Edge-Core ES4626F Management Manual Download Page 470 | Manualshive

Page: 470 / 792

background image

User Authentication Commands

25-4

25

Authentication Sequence

Three authentication methods can be specified to authenticate users logging into the
system for management access. The commands in this section can be used to
define the authentication method and sequence.

authentication login

This command defines the login authentication method and precedence. Use the

no

form to restore the default.

Syntax

authentication login

{[

local

] [

radius

] [

tacacs

]}

no authentication login

•

local

- Use local password.

•

radius

- Use RADIUS server password.

•

tacacs

- Use TACACS server password.

Default Setting

Local

Command Mode

Global Configuration

Command Usage

• RADIUS uses UDP while uses TCP. UDP only offers best effort

delivery, while TCP offers a connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the
client to the server, while encrypts the entire body of the packet.

• RADIUS and logon authentication assigns a specific privilege level

for each user name and password pair. The user name, password, and
privilege level must be configured on the authentication server.

• You can specify three authentication methods in a single command to indicate

the authentication sequence. For example, if you enter “

authentication login

radius tacacs local

,” the user name and password on the RADIUS server is

verified first. If the RADIUS server is not available, then authentication is
attempted on the server. If the server is not available,
the local user name and password is checked.

Table 25-4 Authentication Sequence Commands

Command

Function

Mode

Page

authentication login

Defines logon authentication method and precedence

GC

25-4

authentication enable

Defines the authentication method and precedence for

command mode change

GC

25-5

«
...
468
469
470
471
472
...
»

Summary of Contents for ES4626F

Page 1: ...Powered by Accton Management Guide ES4626F ES4650F 24 48 Port Stackable Layer 3 Gigabit Ethernet Switch...

Page 2: ......

Page 3: ...T RJ 45 Ports 4 Gigabit Combination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots and 2 Stacking Ports ES4650F Gigabit Ethernet Switch Stackable Layer 3 Switch with 44 10 100 1000BASE T RJ 45 Po...

Page 4: ...ES4626F ES4650F F1 1 0 2 E062009 R01 ST 149100000013A...

Page 5: ...nt information or calls your attention to related features or instructions Caution Alerts you to a potential hazard that could cause loss of data or damage the system or equipment Warning Alerts you t...

Page 6: ...ii...

Page 7: ...nagement Access 2 5 Resilient Configuration 2 5 Renumbering the Stack 2 5 Ensuring Consistent Code is Used Across the Stack 2 5 Basic Configuration 2 6 Console Connection 2 6 Setting Passwords 2 7 Set...

Page 8: ...oading Configuration Settings from a Server 4 25 Console Port Settings 4 26 Telnet Settings 4 28 Configuring Event Logging 4 30 System Log Configuration 4 30 Remote Log Configuration 4 31 Displaying L...

Page 9: ...he ACL Name and Type 7 1 Configuring a Standard IPv4 ACL 7 2 Configuring an Extended IPv4 ACL 7 3 Configuring a MAC ACL 7 6 Configuring a Standard IPv6 ACL 7 7 Configuring an Extended IPv6 ACL 7 8 Bin...

Page 10: ...Interface to a QinQ Tunnel 11 17 Configuring Private VLANs 11 18 Enabling Private VLANs 11 19 Configuring Uplink and Downlink Ports 11 19 Configuring Protocol Based VLANs 11 20 Configuring Protocol G...

Page 11: ...e 16 1 Configuring General DNS Service Parameters 16 1 Configuring Static DNS Host to Address Entries 16 3 Displaying the DNS Cache 16 5 Chapter 17 Dynamic Host Configuration Protocol 17 1 Configuring...

Page 12: ...rst Protocol 20 14 Configuring General Protocol Settings 20 15 Configuring OSPF Areas 20 19 Configuring Area Ranges Route Summarization for ABRs 20 23 Configuring OSPF Interfaces 20 25 Configuring Vir...

Page 13: ...22 4 exit 22 5 quit 22 5 Chapter 23 System Management Commands 23 1 Device Designation Commands 23 1 hostname 23 1 switch renumber 23 2 System Status Commands 23 3 show startup config 23 3 show runni...

Page 14: ...gging sendmail destination email 23 34 logging sendmail 23 34 show logging sendmail 23 35 Time Commands 23 35 sntp client 23 36 sntp server 23 37 sntp poll 23 37 sntp update time 23 38 show sntp 23 38...

Page 15: ...us server key 25 7 radius server retransmit 25 8 radius server timeout 25 8 show radius server 25 8 TACACS Client 25 9 tacacs server host 25 9 tacacs server port 25 10 tacacs server key 25 10 show tac...

Page 16: ...35 management 25 35 show management 25 36 Chapter 26 Access Control List Commands 26 1 IPv4 ACLs 26 1 access list ip 26 2 permit deny Standard IPv4 ACL 26 2 permit deny Extended IPv4 ACL 26 3 show ip...

Page 17: ...ernet Interface 28 5 lacp admin key Port Channel 28 6 lacp port priority 28 6 show lacp 28 7 Chapter 29 Mirror Port Commands 29 1 port monitor 29 1 show port monitor 29 2 Chapter 30 Rate Limit Command...

Page 18: ...32 18 Chapter 33 Spanning Tree Commands 33 1 spanning tree 33 2 spanning tree mode 33 2 spanning tree forward time 33 4 spanning tree hello time 33 4 spanning tree max age 33 5 spanning tree priority...

Page 19: ...4 12 show vlan 34 13 Configuring IEEE 802 1Q Tunneling 34 14 dot1q tunnel system tunnel control 34 15 switchport dot1q tunnel mode 34 15 switchport dot1q tunnel tpid 34 16 show dot1q tunnel 34 17 Conf...

Page 20: ...8 show class map 36 9 show policy map 36 9 show policy map interface 36 10 Chapter 37 Multicast Filtering Commands 37 1 IGMP Snooping Commands 37 1 ip igmp snooping 37 1 ip igmp snooping vlan static...

Page 21: ...ess 39 6 ip dhcp pool 39 6 network 39 7 default router 39 8 domain name 39 8 dns server 39 9 next server 39 9 bootfile 39 10 netbios name server 39 10 netbios node type 39 11 lease 39 11 host 39 12 cl...

Page 22: ...13 show ipv6 interface 41 14 ipv6 default gateway 41 17 show ipv6 default gateway 41 17 ipv6 mtu 41 18 show ipv6 mtu 41 19 show ipv6 traffic 41 19 clear ipv6 traffic 41 25 ping ipv6 41 25 ipv6 neighbo...

Page 23: ...ation originate 42 21 timers spf 42 22 area range 42 23 area default cost 42 24 summary address 42 24 redistribute 42 25 network area 42 26 area stub 42 27 area nssa 42 28 area virtual link 42 30 ip o...

Page 24: ...x A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interface...

Page 25: ...to Egress Queues 13 3 Table 13 2 CoS Priority Levels 13 3 Table 13 3 Mapping IP Precedence 13 8 Table 13 4 Mapping DSCP Priority 13 10 Table 19 1 Address Resolution Protocol 19 8 Table 19 2 ARP Stati...

Page 26: ...2 Port Security Commands 25 24 Table 25 13 802 1X Port Authentication Commands 25 26 Table 25 14 IP Filter Commands 25 35 Table 26 1 Access Control List Commands 26 1 Table 26 2 IPv4 ACL Commands 26 1...

Page 27: ...le 40 4 show vrrp brief display description 40 8 Table 41 1 IP Interface Commands 41 1 Table 41 2 Basic IP Configuration Commands 41 1 Table 41 3 show ipv6 interface display description 41 15 Table 41...

Page 28: ...splay description 42 47 Table 42 17 show ip ospf summary display description 42 48 Table 42 18 show ip ospf interface display description 42 49 Table 42 19 show ip ospf neighbor display description 42...

Page 29: ...Figure 4 16 Configuring the Console Port 4 27 Figure 4 17 Configuring the Telnet Interface 4 29 Figure 4 18 System Logs 4 31 Figure 4 19 Remote Logs 4 32 Figure 4 20 Displaying Logs 4 33 Figure 4 21...

Page 30: ...8 5 LACP Aggregation Port 8 11 Figure 8 6 LACP Port Counters Information 8 13 Figure 8 7 LACP Port Internal Information 8 15 Figure 8 8 LACP Port Neighbors Information 8 16 Figure 8 9 Port Broadcast...

Page 31: ...e 13 8 IP Port Priority Status 13 11 Figure 13 9 IP Port Priority 13 12 Figure 14 1 Configuring Class Maps 14 3 Figure 14 2 Configuring Policy Maps 14 6 Figure 14 3 Service Policy Settings 14 7 Figure...

Page 32: ...ce Settings 20 8 Figure 20 4 RIP Redistribution Configuration 20 10 Figure 20 5 RIP Statistics 20 12 Figure 20 6 OSPF General Configuration 20 18 Figure 20 7 OSPF Area Configuration 20 22 Figure 20 8...

Page 33: ...is section provides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface Introduction 1...

Page 34: ...Getting Started...

Page 35: ...trol Lists Supports up to 256 ACLs 96 MAC rules 96 IP rules and 96 IPv6 rules DHCP Client Relay and Server Supported DNS Client and Proxy service Port Configuration Speed and duplex mode and flow cont...

Page 36: ...so supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the swi...

Page 37: ...eived on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packe...

Page 38: ...0 seconds or more for the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standard by automatically reconfigu...

Page 39: ...ion hassles normally associated with conventional routers Routing for unicast traffic is supported with the Routing Information Protocol RIP and the Open Shortest Path First OSPF protocol RIP This pro...

Page 40: ...a per hop basis Each packet is classified upon entry into the network based on access lists IP Precedence or DSCP values or VLAN lists Using access lists allows you select traffic based on Layer 2 Lay...

Page 41: ...rt Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Pa...

Page 42: ...Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Default...

Page 43: ...y 0 0 0 0 DHCP Client Enabled Relay Disabled Server Disabled DNS Client Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Unicast Routing RIP Disabled OSPF Disa...

Page 44: ...Introduction 1 10 1...

Page 45: ...nection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNM...

Page 46: ...plete the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Conn...

Page 47: ...oard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above Nets...

Page 48: ...ster unit finishes booting up it continues to synchronize configuration information to all of the Slave units in the stack If the Master unit fails or is powered off a new master unit will be selected...

Page 49: ...access However if the unit to which you normally connect for management access fails and there are no active port members on the other units within this VLAN interface then this IP address will no lo...

Page 50: ...p units that are running a different image version For information on downloading firmware see Managing Firmware on page 4 21 or File Management Commands on page 23 10 Basic Configuration Console Conn...

