore the default value Syntax lease days hours minutes infinite no lease days Specifies the duration of the lease in numbers of days Range 0 364 hours Specifies...

Page 460: ...client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a m...

Page 461: ...uration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier and hardware address are configured for a host address the c...

Page 462: ...hernet Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client iden...

Page 463: ...vice to another device Example Related Commands show ip dhcp binding 4 135 show ip dhcp binding This command displays address bindings on the DHCP server Syntax show ip dhcp binding address address Sp...

Page 464: ...onding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 4 46 DNS Commands Command Function Mode Page ip host...

Page 465: ...ries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table ip domain name This command defines the default domain name appended to incompl...

Page 466: ...e domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is rec...

Page 467: ...6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The...

Page 468: ...before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Console config ip domain server 192 1...

Page 469: ...lias if it is mapped to the same address es as a previously configured entry show dns This command displays the configuration of the DNS service Command Mode Privileged Exec Example Console show hosts...

Page 470: ...s net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Table 4 47 show dns cache display description Field Description NO The entry number for each reso...

Page 471: ...rface configuration IC 4 144 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 144 negotiation Enables autonegotiation of a given interf...

Page 472: ...a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex...

Page 473: ...x mode under auto negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Co...

Page 474: ...ex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation Default Setting 1000BASE T 10half 10full 100hal...

Page 475: ...iation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto neg...

Page 476: ...he switch to use the built in RJ 45 port for the combination port 48 shutdown This command disables an interface To restart a disabled interface use the no form Syntax no shutdown Default Setting All...

Page 477: ...reshold packets above that threshold are dropped Broadcast control does not effect IP multicast traffic The resolution for Gigabit ports is 1 packet per second pps i e any setting between 500 262143 i...

Page 478: ...ears statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit Stack unit Range 1 8 port P...

Page 479: ...ed by this command see Showing Port Statistics on page 3 108 Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configur...

Page 480: ...put 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignme...

Page 481: ...4 149 LACP status Shows if Link Aggregation Control Protocol has been enabled or disabled page 4 159 Ingress Egress rate limit Shows if rate limiting is enabled and the current rate limit page 4 156...

Page 482: ...e Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to t...

Page 483: ...Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from por...

Page 484: ...nforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to re...

Page 485: ...tion mode i e speed and duplex mode VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a tr...

Page 486: ...to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax...

Page 487: ...additional ports will be placed in standby mode and will only be enabled if one of the active links fails Example The following shows LACP enabled on ports 10 12 Because LACP has also been enabled on...

Page 488: ...with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP...

Page 489: ...el is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined...

Page 490: ...no lacp actor partner port priority actor The local side an aggregate link partner The remote side of an aggregate link priority LACP port priority is used to select a backup link Range 0 65535 Defau...

Page 491: ...Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 53 show lacp counters display description Field Description LACPDUs Sent...

Page 492: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Page 493: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Page 494: ...Table 4 56 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC...

Page 495: ...default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static...

Page 496: ...ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 sort Sort by address vlan or interface Default Setting None...

Page 497: ...le aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically l...

Page 498: ...ng tree instance MST 4 177 name Configures the name for the multiple spanning tree MST 4 177 revision Configures the revision number for the multiple spanning tree MST 4 178 max hops Configures the ma...

Page 499: ...rovide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command sele...

Page 500: ...To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tre...

Page 501: ...Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Glob...

Page 502: ...configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge...

Page 503: ...values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 180 takes precedence over port priority page 4 181 Example...

Page 504: ...Range 1 4093 Default Setting none Command Mode MST Configuration Command Usage Use this command to group VLANs into spanning tree instances MSTP generates a unique spanning tree for each instance Thi...

Page 505: ...440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest prio...

Page 506: ...ision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Defaul...

Page 507: ...these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches ze...

Page 508: ...is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full...

Page 509: ...e link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 180 spanning...

Page 510: ...ommand is used to enable disable the fast spanning tree mode for the selected port In this mode ports skip the Discarding and Learning states and proceed straight to Forwarding Since end nodes cannot...

Page 511: ...en automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a...

Page 512: ...d with a unique set of VLAN IDs This command is used by the multiple spanning tree algorithm to determine the best path between devices Therefore lower values should be assigned to interfaces attached...

Page 513: ...e BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel cha...

Page 514: ...ge Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spa...

Page 515: ...port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forward...