Page 51: ...nter 4 Type username admin password 0 password for the Privileged Exec level where password is your new password Press Enter Note 0 specifies a password in plain text 7 specifies a password in encrypt...

Page 52: ...address is the switch IP address and netmask is the network mask for the network Press Enter 3 Type exit to return to the global configuration mode prompt Press Enter 4 To set the IP address of the de...

Page 53: ...er Then press Enter Address for Multi segment Network Before you can assign an IPv6 address to the switch that will be used to connect to a multi segment network you must obtain the following informat...

Page 54: ...ipv6 address bits The remaining bits are assigned to the host interface Press Enter 4 Type exit to return to the global configuration mode prompt Press Enter 5 To set the IP address of the IPv6 defau...

Page 55: ...face vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp an...

Page 56: ...network containing more than one subnet the switch can be configured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages...

Page 57: ...the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However...

Page 58: ...e are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure...

Page 59: ...up file The three types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files can be selecte...

Page 60: ...Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the...

Page 61: ...1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Enter Console copy running config startup config 23 11 Start...

Page 62: ...Initial Configuration 2 18 2...

Page 63: ...gement Tasks 4 1 Simple Network Management Protocol 5 1 User Authentication 6 1 Access Control Lists 7 1 Port Configuration 8 1 Address Table Settings 9 1 Spanning Tree Algorithm 10 1 VLAN Configurati...

Page 64: ...Switch Management...

Page 65: ...ess on page 2 7 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program Se...

Page 66: ...cts with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu lin...

Page 67: ...7 x This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files 2 You may have to manually refresh the screen after making configuration changes b...

Page 68: ...guration Configures IPv6 interface address and protocol settings 4 9 IPv6 General Prefix Configures IPv6 general prefix for network portion of addresses 4 15 IPv6 ND Neighbor Configures IPv6 neighbor...

Page 69: ...passwords and access levels 6 1 Authentication Settings Configures authentication sequence RADIUS and TACACS 6 2 HTTPS Settings Configures secure HTTP settings 6 5 SSH Secure Shell 6 8 Settings Confi...

Page 70: ...17 Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 8 17 Mirror Port Configuration Sets the source and target ports for mirroring 8 19 Rate Limit 8 20 Input Port Configuration...

Page 71: ...hows the current port members of each VLAN and whether or not the port is tagged or untagged 11 5 Static List Used to create or remove VLAN groups 11 6 Static Table Modifies the settings for an existi...

Page 72: ...each trunk 13 1 Traffic Classes Maps IEEE 802 1p priority tags to output queues 13 3 Traffic Classes Status Enables disables traffic class priorities not implemented NA Queue Mode Sets queue mode to s...

Page 73: ...entries for domain name to address mapping 16 3 Cache Displays cache entries discovered by designated name servers 16 5 DHCP Dynamic Host Configuration Protocol 17 1 Relay Configuration Specifies DHCP...

Page 74: ...and errors 19 19 TCP Shows statistics for TCP including the amount of traffic and TCP connection activity 19 20 Routing 19 21 Static Routes Configures and display static routing entries 19 21 Routing...

Page 75: ...figuration Defines OSPF areas and associated interfaces 20 31 Summary Address Configuration Aggregates routes learned from other protocols for advertising into other autonomous systems 20 33 Redistrib...

Page 76: ...Configuring the Switch 3 12 3...

Page 77: ...agent has been up These additional parameters are displayed for the CLI System Description Brief description of device type MAC Address The physical layer address for this switch Web Server Shows if m...

Page 78: ...ystem 23 7 System Description 24 48 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System OID String 1 3 6 1 4 1 259 8 1 9 System Information System Up Time 0 days 1 hours 28 minutes a...

Page 79: ...main board Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version number of EEPROM Programmable Logic Device Loader Version Version number of...

Page 80: ...es on page 9 1 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the defaul...

Page 81: ...via DHCP by default To manually configure an address you need to change the stack s default settings to values that are compatible with your network You may also need to a establish a default gateway...

Page 82: ...stack are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whether IP fu...

Page 83: ...Apply Figure 4 4 IPv4 Interface Configuration Manual Click IP Global Setting If this stack and management stations exist on other network segments then specify the default gateway and click Apply Figu...

Page 84: ...er reset Figure 4 6 IPv4 Interface Configuration DHCP Note If you lose your management connection make a console connection to the Master unit and enter show ip interface to determine the new stack ad...

Page 85: ...net Management traffic using this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshoo...

Page 86: ...described under Configuring an IPv6 General Network Prefix on page 4 15 When using this method remember that the prefix length specified on the IPv6 Configuration page must include both the length of...

Page 87: ...Configuration Enables stateless autoconfiguration of IPv6 addresses on an interface and enables IPv6 functionality on the interface The network portion of the address is based on prefixes received in...

Page 88: ...oth that specified by the general prefix and any number of subsequent prefix bits that exceed the length of the general prefix Therefore depending on the specified prefix length some of the address bi...

Page 89: ...uired to join the all nodes multicast addresses FF01 1 and FF02 1 for all IPv6 nodes within scope 1 interface local and scope 2 link local respectively FF01 1 16 is the transient node local multicast...

Page 90: ...em IPv6 Configuration IPv6 Configuration Set the IPv6 default gateway specify the VLAN to configure enable IPv6 and set the MTU Then enter a global unicast or link local address and click Add IPv6 Add...

Page 91: ...ent assigned to the general prefix The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the...

Page 92: ...refix Click Add to open the editing fields for a prefix entry Enter a name for the general prefix the value for the general prefix and the prefix length Then click Add to enable the entry Figure 4 8 I...

Page 93: ...detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplicate address detection for all unicast IPv6 addresses on the in...

Page 94: ...received that the forward path was functioning A packet was sent within the last DELAY_FIRST_PROBE_TIME interval If no reachability confirmation is received within this interval after entering the DEL...

Page 95: ...ol settings select a VLAN interface set the number of attempts allowed for duplicate address detection set the interval for neighbor solicitation messages and click Apply To configure static neighbor...

Page 96: ...s FE80 1034 11FF FE11 4321 64 Global unicast address es 2009 DB9 2229 79 subnet is 2009 DB9 2229 0 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF11 4321 104 MTU is 1280 by...

Page 97: ...rames Enable or disable support for jumbo frames and click Apply Figure 4 10 Configuring Support for Jumbo Frames CLI This example enables jumbo frames globally for the switch Managing Firmware You ca...

Page 98: ...ed startup version of this file cannot be deleted Downloading System Software from a Server When downloading runtime code you can specify the destination file name to replace the current image or firs...

Page 99: ...elect System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figu...

Page 100: ...ng config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to r...

Page 101: ...e switch Web Click System File Management Copy Operation Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a fil...

Page 102: ...r input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the...

Page 103: ...the stop bits transmitted per byte Range 1 2 Default 1 stop bit Password1 Specifies a password for the line connection When a connection is started on a line with password protection the system promp...

Page 104: ...interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Passwo...

Page 105: ...parameters for Telnet access then click Apply Figure 4 17 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as required...

Page 106: ...Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the spe...

Page 107: ...s of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This...

Page 108: ...type and set the logging trap Console config logging host 10 1 0 9 23 28 Console config logging facility 23 23 28 Console config logging trap 4 23 29 Console config logging trap Console config exit C...

Page 109: ...ecified SMTP servers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the emai...

Page 110: ...Specifies the email recipients of alert messages You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click Syst...

Page 111: ...each switch in the stack based on the unit identification number You should therefore remember to save the current configuration after renumbering the stack For a line topology the stack is numbered f...

Page 112: ...al clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also...

Page 113: ...o 16 15 58 February 1st 2008 Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an S...

Page 114: ...erate as an SNTP client and then displays the current time and settings Console config sntp client 23 36 Console config sntp poll 16 23 37 Console config sntp server 10 1 0 19 137 82 140 80 128 250 36...

Page 115: ...ime zone to be before east or after west UTC Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after...

Page 116: ...ajor regions of the world To specify the time corresponding to your local time when summer time is in effect select the predefined summer time time zone appropriate for your location Date Mode Sets th...

Page 117: ...nutes your summer time time zone deviates from your regular time zone Offset Summer time offset from the regular time zone in minutes Range 0 99 minutes From Start time for summer time offset To End t...

Page 118: ...Basic Management Tasks 4 42 4...

Page 119: ...uously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as Edge core ECView Acce...

Page 120: ...tview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Communit...

Page 121: ...at acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access...

Page 122: ...t of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a respons...

Page 123: ...available for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The num...

Page 124: ...3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 5 3 Conf...

Page 125: ...asswords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default eng...

Page 126: ...to it See Specifying Trap Managers and Trap Types on page 5 4 and Configuring Remote SNMPv3 Users on page 5 11 A new engine ID can be specified by entering 9 to 64 hexadecimal characters If an odd nu...

Page 127: ...er noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only...

Page 128: ...ed group of a user click Change Group in the Actions column of the users table and select the new group Figure 5 6 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user...

Page 129: ...for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on...

Page 130: ...hen click Delete Figure 5 7 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d re...

Page 131: ...model SNMP v1 v2c or v3 Level The security level used for the group noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication...

Page 132: ...SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent sta...

Page 133: ...two objects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 202 20 57 84 2 1 0 57 This trap is sent when the...

Page 134: ...n click Delete Figure 5 8 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read an...

Page 135: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view W...

Page 136: ...ver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 24 10 Console config exit Console show snmp view 24 11 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile R...

Page 137: ...has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as...

Page 138: ...ly configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication Dial in User Service RADIUS and Terminal Access...

Page 139: ...IUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes A...

Page 140: ...username on page 25 2 Web Click Security Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parame...

Page 141: ...on The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Inter...

Page 142: ...on on this function see Replacing the Default Secure site Certificate on page 6 7 Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply Figure 6 3 HTTPS Settings...

Page 143: ...re Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them...

Page 144: ...station to access the switch for management via the SSH protocol Note The switch supports both SSH Version 1 5 and 2 0 clients Command Usage The SSH server on this switch supports both password and pu...

Page 145: ...32671316 29432532818915045306393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of re...

Page 146: ...thenticated Note The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Generating the Host Key Pair A host pub...

Page 147: ...the host key pair Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page C...

Page 148: ...encrypted public key DSA The switch accepts a DSA version 2 encrypted public key The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and the...

Page 149: ...public key file it is not necessary to first delete the original key from the switch The import process will overwrite the existing key Delete Deletes a selected RSA or DSA public key that has alread...

Page 150: ...FTP server IP address 192 168 1 254 Choose public key type 1 RSA 2 DSA 1 2 2 Source file name admin ssh2 dsa pub key Username admin TFTP Download Success Write to FLASH Programming Success Console sho...

Page 151: ...r Settings CLI This example enables SSH sets the authentication parameters and displays the current configuration It shows that the administrator has made a connection via SHH and then disables this c...

Page 152: ...f MAC addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevent...

Page 153: ...allowed on a port and click Apply Figure 6 8 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count...

Page 154: ...ntains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the...

Page 155: ...2 1X System Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 6 9 802 1X Global Information CLI This example shows the default global setting for 802 1X...

Page 156: ...on Command Attributes Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized p...

Page 157: ...ess table Configured static MAC addresses are added to the secure address table when seen on a switch port Static addresses are treated as authenticated without sending a request to a RADIUS server Wh...

Page 158: ...User Authentication 6 22 6 Web Click Security 802 1X Port Configuration Modify the parameters required and click Apply Figure 6 11 802 1X Port Configuration...

Page 159: ...uth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 25 disabled Single Host ForceAuth...

Page 160: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx E...

Page 161: ...re 6 12 802 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 25 32 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start...

Page 162: ...o five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges...

Page 163: ...estricts management access for Telnet clients Console config management telnet client 192 168 1 19 25 35 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console s...

Page 164: ...User Authentication 6 28 6...

Page 165: ...IP ACLs including Standard and Extended ACLs IPv6 Standard ACLs and IPv6 Extended ACLs For the ES4626F all ports share this quota For the ES4650F ports 1 24 share a quota of 96 rules and ports 25 50...

Page 166: ...n page for the new list Figure 7 1 Selecting ACL Type CLI This example creates a standard IP ACL named bill Configuring a Standard IPv4 ACL Command Attributes Action An ACL can contain any combination...

Page 167: ...ny to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default...

Page 168: ...he control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means t...

Page 169: ...coming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes thr...

Page 170: ...k for source or destination MAC address VID VLAN ID Range 1 4093 VID Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff...

Page 171: ...thernet type is 0800 Configuring a Standard IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Address Type Specifies the source IP address Use Any to...

Page 172: ...9 5 64 Configuring an Extended IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Destination Address Type Specifies the destination IP address Use Any to in...

Page 173: ...ling by IPv6 routers such as non default quality of service or real time service see RFC 2460 Range 0 16777215 A flow label is assigned to a flow by the flow s source node New flow labels must be chos...

Page 174: ...ration Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 3 All...

Page 175: ...s the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port...

Page 176: ...Access Control Lists 7 12 7...

Page 177: ...tatus Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if au...

Page 178: ...ull duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Sho...

Page 179: ...ASE T port or trunk Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled...

Page 180: ...a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10f...

Page 181: ...1 13 27 1 Console config if description RD SW 13 27 2 Console config if shutdown 27 7 Console config if no shutdown Console config if no negotiation 27 4 Console config if speed duplex 100half 27 3 C...

Page 182: ...e trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify t...

Page 183: ...orts and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry f...

Page 184: ...ust be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 8 7...

Page 185: ...enabled trunk ports on another switch to form a trunk Console config interface ethernet 1 1 27 1 Console config if lacp 28 3 Console config if exit Console config interface ethernet 1 6 Console config...

Page 186: ...riority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be...

Page 187: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Page 188: ...nsole config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 28 7 Channel Group...

Page 189: ...oup Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received...

Page 190: ...ormation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be ena...

Page 191: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 28 7 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP Sys...

Page 192: ...ed by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation...

Page 193: ...resolution is 1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port6 Port number Trunk7 Trunk number Type Indicates the port type 1000BASE T SFP or 10G Prot...

Page 194: ...1 Console config if no switchport broadcast 27 7 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 27 7 Console config if end Console...

Page 195: ...ce port when using MSTP see Spanning Tree Algorithm on page 10 1 Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose port traffic will be monitored...

Page 196: ...rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this fe...

Page 197: ...then set the rate limit for the individual interfaces and click Apply Figure 8 11 Rate Limit Configuration CLI This example sets the rate limit for input and output traffic passing through port 1 to...

Page 198: ...at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Pa...

Page 199: ...articular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one colli...

Page 200: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than...

Page 201: ...ort Statistics 8 25 8 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 8 12 Port S...

Page 202: ...rors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal ma...

Page 203: ...can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will b...

Page 204: ...d traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indica...

Page 205: ...kbox select the method of sorting the displayed addresses and then click Query Figure 9 2 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address...

Page 206: ...es disables the aging function Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging tim...

Page 207: ...that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designate...

Page 208: ...commonly configured MSTP bridges An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration...

Page 209: ...hich the root device transmits a configuration message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is...

Page 210: ...ssage a new root port is selected from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The m...

Page 211: ...rward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0001ECF8D8C6 Current Root Port 1 Current Root Cost 100000 Number of Topology Changes 1 Last Topology Change Time sec 1521 Trans...

Page 212: ...that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to pa...

Page 213: ...orts and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing st...

Page 214: ...AN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision10 The revision for this MSTI Range 0 65535 Default 0 Region Name10 The name for this MSTI Ma...

Page 215: ...Configuring Global Settings 10 9 10 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 10 2 STA Global Configuration...

Page 216: ...no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then some of them change stat...

Page 217: ...BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bri...

Page 218: ...itch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port Y...

Page 219: ...onal information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay paramete...

Page 220: ...on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Admin Link Type The link type attached to this interface Point to...

Page 221: ...to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default...

Page 222: ...ree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 10 6 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the V...

Page 223: ...1 followed by settings for each port Console show spanning tree mst 1 33 18 Spanning tree information Spanning Tree Mode MSTP Spanning Tree Enabled Disabled Enabled Instance 1 VLANs Configuration 1 Pr...

Page 224: ...er Path Cost 10000 Priority 128 Designated Cost 0 Designated Port 128 23 Designated Root 32768 1 0000E8900000 Designated Bridge 32768 1 0000E8900000 Fast Forwarding Disabled Forward Transitions 2 Admi...

Page 225: ...n CLI This displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 10 3 the settings for other instances only...

Page 226: ...if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defi...

Page 227: ...detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Web Click Spanning Tree MST...

Page 228: ...22 10 CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 27 1 Console config if spanning tree mst port priority 0 33 17 Console config if spanning tree mst cost...

Page 229: ...erently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 4093 VLANs b...

Page 230: ...e VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VL...

Page 231: ...e same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagg...

Page 232: ...N 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 11 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informatio...

Page 233: ...this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VL...

Page 234: ...ntagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of confi...

Page 235: ...t page to configure VLAN groups based on the port index page 9 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing...

Page 236: ...tagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from a...

Page 237: ...ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 11 6 VLAN Static Membershi...

Page 238: ...frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingr...

Page 239: ...mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the sour...

Page 240: ...ers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN...

Page 241: ...en the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 New SPVLAN tags are added to all incoming packets no matter how many tags they al...

Page 242: ...der s network The TPID must be configured on a per port basis and the verification cannot be disabled 3 If the ether type of an incoming packet single or double tagged is equal to the TPID of the upli...

Page 243: ...ing tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunneling o...

Page 244: ...runk port incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the por...

Page 245: ...hip mode of the port None The port operates in its normal VLAN mode This is the default 802 1Q Tunnel Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer...

Page 246: ...le config if switchport dot1q tunnel mode access 34 15 Console config if interface ethernet 1 3 Console config if switchport dot1q tunnel mode uplink 34 15 Console config if end Console show dot1q tun...

Page 247: ...Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports Ports designated as downlink ports can not communicate with any other ports on the switch except for the...

Page 248: ...1 First configure VLAN groups for the protocols you want to use page 6 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port me...

Page 249: ...configuration screen If you assign interfaces using any of the other VLAN menus such as the VLAN Static Table page 7 or VLAN Static Membership by Port menu page 9 these interfaces will admit traffic o...

Page 250: ...93 Web Click VLAN Protocol VLAN Port Configuration Select a a port or trunk enter a protocol group ID the corresponding VLAN ID and click Apply Figure 11 11 Protocol VLAN Port Configuration CLI The fo...

Page 251: ...LDP globally on the switch Default Disabled Transmission Interval Configures the periodic transmit interval for LLDP advertisements Range 5 32768 seconds Default 30 seconds This attribute must comply...

Page 252: ...lt 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occur between...

Page 253: ...destinations see Specifying Trap Managers and Trap Types on page 5 4 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes...

Page 254: ...r Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address...

Page 255: ...cates the system s administratively assigned name see Displaying System Information on page 4 1 System Description A textual description of the network entity This field is also displayed by the show...

Page 256: ...ent Interface Settings The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Description A string t...

Page 257: ...1000 Stackable Managed Switch with 2 X 10G uplinks System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Typ...

Page 258: ...the specific identifier for the particular chassis in this system Port ID A string that contains the specific identifier for the port from which this LLDPDU was transmitted Port Name A string that ind...

Page 259: ...e particular chassis in this system Port Type Indicates the basis for the identifier that is listed in the Port ID field Port Description A string that indicates the port s description If RFC 2863 is...

Page 260: ...he primary function s of the system which are currently enabled Refer to the preceding table See Table 12 2 System Capabilities on page 12 6 Management Address The IPv4 address of the remote device If...

Page 261: ...e database dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the LLDP remote systems MIB becaus...

Page 262: ...ected directly to this switch switch show lldp info statistics 32 18 LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Cou...

Page 263: ...ount of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recog...

Page 264: ...P enabled remote device attached to a specific port this switch switch show lldp info statistics detail ethernet 1 1 32 18 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invali...

Page 265: ...ted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The def...

Page 266: ...config if switchport priority default 5 35 3 Console config if end Console show interfaces switchport ethernet 1 3 27 11 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP stat...

Page 267: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Pr...

Page 268: ...priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 27 1 Console config queue cos map 0...

Page 269: ...revents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10...

Page 270: ...es and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software application...

Page 271: ...y information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSC...

Page 272: ...Precedence values are mapped one to one to Class of Service values i e Precedence value 0 maps to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various appl...

Page 273: ...1 and then displays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the s...

Page 274: ...e following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a...

Page 275: ...es IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a Co...

Page 276: ...ch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Mapping specific values for IP Port Priority is implemented as an interface configuration command but any...

Page 277: ...ze the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should...

Page 278: ...name and a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class entry Modify th...

Page 279: ...CP value contained in an IPv6 packet Range 0 63 Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffSe...

Page 280: ...gs page 14 7 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6...

Page 281: ...lobits per second Burst byte Burst in bytes Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped or the DSCP service level will be reduced Remove Class Deletes a...

Page 282: ...14 6 14 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 14 2 Conf...

Page 283: ...egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate pol...