Page 516: ...D Revision level 0 Instance Vlans 1 2 Console Table 4 59 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 188 Configuring VLAN Interfac...

Page 517: ...ay this file by entering the show running config command Example Related Commands show vlan 4 196 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN S...

Page 518: ...Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Table 4 61 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Ent...

Page 519: ...AN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or unt...

Page 520: ...ple The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 191 switchport ingress filtering This command enables ingress filteri...

Page 521: ...ange 1 4093 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this...

Page 522: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Page 523: ...Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you can...

Page 524: ...to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Ty...

Page 525: ...ivate VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs...

Page 526: ...ts To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 189 Although not mandatory we suggest configuring a separate VLAN for eac...

Page 527: ...ult Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types protocol vla...

Page 528: ...LAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which mat...

Page 529: ...hernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Ex...

Page 530: ...N members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This comma...

Page 531: ...t Channel Example show gvrp configuration This command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1...

Page 532: ...ds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services...

Page 533: ...nge 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 204 Conso...

Page 534: ...wrr Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 7 respectively Table 4 66 Priority Commands Command Groups Function Page Prio...

Page 535: ...riority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority id The priority...

Page 536: ...ity on port 3 to 5 queue bandwidth This command assigns weighted round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax queue b...

Page 537: ...classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface Configuration Ethernet Port C...

Page 538: ...priority queues Default Setting None Command Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet...

Page 539: ...1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console Table 4 69 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of se...

Page 540: ...dence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority This command sets the IP port priority for all interfaces Example The following example shows how to map...

Page 541: ...efault priority mapping Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority...

Page 542: ...switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP...

Page 543: ...1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1...

Page 544: ...ip port Interface Configuration 4 212 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Stack unit Rang...

Page 545: ...Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Console show map ip precedence ethernet 1 5 Precedence mapping status disabled P...

Page 546: ...class command to identify the class map and enter Policy Map Class configuration mode A policy map can contain multiple class statements 6 Use the set command to modify the QoS value for matching traf...

Page 547: ...ass Map configuration mode Then use the match command page 4 220 to specify the criteria for ingress traffic that will be classified under this class map Only one match command is permitted per class...

Page 548: ...s map and enter the Class Map configuration mode Then use the match command to specify the fields within ingress packets that must match to qualify for this class map Only one match command can be ent...

Page 549: ...atches criteria defined in a class map A policy map can contain multiple class statements that can be applied to the same interface with the service policy command page 4 224 You must create a Class M...

Page 550: ...vice that an IP packet will receive police command defines the maximum throughput burst rate and the action that results from a policy violation Currently you may only configure one rule per Class Map...

Page 551: ...ervice that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any violating...

Page 552: ...ponse to drop any violating packets service policy This command applies a policy map defined by the policy map command to the ingress queue of a particular interface Use the no form to remove the poli...

Page 553: ...hich define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name of the poli...

Page 554: ...ticast switch router to ensure that it will continue to receive the multicast service Note that IGMP query can be enabled globally at Layer 2 or enabled for specific VLAN interfaces at Layer 3 Layer 2...

Page 555: ...Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Static Multicast Routing Configures static multicast router ports 4 233 IGMP Layer 3 Configures the IGMP protocol used with...

Page 556: ...n Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Versi...

Page 557: ...ntries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selecte...

Page 558: ...ing query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast...

Page 559: ...231 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval...

Page 560: ...ple The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 228 ip igmp snooping query max response time 4 231 ip igmp snooping router...

Page 561: ...Range 1 32 Default Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able t...

Page 562: ...sole config Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 77 IGMP Commands Layer 3 Command Function Mode Page ip igmp...

Page 563: ...ds ip igmp snooping 4 227 show ip igmp snooping 4 228 ip igmp robustval This command specifies the robustness i e expected packet loss for this interface Use the no form of this command to restore the...

Page 564: ...1 255 Default Setting 125 seconds Command Mode Interface Configuration VLAN Command Usage Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts...

Page 565: ...Maximum Response Interval you can tune the burstiness of IGMP messages passed on the subnet where larger values make the traffic less bursty as host responses are spread out over a larger interval The...

Page 566: ...imum response time to 10 seconds ip igmp version This command configures the IGMP version used on an interface Use the no form of this command to restore the default Syntax ip igmp version 1 2 no ip i...

Page 567: ...x clear ip igmp group group address interface vlan vlan id group address IP address of the multicast group vlan id VLAN ID Range 1 4093 Default Setting Deletes all entries in the cache if no options a...

Page 568: ...heard the report If there are Version 1 hosts present for a particular group the switch will ignore any Leave Group messages that it receives for that group Example The following shows the IGMP group...

Page 569: ...Timer The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface The default is 400 seconds Table 4 79 IP Interface Com...

Page 570: ...network In other words a router interface address defines the network and subnetwork numbers of the segment that is connected to that interface and allows you to send IP packets to or from the router...

Page 571: ...start client 4 122 ip default gateway This command specifies the default gateway for destinations not found in the local routing tables Use the no form to remove a default gateway Syntax ip default ga...

Page 572: ...244 show ip redirects This command shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 4 243 Console show...

Page 573: ...he ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds...

Page 574: ...other routers on local network interfaces defined on this router The maximum number of static entries allowed in the ARP cache is 128 You may need to enter a static entry in the cache if there is no...

Page 575: ...lay the current cache timeout value Example This example sets the ARP cache timeout for 15 minutes i e 900 seconds clear arp cache This command deletes all dynamic entries from the Address Resolution...

Page 576: ...n Protocol ARP Use the no form to disable proxy ARP Syntax no ip proxy arp Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage Proxy ARP allows a non routing device to det...

Page 577: ...form to disable IP routing Syntax no ip routing Default Setting Enabled Command Mode Global Configuration Table 4 82 IP Routing Commands Command Group Function Page Global Routing Configuration Confi...

Page 578: ...e destination network subnetwork or host netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets default Sets this entry as th...

Page 579: ...l interface Use the no ip route command to remove a static route Example show ip route This command displays information in the IP routing table Syntax show ip route config address netmask config Disp...

Page 580: ...router Netmask Network mask for the associated IP subnet Next Hop IP address of the next hop or gateway used for this route Protocol The protocol which generated this route information Values static l...

Page 581: ...t a gateway Frags 0 reassembled 0 timeouts 0 fragmented 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requ...

Page 582: ...to use RIP routing RC 4 256 neighbor Defines a neighboring router with which to exchange information RC 4 256 version Specifies the RIP version to use on all network interfaces if not already specifi...

Page 583: ...meout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable Howev...

Page 584: ...xx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address a...

Page 585: ...ip rip send version command will be set to the following values RIP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol mess...

Page 586: ...v2 packets Command Usage Use this command to override the global setting specified by the RIP version command You can specify the receive version based on these options Use none if you do not want to...

Page 587: ...ing specified by the RIP version command You can specify the receive version based on these options Use none to passively monitor route information advertised by other routers attached to the network...

Page 588: ...metrics to infinity This provides faster convergence Example This example propagates routes back to the source using poison reverse ip rip authentication key This command enables authentication for RI...

Page 589: ...a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentic...

Page 590: ...ut the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Console show rip globals R...

Page 591: ...IP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison reverse or...

Page 592: ...an area border routers to the backbone RC 4 274 Interface Configuration ip ospf authentication Specifies the authentication type for an interface IC 4 276 ip ospf authentication key Assigns a simple p...

Page 593: ...or this device within the autonomous system Use the no form to use the default router identification method i e the lowest interface address Syntax router id ip address no router id ip address Router...

Page 594: ...f the priority values of the routers bidding to be the designated router or backup designated router for an area are equal the router with the highest ID is elected Example Related Commands router osp...

Page 595: ...e an Autonomous System this router automatically becomes an Autonomous System Boundary Router ASBR However an ASBR does not by default generate a default route into the routing domain If you use the...

Page 596: ...ng a low value allows the router to switch to a new path faster but uses more CPU processing time Example area range This command summarizes the routes advertised by an Area Border Router ABR Use the...

Page 597: ...a Border Router ABR Use the no form to remove the assigned default cost Syntax area area id default cost cost no area area id default cost area id Identifier for a stub or NSSA in the form of an IP ad...

Page 598: ...r all routes contained in 192 168 x x Related Commands area range 4 268 redistribute This command imports external routing information from other routing domains i e protocols into the autonomous syst...

Page 599: ...the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR plus the cost of the external route Specify Type 2 to only advertise the external...

Page 600: ...emoved from an area the interface belonging to that range may still remain active if a less specific address range covering that area has been specified This router supports up to 64 OSPF router inter...

Page 601: ...To remove an optional attribute use the no form without the relevant keyword Syntax no area area id nssa no redistribution default information originate area id Identifies the NSSA The area ID must be...