Page 284: ...Quality of Service 14 8 14...

Page 285: ...ts and an IGMP enabled device most commonly a multicast router In this way the switch can discover the ports that want to join a multicast group and set its filters accordingly If there is no multicas...

Page 286: ...d In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may...

Page 287: ...ulticast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is...

Page 288: ...he default settings are shown below Figure 15 1 IGMP Configuration CLI This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 3...

Page 289: ...y see Configuring IGMP Snooping and Query Parameters on page 15 3 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should onl...

Page 290: ...r switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to...

Page 291: ...nk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit Range 1 8 Port or Trunk Specifies the interface attached to a...

Page 292: ...rvice Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are...

Page 293: ...ts the VLAN to propagate all multicast traffic coming from the attached multicast router switch Range 1 4093 Multicast IP The IP address for a specific multicast service Unit Stack unit Range 1 8 Port...

Page 294: ...Multicast Filtering 15 10 15...

Page 295: ...m will search it for a corresponding entry If none is found the default domain name is used When an incomplete host name is received by the DNS service on this switch and a domain name list has been s...

Page 296: ...a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 38 3 Console config ip domain list sample com uk 38 3 Co...

Page 297: ...rk devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a...

Page 298: ...ply Figure 16 2 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 3...

Page 299: ...s field includes ADDRESS which specifies the host address for the owner and CNAME which specifies an alias IP The IP address associated with this record TTL The time to live reported by the name serve...

Page 300: ...Domain Name Service 16 6 16...

Page 301: ...switch supports DHCP relay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so that the DHCP serv...

Page 302: ...other network settings such as the domain name default gateway Domain Name Servers DNS Windows Internet Naming Service WINS name servers or information on the bootup file for the host device to downlo...

Page 303: ...changes This can be done on the DHCP Server General page Enabling the Server Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients Co...

Page 304: ...om the matching network address pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hard...

Page 305: ...eway router The IP address of the router should be on the same subnet as the client DNS Server The IP address of the primary and alternate DNS server DNS servers must be configured for a DHCP client t...

Page 306: ...Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add Figure 17 3 DHCP Server Pool Configuration CLI This example adds an address pool and enters DHCP pool configur...

Page 307: ...twork Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 39 6 Console config dhcp network 10 1 0 0 255 255 255 0 39 7 Console config dhcp default router 1...

Page 308: ...st address pool Console config ip dhcp pool mgr 39 6 Console config dhcp host 10 1 0 19 255 255 255 0 39 12 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 39 14 Console config dhcp cl...

Page 309: ...l or after moving DHCP service to another device Entry Count Number of hosts that have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host In t...

Page 310: ...Dynamic Host Configuration Protocol 17 10 17...

Page 311: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Page 312: ...lso enable the preempt feature which allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Command Usage Address A...

Page 313: ...the new master router if the current master fails Preempting the Acting Master The virtual IP Owner has the highest priority so no other router can preempt it and it will always resume control as the...

Page 314: ...er virtual router if it has a higher priority than the acting master virtual router i e a master router that is not the group s address owner or another backup router that has taken over from the prev...

Page 315: ...18 5 18 Virtual Router Redundancy Protocol Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 18 1 VRRP Group Configuration...

Page 316: ...ual router for the group Otherwise enter the virtual address for an existing group to make it a backup router or to compete as the master based on configured priority if no other members are set as th...

Page 317: ...version number VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Web Click IP VRRP Global Statistics Figure 18 3 VRRP Global Statist...

Page 318: ...ceived Priority 0 Packets Number of VRRP packets received by the virtual router with priority set to 0 Error Packet Length Packets Number of packets received with a packet length less than the length...

Page 319: ...er of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority...

Page 320: ...Configuring Router Redundancy 18 10 18...

Page 321: ...ditional routers the static and dynamic routing functions must first be configured to work Initial Configuration By default all ports belong to the same VLAN and the switch provides only Layer 2 funct...

Page 322: ...to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same subnetwork as the source network then the packet can be transmitted directly without the help of a rout...

Page 323: ...et is reformatted and sent out to the destination The reformat process includes decreasing the Time To Live TTL field of the IP header recalculating the IP header checksum and replacing the destinatio...

Page 324: ...to manage the switch in band then you must define the IP subnet address for at least one VLAN Command Attributes IP Routing Status Configures the switch to operate as a Layer 2 switch or as a multilay...

Page 325: ...ither Layer 2 or 3 as required All IP packets are routed directly between local interfaces or indirectly to remote interfaces using either static routing or dynamic routing All other packets for non I...

Page 326: ...sses In other words you will need to specify secondary addresses if more than one IP subnet can accessed via this interface If DHCP BOOTP is enabled the system will immediately start broadcasting serv...

Page 327: ...resses enter these addresses one at a time and click Set IP Configuration after entering each address Figure 19 2 IP Routing Interface CLI This example sets a primary IP address for VLAN 1 and then ad...

Page 328: ...o the final destination If there is no entry for an IP address in the ARP cache the router will broadcast an ARP request packet to all devices on the network The ARP request contains the following fie...

Page 329: ...86400 seconds Default 1200 seconds or 20 minutes The ARP aging timeout can be set for any currently configured VLAN The aging time determines how long dynamic entries remain the cache If the timeout i...

Page 330: ...orks that do not have routing or a default gateway and click Apply Figure 19 3 ARP General CLI This example sets the ARP cache timeout for 15 minutes i e 900 seconds and enables Proxy ARP for VLAN 3 C...

Page 331: ...try may need to be used if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to...

Page 332: ...to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static19 Changes a selected dynamic entry to a static entry Clear All19 Deletes all dynamic entri...

Page 333: ...y in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Entry Count The number of local entries in the ARP cache Consol...

Page 334: ...ess Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other...

Page 335: ...d 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp S...

Page 336: ...default gateways are down Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forwar...

Page 337: ...to feed back information about more suitable routes i e the next hop router to use for a specific destination Routing Discards The number of routing entries which were chosen to be discarded even tho...

Page 338: ...urce Quench messages received sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply...

Page 339: ...too complex too slow or just unnecessary Web Click IP Statistics UDP Figure 19 10 UDP Statistics CLI See the example on page 19 14 Table 19 5 USP Statistics Parameter Description Datagrams Received T...

Page 340: ...SYN SENT state from the CLOSED state Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD sta...

Page 341: ...ce over a dynamic route Static routes are included in RIP and OSPF updates periodically sent by the router if this feature is enabled by the RIP or OSPF see page 20 9 or 20 35 respectively Command Att...

Page 342: ...is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address...

Page 343: ...Table CLI This example shows routes obtained from various methods Console show ip route 42 3 Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 1 0 254 static 1 1 10 1 0 0 255 2...

Page 344: ...IP Routing 19 24 19...

Page 345: ...inks which lead to relevant subnets OSPFv2 Dynamic Routing Protocol OSPF overcomes all the problems of RIP It uses a link state routing protocol to generate a shortest path tree then builds up its rou...

Page 346: ...interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Triggered updates Whenever a route gets changed broadcast an update...

Page 347: ...and receiving protocol messages RIP send receive versions set on the RIP Interface Settings screen page 20 6 always take precedence over the settings for the Global RIP Version Timer Settings The tim...

Page 348: ...lick Apply Figure 20 1 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 42 6 Console config router version 2...

Page 349: ...t field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address are used 192 223 is class C...

Page 350: ...tively Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Usin...

Page 351: ...Does not accept incoming RIP packets This option does not add any dynamic entries to the routing table for an interface Send Version The RIP version to send on an interface RIPv1 Sends only RIPv1 pac...

Page 352: ...receiving interface must use the same password Range 1 16 characters case sensitive Web Click Routing Protocol RIP Interface Settings Select the RIP protocol message types that will be received and s...

Page 353: ...ternal routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another...

Page 354: ...tion metric for static routes and click Set Figure 20 4 RIP Redistribution Configuration CLI This example redistributes static routes and sets the metric for all of these routes to a value of 3 Consol...

Page 355: ...outer database queries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP v...

Page 356: ...Unicast Routing 20 12 20 Web Click Routing Protocol RIP Statistics Figure 20 5 RIP Statistics...

Page 357: ...umber of Queries 0 Console show ip rip configuration 42 16 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compati...

Page 358: ...used to calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 3101 Command Usage OSPF looks at more than just the simple hop c...

Page 359: ...PF area that is not physically attached to the OSPF backbone Virtual links can also be used to provide a redundant link between contiguous areas to prevent areas from being partitioned or to merge bac...

Page 360: ...any OSPF routers in an area exchanging summary information specifically ABRs which have not been upgraded to OSPFv2 RFC 2328 RFC 1583 should be used on the newly upgraded OSPFv2 routers to ensure comp...

Page 361: ...import external routes through RIP or static routes and such a route is known See Redistributing External Routes on page 20 35 External Metric Type22 The external link type used to advertise the defa...

Page 362: ...guration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 42 19 Console config router router id 10 1 1 253...

Page 363: ...en areas you can configure an area as a stub or a not so stubby area NSSA Normal Area A large OSPF domain should be broken up into several areas to increase network stability and reduce the amount of...

Page 364: ...in an OSPF stub area so routes cannot be redistributed from another protocol into a stub area On the other hand an NSSA allows external routes from another protocol to be redistributed into its own a...

Page 365: ...area or not so stubby area NSSA Area ID 0 0 0 0 is set to the backbone by default Default Normal area Default Cost Cost for the default summary route sent into a stub from an area border router ABR Ra...

Page 366: ...area 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default rou...

Page 367: ...ed for several area ranges This router also supports Variable Length Subnet Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs im...

Page 368: ...efault for the area range command is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1...

Page 369: ...Count The number of IP interfaces assigned to this VLAN Note This router supports up 64 OSPF interfaces Detailed Interface Configuration VLAN ID The VLAN corresponding to the selected interface Rtr Pr...

Page 370: ...uter is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic Rtr Dead Interval Sets the interval at which...

Page 371: ...ain text or Message Digest 5 MD5 authentication is enabled as described in the preceding item this password key is inserted into the OSPF header when routing protocol packets are originated by this de...

Page 372: ...Configuration Select the required interface from the scroll down box and click Detailed Settings Figure 20 9 OSPF Interface Configuration Change any of the interface specific protocol parameters and t...

Page 373: ...clude the transit area ID and the router ID for a virtual link neighbor that is adjacent to the backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be...

Page 374: ...y the settings for an existing link click the Detail button for the required entry modify the link settings and click Set Figure 20 11 OSPF Virtual Link Configuration CLI This example configures a vir...

Page 375: ...a by default A normal area can send and receive external Link State Advertisements LSAs If necessary you can use the Area Configuration page to configure an area as a stubby area that cannot send or r...