Page 602: ...s are always chosen over Type 7 NSSA external routes This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 3 0 0 and assigns...

Page 603: ...equired to send a link state update packet over the virtual link considering the transmission and propagation delays LSAs have their age incremented by this amount before transmission This value must...

Page 604: ...nks Example This example creates a virtual link using the defaults for all optional parameters This example creates a virtual link using MD5 authentication Related Commands show ip ospf virtual links...

Page 605: ...entication key This command assigns a simple password to be used by neighboring routers Use the no form to remove the password Syntax ip ospf authentication key key no ip ospf authentication key key S...

Page 606: ...ication information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple c...

Page 607: ...have to reset the cost for all of the 100 Mbps ports to a value greater than 1 Example ip ospf dead interval This command sets the interval at which hello packets are not seen before neighbors declare...

Page 608: ...are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing t...

Page 609: ...ommand specifies the time between resending link state advertisements LSAs Use the no form to restore the default value Syntax ip ospf retransmit interval seconds no ip ospf retransmit interval second...

Page 610: ...y according to link speed using larger values for lower speed links The transmit delay must be the same for all routers attached to an autonomous system Example show ip ospf This command shows basic i...

Page 611: ...SA or stub Number of interfaces The number of interfaces attached to this area SPF algorithm executed The number of times the shortest path first algorithm has been executed for this area Console show...

Page 612: ...ginate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router ip ad...

Page 613: ...52 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 28 0X80000001 0X53E1 Console Table...

Page 614: ...ork Mask 255 255 255 0 Metric 1 Console Table 4 93 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities a...

Page 615: ...a 2 1 1 0 0 0 Total LSA Counts 4 Console Table 4 94 show ip ospf database summary display description Field Description Area ID Area identifier Router Number of router LSAs Network Number of network L...

Page 616: ...ociated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Number...

Page 617: ...outer 10 1 1 253 Console Table 4 96 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the L...

Page 618: ...splay description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Router Link LSA describes the router s interface...

Page 619: ...er 80000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 4 98 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in...

Page 620: ...of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which this interface belongs Router ID Router ID Network Type Includes broadc...

Page 621: ...outer priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet bu...

Page 622: ...ands area virtual link 4 274 Console show ip ospf summary address 10 1 0 0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit...

Page 623: ...Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface...

Page 624: ...as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp sn...

Page 625: ...p dvmrp or ip pim dense mode commands Example show ip mroute This command displays the IP multicast routing table Syntax show ip mroute group address source summary group address An IP multicast group...

Page 626: ...nterface vlan1 Upstream Router 148 122 34 9 Downstream vlan2 P vlan3 F Console Table 4 105 show ip mroute display description Field Description Source and netmask Subnetwork containing the IP multicas...

Page 627: ...lay before declaring an attached neighbor router down RC 4 301 report interval Sets the interval for propagating the complete set of routing tables to other neighbor routers RC 4 301 flash update inte...

Page 628: ...ault Setting 10 seconds Command Mode Router Configuration Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes and is used to verify whether or...

Page 629: ...nd is used for timing out routes and for setting the children and leaf flags Example report interval This command specifies how often to propagate the complete set of routing tables to other neighbor...

Page 630: ...on Example prune lifetime This command specifies how long a prune state will remain in effect for a multicast tree Use the no form to restore the default value Syntax prune lifetime seconds no prune l...

Page 631: ...outer receives these messages it records all the downstream routers for the default route When multicast traffic with an unknown source address i e not found in the route table is received on the defa...

Page 632: ...rface on this router Use the no form to restore the default value Syntax ip dvmrp metric interface metric no ip dvmrp metric interface metric Metric used to select the best reverse path Range 1 31 Def...

Page 633: ...vmrp page 4 299 Probe Interval page 4 300 Nbr Expire page 4 301 Minimum Flash Update Interval page 4 302 Prune Lifetime page 4 302 Route Report page 4 301 Default Gateway page 4 303 Metric of Default...

Page 634: ...p route display description Field Description Source IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Mask Subnet mask that is us...

Page 635: ...cast delivery tree Interface The IP interface on this router that connects to the upstream neighbor Uptime The time since this device last became a DVMRP neighbor Expire The time remaining before this...

Page 636: ...interface IC 4 309 ip pim hello interval Sets the interval between sending PIM hello messages IC 4 310 ip pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router befo...