Page 376: ...OSPF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then click Apply F...

Page 377: ...guration screen view the routes imported into the routing table and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for adver...

Page 378: ...ecify the base address and network mask then click Add Figure 20 13 OSPF Summary Address Configuration CLI This example This example creates a summary address for all routes contained in 192 168 x x C...

Page 379: ...ttributes Redistribute Protocol Specifies the external routing protocol type for which routing information is to be redistributed into the local routing domain Options RIP Static Default RIP Redistrib...

Page 380: ...fer to Configuring OSPF Areas on page 20 19 Command Attributes Area ID Identifier for an not so stubby area NSSA The area ID must be in the form of an IPv4 address Default Information Originate An NSS...

Page 381: ...ds redistribution should be disabled to prevent the NSSA ABR from advertising external routing information learned through routers in other areas into the NSSA Default Enabled Note This router support...

Page 382: ...Area border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an au...

Page 383: ...PF Link State Database Information Specify parameters for the LSAs you want to display then click Query Figure 20 16 OSPF Link State Database Information CLI The CLI provides a wider selection of disp...

Page 384: ...h Rte Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed...

Page 385: ...Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring...

Page 386: ...Unicast Routing 20 42 20...

Page 387: ...ion Commands 25 1 Access Control List Commands 26 1 Interface Commands 27 1 Link Aggregation Commands 28 1 Mirror Port Commands 29 1 Rate Limit Commands 30 1 Address Table Commands 31 1 LLDP Commands...

Page 388: ...Command Line Interface...

Page 389: ...ords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name...

Page 390: ...can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system...

Page 391: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username a...

Page 392: ...es ip IP information ipv6 IPv6 information lacp Show LACP statistic line TTY line information lldp LLDP log Login records logging Show the contents of logging buffers mac MAC access lists mac address...

Page 393: ...m messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of...

Page 394: ...nly a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new co...

Page 395: ...n These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such as parit...

Page 396: ...list ip extended access list mac access list ipv6 standard access list ipv6 extended Console config std acl Console config ext acl Console config mac acl Console config std ipv6 acl Console config ext...

Page 397: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Page 398: ...ally groups multiple ports into a single logical trunk configures Link Aggregation Control Protocol for port trunks 28 1 Mirror Port Mirrors data to another port for analysis without affecting the dat...

Page 399: ...L Access Control List Configuration MST Multiple Spanning Tree CM Class Map Configuration NE Normal Exec DC DHCP Server Configuration PE Privileged Exec GC Global Configuration PM Policy Map Configura...

Page 400: ...Overview of the Command Line Interface 21 12 21...

Page 401: ...and Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 25 3 Table 22 1 General Com...

Page 402: ...Command Mode Privileged Exec Command Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 22 1 configure This c...

Page 403: ...d history buffer The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer w...

Page 404: ...age This command resets the entire system Example This example shows how to reset the switch prompt This command customizes the CLI prompt Use the no form to restore the default prompt Syntax prompt s...

Page 405: ...or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI...

Page 406: ...General Commands 22 6 22 Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username...

Page 407: ...information that uniquely identifies this switch 23 1 System Status Displays system configuration active managers and version information 23 3 Frame Size Enables support for jumbo frames 23 9 File Ma...

Page 408: ...ally starting from the top unit for a non loop stack or starting from the Master unit for a looped stack Syntax switch all renumber Default Setting For non loop stacking the top unit is unit 1 For loo...

Page 409: ...the stack SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances...

Page 410: ...map 00 20 1a df 9c a0 00 20 1a df 9e c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server comm...

Page 411: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP...

Page 412: ...map 00 30 f1 d4 73 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server comm...

Page 413: ...8 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System OID String 1 3 6 1 4 1 259 8 1 9 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE...

Page 414: ...e version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 4 3 for detailed information o...

Page 415: ...the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also whe...

Page 416: ...w file set as the startup file Saving or Restoring Configuration Settings Configuration settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded...

Page 417: ...allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See...

Page 418: ...25 12 Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration settings to a file on the TFTP server The followin...

Page 419: ...e or code image unit Stack unit Range 1 8 Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file na...

Page 420: ...t of files in flash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opc...

Page 421: ...Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size T...

Page 422: ...nfiguration file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration...

Page 423: ...rd Specifies a password on a line LC 23 19 timeout login response Sets the interval that the system waits for a login attempt LC 23 20 exec timeout Sets the interval that the command interpreter waits...

Page 424: ...age There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When us...

Page 425: ...em prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before...

Page 426: ...he connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeo...

Page 427: ...threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Co...

Page 428: ...silent time to 60 seconds enter this command Related Commands password thresh 23 21 databits This command sets the number of data bits per character that are interpreted and generated by the console p...

Page 429: ...age Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the ter...

Page 430: ...d adjust the speed accordingly Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default settin...

Page 431: ...Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To...

Page 432: ...control the type of error messages that are sent to specified syslog servers Example Related Commands logging history 23 27 logging trap 23 29 clear log 23 29 Table 23 8 Event Logging Commands Command...

Page 433: ...Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 23 9 Logging Levels Level...

Page 434: ...the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog s...

Page 435: ...tting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this com...

Page 436: ...Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 and the message...

Page 437: ...MOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 23 11 sh...

Page 438: ...P servers for event handing However you must enter a separate command to specify each server Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and even...

Page 439: ...ges Syntax logging sendmail level level level One of the system message levels page 23 27 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command M...

Page 440: ...email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recip...

Page 441: ...show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabled...

Page 442: ...the sntp poll command Example clock summertime date Configures summer time daylight savings time for the switch s internal clock GC 23 40 clock summertime predefined Configures summer time daylight s...

Page 443: ...cifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues ti...

Page 444: ...nd configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the cur...

Page 445: ...meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Related...

Page 446: ...mer time name Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b month The month when summer time will begin Options january february march april may june...

Page 447: ...esponding to your local time when summer time is in effect you must indicate the number of minutes your summer time time zone deviates from your regular time zone Example Related Commands show clock 2...

Page 448: ...gure the start end and offset times of summer time daylight savings time for the switch on a recurring basis Use the no form to disable summer time Syntax clock summer time name recurring b week b day...

Page 449: ...rom the regular time zone in minutes Range 0 99 minutes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer mon...

Page 450: ...nuary february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how t...

Page 451: ...ommand Function Mode Page snmp server Enables the SNMP agent GC 24 2 show snmp Displays the status of SNMP communications NE PE 24 2 snmp server community Sets up the community access string to permit...

Page 452: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Page 453: ...t stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent en...

Page 454: ...hat describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 24 4 snmp server locatio...

Page 455: ...55 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like com...

Page 456: ...nsure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to net...

Page 457: ...uthentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Page 458: ...P engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also used in combinati...

Page 459: ...server engine id local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBo...

Page 460: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefi...

Page 461: ...mple Network Management Protocol on page 5 1 for further information about these authentication and encryption options readview Defines the view for read access 1 32 characters writeview Defines the v...

Page 462: ...ification Messages on page 5 14 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command...

Page 463: ...tatus active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 24 4 show snmp group display desc...

Page 464: ...of eight characters is required priv des56 Uses SNMPv3 with privacy with DES56 encryption priv password Privacy password Enter as plain text if the encrypted option is not used Otherwise enter an encr...

Page 465: ...ame steve Authentication Protocol md5 Privacy Protocol des56 Storage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt...

Page 466: ...SNMP Commands 24 16 24...

Page 467: ...sswords for management access 25 1 Authentication Sequence Defines logon authentication method and precedence 25 4 RADIUS Client Configures settings for authentication via a RADIUS server 25 6 TACACS...

Page 468: ...d password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fac...

Page 469: ...8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password...

Page 470: ...he password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for...

Page 471: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege...

Page 472: ...r the retransmit period expires host_ip_address IP address of server auth_port RADIUS server UDP port used for authentication messages Range 1 65535 key Encryption key used to authenticate logon acces...

Page 473: ...ey This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon acce...

Page 474: ...his command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server t...

Page 475: ...ost host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Console show radius server Remote RADIUS server configuration Global settings Commun...

Page 476: ...de Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string...

Page 477: ...ort number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Console show tacacs server Remote TACACS server configuration Server IP a...

Page 478: ...l HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Defa...

Page 479: ...fer to the copy command on page 23 11 Example Related Commands ip http secure port 25 13 copy tftp https certificate 23 11 ip http secure port This command specifies the UDP port number used for HTTPS...

Page 480: ...form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port us...

Page 481: ...switch and enable the SSH server Table 25 10 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 25 17 ip ssh timeout Specifies the authentication ti...

Page 482: ...The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA key 1024 35 1341081685609893921040944920155425347631641921872958921143173...

Page 483: ...gorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to...

Page 484: ...ge 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation ph...

Page 485: ...uration Example Related Commands show ip ssh 25 22 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Page 486: ...Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients This command stores the...

Page 487: ...st key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Comm...

Page 488: ...e show ip ssh SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session...

Page 489: ...d by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options fo...

Page 490: ...96954050362775257556251003866130989393834523 1033280214988866192159556859887989191950588394018138744046890877916030583 7768185490002831341625008348718449522087429212255691665655296328163516964 0408315...

Page 491: ...e When port security is enabled with this command the switch first clears all dynamically learned entries from the address table It then starts learning new MAC addresses on the specified port and sto...

Page 492: ...ll dot1x parameters to their default values GC 25 27 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the aut...

Page 493: ...d Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the aut...

Page 494: ...me port Only one of these security mechanisms can be applied 802 1X port authentication cannot be configured on trunk ports In other words a static trunk or dynamically configured trunk cannot be set...

Page 495: ...based auth Allows multiple hosts to connect to this port with each host needing to be authenticated Default Single host Command Mode Interface Configuration Command Usage The max count parameter speci...

Page 496: ...ple dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface C...

Page 497: ...conds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticate...

Page 498: ...ce statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 Command Mode Privileged Exec Command Usage This command displays...

Page 499: ...single or multiple hosts clients can connect to an 802 1X authorized port Max Count The maximum number of hosts allowed to access this port page 25 29 Port control Shows the dot1x mode on a port as au...

Page 500: ...Host Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 Reauth enabled Enabled Reauth period 3600 Quiet period 60 TX period 30 Supplicant timeout 30 Server timeou...

Page 501: ...nagement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be co...

Page 502: ...roup snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Consol...

Page 503: ...ion Page IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code 26 1 IPv6 ACLs Configures ACLs based on IPv6 addresses next header type and flow label...

Page 504: ...ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed...

Page 505: ...sets a filter condition for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no...

Page 506: ...nary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering t...