Page 637: ...dense mode command If you enable PIM on an interface you should also enable IGMP on that interface Dense mode interfaces are subject to multicast flooding by default and are only removed from the mult...

Page 638: ...fy whether or not these neighbors are still active members of the multicast tree Example ip pim hello holdtime This command configures the interval to wait for hello messages from a neighboring PIM ro...

Page 639: ...llo interval is set to random value between 0 and the trigger hello interval This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Als...

Page 640: ...erval seconds The time before resending a Graft Range 0 65535 Default Setting 3 seconds Command Mode Interface Configuration VLAN Command Usage A graft message is sent by a router to cancel a prune st...

Page 641: ...displays the PIM settings for the specified interface as described in the preceding pages It also shows the address of the designated PIM router and the number of neighboring PIM routers Example Conso...

Page 642: ...rimary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down Console show ip pim nei...

Page 643: ...terface that are supported by this VRRP group Default Setting No virtual router groups are configured Command Mode Interface VLAN Table 4 112 VRRP Commands Command Function Mode Page vrrp ip Enables V...

Page 644: ...is entered If you need to customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP Example Th...

Page 645: ...ith the same IP address as that used for the virtual router will become the master virtual router The backup router with the highest priority will become the master router if the current master fails...

Page 646: ...dress 224 0 0 8 Using a multicast address reduces the amount of traffic that has to processed by network devices that are not part of the designated VRRP group If the master router stops sending adver...

Page 647: ...it time to gather information for its routing table before actually preempting the currently active router Example Related Commands vrrp priority 4 317 show vrrp This command displays status informati...

Page 648: ...l IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the current actin...

Page 649: ...on Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Virtual address that identifies this VRRP group Int Interval at which the m...

Page 650: ...nsole show vrrp router counters Total Number of VRRP Packets with Invalid Checksum 0 Total Number of VRRP Packets with Unknown Error 0 Total Number of VRRP Packets with Invalid VRID 0 Console Console...

Page 651: ...is command clears VRRP system statistics for the specified group and interface clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configure...

Page 652: ...Command Line Interface 4 324 4...

Page 653: ...put limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 80...

Page 654: ...or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Gro...

Page 655: ...338 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 DVMRP MIB Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 IP...

Page 656: ...SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Community...

Page 657: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Page 658: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 659: ...ce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP...

Page 660: ...802 1X Port Authentication standard GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning...

Page 661: ...ng to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IGMP Query On each subnetwork one IGMP capable dev...

Page 662: ...ications Protocol This layer handles the routing functions for data moving from one open system to another Link Aggregation See Port Trunk Link Aggregation Control Protocol LACP Allows ports to automa...

Page 663: ...network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port ba...

Page 664: ...ansmission cost RIP 2 is a compatible upgrade to RIP It adds useful capabilities for subnet routing authentication and multicast transmissions Secure Shell SSH A secure replacement for remote access f...

Page 665: ...s connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection...

Page 666: ...Glossary Glossary 8...

Page 667: ...4 209 queue mode 3 154 4 206 traffic class weights 3 154 4 208 D default gateway configuration 3 17 3 207 4 243 default priority ingress port 3 150 4 207 default settings system 1 6 DHCP 3 19 4 242 a...

Page 668: ...gress filtering 3 144 4 192 IP address BOOTP DHCP 3 19 4 122 4 242 setting 2 7 3 17 4 242 IP port priority enabling 3 160 4 211 mapping priorities 3 160 4 212 IP precedence enabling 3 156 4 212 mappin...

Page 669: ...4 13 passwords 2 7 administrator setting 3 53 4 27 path cost 3 117 3 124 method 3 121 4 175 STA 3 117 3 124 4 175 PIM DM 3 271 4 308 configuring 3 271 4 308 global configuration 3 271 4 308 interface...

Page 670: ...d 3 121 4 175 port priority 3 125 4 181 protocol migration 3 128 4 185 transmission limit 3 121 4 175 standards IEEE A 2 startup files creating 3 24 4 64 displaying 3 21 4 57 setting 3 21 4 69 static...

Page 671: ...8 4 316 configuration settings 3 196 4 315 group statistics 3 202 4 319 preemption 3 197 3 198 4 318 priority 3 197 3 198 4 317 protocol message statistics 3 201 4 322 timers 3 198 4 318 virtual addre...

Page 672: ...Index 6 Index...

Page 673: ......

Page 674: ...ES4625 ES4649 E042005 R01 149100022900A...

Reviews:

No comments