Page 507: ...st This command displays the rules for configured IPv4 ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Na...

Page 508: ...age A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show i...

Page 509: ...Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you mu...

Page 510: ...ed in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address compr...

Page 511: ...dscp DSCP priority level Range 0 63 flow label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of...

Page 512: ...supports the values defined for the IPv4 Protocol field in RFC 1700 including these commonly used headers 0 Hop by Hop Options RFC 2460 6 TCP Upper layer Header RFC 1700 17 UDP Upper layer Header RFC...

Page 513: ...x no ipv6 access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuratio...

Page 514: ...s list and enters MAC ACL configuration mode Use the no form to remove the specified ACL Syntax no access list mac acl_name acl_name Name of the ACL Maximum length 16 characters Default Setting None C...

Page 515: ...stination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination destination ad...

Page 516: ...itmask Range 1 4093 protocol A specific Ethernet protocol number Range 600 fff hex protocol bitmask27 Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL Command Usage New rul...

Page 517: ...cl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can...

Page 518: ...le Table 26 5 ACL Information Commands Command Function Mode Page show access list Show all IPv4 ACLs and associated rules PE 26 16 show access group Shows the IPv4 ACLs assigned to each port PE 26 17...

Page 519: ...6 show access group This command shows the port assignments of IPv4 ACLs Command Mode Privileged Executive Example Console show access group Interface ethernet 1 2 IP standard access list david MAC ac...

Page 520: ...Access Control List Commands 26 18 26...

Page 521: ...terface configuration IC 27 2 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 27 3 negotiation Enables autonegotiation of a given interf...

Page 522: ...Range 1 64 characters Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The description is displayed by the show interfaces status command page 27 9 and in...

Page 523: ...net Port Channel Command Usage The 1000BASE T and 10GBASE T standards do not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T or 10GBASE T port...

Page 524: ...trol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the RJ 45 ports Example The following example configures port 11 to use autonegotiation R...

Page 525: ...Auto negotiation should always be used to establish a connection over any 1000BASE T or 10GBASE T port or trunk When auto negotiation is enabled with the negotiation command the switch will negotiate...

Page 526: ...l under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Othe...

Page 527: ...sions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast packet rate T...

Page 528: ...k unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset Thi...

Page 529: ...ayed by this command see Displaying Connection Status on page 8 1 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic Information Port Type 1000T Mac Address 12 34 12 34 1...

Page 530: ...Discard Output 0 Error Input 0 Error Output 0 Unknown Protos Input 0 QLen Output 0 Extended iftable Stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like St...

Page 531: ...isabled Ingress Rate Limit Disable 1000M bits per second Egress Rate Limit Disable 1000M bits per second VLAN Membership Mode Hybrid Ingress Rule Disabled Acceptable Frame Type All frames Native VLAN...

Page 532: ...nabled or disabled page 34 3 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged page 34 11 Forbidden VLAN Shows the VLANs this interface can not d...

Page 533: ...be configured in an identical manner including communication mode i e speed and duplex mode VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together inclu...

Page 534: ...be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use...

Page 535: ...CP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails Example The following shows LACP enabled on ports 10 12 Because LACP has also b...

Page 536: ...ame system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiation...

Page 537: ...CP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel g...

Page 538: ...the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key...

Page 539: ...applies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner Example show lacp This command displays LACP in...

Page 540: ...rotocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or a...

Page 541: ...nformation transmitted Aggregation The system considers this link to be aggregatable i e a potential candidate for aggregation Long timeout Periodic transmission of LACPDUs uses a slow transmission ra...

Page 542: ...32768 00 30 F1 8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F 2C A7 4 32768 00 30 F1 8F 2C A7 5 32768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 7 32768 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4...

Page 543: ...iguration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the des...

Page 544: ...Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from por...

Page 545: ...it for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input output rate no rate...

Page 546: ...Rate Limit Commands 30 2 30...

Page 547: ...ge 1 26 50 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static...

Page 548: ...another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this comm...

Page 549: ...addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted whe...

Page 550: ...0000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show ma...

Page 551: ...e after LLDP ports are disabled or the link goes down GC 32 5 lldp tx delay Configures a delay between the successive transmission of advertisements initiated by a change in local LLDP MIB variables G...

Page 552: ...ysical layer specifications IC 32 12 lldp dot3 tlv max frame Configures an LLDP enabled port to advertise its maximum frame size IC 32 13 lldp dot3 tlv poe Configures an LLDP enabled port to advertise...

Page 553: ...d Usage The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner Example lldp notifica...

Page 554: ...ange notification events missed due to throttling or transmission loss Example lldp refresh interval This command configures the periodic transmit interval for LLDP advertisements Use the no form to r...

Page 555: ...port all information in the remote systems LLDP MIB associated with this port is deleted Example lldp tx delay This command configures a delay between the successive transmission of advertisements ini...

Page 556: ...dmin status rx only Only receive LLDP PDUs tx only Only transmit LLDP PDUs tx rx Both transmit and receive LLDP Protocol Data Units PDUs Default Setting tx rx Command Mode Interface Configuration Ethe...

Page 557: ...to advertise the management address for this device Use the no form to disable this feature Syntax no lldp basic tlv management ip address Default Setting Enabled Command Mode Interface Configuration...

Page 558: ...ace Configuration Ethernet Port Channel Command Usage The port description is taken from the ifDescr object in RFC 2863 which includes information about the manufacturer the product name and the versi...

Page 559: ...rnet Port Channel Command Usage The system description is taken from the sysDescr object in RFC 3418 which includes the full name and version identification of the system s hardware type software oper...

Page 560: ...mand Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises the protocols that are accessible through this interface Example lldp dot1 tlv proto vid This command confi...

Page 561: ...tion Ethernet Port Channel Command Usage The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated see switchport native vlan on page 34 1...

Page 562: ...et Port Channel Command Usage This option advertises link aggregation capabilities aggregation status of the link and the 802 3 aggregated port identifier if this interface is currently a link aggrega...

Page 563: ...Interface Configuration Ethernet Port Channel Command Usage Refer to Frame Size Commands on page 23 9 for information on configuring the maximum frame size for this switch Example lldp dot3 tlv poe Th...

Page 564: ...onfiguration summary interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Console config interf...

Page 565: ...nge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Console show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin St...

Page 566: ...stem Name System Description 24 48 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System Capabilities Support Bridge Router System Capabilities Enable Bridge Router Management Address...

Page 567: ...uplinks PortDescr Ethernet Port on unit 1 port 1 SystemCapSupported Bridge Router SystemCapEnabled Bridge Router Remote Management Address 192 168 0 5 IPv4 Remote Port VID 1 Remote Port Protocol VLAN...

Page 568: ...ed Exec Example switch show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entrie...

Page 569: ...ration mode GC 33 7 mst vlan Adds VLANs to a spanning tree instance MST 33 8 mst priority Configures the priority of a spanning tree instance MST 33 9 name Configures the name for the multiple spannin...

Page 570: ...hich automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command selects the spanning tree...

Page 571: ...ation delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after th...

Page 572: ...e must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding...

Page 573: ...d Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports ex...

Page 574: ...lower numeric value becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost me...

Page 575: ...t Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage...

Page 576: ...multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topo...

Page 577: ...the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priori...

Page 578: ...panning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Con...

Page 579: ...nstances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the...

Page 580: ...ds 65 535 the default is set to 65 535 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between d...

Page 581: ...ts on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority...

Page 582: ...ple Related Commands spanning tree portfast 33 14 spanning tree portfast This command sets an interface to fast forwarding Use the no form to disable fast forwarding Syntax no spanning tree portfast D...

Page 583: ...to Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can...

Page 584: ...mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021D 2004 standard exceeds 65 535 the default is set to 65 535 The default path costs are listed in...

Page 585: ...n interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link...

Page 586: ...nge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mode...

Page 587: ...ed Root 32768 0 0000E8900000 Current Root Port 2 Current Root Cost 10000 Number of Topology Changes 2 Last Topology Change Time sec 4100 Transmission Limit 3 Path Cost Method Long Eth 1 1 information...

Page 588: ...ation This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configuration...

Page 589: ...Groups Sets up VLAN groups including name VID and state 34 5 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP...

Page 590: ...switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information...

Page 591: ...ows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting...

Page 592: ...Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media...

Page 593: ...rp timer 34 4 Editing VLAN Groups vlan database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration Con...

Page 594: ...elete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed...

Page 595: ...lan Table 34 4 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 34 7 switchport mode Configures VLAN membe...

Page 596: ...link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as t...

Page 597: ...n set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged fra...

Page 598: ...fault Syntax switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4093 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethe...

Page 599: ...nk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used w...

Page 600: ...and prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbid...

Page 601: ...characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Stat...

Page 602: ...is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 34 16 5 Config...

Page 603: ...sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode Syntax no dot1q tunnel system tunnel control Default Setting Disabled Command Mode Global Configuration Command...

Page 604: ...t1q tunnel 34 17 show interfaces switchport 27 11 switchport dot1q tunnel tpid This command sets the Tag Protocol Identifier TPID value of a tunnel port Use the no form to restore the default setting...

Page 605: ...ports Command Mode Privileged Exec Example Related Commands switchport dot1q tunnel mode 34 15 Console config interface ethernet 1 1 Console config if switchport dot1q tunnel tpid 9100 Console config...

Page 606: ...e downlink ports can only be forwarded to and from the uplink port Data cannot pass between downlink ports in the same private VLAN nor to ports which do not belong to a private VLAN Any port can be d...

Page 607: ...how pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 12 down link ethernet 1 5 8 Console config...

Page 608: ...he protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protoco...

Page 609: ...47483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4093 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Ch...

Page 610: ...ll protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet show interfaces protocol vlan protocol group This command shows the ma...

Page 611: ...de Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Po...

Page 612: ...VLAN Commands 34 24 34...

Page 613: ...ntagged frames sets queue weights and maps class of service tags to hardware queues 35 1 Priority Layer 3 and 4 Sets the default priority processing method CoS IP Precedence or DSCP and maps TCP ports...

Page 614: ...d Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed b...

Page 615: ...his priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight prior...

Page 616: ...ed to each queue by calculating a precise number of bytes per second that will be serviced on each round The granularity used to calculate this number is based on a unit of 2k bytes The bytes serviced...

Page 617: ...lues assigned at the ingress port are also used at the egress port This command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one...

Page 618: ...rt number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interf...

Page 619: ...mapping globally Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console Table 35 4 Priority Commands Layer 3 and 4 Command Func...

Page 620: ...an be specified for IP Port priority mapping This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Glob...

Page 621: ...ion Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Serv...

Page 622: ...t switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable...

Page 623: ...EE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP v...

Page 624: ...ce ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Related Commands map ip precedence Global Configu...

Page 625: ...ge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 35 10 map ip dscp Interface Configuratio...

Page 626: ...Class of Service Commands 35 14 35...

Page 627: ...ass and use the policer command to monitor the average flow and burst rate and drop Table 36 1 Quality of Service Commands Command Function Mode Page class map Creates a class map for a type of traffi...

Page 628: ...p class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the Class...

Page 629: ...within ingress packets that must match to qualify for this class map If an ingress packet matches an ACL specified by this command any deny rules included in the ACL will be ignored If match criteria...

Page 630: ...ion This command specifies the description of a class map or policy map Syntax description string string Description of the class map or policy map Range 1 64 characters Command Mode Class Map Configu...

Page 631: ...assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that...

Page 632: ...the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any viola...

Page 633: ...288 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of profile packets Command Mode Policy Map Class Co...

Page 634: ...t traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port C...

Page 635: ...licy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name...

Page 636: ...rnet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_cl...

Page 637: ...t groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 37 1 IGMP Query Configures IGMP...

Page 638: ...ne Command Mode Global Configuration Command Usage Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only...

Page 639: ...the default Syntax no ip igmp snooping immediate leave Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage If immediate leave is not used a multicast router or querier wi...

Page 640: ...st address Syntax show mac address table multicast interface user igmp snooping user igmp snooping multicast address interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26...

Page 641: ...tax no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2...

Page 642: ...ault Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sen...

Page 643: ...ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 25 Default Setting 10 seconds Command Mode Glo...

Page 644: ...port expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range...

Page 645: ...er ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP quer...

Page 646: ...router vlan vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types display...

Page 647: ...Corresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 38 1 DNS Commands Command Function Mode Page...

Page 648: ...get device Example This example maps two address to a host name clear host This command deletes entries from the DNS table Syntax clear host name name Name of the host Range 1 127 characters Removes a...

Page 649: ...p domain list 38 3 ip name server 38 4 ip domain lookup 38 5 ip domain list This command defines a list of domain names that can be appended to incomplete host names i e host names passed from a clien...

Page 650: ...This command specifies the address of one or more domain name servers to use for name to address resolution Use the no form to remove a name server from this list Syntax no ip name server server addr...

Page 651: ...tax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DN...

Page 652: ...Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end...

Page 653: ...199 239 136 200 1 4 Address a1116 x akamai net 19 61 213 189 120 2 4 Address a1116 x akamai net 19 61 213 189 104 3 4 CNAME graphics8 nytimes com 19 POINTER TO 2 4 4 CNAME graphics478 nytimes com edg...

Page 654: ...e Service Commands 38 8 38 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMA...

Page 655: ...P client identifier for the current interface Use the no form to remove this identifier Syntax ip dhcp client identifier text text hex hex no ip dhcp client identifier text A text string Range 1 15 ch...

Page 656: ...TP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network port...

Page 657: ...it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcas...

Page 658: ...HCP server Range 1 3 addresses Default Setting None Command Mode Interface Configuration VLAN Usage Guidelines You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP...

Page 659: ...Server DNS servers available to a DHCP client DC 39 9 next server Configures the next server in the boot process of a DHCP client DC 39 9 bootfile Specifies a default boot image for a DHCP client DC 3...

Page 660: ...ay be assigned Command Mode Global Configuration Example ip dhcp pool This command configures a DHCP address pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool Synt...

Page 661: ...network address pool matching the gateway where the request originated i e if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded...

Page 662: ...ter should be on the same subnet as the client You can specify up to two routers Routers are listed in order of preference starting with address1 as the most preferred router Example domain name This...

Page 663: ...nnot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred server Example next server This command configures the next server in t...

Page 664: ...command configures NetBIOS Windows Internet Naming Service WINS name servers that are available to Microsoft DHCP clients Use the no form to remove the NetBIOS name server list Syntax netbios name ser...

Page 665: ...that an IP address is assigned to a DHCP client Use the no form to restore the default value Syntax lease days hours minutes infinite no lease days Specifies the duration of the lease in numbers of d...

Page 666: ...if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the int...

Page 667: ...hexadecimal value Default Setting None Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client ide...

Page 668: ...et Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifi...

Page 669: ...vice to another device Example Related Commands show ip dhcp binding 39 15 show ip dhcp binding This command displays address bindings on the DHCP server Syntax show ip dhcp binding address address Sp...

Page 670: ...DHCP Commands 39 16 39...

Page 671: ...it has a higher priority than the currently active master router Table 40 1 Router Redundancy Commands Command Groups Function Page Virtual Router Redundancy Protocol Configures interface settings for...

Page 672: ...within the same IP subnet If the IP address assigned to the virtual router with this command is already configured as the primary address on this interface this router is considered the Owner and wil...

Page 673: ...en a VRRP packet is received from another router in the group its authentication key is compared to the string configured on this router If the keys match the message is accepted Otherwise the packet...

Page 674: ...her than the current acting master comes on line this backup router will take over as the new acting master However note that if the original master i e the owner of the VRRP IP address comes back on...

Page 675: ...over as the master virtual router for a VRRP group if it has a higher priority than the current acting master router Use the no form to disable preemption Syntax vrrp group preempt delay seconds no vr...

Page 676: ...ry information for all VRRP groups on this router group Identifies a VRRP group Range 1 255 Defaults None Command Mode Privileged Exec Command Usage Use this command without any keywords to display th...

Page 677: ...the virtual IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the cur...

Page 678: ...n Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Virtual address that identifies this VRRP group Int Interval at which the ma...

Page 679: ...y items Console show vrrp router counters Total Number of VRRP Packets with Invalid Checksum 0 Total Number of VRRP Packets with Unknown Error 0 Total Number of VRRP Packets with Invalid VRID 0 Consol...

Page 680: ...his command clears VRRP system statistics for the specified group and interface clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configur...

Page 681: ...network segment if routing is not enabled This section includes commands for configuring IP interfaces the Address Resolution Protocol ARP and Proxy ARP These commands are used to connect subnetworks...

Page 682: ...NE PE 41 14 ipv6 default gateway Sets an IPv6 default gateway for traffic with no known next hop GC 41 17 show ipv6 default gateway Displays the current IPv6 default gateway NE PE 41 17 ipv6 mtu Sets...

Page 683: ...rds a router interface address defines the network segment that is connected to that interface and allows IP packets to be sent to or from the router Before any network interfaces are configured on th...

Page 684: ...a any of these IP addresses Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart client 39 2 ipv6 address 41 9 ip default gateway This command...

Page 685: ...1 14 show ip redirects This command shows the IPv4 default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 41 4 show ip...

Page 686: ...ne to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indic...

Page 687: ...address type makes the router accessible over IPv6 for all devices attached to the same local subnet If a duplicate address is detected on the local segment this interface will be disabled and a warn...

Page 688: ...ndefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No gene...

Page 689: ...eral prefix if one is used followed by the host address bits The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One doub...

Page 690: ...ui 64 41 12 ipv6 address autoconfig 41 10 show ipv6 interface 41 14 ip address 41 3 ipv6 address autoconfig This command enables stateless autoconfiguration of IPv6 addresses on an interface and enabl...

Page 691: ...ll attempt to acquire other non address configuration information such as a default gateway from a DHCP for IPv6 server Example This example assigns two dynamic global unicast address of 2005 212 CFFF...

Page 692: ...erate a global unicast address and a link local address for this interface The link local address is made with an address prefix of FE80 and a host portion based the router s MAC address in modified E...

Page 693: ...rface Use the no form with a specific address to remove it from the interface Syntax ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address assigned...

Page 694: ...usability and configured settings for IPv6 interfaces Syntax show ipv6 interface brief vlan vlan id ipv6 prefix prefix length brief Displays a brief summary of IPv6 operational status and the address...

Page 695: ...1 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF19 6779 104 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND retransmit interval is 1000 milliseconds Console Table 41 3 show ipv6 interface...

Page 696: ...lso required to compute and join the associated solicited node multicast addresses for every unicast and anycast address it is assigned IPv6 addresses that differ only in the high order bits e g due t...

Page 697: ...Configuration Command Usage The gateway specified in this command is only valid if routing is disabled with the no ip routing command If IP routing is disabled you must define a gateway if the target...

Page 698: ...from this device This option is provided to ensure that all nodes on a link use the same MTU value in cases where the link MTU is not otherwise well known IPv6 routers do not fragment IPv6 packets fo...

Page 699: ...tistics Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6 141D Console Table 41 4 show ipv6 mtu display description Field Description MTU Adju...

Page 700: ...meter option 0 hopcount expired 0 reassembly timeout 0 too big 0 echo request 0 echo reply 0 group query 0 group report 0 group reduce 0 router solicit 0 router advert 0 redirects 0 neighbor solicit 0...

Page 701: ...ol This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams not a router The number of input da...

Page 702: ...that have been generated as a result of fragmentation at this output interface fragmented failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this outp...

Page 703: ...erface group query The number of ICMPv6 Group Membership Query messages received by the interface group report The number of ICMPv6 Group Membership Response messages received by the interface group r...

Page 704: ...ce redirects The number of Redirect messages sent For a host this object will always be zero since hosts do not send redirects neighbor solicit The number of ICMP Neighbor Solicitation messages sent b...

Page 705: ...le colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields host name The name the IPv6 device to ping A host name can be resolved into an IPv...

Page 706: ...ample Related Commands ping 41 6 ipv6 neighbor This command configures a static entry in the IPv6 neighbor discovery cache Use the no form to remove a static entry from the cache Syntax ipv6 neighbor...

Page 707: ...ipv6 enable command see page 41 7 deletes all dynamically learned entries in the IPv6 neighbor discovery cache for that interface but does not delete static entries Example The following maps a static...

Page 708: ...ion for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a tentative state If no dupl...

Page 709: ...sed for neighbor discovery operations 0 milliseconds is advertised in router advertisements Command Mode Interface Configuration VLAN Command Usage When a non default value is configured the specified...

Page 710: ...d 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting All IPv6 neighbor discovery ca...

Page 711: ...hbor was functioning While in REACH state the device takes no special action when sending packets STALE More than the ReachableTime interval has elapsed since the last positive confirmation was receiv...

Page 712: ...ed IP address The format for this address is xx xx xx xx xx xx Default Setting No default entries Command Mode Global Configuration Command Usage The ARP cache is used to map 32 bit IP addresses into...

Page 713: ...c entry remains in the ARP cache Range 300 86400 86400 is one day Default Setting 1200 seconds 20 minutes Command Mode Global Configuration Command Usage When a ARP entry expires it is deleted from th...

Page 714: ...ows each cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router Example This example display...

Page 715: ...the MAC address of a host on another subnet or network End stations that require Proxy ARP must view the entire network as a single network These nodes must therefore use a smaller subnet mask than t...

Page 716: ...IP Interface Commands 41 36 41...

Page 717: ...Use the no form to disable IP routing Syntax no ip routing Default Setting Enabled Table 42 1 IP Routing Commands Command Group Function Page Global Routing Configuration Configures global parameters...

Page 718: ...ork mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets default Sets this entry as the default route gateway IP address of the gateway use...

Page 719: ...local interface Use the no ip route command to remove a static route Example show ip route This command displays information in the IP routing table Syntax show ip route config address netmask config...

Page 720: ...outer Netmask Network mask for the associated IP subnet Next Hop IP address of the next hop or gateway used for this route Protocol The protocol which generated this route information Values static lo...

Page 721: ...0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestam...

Page 722: ...outes from one routing domain to another RC 42 11 ip rip receive version Sets the RIP receive version to use on a network interface IC 42 12 ip rip send version Sets the RIP send version to use on a n...

Page 723: ...s It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistributed into RIP For example if a met...

Page 724: ...meout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable Howev...

Page 725: ...xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network addr...

Page 726: ...ip rip send version command will be set to the following values RIP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol mes...

Page 727: ...must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a hi...

Page 728: ...e this command to override the global setting specified by the RIP redistribute command You can specify the receive version based on these options Use none if you do not want to add any dynamic entrie...

Page 729: ...ceive version based on these options Use none to passively monitor route information advertised by other routers attached to the network Use 1 or 2 if all routers in the local network are based on RIP...

Page 730: ...etrics to infinity This provides faster convergence Example This example propagates routes back to the source using poison reverse ip rip authentication key This command enables authentication for RIP...

Page 731: ...MD5 authentication Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentication key c...

Page 732: ...n about the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Console config interf...

Page 733: ...ode RIP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison rever...

Page 734: ...Area Configuration network area Assigns specified interface to an area RC 42 26 area stub Defines a stubby area that cannot send or receive LSAs RC 42 27 area nssa Defines a not so stubby that can im...

Page 735: ...outing processes PE 42 39 show ip ospf border routers Displays routing table entries for Area Border Routers ABR and Autonomous System Boundary Routers ASBR PE 42 40 show ip ospf database Shows inform...

Page 736: ...the router ID you cannot be set to 0 0 0 0 or 255 255 255 255 If this router already has registered neighbors the new router ID will be used when the router is rebooted or manually restarted by enteri...

Page 737: ...rates a default external route into an autonomous system Use the no form to disable this feature Syntax default information originate always metric interface metric metric type metric type no default...

Page 738: ...cost is only used as a tie breaker if several Type 2 routes have the same cost Example This example assigns a metric of 20 to the default external route advertised into an autonomous system sending i...

Page 739: ...Setting Disabled Command Usage This command can be used to summarize intra area routes and advertise this information to other areas through Area Border Routers ABRs If the network addresses within a...

Page 740: ...fault Setting 1 Command Usage Use this option only on an area border router attached to a stub area or NSSA If the default cost is set to 0 the router will not advertise a default route into the attac...

Page 741: ...his command redistributes external routing information from other routing protocols and static routes into an autonomous system Use the no form to disable this feature or to restore the default settin...

Page 742: ...S is equal to the cost associated with reaching the advertising ASBR plus the cost of the external route When a Type 2 LSA is received by a router it only uses the external route metric to determine r...

Page 743: ...ed in subsequent network area commands the router will use the network area with the address range that most closely matches the interface address Also note that if a more specific address range is re...

Page 744: ...ABR This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 2 0 0 and assigns all interfaces with class B addresses 10 2 x x to...

Page 745: ...e AS into the NSSA using the default information originate keyword However an NSSA is different from a stub because when the router is an ASBR it can import a default external AS route for routing pro...

Page 746: ...fy the authentication field in protocol message headers A separate password can be assigned to each network interface However this key must be the same for all neighboring routers on the same network...

Page 747: ...ted by this amount before transmission This value must be the same for all routers attached to an autonomous system Range 1 3600 seconds Default 1 seconds Command Mode Router Configuration Default Set...

Page 748: ...ssword or key All neighboring routers on the same network with the same password will exchange routing data This command creates a password key that is inserted into the OSPF header when routing proto...

Page 749: ...ring routers to verify the authenticity of routing protocol messages Use the no form to remove the password Syntax ip ospf authentication key key no ip ospf authentication key key Sets a plain text pa...

Page 750: ...e with the ip ospf authentication command configure the message digest key id and key with this command Normally only one key is used per interface to generate authentication information for outbound...

Page 751: ...ter link state advertisements Routes are assigned a metric equal to the sum of all metrics for each interface link in the route Interface cost reflects the port speed This router uses a default cost o...

Page 752: ...pf hello interval command Command Usage The dead interval is advertised in the router s hello packets It must be a multiple of the hello interval and be the same for all routers on a specific network...

Page 753: ...orms an active adjacency to all other routers in the network segment to exchange routing topology information If for any reason the DR fails the BDR takes over this role Set the priority to zero to pr...

Page 754: ...an adequate flow of routing information but does not produce unnecessary protocol traffic Note that this value should be larger for virtual links Set this interval to a value that is greater than the...

Page 755: ...ole config interface vlan 1 Console config if ip ospf transmit delay 6 Console config if Console show ip ospf Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route It is an area borde...

Page 756: ...Area SPF No 10 1 1 252 10 1 1 253 0 ABR INTRA 10 1 0 0 3 10 2 6 252 10 2 9 253 0 ASBR INTER 10 2 0 0 7 Console Table 42 10 show ip ospf border routers display description Field Description Destination...

Page 757: ...originate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router i...

Page 758: ...52 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 28 0X80000001 0X53E1 Console Table...

Page 759: ...Network Mask 255 255 255 0 Metric 1 Console Table 42 12 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilit...

Page 760: ...a 2 1 1 0 0 0 Total LSA Counts 4 Console Table 42 13 show ip ospf database summary display description Field Description Area ID Area identifier Router Number of router LSAs Network Number of network...

Page 761: ...associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Num...

Page 762: ...outer 10 1 1 253 Console Table 42 15 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the...

Page 763: ...er display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Router Link LSA describes the router s inte...

Page 764: ...r 80000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 42 17 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in...

Page 765: ...atus of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which this interface belongs Router ID Router ID Network Type Includes br...

Page 766: ...router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet b...

Page 767: ...Commands area virtual link 42 30 Console show ip ospf summary address 10 1 0 0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Tran...

Page 768: ...IP Routing Commands 42 52 42...

Page 769: ...Section IV Appendices This section provides additional information on the following topics Software Specifications A 1 Troubleshooting B 1 Glossary Index...

Page 770: ...Appendices...

Page 771: ...Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static...

Page 772: ...g groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading T...

Page 773: ...F RFC 2328 2178 1587 RADIUS RFC 2618 RIP RFC 1058 RIPv2 RFC 2453 RIPv2 extension RFC 1724 RMON RFC 2819 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 3410 2273 3411 3415 SNTP RFC...

Page 774: ...1 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP...

Page 775: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Page 776: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 777: ...ce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP...

Page 778: ...ation Protocol over LAN EAPOL EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and password...

Page 779: ...Spanning Tree Protocol RSTP which reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Now incorporated in IEEE 802 1D 2004 IEEE...

Page 780: ...edence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The eight values are mapped one to one to the Clas...

Page 781: ...or radio Open Shortest Path First OSPF OSPF is a link state routing protocol that functions better over a larger network such as the Internet as opposed to distance vector routing protocols such as R...

Page 782: ...about 10 of that required by the older IEEE 802 1D STP standard Routing Information Protocol RIP The RIP protocol seeks to find the shortest route to another device by minimizing the distance vector...

Page 783: ...reenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not have daylight saving time User Datagram Protocol UDP UDP provides a datagram mode for pac...

Page 784: ...hich has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down XModem A protocol used to transfer files between devices Data is grouped in 128 byt...

Page 785: ...ommand line interface See CLI community string 2 13 5 3 24 3 configuration files restoring defaults 4 24 23 10 configuration settings saving or restoring 2 16 4 24 23 10 23 11 console port required co...

Page 786: ...2 1X 6 18 25 26 IGMP groups displaying 15 8 37 4 immediate leave status 15 5 37 4 Layer 2 15 2 37 1 query 15 2 37 5 query Layer 2 15 3 37 5 snooping 15 2 37 1 snooping configuring 15 3 37 1 snooping i...

Page 787: ...attributes 12 3 32 1 32 6 32 13 message statistics 12 11 32 18 message timing 12 1 32 3 32 5 remote information displaying 12 9 32 16 remote port information displaying 12 8 32 16 timing attributes co...

Page 788: ...g 8 19 29 1 priority default port ingress 13 1 35 3 problems troubleshooting B 1 protocol migration 10 15 33 17 proxy ARP 19 9 41 35 Q QinQ Tunneling See 802 1Q QoS 14 1 36 1 Quality of Service See Qo...

Page 789: ...switch settings saving or restoring 23 10 system clock setting 4 36 4 37 23 35 system clock summer time 4 40 23 40 23 41 23 42 system clock time zone 4 39 23 39 system mode normal or QinQ 11 16 34 15...

Page 790: ...roup statistics 18 8 40 6 preemption 18 3 18 4 40 5 priority 18 3 18 4 40 3 protocol message statistics 18 7 40 9 timers 18 4 40 4 virtual address 18 2 18 4 40 2 W web interface access requirements 3...

Page 791: ......

Page 792: ...ES4626F ES4650F E062009 R01 ST 149100000013A...

Reviews:

No comments

Related manuals for ES4626F

Brand: ABB Pages: 32

Brand: ABB Pages: 44

Brand: ABB Pages: 15

Brand: NEC Pages: 168

Brand: A SYSTEMS Pages: 16

Brand: Accedian Pages: 2

MMAC-Plus 9H423-26

Brand: Cabletron Systems Pages: 14

Gigabit Switch 8

Brand: 3Com Pages: 2

Brand: Perel Pages: 4

Brand: IPGARD Pages: 2

START-LINE AGC-3500

Brand: Trust Pages: 16

Brand: S&S Northern Pages: 8

Brand: Microsonic Pages: 2

Mini Hub 5 port

Brand: Sandberg Pages: 12

InSwitch ISM-P Series

Brand: InHand Pages: 81

Brand: SEH Pages: 40

Brand: Linksys Pages: 2

Brand: Stahl Pages: 58

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands