ELTEX MES1000 Operation Manual Download Page 135

Page: 135 / 231

MES1000, MES2000 Ethernet Switches

135

5.19.3

protocol

protocol provides centralized security system for authentication of users gaining access to

the device, while ensuring compatibility with RADIUS and other authentication processes.
provides the following services:

Authentication.

Used during login with usernames and passwords specified by users.

Authorization.

Used during login. After the authentication session has been completed,

authorization session will start with the verified username; user privileges will be verified by
the server.

Global configuration mode commands

Command line request in global configuration mode appears as follows:

console(config)#

Table 5.143 —Global configuration mode commands

Command

Value/Default value

Action

tacacs-server

host

{

ip_address

hostname

}

[single-connection]
[port

port

]

[timeout

timeout

]

[key

secret_key

]

[encrypted key

encrypted_key

]

[source

source_ip_address

]

[priority

priority

]

hostname: (1..158)

characters

port: (0..65535)/49

timeout: (1..30) seconds

retries: (1..10)

time (0..2000) minutes

key: (0..128) characters

encrypted_key: [0..128]

characters

priority: (0..65535)/0

Add the selected server into the list of utilized TACACS servers.
-

ip_address

—TACACS server IP address

hostname

—TACACS server network name

single connection

—restrict the number of connections for

data exchange with TACACS server to only one at a time
-

port

—port number for data exchange with TACACS server

timeout

—server response interval

- secret_key

—authentication and encryption key for TACACS

data exchange
-

encrypted_key

—encrypted uthentication and encryption key

for TACACS data exchange
-

source ip_address

—IP address used as the default source

address being sent in TACACS protocol messages
-

priority

—TACACS server utilization priority (the lower the

value, the higher the server priority)
If

timeout

retries, time, secret_key, source_ip-addr

parameters are missing from the command, the current
RADIUS server use values configured with the relevant global
commands.

no tacacs-server host
{

ip_address

hostname

}

Remove the selected server from the list of utilized TACACS
servers.

tacacs-server key [

key

]

(0..128) characters/

default key is an empty

string

Define the default key for authentication and encryption of
TACACS data exchange between the device and TACACS
environment.

no tacacs-server key

Restore the default value.

tacacs-server timeout

timeout

(1..30)/5 seconds

Define the default server response interval.

no tacacs-server timeout

Set the default value.

tacacs-server source-ip

source_ip_address

Define the switch IP address used by default for message
exchange with TACACS server

no tacacs-server source-ip

source_ip_address

Define the switch interface IP address utilization for message
exchange with TACACS server

EXEC mode commands

Command line request in EXEC mode appears as follows:

console#

Summary of Contents for MES1000

Page 1: ...L2 Fast Ethernet and Gigabit Ethernet Managed Switches MES1000 MES2000 Operation Manual Firmware Version 1 1 42 ...

Page 2: ... 1 Ethernet and Port Channel interface parameters 5 10 2 VLAN interface configuration 5 16 4 Loopback detection mechanism 5 16 5 STP protocol family STP RSTP MSTP 5 16 6 Flex link function configuration 5 16 11 CFM protocol configuration 5 19 2 RADIUS protocol 5 19 4 Simple network management protocol SNMP 5 26 2 2 Advanced authentication 5 26 3 DHCP protocol management and Options 82 5 27 DHCP Re...

Page 3: ... 3 MAC ACL Configuration Version 2 3 05 07 2013 Added chapters 6 27 Configuration of Protection from DoS Attacks Changes in chapters Appendix А Samples of use and configuration of device Version 2 2 18 06 2013 Added chapters 5 14 9 OAM protocol configuration 5 14 10 CFM protocol configuration Changes in chapters 4 1 Terminal configuration 5 9 Broadcast storm control 5 17 1 ААА mechanism 5 17 7 1Te...

Page 4: ...ing configuration in VLAN 5 18 4 Added description of SNMP trap messages configuration on ports 5 20 Added description of remote mirroring configuration 5 23 3 Added description of DHCP Option 82 format configuration Added chapters 5 23 6 MAC Address Notification function configuration Version 1 3 10 09 2012 Changes in chapters 5 22 Physical diagnostics functions Version 1 2 21 08 2012 Added descr...

Page 5: ...ION 29 3 1 Support brackets mounting 29 3 2 Device rack installation 29 3 3 Battery connection to MES1124MB MES2124MB 31 3 4 SFP transceiver installation and removal 31 3 5 Connection to Power Supply 32 4 DEVICE STARTUP INITIAL CONFIGURATION 33 4 1 Configuring the Terminal 33 4 2 Turning off the device 33 4 3 Configuration procedure 35 4 3 1 Stackable Mode Selection 35 4 3 2 Initial Configuration ...

Page 6: ...ressing 115 5 18 1 Multicast addressing rules 115 5 18 2 IGMP snooping function 120 5 18 3 MLD snooping multicast traffic control protocol for IPv6 networks 124 5 18 4 Multicast traffic restriction functions 126 5 18 5 RADIUS Authorization of IGMP Queries 127 5 19 Control functions 129 5 19 1 AAA mechanism 129 5 19 2 RADIUS protocol 133 5 19 3 TACACS protocol 135 5 19 4 Simple network management p...

Page 7: ... Attacks 206 5 33Quality of Services QoS 207 5 33 1 QoS Configuration 207 5 33 2 QoS Statistics 213 6 SERVICE MENU CHANGE OF SOFTWARE 215 6 1 Startup Menu 215 6 2 Update of software from TFTP server 217 6 2 1 System software update 217 6 2 2 Update of loading file of the device initial loader 218 APPENDIX A SAMPLES OF USE AND CONFIGURATION OF DEVICE 220 Configuration of multiple spanning trees MST...

Page 8: ...d parameters that should be replaced with the appropriate word or string are written in Calibri Italic Semibold font Notes and warnings are written in semibold font Semibold italic Keyboard keys are written in semibold italic and enclosed in angle brackets Courier New Examples of command entry are written in Courier New semibold Courier New Results of command execution are written in Courier New f...

Page 9: ...high transfer rates Gigabit Ethernet GE data transfer technologies are widely used High speed data transmission especially in large scale networks requires a network topology that will allow flexible distribution of high speed data flows MES1000 MES2000 series switches could be used in large enterprise networks SMB networks and operator s networks They provide high performance flexibility security...

Page 10: ...network switches are equipped with 4 electric ports Gigabit Ethernet with PoE support 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation combo ports 2 Gigabit Ethernet optical ports and 2 Gigabit Ethernet electric ports The combined ports may have only one active interface at the same time In case of simultaneous connections the interface with SFP transceiver will be act...

Page 11: ... to many or many to many data distribution Thus the frame addressed to the multicast group will be transmitted to each port of the group Automatic Aging for MAC Addresses If there are no packets from the device with the specific MAC address in the definite period of time the record for this address expires and will be removed It allows to keep the switch table up to date Static MAC Entries Network...

Page 12: ...er the failure in the specific network section Restoration time provided by EAPS is far less than in case of spanning tree protocols Ethernet Ring Protection Switching The protocol allows to increase stability and robustness of data network with ring topology by decreasing the restoration time after the failure Restoration time does not exceed 1 second that is substantially lower than the network ...

Page 13: ...etwork host response analysis host address is requested with the broadcast packet 2 2 5 QoS functions Table 2 5 lists the basic quality of service functions Table 2 5 Basic quality of service functions Priority queues support The switch supports outbound traffic prioritization with queues for each port Packet distribution to queues may be performed via packet classification by various fields in pa...

Page 14: ...control functions Table 2 7 Switch control functions Configuration file download and upload Device parameters are saved into the configuration file that contains configuration data for the specific device ports as well as for the whole system Trivial File Transfer Protocol TFTP protocol is used for file read and write operations Protocol is based on UDP transport protocol Devices are able to downl...

Page 15: ...n with TACACS protocol TACACS protocol provides centralized security system for authentication of users gaining access to the device and centralized management system while ensuring compatibility with RADIUS and other authentication processes SSH server SSH server functionality allows SSH client to establish secure connection to the device for management purposes Macrocommand support This function...

Page 16: ...s SFP Full duplex Half duplex mode Full duplex half duplex mode for electric ports full duplex mode for optical ports Switch performance MES1024 8 8 Gbps MES1124 MES1124M MES1124MB 12 8 Gbps MES2124 MES2124M MES2124P MES2124MB 56 Gbps MES2208P 24 Gbps Buffer memory 8Mb TCAM routing volume 512х24B SQinQ rules qty Ingress 168 Egress 96 ACL rules qty 246 Data transfer rate electric interfaces 10 100 ...

Page 17: ...supply MES1024 MES1124 MES2124 110 250VAC 50Hz Power consumption MES1024 MES1124 MES1124М 25W max MES2124 30W max MES1124М MES2124М 110 250VAC 50Hz or 48VDC Power consumption MES1124М 25W max MES2124M 30W max MES2124P AC 170 265VAC 50Hz Power consumption 400W max MES2124P DC MES2208P DC 48 10 V Power consumption MES2124P DC 400W max MES2208P 140W max MES1124MB 110 250VAC 50Hz and a lead acid batte...

Page 18: ...emperature range from 10 to 45 о С from 20 to 65 о С for MES2208P Storage temperature range from 40 to 70 о С Operation relative humidity non condensing up to 80 Storage relative humidity non condensing from 10 to 95 Average lifetime 20 years Power supply type is determined at the time of order ...

Page 19: ...f installation 2 4 1 MES1024 MES1124 MES2124 series devices front panel appearance and layout Front panel layout MES1024 MES1124 MES2124 is depicted in Fig 1 3 Fig 1 MES1024 front panel Fig 2 MES1124 front panel Fig 3 MES2124 front panel Table 2 10 lists sizes LEDs and controls located on the front panel of the switch The combined ports may have only one active interface at the same time In case o...

Page 20: ...4 MES2124 4 Unit ID 1 4 Indicator of device number in a stack Power Device power indicator Status Device status indicator Master Stacked device activity mode indicator master or slave 5 F Functional key that reboots the device and resets it to factory settings pressing the key for less than 10 seconds reboots the device pressing the key for more than 10 seconds resets the terminal to factory setti...

Page 21: ... Battery status light 4 Console RS 232 console port for local control of the device 5 F Functional key that reboots the device and resets it to factory settings pressing the key for less than 10 seconds reboots the device pressing the key for more than 10 seconds resets the terminal to factory settings 6 1 24 MES1124MB 24 ports 10 100 100 Base T RJ 45 MES2124MB 24 ports 10 100 1000 Base T RJ 45 7 ...

Page 22: ...r is shown in Fig 7 with 48VDC connector in Fig 8 Fig 7 MES1124M AC front panel Fig 8 MES1124M DC front panel MES2124M front panel with 110 250VAC power supply connector is shown in Fig 9 with 48VDC connector in Fig 10 Fig 9 MES2124M AC front panel Fig 10 MES1124M DC front panel Table 2 12 lists sizes LEDs and controls located on the front panel MES1124M MES2124M ...

Page 23: ...device 4 F Functional key that reboots the device and resets it to factory settings pressing the key for less than 10 seconds reboots the device pressing the key for more than 10 seconds resets the terminal to factory settings 5 1 24 MES1124M 24 ports 10 100 Base TX RJ 45 MES2124M 24 ports 10 100 1000 Base T RJ 45 6 Link Speed LED indication of optical interface status 7 25 26 27 28 Combo ports 10...

Page 24: ...0 Base T RJ45 ports and slots for 1000Base X SFP transceiver installations 4 5 11 2 ports 1000 Base X 5 6 12 2 ports 10 100 1000Base T 6 Unit ID 1 4 Indicator of device number in a stack Power Device power indicator Status Device status indicator Master Stacked device activity mode indicator master or slave Alarm PoE power supply indicator 7 F Functional key that reboots the device and resets it t...

Page 25: ...t for PoE 3 25 28 Combo ports 10 100 1000 Base T RJ45 ports and slots for 1000Base X SFP transceiver installations 4 Unit ID 1 4 Indicator of device number in a stack Power Device power indicator Status Device status indicator Alarm PoE power supply indicator 5 F Functional key that reboots the device and resets it to factory settings pressing the key for less than 10 seconds reboots the device pr...

Page 26: ... The left side panel of Ethernet switches Side panels of the device have air vents for heat removal Do not block air vents This may cause components overheating which may result in terminal malfunction For recommendations on device installation see section Installation and connection 2 4 7 Light Indication Ethernet interface status is represented by two LEDs amber SPEED and green LINK ACT located ...

Page 27: ...ators Power Master Fan RPS are designed for displaying the operation status of switches Table 2 17 LED indication of the system indicators Indicator name Indicator function LED State Device State Power Power supply status Off Power is off Green solid Power is on normal device operation Red At least one of the secondary power supply units has failed Status Device State Green solid Normal device ope...

Page 28: ...t breaker failure When the switch operates in standalone mode without stacking Master and Unit ID indicators are off 2 5 Delivery Package The standard delivery package includes Ethernet switch Power cable Rack mounting set Documentation DB 9F RJ 45 or DB 9M DB 9M console cable depending on the switch model for MES1124M MES1124MB MES2124M MES2124MB MES2124P MES2208P the DB 9F RJ 45 cable is provide...

Page 29: ...lign three mounting holes in the support bracket with the corresponding holes in the side panel of the device 2 Use a screwdriver to screw the support bracket to the case 3 Repeat steps 1 and 2 for the second support bracket 3 2 Device rack installation To install the device to the rack 1 Attach the device to the vertical guides of the rack 2 Align mounting holes in the support bracket with the co...

Page 30: ...on Fig 21 shows the example of MES1000 2000 rack installation Fig 21 MES1000 2000 switch rack installation Minimum height spacing for switches not less than 1U When switches are installed next to equipment with excessive heat generation the spacing should be increased ...

Page 31: ...connecting the battery Fig 22 Connecting battery to device 3 4 SFP transceiver installation and removal Optical modules can be installed when the terminal is turned on or off 1 Insert the top SFP module into a slot with its open side down and the bottom SFP module with its open side up Fig 23 SFP transceiver installation 2 Press the module until it fits with a click Fig 24 Installed SFP transceive...

Page 32: ... An insulated multiconductor wire should be used for earthing The device grounding and the earthing wire cross section should comply with Electric Installation Code 3 If a PC or another device is supposed to be connected to the switch console port the device should be also securely grounded 4 Connect the power supply cable to the device Depending on the switch model the device can be powered by AC...

Page 33: ...onsole console port and the serial interface port on PC where terminal emulation application is installed Turn the switch on Upon every startup the switch performs power on self test POST that allows to check operational capability of the device before main program is loaded POST procedure progress on switch Boot1 Checksum Test PASS Boot2 Checksum Test PASS Flash Image Validation Test PASS BOOT So...

Page 34: ...18 15 43 LINK W Down fa1 0 1 23 Nov 2011 18 15 43 LINK W Down fa1 0 2 23 Nov 2011 18 15 43 LINK W Down fa1 0 3 23 Nov 2011 18 15 43 LINK W Down fa1 0 4 23 Nov 2011 18 15 43 LINK W Down fa1 0 5 23 Nov 2011 18 15 43 LINK W Down fa1 0 6 23 Nov 2011 18 15 44 LINK W Down fa1 0 7 23 Nov 2011 18 15 44 LINK W Down fa1 0 8 23 Nov 2011 18 15 44 LINK W Down fa1 0 9 23 Nov 2011 18 15 44 LINK W Down fa1 0 10 2...

Page 35: ...of any changes into the device configuration you should save the configuration into the non volatile memory until the device is rebooted To save the configuration use the following command console copy running config startup config 4 3 1 Stackable Mode Selection The device can operate in two modes standalone mode and stackable mode In stackable mode multiple switches can be combined in a stack and...

Page 36: ...r 5 SNMP protocol settings configuration You can obtain configuration essential parameters from the network administrator When configuration procedures are described it is supposed that the switch has not been configured before 4 3 2 1 Creation of the Administrator Account To ensure the secure login process access passwords should be given to all the privileged users Username and password are requ...

Page 37: ... ip address 192 168 16 144 24 console config if exit console config ip default gateway 192 168 16 1 console config exit console To ensure the correct IP address assigning for the interface enter the following command console show ip interface vlan 1 IP Address Type Directed Precedence Status Broadcast 192 168 25 67 24 Static disable No Valid 4 3 2 3 Configuration of SNMP Protocol Settings for Devi...

Page 38: ...access to MIB objects and private with read write access to MIB objects You can assign the IP address of the management station for each community Example of private community creation with read write access and management station IP address 192 168 16 44 console enable console configure console config snmp server server console config snmp server community private rw 192 168 16 44 console config ...

Page 39: ... enable console configure console config interface vlan 1 console config if ip address dhcp console config if exit console To ensure the correct IP address assigning for the interface use the show ip interface command console show ip interface vlan 1 IP Address Type Directed Precedence Status Broadcast 192 168 25 67 24 DHCP disable No Valid 4 3 3 2 Management Security and Password Configuration To...

Page 40: ... password entry prompt that appears during the registration in the console session Also you may need to tenter the password to switch into the privileged mode with the enable command Setting password for Telnet console config aaa authentication login default line console config aaa authentication enable default line console config ip telnet server console config line telnet console config line log...

Page 41: ...r the username admin and the password passwd4 Device Access Password Recovery For default device settings username is admin password is not assigned Password should be assigned by the user If the password is lost you can restart the device and interrupt its startup via the console port by pressing Esc or Enter keys in two seconds after the automatic startup message is displayed The Startup menu wi...

Page 42: ...ed mode only In the privileged mode character is used in the system prompt Use enable command to enter the privileged mode from EXEC mode console enable enter password console Global configuration mode global configuration this mode allows to specify general settings of the switch Global configuration mode commands are available in any configuration submode Use configure command to enter this mode...

Page 43: ...ow the privilege level of the current user terminal history function is enabled Enable saving history of commands entered during the current terminal session no terminal history Disable saving history of commands entered during the current terminal session terminal history size size Size 10 216 10 Change buffer size for history of commands entered during the current terminal session no terminal hi...

Page 44: ... banner exec d message text d no banner exec Specify exec message text example User logged in successfully and show it on the screen d delimiter message text message text the string up to 510 characters total count 2000 characters banner login d message text d no banner login Specify login message text informational message that is shown before username and password entry and show it on the screen...

Page 45: ...ation purposes Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 7 Global configuration mode commands Command Value Default value Action macro name word 1 32 characters Create a new command set if the set with such name exists it will be overwritten Commands are entered one line at a time Finish the macro with character M...

Page 46: ... bytes in a packet count quantity of packets to be sent timeout timeout of the request ping ipv6 A B C D E F host size size count count timeout timeout host 1 158 symbols size 68 1518 68 Byte count 0 65535 4 timeout 50 65535 2000 ms This command is used for transmission of ICMP requests ICMP Echo Request to the specified network node and for reply management ICMP Echo Reply A B C D E F IPv6 addres...

Page 47: ...ould be used for logon cipher selection of encryption method Supported methods 3des aes128 aes192 aes256 arcfour All methods are provided by default resume connection 1 4 the last established session Switch to another established TELNET session connection number of established telnet session show cpu counters View CPU packet counter show users Show information on users that consume device resource...

Page 48: ...em id unit unit_id unit_id 1 4 Show device system identification information unit_id number of the device in a stack for standalone switch this parameter is not used During command execution unit_id parameter is available in the stackable mode only show system defaults management ipv6 802 1x port fdb multicast port mirroring spanning tree vlan voice vlan network security dos attacks ip addressing ...

Page 49: ... Send disconnect command through telnet c Send process interruption command IP through telnet h Send erase character EC command through telnet o Send abort output AO command through telnet t Send Are You There AYT message through telnet to check the connection u Send erase line EL command through telnet x Return to the command line mode Also you can use additional options during Telnet session ope...

Page 50: ...s no service tasks utilization Deny the device to perform software based measurement of the switch CPU load level for each system process 5 6 Switch Stack Management The switch stack works as a single device and can include up to 3 devices1 with the following roles defined by their identifiers StackID Master StackID 1 master switch controls other stack devices Backup StackID 2 backup master switch...

Page 51: ...devices in a stack If you specify stack id detailed information will be shown for the specific device Example use of show unit command console show unit 1 Unit 1 MAC address a8 f9 4b 81 61 40 Master Enabled Product MES 2124 Software 1 1 16 Uplink unit 0 Downlink unit 0 Status master Active image image1 Selected for next boot image1 Topology is Chain Stack image auto synchronization is enabled Unit...

Page 52: ...mum quantity of character classes lowercase uppercase numbers symbols no passwords complexity min classes Restore the default value passwords complexity min length value value 0 64 8 Enable minimum password length restriction no passwords complexity min length Restore the default value passwords complexity no repeat number number 0 16 3 Enable the restriction for the minimum quantity of identical ...

Page 53: ...onfiguration file used during the device startup member IP address or device network name in a stack unit member image System firmware file on the device or on one of the stacked devices To copy file from the master device to other modules use symbol in the member element member IP address or device network name in a stack unit member boot The load file on the device or on one of the stacked devic...

Page 54: ...the list of files in the flash memory more flash file startup config running config mirror config file file 1 160 characters Show file contents startup config show the contents of the initial configuration file running config show the contents of the current configuration file flash show files from USB flash drives mirror config show the current configuration file contents from the mirror file fil...

Page 55: ...h test confirm Command execution result File will be deleted after confirmation 5 8 3 Configuration backup commands This section describes commands intended for configuring backup timer or saving the current configuration on the flash drive Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 24 System management commands in...

Page 56: ...ge file from TFTP server with the firmware version 3 The switch compares firmware image file version downloaded from TFTP server with the active image of the switch firmware If they differ the switch will download the firmware image from TFTP server and make it active 4 When the firmware image download is finished the switch will restart Automatic configuration The switch will automatically execut...

Page 57: ...ed EXEC mode commands Command line request in privileged EXEC mode appears as follows console Table 5 27 System management commands in privileged EXEC mode Command Value Default value Action show boot View automatic update and configuration settings Example of ISC DHCP Server configuration option image filename code 125 unsigned integer 32 enterprise number Manufacturer ID always equal to 35265 El...

Page 58: ...e commands Command line request in EXEC mode appears as follows console Table 5 29 System time configuration commands in EXEC mode Command Value Action show clock Show system time and date show clock detail Additionally show timezone and daylight saving settings Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 30 List of...

Page 59: ...alue key value no sntp authentication key number Delete authentication key for SNTP protocol sntp authenticate authentication is not required Enable mandatory authentication for getting information from NTP servers no sntp authenticate Restore the default value sntp trusted key key number key number 1 4294967295 By default authentication is disabled Perform synchronization system authentication wi...

Page 60: ...p port port number port number 1 65535 123 Define UDP port of SNTP server no sntp port Restore the default value clock dhcp timezone denied Allow to get the timezone and daylight saving data from DHCP server no clock dhcp timezone Deny to get the timezone and daylight saving data from DHCP server Interface configuration mode commands Command line request in interface configuration mode appears as ...

Page 61: ...set Delay mSec mSe Broadcast Interface IP address Last Response In the example above the system time is synchronized with the server 192 168 16 1 the last response is received at 05 47 01 system time mismatch with server time is equal to 7 23 seconds 5 10 Interface configuration Depending on the switch operation mode standalone or stackable the record appearance for Ethernet interface will change ...

Page 62: ...nterface sequential number specified as 1 3 0 1 2 fog MES1124 MES1124M interface fastethernet fa_port for Fast Ethernet 1 24 interface configuration interface gigabitethernet gi_port for Gigabit Ethernet 1 4 interface configuration interface port channel group for channel group configuration where group sequential number of the channel group possible values 1 8 fa_port Fast Ethernet interface sequ...

Page 63: ... commands for entering the configuration mode of the Ethernet interface range from 1 to 10 and entering the configuration mode of all port groups console configure console config interface range gigabitethernet 1 0 1 10 console config if console configure console config interface range fastethernet 1 0 1 10 console config if console configure console config interface range port channel 1 8 console...

Page 64: ... Port Channel interface general configuration mode commands Command Value Action port jumbo frame denied Enable processing of jumbo fames by the switch Maximum transmission unit MTU default value is 1500 bytes Configuration changes will take effect after the switch is restarted Maximum transmission unit MTU value for port jumbo frame configuration is 10 200bytes no port jumbo frame Disable process...

Page 65: ...erfaces advertise Show autonegotiation parameters announced for all interfaces show interfaces advertise gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Show autonegotiation parameters announced for Ethernet port port group show interfaces description Show descriptions for all interfaces including VLAN interface show interfaces descri...

Page 66: ...Copper Down Access gi1 0 24 1G Copper Down General gi1 0 25 1G Combo C Down Access gi1 0 26 1G Combo C Full 1000 Enabled Off Up 01 00 25 56 Disabled Off Access gi1 0 27 1G Combo C Down Trunk gi1 0 28 1G Combo C Full 1000 Enabled Off Up 01 00 54 25 Disabled On General Flow Link Ch Duplex BW Neg control State Port Mode Po1 Full 1000 Enabled Off Up Trunk Po2 Not Present Access Po3 Not Present Access ...

Page 67: ...0 8 0 0 0 0 gi0 9 0 0 0 0 gi0 10 0 0 0 0 gi0 11 0 0 0 0 gi0 12 0 0 0 0 gi0 13 0 0 0 0 gi0 14 0 0 0 0 gi0 15 0 0 0 0 gi0 16 0 0 0 0 gi0 17 0 0 0 0 gi0 18 0 0 0 0 gi0 19 0 0 0 0 gi0 20 0 0 0 0 More space Quit q One line return Show channel group 1 statistics console show interfaces counters port channel 1 Ch InUcastPkts InMcastPkts InBcastPkts InOctets Po1 111 0 0 9007 Ch OutUcastPkts OutMcastPkts O...

Page 68: ... that were not sent due to excessive number of collisions Carrier Sense Errors Quantity of cases when carrier control state was lost or not approved in the frame transmission attempt Oversize Packets Quantity of received packets which size exceeds the maximum allowed frame size Internal MAC Rx Errors Quantity of frames that were not received successfully due to internal receiving error on the MAC ...

Page 69: ...ther a single MAC address or MAC address range to MAC address group using mask no map mac mac_address host mask Remove tethering map subnet ip_address mask subnets group group mask 1 32 group 1 2147483647 Tether a single IP address or IP address range to IP address group using mask no map subnet ip_address mask Remove tethering VLAN interface configuration mode commands interface range Command lin...

Page 70: ...omer 802 1 Q in Q interface Table 5 38 Ethernet interface configuration mode commands Command Value Default value Action switchport mode mode access trunk general customer access Define port operation mode in VLAN no switchport mode Set the default value switchport access vlan vlan_id vlan_id 1 4094 1 Add VLAN for the access interface no switchport access vlan Set the default value switchport trun...

Page 71: ...erface based on IP address tethering no switchport general map subnets group group Remove the classification rule switchport dot1q ethertype egress stag ether type ether type 0 ffff hex Replace EtherType in outbound packets from this interface no switchport dot1q ethertype egress stag Set the default value switchport customer vlan vlan_id vlan_id 1 4094 1 Add VLAN for the user interface no switchp...

Page 72: ..._id 1 4094 no reserve Reserve VLAN for internal use on the interface no ip internal usage vlan Set the default value switchport default vlan tagged Define the port as tagging in the default VLAN no switchport default vlan tagged Set the default value Global configuration mode commands Command line request in global configuration mode appears as follows console configure console config Table 5 39 G...

Page 73: ...otocol groups show vlan macs groups Show information on MAC address groups show interfaces switchport gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Show port port group configuration show interfaces protected ports gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Show po...

Page 74: ...served IP address gi0 22 9 Yes Inactive Show GigabitEthernet 22 port configuration console show interfaces switchport gigabitethernet 1 0 22 Port gi1 0 22 Port Mode Access Gvrp Status disabled Ingress Filtering true Acceptable Frame Type all Ingress UnTagged VLAN NATIVE 1 Protected Disabled Port is member in Vlan Name Egress rule Port Membership Type 1 1 Untagged System Forbidden VLANS Vlan Name C...

Page 75: ... that will be used for dropping packets with external ingress_vlan_id tag If the ingress_vlan_id parameter is not defined the rule will cause the inbound traffic drop regardless of the external VLAN tag selective qinq list ingress permit ingress_vlan ingress_vlan_id ingress_vlan_id 1 4094 Create the rule that will allow to forward inbound packets with the ingress_vlan_id external tag without any c...

Page 76: ...gress_vlan 11 5 12 Broadcast storm control Broadcast storm appears as a result of excessive amount of broadcast messages transmitted simultaneously via single network port that causes delays and network resources overloads Storm can appear if looped segments exist in Ethernet network The switch measures the transfer rate of received broadcast multicast or unknown unicast traffic for ports with ena...

Page 77: ...e broadcast multicast or unknown unicast traffic control for Ethernet interface 15 Define the maximum transfer rate 5000 kbps for controlled traffic console configure console config interface gigabitethernet 1 0 15 console config if storm control broadcast enable console config if storm control include multicast console config if storm control include multicast unknown unicast console config if st...

Page 78: ...load balance mechanism based on MAC address and IP address src dst mac load balance mechanism based on MAC address src dst ip load balance mechanism based on IP address src dst mac ip port load balance mechanism based on MAC address IP address and the destination port mpls aware enable parsing of L3 L4 headers of packets with MPLS tags on the device Useful only with balance modes for L3 L4 packet ...

Page 79: ...nfiguration mode appears as follows console config if Table 5 50 Ethernet interface configuration mode commands Command Value Default value Action lacp timeout long short The long value is used by default Set LACP protocol administrative timeout long long timeout short short timeout no lacp timeout Restore the default value lacp port priority value value 1 65535 1 Set the Ethernet inteface priorit...

Page 80: ...DNS and ARP protocol configuration see the corresponding configuration sections Ethernet interface configuration mode commands port group interface VLAN Command line request in Ethernet interface port group VLAN interface configuration mode appears as follows console config if Table 5 52 Ethernet interface configuration mode commands Command Value Action ip address ip_address mask gateway prefix_l...

Page 81: ...094 Show IP addressing configuration for the specific interface Example execution of commands Define the default gateway IP address 192 168 16 2 console config ip default gateway 192 168 16 2 5 15 IPv6 addressing configuration 5 15 1 IPv6 protocol Switches support IPv6 protocol operations Ipv6 protocol support is the important advantage since IPv6 protocol is destined to replace IPv4 protocol addr...

Page 82: ...158 characters Create the static record that matches IPv6 address to the device network name no ipv6 host name Remove static record that matches IPv6 address to the device network name ipv6 neighbor ipv6_address gigabitethernet gi_port fastethernet fa_port port channel group vlan vlan_id mac_address gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 vlan_id 1 4094 Create static match between MAC addr...

Page 83: ...essible messages when sending packets to the specific interface no ipv6 unreachables Restore the default value ipv6 mld version 1 2 1 2 2 Define MLD protocol version for the interface no ipv6 mld version Restore the default value ipv6 mld join group ipv6_multicast_address Define MLD messages for the specific group ipv6_multicast_address IPv6 address of a multicast group no ipv6 mld join group ipv6...

Page 84: ...ut errors no special actions are taken STALE positive confirmation means that the route to the neighbouring device works correctly received after the reachable time period ReachableTime ms While the neighbouring device is accessible and the packet exchange goes without errors no special actions are taken DELAY positive confirmation means that the route to the neighbouring device works correctly re...

Page 85: ...robustness Restore the default value Tunnelling mode commands Command line request in tunnelling mode appears as follows console configure console config interface tunnel 1 console config tunnel Table 5 61 Tunnelling mode commands Command Value Action tunnel mode ipv6ip isatap Tunnelling is disabled by default Enable IPv6 tunnelling support through IPv4 with ISATAP IPv6 addressing and tunnelling s...

Page 86: ...d Value Default value Action ipv6 nd raguard disabled Enable IPv6 RA guard function management for the switch no ipv6 nd raguard Disable IPv6 RA guard function ipv6 nd raguard vlan vlan 1 4094 Enable IPv6 RA guard function management for the switch within the specified VLAN vlan VLAN number Ethernet Interface Configuration Mode Commands Command line request in the interface configuration mode appe...

Page 87: ...ce Configuration Mode Commands Command line request in the interface configuration mode appears as follows console config if Table 5 66 Ethernet interface configuration mode commands Command Value Default value Action ipv6 dhcp guard device role client server client Port operation mode selection client advertise and relpy messages are discarded server advertise and relpy messages are filtered by t...

Page 88: ...y the application for correction of invalid domain names domain names without a dot For domain names without a dot a dot with the domain name specified in the command will be added at the end of the name The name should contain from 1 to 158 characters no ip domain name Remove default domain name ip host name ip_address1 ip_address2 ip_address4 Define static matches between network node names and ...

Page 89: ...e for the interface specified in the command ip_address IP address mac_address MAC address no arp ip_address gigabitethernet gi_port fastethernet fa_port port channel group vlan vlan_id Remove the static record of matches between IP and MAC addresses from ARP table for the interface specified in the command arp timeout seconds seconds 1 40000000 60000 seconds Define the dynamic record lifetime in ...

Page 90: ...00 00 0c 40 0f bc gigabitethernet 1 0 2 сonsole config exit сonsole arp timeout 12000 Show ARP table contents сonsole show arp VLAN Interface IP address HW address status vlan 1 gi0 12 192 168 25 1 02 00 2a 00 04 95 dynamic 5 16 3 GVRP protocol configuration GARP VLAN Registration Protocol GVRP This protocol allows to distribute VLAN identifiers in the network The basic function of GVRP protocol i...

Page 91: ...74 GARP timer description GARP timer Value Join Timer Define the request transmission interval for adding VLAN into the group value range from 10 to 2147483640 ms default value 200 ms Leave Timer Define the amount of time the interface will wait before leaving the VLAN group value range from 10 to 2147483640 ms default value 600 ms Leave timer value should be greater or equal to 3 x Join timer val...

Page 92: ...mands Command line request in global configuration mode appears as follows console config Table 5 77 Global configuration mode commands Command Value Default value Action loopback detection enable disabled Enable loopback detection mechanism for the switch no loopback detection enable Restore the default value loopback detection interval seconds 1 60 30 seconds Set the time interval between loopba...

Page 93: ...Ethernet network with multiple links into tree like loop free topology Switches exchange configuration messages using the special format frames and selectively enable or disable traffic transmission to ports Rapid STP RSTP is the enhanced version of STP protocol that enables faster network conversion to the tree like topology and provides higher stability Multiple STP MSTP is the most recent imple...

Page 94: ... 20 seconds Set the lifetime of the STP spanning tree no spanning tree max age Restore the default value spanning tree priority priority 0 61440 32768 Set the priority of the STP spanning tree Priority value must be divisible by 4096 no spanning tree priority Restore the default value spanning tree pathcost method long short short Set the method for defining the path value long value in the range ...

Page 95: ...ee guard root Restore the default value spanning tree bpduguard protection disabled Enable protection that disables the interface when BPDU packet is received no spanning tree bpduguard Disable protection that disables the interface when BPDU packet is received spanning tree link type point to point shared Default value for full duplex port point to point for half duplex split Define the transfer ...

Page 96: ...lt value Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows console Table 5 84 Privileged EXEC mode commands Command Value Action show spanning tree process process_id gigabitethernet gi_port fastethernet fa_port port channel group process_id 1 31 0 gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Show STP protocol configuration for the selected process sh...

Page 97: ...for the tree formation and keeping the information on its structure If the packet has gone through the maximum quantity of transit portions it will be discarded at the next portion no spanning tree mst max hops Restore the default value spanning tree mst configuration Enter the MSTP configuration mode MSTP configuration mode commands Command line request in MSTP configuration mode appears as follo...

Page 98: ...mand line request in privileged EXEC mode appears as follows console Table 5 89 EXEC mode commands Command Value Action show spanning tree gigabitethernet gi_port fastethernet fa_port port channel group instance instance id process process_id gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 instance_id 1 4094 process_id 1 31 0 Show STP protocol configuration instance_id MSTP instance identifier sho...

Page 99: ...ffic only when there is a failure on another interface Ethernet interface configuration mode commands port group interface Command line request in Ethernet interface port group interface configuration mode appears as follows console config if Table 5 90 Ethernet interface configuration mode commands port group Command Value Default value Action flex link backup gigabitethernet gi_port fastethernet...

Page 100: ...mode commands Command line request in global configuration mode appears as follows console config Table 5 92 Global configuration mode commands Command Value Default value Action eaps Enable EAPS protocol operation no eaps Disable EAPS protocol operation eaps fail timer seconds 1 10 3 seconds Define the absence time for test packets that should pass for ring failure to be registered no eaps fail t...

Page 101: ...de transit device is the transit node edge adjacent node that belongs to both primary and secondary rings sub edge auxiliary adjacent node that belongs to both primary and secondary rings role edge sub edge EXEC mode commands Command line request in EXEC mode appears as follows console Table 5 95 EXEC mode commands Command Value Action show eaps domain domain_id ring ring_id domain_id 0 63 ring_id...

Page 102: ...o version Set the default value revertive revertive Select the ring operation mode no revertive Set the default value sub ring vlan vlan_id Vlan_id 1 4094 Define the sub ring for the current ring no sub ring vlan Remove the sub ring timer guard value value 10 2000 ms divisible by 10 500 ms Set the timer that blocks obsolete R APS messages no timer guard Set the default value timer holdoff value va...

Page 103: ... of time for the receiving device to keep LLDP packets before dropping them This value will be transmitted to the receiving side in LLDP update packets is a divisibility for LLDP timer Thus LLDP packet lifetime is calculated by the equation TTL min 65535 LLDP Timer LLDP HoldMultiplier no lldp hold multiplier Restore the default value lldp reinit seconds 1 10 2 seconds Minimum amount of time that L...

Page 104: ... phy 802 3 lag 802 3 max frame size Optional TLV are not included in the packet by default Define the optional TLV fields Type Length Value to be included by the device into LLDP packet You can include up to 5 optional TLV into the command port desc sys name sys desc sys cap 802 3 mac phy 802 3 lag 802 3 max frame size no lldp optional tlv Restore the default value lldp optional tlv 802 1 pvid ena...

Page 105: ...ed notifications topology change Restore the default value LLDP packets received through the link aggregation group is saved individually by group ports that have received these messages LLDP sends separate messages to each port of the group LLDP operation is independent from STP state for the port LLDP packets are sent and received via ports blocked by STP If the port is controlled via 802 1x LLD...

Page 106: ...x and Tx SC None Disabled gi1 0 3 Rx and Tx SC None Disabled gi1 0 4 Rx and Tx SC None Disabled gi1 0 5 Rx and Tx SC None Disabled gi1 0 6 Rx and Tx SC None Disabled gi1 0 7 Rx and Tx SC None Disabled gi1 0 8 Rx and Tx SC None Disabled gi1 0 9 Rx and Tx SC None Disabled gi1 0 10 Rx and Tx SC None Disabled gi1 0 11 Rx and Tx SC None Disabled gi1 0 12 Rx and Tx SC None Disabled More space Quit q or ...

Page 107: ...1 Device ID a8 f9 4b 84 02 c0 Port ID gi1 0 9 Capabilities Other System Name ts 7800 2 System description MES 3124 28 port 1G 10G Stackable Managed Switch Port description gigabitethernet1 0 9 Time To Live 92 802 1 PVID None 802 1 PPVID 802 1 VLAN 802 1 Protocol Table 5 103 Description of results Field Description Port Port number Device ID Name or MAC address of the neighbouring device Port ID Ne...

Page 108: ...dow window 10 600 100 ms Define the time period for error quantity count no ethernet oam link monitor frame window Restore the default value ethernet oam link monitor frame period threshold count 1 65535 1 Define the frame period event threshold for the specific period period is defined with ethernet oam link monitor frame period window command no ethernet oam link monitor frame period threshold R...

Page 109: ...the port no ethernet oam uni directional detection discovery time Restore the default value Privileged EXEC mode commands All commands are available to the privileged user Command line request in privileged EXEC mode appears as follows console Table 5 105 Privileged EXEC mode commands Command Value Default value Action clear ethernet oam statistics interface gigabitethernet gi_port fastethernet fa...

Page 110: ...falling under networks restrictions Protocol uses the following terms Maintenance Domain MD a network segment which belongs to and managed by a single operator Maintenance Association MA a collection of endpoints MEP with the same MAID Maintenance Association Identifier which defines the type of service Maintenance association End Point MEP service endpoint located at its threshold Maintenance dom...

Page 111: ...ate points MIP created on all ports where VLAN maintenance is defined Optional parameter lower mep only allows to exclude ports where maintenance end point is created no mip auto create Restore the default value Maintenance configuration mode commands Command line request in domain configuration mode appears as follows console config cfm ma Table 5 108 CFM maintenance MA configuration mode command...

Page 112: ... disabled Enable Continuty Check message transmission no continuty check enable Set the default value cos cos cos 0 7 7 Set CoS priority value for transmission of Continuty Check messages no cos Set the default value alarm delay delay delay 2500 10000 ms 2500 ms Define the delay interval that should pass before the alarm generation no alarm delay Set the default value alarm reset interval interval...

Page 113: ...te VLAN For VoIP frames you can specify QoS attributes for traffic prioritization VoIP equipment frame classification is based on the sender s OUI Organizationally Unique Identifier the first 24 bits of MAC address Voice VLAN assigning for port is performed automatically when the frame with OUI from the Voice VLAN table comes to the port When the port is identified as Voice VLAN port this port is ...

Page 114: ...ss descript OUI description no voice vlan oui table Remove all user changes made to OUI table Ethernet interface configuration mode commands Command line request in Ethernet interface port group interface configuration mode appears as follows console config if Table 5 113 Ethernet interface configuration mode commands Command Value Default value Action voice vlan enable Disabled Enable Voice VLAN ...

Page 115: ...ess ip_multicast _address Remove multicast address from the table bridge multicast forbidden address mac_multicast _address ip_multicast_address add remove gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Disable the connection for configured port s to the group defined by the group address mac_multicast_address multicast MAC address i...

Page 116: ..._multicast_address multicast IP address add add ports to the source IP address group remove remove ports from the source IP address group no bridge multicast source ip_address group ip_multicast_address Restore the default value bridge multicast forbidden source ip_address group ip_multicast_address add remove gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_po...

Page 117: ... default value bridge multicast ipv6 forbidden source ipv6_address group ipv6_multicast_address add remove gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Disable adding removal of matches between the user IPv6 address and the multicast address in the multicast addressing table for the specific port ipv6_address source IPv6 address ip...

Page 118: ...will be deleted by timeout secure current address can be deleted with no bridge address command only or when the port returns to learning mode no port security no mac address table static mac_address vlan vlan_id Remove MAC address from the multicast addressing table bridge multicast reserved address mac_multicast_address ethernet v2 ethtype llc sap llc snap pid discard bridge Ethtype 0x0600 0xFFF...

Page 119: ...dress vlan_id 1 4094 Show multicast address table for the selected interface or for all VLAN interfaces this command is available to privileged users only ip show by IP addresses mac show by MAC addresses show bridge multicast address table static vlan vlan_id address mac_multicast_address ipv4_multicast_address ipv6_multicast_address source ipv4 source address ipv6_multicast_address all mac ip vl...

Page 120: ...idge multicast filtering function should be enabled see Section Multicast addressing rules Identification of ports with connected multicast routers is based on the following events IGMP requests were received through the port Protocol Independent Multicast PIM PIMv2 protocol packets were received through the port Multicast routing packets of Distance Vector Multicast Routing Protocol DVMRP protoco...

Page 121: ...a_port 1 3 0 1 24 group 1 8 Do not identify the port static dynamic as a port with connected multicast router no ip igmp snooping vlan vlan_id forbidden mrouter interface gigabitethernet gi_port fastethernet fa_port port channel group Identify the port as a port with connected multicast router ip igmp snooping vlan vlan_id replace source ip ip_address vlan_id 1 4094 Replaces source IP address with...

Page 122: ...de commands Command Value Default value Action ip igmp robustness count 1 7 2 Define IGMP robustness value If the data loss is discovered for the channel robustness value should be increased no ip igmp robustness Restore the default value ip igmp query interval seconds 30 18000 125 seconds Define the timeout upon the expiration of which the system will send basic queries to check the activity of m...

Page 123: ...ulticast traffic to the port EXEC mode commands All commands are available to the privileged user only Command line request in EXEC mode appears as follows console Table 5 123 EXEC mode commands Command Action show ip igmp snooping mrouter interface vlan_id Show information on learnt multicast routers in the selected VLAN group show ip igmp snooping interface vlan_id Show IGMP snooping information...

Page 124: ...et fa_port port channel group Remove multicast IP address from the table ipv6 mld snooping vlan vlan_id forbidden mrouter interface gigabitethernet gi_port fastethernet fa_port port channel group vlan_id 1 4094 gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Add the rule that denies registration of MLD router ports from the list no ipv6 mld snooping vlan vlan_id forbidden mrouter interface gigabit...

Page 125: ...lue ipv6 mld query max response time value value 5 20 10 seconds Define the maximum response delay that will be used for maximum response delay code calculation no ipv6 mld query max response time Restore the default value ipv6 mld robustness value value 1 7 Specify the robustness ratio If the data loss is discovered for the channel robustness ratio should be increased no ipv6 mld robustness Resto...

Page 126: ... you should untether it from all the switch ports first Multicast profile configuration mode commands Command line request in multicast profile configuration mode appears as follows console config mc profile Table 5 129 Multicast profile configuration mode commands Command Value Action match ip low_ip high_ip Define the profile match to the specified IPv4 multicast address range low_ip valid multi...

Page 127: ...18 5 RADIUS Authorization of IGMP Queries This mechanism performs the IGMP query authorization with the RADIUS server To ensure the reliability and the load distribution you may need multiple RADIUS servers Servers for sending authorization queries are selected randomly If the server does not reply it will be marked as temporary down and will not be used by the polling mechanism for the definite p...

Page 128: ...abled Enable IGMP query pre processing for port before the reply is received from RADIUS server When the server reply is received the subscription retains if the answer is positive or is deleted if the answer is negative no multicast snooping authorization forwarding first Restore the default value EXEC mode commands All commands are available to the privileged user only Command line request in EX...

Page 129: ...list for authentication tacacs use TACACS server list for authentication If authentication method is not defined the access to the console will always be successful without authentication checks List is created with the command aaa authentication login list name method1 method2 List utilization aaa authentication login list name no aaa authentication login default list_name Restore the default val...

Page 130: ...bled Accounting will be enabled when the user logs in and will be disabled when the user logs out that corresponds to start and stop values in RADIUS protocol messages for RADIUS protocol message parameters see Table 5 136 no aaa accounting login start stop group radius Restore the default value aaa accounting dot1x start stop group radius Accounting is disabled by default Enable accounting for 80...

Page 131: ... Called Station ID 30 Yes Yes Switch IP address used for control sessions Calling Station ID 31 Yes Yes User IP address Acct Session ID 44 Yes Yes Unique accounting identifier Acct Authentic 45 Yes Yes Define the method for client authentication Acct Session Time 46 No Yes Show the duration of user connection to the system Acct Terminate Cause 49 No Yes The reason for closing session Table 5 137 R...

Page 132: ...ault list created by aaa authentication login default command list_name use the list created by aaa authentication login list_name command no enable authentication Restore the default value password password encrypted 1 159 characters Define the terminal password encrypted define the encrypted password e g encrypted password copied from another device no password Remove the terminal password Privi...

Page 133: ...as a source address in RADIUS protocol messages priority RADIUS server utilization priority the lower the value the higher the server priority type RADIUS server utilization type login dot1 x igmp auth all If timeout retries time secret_key source_ip_address parameters are missing from the command the current RADIUS server will use the values configured with the respective global commands no radiu...

Page 134: ...rvers Show RADIUS server configuration parameters this command is available to privileged users only show radius statistics Show Radius protocol statistics Example use of commands Set global values for parameters server reply interval 5 seconds RADIUS server discovery attempts 5 time when unavailable servers will not be polled by the switch RADIUS client 10 minutes secret key secret Add RADIUS ser...

Page 135: ...ata exchange with TACACS server to only one at a time port port number for data exchange with TACACS server timeout server response interval secret_key authentication and encryption key for TACACS data exchange encrypted_key encrypted uthentication and encryption key for TACACS data exchange source ip_address IP address used as the default source address being sent in TACACS protocol messages prio...

Page 136: ...Device supports SNMPv1 SNMPv2 SNMPv3 protocol versions Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 145 Global configuration mode commands Command Value Default value Action snmp server server SNMP support is enabled by default Enable SNMP support no snmp server server Disable SNMP support snmp server community commu...

Page 137: ...e that is allowed to read switch SNMP agent content writeview name of the browsing rule that is allowed to enter the data and to configure switch SNMP agent contents no snmp server group groupname v1 v2 v3 noauth auth priv Remove SNMP group snmp server user username groupname v1 v2c remote host v3 v3 encrypted auth md5 sha auth password username 1 20 characters groupname 1 30 characters engineid s...

Page 138: ...rver v3 host ipv4_address ipv6_address hostname username traps informs Remove settings for inform and trap notification message transmission to SNMPv3 server snmp server engineID local engineid string default 5 32 characters Create the local SNMP device identifier engineID default when this setting is used engineID will be created automatically based on the device MAC address no snmp server engine...

Page 139: ...s as follows console config if Table 5 146 Ethernet interface configuration mode commands Command Action snmp trap link status Enable SNMP trap message transmission on the configured port state changes no snmp trap link status Disable SNMP trap message transmission on the configured port state changes Privileged EXEC mode commands Command line request in Privileged EXEC mode appears as follows con...

Page 140: ...solute Default event generation instruction rising falling Configure the alarm event trigger criteria index alarm event index mib_object_id variable part identifier of the OID object interval time period when data is collected and compared to rising and falling thresholds rthreshold rising threshold fthreshold falling threshold revent event index that is used for crossing the rising threshold feve...

Page 141: ...istory creation by statistics groups for the remote monitoring database MIB EXEC mode commands Command line request in EXEC mode appears as follows console Table 5 150 EXEC mode commands Command Value Action show rmon statistics gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Show the statistics for the Ethernet interface or port grou...

Page 142: ...ects Fragments Quantity of packets received with length less than 64 bytes w o frame bits but with checksum bits that have invalid checksum with integral byte quantity checksum verification errors FCS or with non integral byte quantity alignment errors Jabbers Quantity of packets received with length more than 1518 bytes w o frame bits but with checksum bits that have invalid checksum with integra...

Page 143: ...he record generation period forwarded to broadcast addresses Multicast Quantity of good packets received during the record generation period forwarded to multicast addresses Utilization Estimation of the physical layer average bandwidth for this interface during the record generation period Bandwidth is estimated up to the thousandth of one percent CRC Align Quantity of packets received during the...

Page 144: ...vents configuration with the index 1 console show rmon alarm 1 Alarm 1 OID 1 3 6 1 2 1 2 2 1 10 1 Last sample Value 878128 Interval 30 Sample Type delta Startup Alarm rising Rising Threshold 8700000 Falling Threshold 78 Rising Event 1 Falling Event 1 Owner CLI Table 5 155 Description of results Parameter Description OID Controlled variable OID Last Sample Value Variable value at the last control i...

Page 145: ...ld value the single event is generated Falling Threshold Falling threshold value When the selected variable value at the previous control interval is more than the threshold and at the current control interval less or equal to threshold value the single event is generated Rising Event Event index used when the rising threshold is crossed Falling Event Event index used when the falling threshold is...

Page 146: ...e specific access list console only device management is available via the console only no management access class Remove the device management restriction by the specific access list Access control list configuration mode commands Command line request in access control list configuration mode appears as follows console config management access list eltex_manag console config macl Table 5 159 Acce...

Page 147: ...er connections for monitoring and configuration purposes Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 161 Global configuration mode commands Command Value Default value Action ip telnet server Telnet server is enabled by default Enable remote device configuration via Telnet no ip telnet server Disable remote device c...

Page 148: ...nable HTTP server no ip http server Disable HTTP server ip http timeout policy seconds 0 86400 600 Define the HTTP session timeout no ip http timeout policy Restore the default value Ip https certificate 1 2 1 Define the active HTTPS certificate crypto certificate 1 2 generate Generate SSL certificate crypto certificate 1 2 import Import SSL certificate issued by the certification center Keys gene...

Page 149: ...cate 1 2 Show HTTPS server SSL certificates show ip http Show HTTP server state show ip https Show HTTPS server state Example execution of commands Enable SSH server on the switch Enable public key utilization Create RSA key for eltex user console configure console config ip ssh server console config ip ssh pubkey auth console config crypto key pubkey chain ssh console config pubkey chain user key...

Page 150: ...nsole access rate the command is available only in local console configuration mode no speed Restore the default value autobaud Enable the automatic detection of the local console access rate the command is available only in local console configuration mode no autobaud Disable the automatic detection of the local console access rate exec timeout minutes seconds minutes 0 65535 minutes seconds 0 59...

Page 151: ...rtance level to the console no logging console Disable transmission of alarm and debug messages to the console logging buffered severity level level see Table 5 169 The default value is informational Enable transmission of alarm and debug messages of the selected importance level to the internal buffer no logging buffered Disable transmission of alarm and debug messages to the internal buffer logg...

Page 152: ...gs A warning non emergency message Notifications System notifications non emergency message Informational Informational system message Debugging Debug messages provide information for correct system configuration Privileged EXEC mode commands Command line request in Privileged EXEC mode appears as follows console Table 5 170 Privileged EXEC mode command for the log file viewing Command Action clea...

Page 153: ...rnet interface configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console config if These commands cannot be executed in Ethernet interface range configuration mode Table 5 172 Commands available in Ethernet interface configuration mode Command Value Default value Action port monitor gigabitethernet gi_port fastethernet fa_port rx tx gi_por...

Page 154: ...t in EXEC mode appears as follows console Table 5 173 Commands available in EXEC mode Command Action show ports monitor Show information on monitored and controlling ports Example execution of commands Define Ethernet interface 13 as the controlling interface for Ethernet interface 18 Transfer all traffic from the interface 18 to the interface 13 console configure console config interface gigabite...

Page 155: ...tion mode appears as follows console configure console config interface gigabitethernet gi_port fastethernet fa_port console config if Table 5 175 Ethernet interface configuration mode commands Command Value Default value Action sflow flow sampling rate id max header size bytes rate 0 1024 107374823 id 0 8 bytes 20 256 128 Define the average packet selection rate Summary selection rate is calculat...

Page 156: ...es are equipped with the hardware and software tools for diagnostics and manage of physical interfaces and communication lines You can test the following parameters For electrical interfaces cable length distance to the fault break or short circuit For optical interfaces power supply parameters voltage and current output optical power receiving optical power 5 23 1 Copper wire cable diagnostics Ca...

Page 157: ...iagnostics cable length interface gigabitethernet gi_port interface fastethernet fa_port Show the assumed cable length connected to the specific interface if the port number is not defined the command is executed for all ports The interface should be enabled and operate at 100Mbps or 1000Mbps Maximum cable length for testing should not exceed 120m Example execution of commands Test port 24 of the ...

Page 158: ...ernet interface configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console configure console config interface fastethernet fa_port gigabitethernet gi_port console config if Table 5 180 Ethernet interface configuration mode commands Command Value Default value Action optical transceiver threshold action parameter all none syslog snmp trap pa...

Page 159: ...led Port Temp Voltage Current Output Input LOS Transceiver C V mA Power Power Type mW dBm mW dBm gi1 0 24 58 3 25 20 09 0 58 2 30 0 00 40 00 Yes Fiber Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal ...

Page 160: ...istical data Measurement of network parameters can be done using various types of IP SLA operations Types of operations vary by protocols of generated traffic measurement methods and measured parameters At this time the following IP SLA operations are supported ICMP Echo UDP Jitter In order to use IP SLA operations you should Create operation of the desired type and configure it Execute the operat...

Page 161: ...ecution stops and goes into Inactive state until it is put back into the active state again For detailed information on the statistics contents see sections on IP SLA operation types 5 24 1 ICMP Echo operation Each time ICMP Echo operation executes device sends ICMP Echo request to the destination address waits for ICMP Echo reply and measures ICMP packet bi directional transit time ICMP Echo oper...

Page 162: ... 0 Set the value of Type of Service byte transmitted in Differentiated Services Field of the IP packet header byte value of Type of Service byte in Differentiated Services Field no tos Set the default Type of Service byte value tag string string 1 63 characters Define the text tag for operation no tag Remove the text tag For normal execution of ICMP Echo operation the value of operation execution ...

Page 163: ...evices Before creating UDP Jitter operation you should also configure UDP ports for IP SLA Responder on the remote device participating in packet exchange This UDP port should be specified as a destination port upon creation of UDP Jitter operation Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 187 Global configuration...

Page 164: ...a size bytes bytes 20 1432 30 bytes Set the number of bytes transmitted in UDP packet as a data payload bytes number of bytes no request data size Set the default number of bytes tos byte byte 1 255 0 Set the value of Type of Service byte transmitted in Differentiated Services Field of the IP packet header byte value of Type of Service byte in Differentiated Services Field no tos Set the default T...

Page 165: ... Packet unidirectional transit statistics may be empty because of the missing time synchronization on devices and generation of invalid values where Latest operation return code completion code of the last executed operation OK previous operation has been completed successfully Failed measurement attempt has failed Latest latency value the latest successfully measured bidirectional latency value L...

Page 166: ...t reach Disable the power saving mode for cable length green ethernet short reach threshold value value 0 70 40 meters Set the threshold value for short reach power saving mode no green ethernet short reach threshold Restore default setting Interface configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console config if Table 5 191 Ethernet i...

Page 167: ...off LU on off on 4 gi1 0 5 on off LU on off on 4 gi1 0 6 on off LU on off on 4 gi1 0 7 on off LU on off on 4 gi1 0 8 on off LU on off on 4 gi1 0 9 on off LU on off on 5 gi1 0 10 on off LU on off on 4 gi1 0 11 on off LU on off on 4 gi1 0 12 on off LU on off on 4 gi1 0 13 on on on off off LD gi1 0 14 on off LU on off off LL 60 gi1 0 15 on off LU on off off LL 60 gi1 0 16 on off LU on off off LL 60 g...

Page 168: ...configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console configure console config interface fastethernet fa_port gigabitethernet gi_port console config if Table 5 194 Ethernet interface configuration mode commands Command Value Default value Action power inline auto never auto This command allows to set the power supply system operation m...

Page 169: ...e Unit Power Nominal Consumed Usage Traps Temp C Power Power Threshold 1 On 300 Watts 50 Watts 17 95 Disable 0 2 Off 1 Watts 0 Watts 0 95 Disable 0 3 Off 1 Watts 0 Watts 0 95 Disable 0 4 Off 1 Watts 0 Watts 0 95 Disable 0 Port Powered Device State Status Priority Class gi1 0 1 IP Phone Model A Auto On High Class0 gi1 0 2 Wireless AP Model A Auto On Low Class1 gi1 0 3 Auto Off Low N A Show the powe...

Page 170: ...ible values Off port power supply is disabled by the administrator Searching port power supply is enabled waiting for PoE device connection On port power supply is enabled PoE device is connected Fault faulty port power supply The power requested by PoE device exceeds the available capacity or the power consumed by PoE device has exceeded the specified limit Classification Classification of the co...

Page 171: ...uration mode commands interface group Command Value Default value Action port security max num 1 128 1 Define the maximum address quantity that could be learnt by the port no port security max Restore the default value port security routed secure address mac_address MAC address format H H H H H H H H H H H H H H H Define the secured MAC address no port security routed secure address mac_address Re...

Page 172: ...28 fa_port 1 3 0 1 24 group 1 8 Activate the interface disabled by the port security function this command is available to privileged users only Example execution of commands Enable security function for Ethernet interface 15 Set the port learning restriction for port 1 After the MAC address has been learnt block the new address learning function for the interface and drop packets with unknown sou...

Page 173: ...force authorized disable 802 1X authentication on the interface Port will enter the authorized state without authentication force unauthorized transfer the port into unauthorized state All client authentication attempts are ignored the switch will not provide the authentication service for this port time time interval If this parameter is not defined the port will not be authorized no dot1x port c...

Page 174: ..._port 1 3 0 1 24 Show 802 1X statistics for the selected interface Example execution of commands Enable 802 1X authentication mode on the switch Use RADIUS server for client authentication checks on IEEE 802 1X interfaces Use 802 1x authentication mode on the Ethernet interface 18 console configure console config dot1x system auth control console config aaa authentication dot1x default radius cons...

Page 175: ...in mode 802 1X authentication mode Force auth Force unauth Auto Oper mode Port operation mode Authorized Unauthorized Down Reauth Control Re authentication control Reauth Period The period between the recurring authentication checks Username Username for 802 1X usage If the port is authorized the current user name is shown If the port is not authorized the last successfully authorized user name fo...

Page 176: ...thenticator EapolStartFramesRx The quantity of EAPOL Start packets received by the current authenticator EapolLogoffFramesRx The quantity of EAPOL Logoff packets received by the current authenticator EapolRespIdFramesRx The quantity of EAPOL Resp Id packets received by the current authenticator EapolRespFramesRx The quantity of EAPOL response packets except for Resp Id received by the current auth...

Page 177: ...efine the timeout between 802 1x authentication mode activation or port activation and adding port to guest VLAN no dot1x guest vlan timeout Restore the default value dot1x traps mac authentication success disable Enable trap message transmission when the client successfully passes the MAC address authentication based on 802 1x standard no dot1x traps mac authentication success Restore the default...

Page 178: ...single host violation Restore the default value dot1x guest vlan enable access denied Allow unauthorized users of this interface to access the guest VLAN The device should have at least one guest VLAN authorized dot1x guest vlan command in VLAN interface settings no dot1x guest vlan enable Deny unauthorized users of this interface to access the guest VLAN dot1x mac authentication mac only mac and ...

Page 179: ...1x protocol settings this command is available to privileged users only EXEC mode commands Command line request in EXEC mode appears as follows console Table 5 208 Privileged EXEC mode commands Command Value Action show dot1x bpdu Show 802 1x BPDU port security processing when 802 1x disabled globally 5 27 3 DHCP protocol management and Option 82 DHCP Dynamic Host Configuration Protocol is a netwo...

Page 180: ... protocol management in the scope of specific VLAN no ip dhcp snooping vlan vlan_id Disable DHCP protocol management in the scope of specific VLAN ip dhcp snooping information option allowed untrusted By default reception of DHCP packets with Option 82 from untrusted ports is disabled Allow to receive DHCP packets with Option 82 from untrusted ports no ip dhcp snooping information option allowed u...

Page 181: ...he TR 101 recommendations Field Information sent Circuit ID device hostname string appearance eth stacked slotid interfaceid vlan The last byte number of the port that the device which sent dhcp request is connected to Remote agent ID Enterprise number 0089c1 Device MAC address able 5 211 Option 82 field format in custom mode Field Information sent Circuit ID Length 1 byte Circuit ID type Length 1...

Page 182: ...VLAN group and IP address for the selected interface into the DHCP management file database This record will be valid for the lifetime specified in the command unless the client sends the renewal request to DHCP server Timer will be reset upon the renewal request receiving from the client this command is available to privileged users only seconds record lifetime infinity record lifetime is unlimit...

Page 183: ...match table and IP Source Guard static matches Thus IP Source Guard eliminates IP address spoofing in packets Given that the IP address protection function uses DHCP snooping match tables it is worth using this function with DHCP snooping pre configured and enabled Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 215 Glo...

Page 184: ...d line request in Privileged EXEC mode appears as follows console Table 5 217 Privileged EXEC mode commands Command Value Action ip source guard tcam locate Manually start the access to internal resources for storing the inactive secured IP addresses into the memory This command is available to privileged users only EXEC mode commands Command line request in EXEC mode appears as follows console Ta...

Page 185: ...ch of MAC and IP addresses for this port should be statically configured Otherwise the port will not respond to ARP requests For untrusted ports IP and MAC address match verification is performed Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 219 Global configuration mode commands Command Value Default value Action ip ...

Page 186: ...ble 5 220 Ethernet interface configuration mode commands interface group Command Default value Action ip arp inspection trust The interface is not trusted by default Add the interface into the trusted interface list when ARP management is used Trusted interface ARP traffic is deemed as safe and not controlled no ip arp inspection trust Remove the interface from the trusted interface list when ARP ...

Page 187: ...ses list occur the switch saves information to the table and notifies the user with SNMP protocol message Function has configurable parameters the event history depth and the minimum message transmission interval MAC Address Notification service is disabled by default and can be configured selectively for the specific switch ports Global configuration mode commands Command line request in global c...

Page 188: ...ch interface for MAC address state change events You can enable generation of notifications only for MAC address learning or removal Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows console Table 5 225 Privileged EXEC mode commands Command Value Action show mac address table notification change history interfaces Show all notifications on MAC address st...

Page 189: ...ure up to 8 servers Specify available DHCP server IP address for DHCP Relay agent no ip dhcp relay address ip_address Remove the IP address from DHCP server list for DHCP Relay agent ip dhcp relay information policy keep replace drop The keep mode is enabled by default Define the processing mode for DHCP packets with Option 82 keep skip packets unchanged replace replace the Option 82 content drop ...

Page 190: ...ace identification on the access server BRAS Broadband Remote Access Server PPPoE Active Discovery packets are controlled and intercepted globally for the entire device and selectively for each individual interface Implementation of the PPPoE IA function provides additional control options for protocol messages by assigning trusted interfaces Global Configuration Mode Commands Command line request...

Page 191: ...ifier should be configured in all switch interfaces with PPPoE IA The command in negative form restores the default setting no pppoe intermediate agent trust The interface is not trusted by default Makes an interface trusted untrusted Command adds or removes an interface to from the list of trusted interfaces Interfaces with connected PPPoE servers are configured as trusted Interfaces with connect...

Page 192: ...r option for the switch no ip dhcp server Disables the DHCP server option for the switch ip dhcp pool host name 1 32 characters Enters the configuration mode for static addresses of DHCP server no ip dhcp pool host name Deletes configuration of the DHCP client with the specified name ip dhcp pool network name 1 32 characters Enters the configuration mode for DHCP address pool of DHCP server name n...

Page 193: ...figuration mode Command Value Action address network number low low address high high address mask prefix length Sets the subnet number and mask for address poll of DHCP server network number IP address of the subnet number low address the first IP address of the range high address the last IP address of the range mask prefix length subnet mask prefix length no address Removes configuration of DHC...

Page 194: ...default value bootfile filename 1 128 characters Specifies the name of the file which is used for boot load of DHCP client no bootfile Sets the default value time server ip_address_list The list of servers is not defined by default Defines the list of time servers available to DHCP clients ip_address_list list of TFTP server IP addresses may contain up to 8 space delimited entries no time server S...

Page 195: ...ocols and TCP UPD ports In order to implement the ACL function the switch uses TCAM Ternary Content Addressable Memory system resources This resource is used for implementation of other device functions for example Selective Q in Q Given that TCAM life span is limited there are two modes of its utilization for various circumstances These modes are named ACL only and ACL SQinQ In ACL only mode the ...

Page 196: ... list extended access list Creates a new MAC ACL and enters its configuration mode if the list has not been created yet or the configuration mode of a previously created list no mac access list extended access list Removes a MAC ACL time range time_name 1 32 characters Enters the time range configuration mode and defines time periods for the access list range_name profile name for time range setti...

Page 197: ...faces access lists counters gigabitethernet gi_port fastethernet fa_port port channel group gi_port 1 3 0 1 28 fa_port 1 3 0 1 24 group 1 8 Displays ACL counters EXEC Mode Commands Command line in the EXEC mode appears as follows console Table 5 241 ACL display commands Command Value Action show time range range_name range_name 1 32 characters Show the time period configuration 5 31 1 IPv4 ACL Con...

Page 198: ...sk you can define filtering rules for the IP network To add IP network 195 165 0 0 to the filtering rule you should define the 0 0 255 255 as the mask value According to this mask the last 16 bits of the IP address will be ignored destination_ip Destination IP address Specify the packet destination IP address destination_ip_wildcard Destination IP address mask Bit mask that is applied to the packe...

Page 199: ...L may have its own templates list defined index Rule index The index indicates position of the rule in a list and its priority The lower the index the higher the priority The possible values are 1 2 147 483 647 In order to select the whole range of parameters except dscp and ip precedence the any parameter is used As soon as at least one record has been added to ACL the last record is set by defau...

Page 200: ...IP protocol Packets which fulfil the record s requirements will be blocked by the switch If the disable port keyword is specified the physical interface receiving the packet will be disabled If the log input keyword is specified the physical a message will be sent to the system log deny icmp any source_ip source_ip_wildcard any destination_ip destination_ip_wildcard any icmp_type any icmp_code dsc...

Page 201: ...sole config ipv6 access list MESipv6 console config ipv6 al Table 5 244 Main parameters of commands Parameter Value Action permit Permit Creates a permitting filtration rule in ACL deny Deny Creates a denying filtration rule in ACL protocol Protocol The field is used to specify a protocol or all protocols filtration will be based on The following protocol options are available icmp tcp udp or the ...

Page 202: ...d which corresponds to the record offset_list_name Name of the bit fields list Specifies that the user templates list should be used for packets recognition Every ACL may have its own templates list defined index Rule index The index indicates position of the rule in a table The lower the index the higher is the priority 1 2 147 483 647 In order to select the whole range of parameters except dscp ...

Page 203: ... the disable port keyword is specified the physical interface receiving the packet will be disabled If the log input keyword is specified the physical a message will be sent to the system log deny tcp any source_prefix length any source_port any destination_prefix length any destination_port dscp dscp precedence precedence match all list_of_flags time range time_name disable port log input offset ...

Page 204: ...ation destination_wildcard A bit mask applied to MAC address of the packet destination The mask defines the bits of the MAC address which should be ignored 1 should be written to all ignored bites The mask is used the same way as the source_wildcard mask vlan_id Range of values 0 4095 VLAN subnetwork for packets filtering cos Range of values 0 7 Class of service CoS for packets filtering cos_wildc...

Page 205: ...ist with the name specified in the name field The name should contain from 1 to 32 characters One command may contain up to 4 templates having the following parameters offset_base basic offset Possible values L2 beginning of Ethertype offset outer tag beginning of STAG offset inner tag beginning of CTAG offset src mac beginning of source MAC offset dst mac beginning of destination MAC offset offse...

Page 206: ...sole config Table 5 249 Configuration commands for protection from DoS attacks Parameter Value Action security suite deny martian addresses reserved add ip_address remove ip_address ip_address IP address Denies frames with invalid Martian IP source addresses loopback broadcast multicast ip_address valid IP address security suite dos protect add remove stacheldraht invasor trojan back orifice troja...

Page 207: ...priority depending on the type of data being sent 5 33 1 QoS Configuration Global Configuration Mode Commands Command line request in the global configuration mode appears as follows console config Table 5 251 Global configuration mode commands Command Value Default Value Action qos basic advanced basic Enables QoS in the switch basic QoS basic mode advanced QoS advanced configuration mode which p...

Page 208: ...n template cannot be deleted if it is used in the policy map strategy The template assignment to the strategy should be removed before the template deletion no police aggregate aggregate policer name Valid for the qos advanced mode only no qos aggregate policer aggregate policer name Deletes a template of channel rate configuration wrr queue cos map queue id cos1 cos8 queue id 1 4 cos1 cos8 0 7 Co...

Page 209: ... 24 39 queue 3 DSCP 40 47 queue 4 DSCP 48 63 queue 3 Sets correspondence between DSCPs of incoming packets and queues dscp list defines up to 8 DSCP values separated by spaces Valid for the qos advanced mode only no qos map dscp queue dscp list Sets the default values qos map dscp dp dscp list to dp dscp list 0 63 dp 0 2 All packets have dp 0 drop priority by default Specifies the drop priority co...

Page 210: ...nes traffic filtration rules according to ACL for the classification Valid for the qos advanced mode only no match access group acl name Removes a traffic classification criterion Commands of the Configuration Mode for Traffic Classification Strategy Command line request of the configuration mode for traffic classification strategy appears as follows console configure console config policy map pol...

Page 211: ...burst byte exceed action drop policed dscp transmit committed rate 3 12 582 912 kbps committed burst 3000 19 173 960 bytes Allows bandwidth limitation and at the same time guarantees a certain data transfer rate The marked bucket algorithm is used for work with bandwidth The goal of the algorithm is to make a decision whether to send or drop a packet The algorithm parameters are the rate of token ...

Page 212: ...enabled Enables the basic QoS for the interface Valid for the qos basic mode only no qos trust Disables the basic QoS for the interface rate limit rate burst rate 3 1000000 kbps burst 3000 19 173 960 bytes 128 kilobytes Limits incoming traffic rate rate traffic speed kbps burst restrictive threshold value speed limit in bytes The command is available only in the Ethernet interface configuration mo...

Page 213: ...d sets the following rate limitations average rate 1000 kbps threshold 200 000 bytes Use the strategy for Ethernet 14 and 16 interfaces console console configure console config ip access list tcp_ena console config ip al permit tcp any any dscp 12 console config ip al permit tcp any any dscp 16 console config ip al exit console config qos advanced console config qos map dscp queue 12 to 1 console ...

Page 214: ...uration mode for Ethernet interface and a group of ports appears as follows console config if Table 5 258 Commands of interface configuration for Ethernet interface Command Value Action qos statistics policer policy map name class map name policy map name 1 32 characters class map name 1 32 characters QoS statistics is disabled by default Enables QoS statistics for the interface policy map name tr...

Page 215: ...used for loading the software When pressing key 1 following message will be displayed in console Downloading code using XMODEM Now when device is ready to receive the file it is required to transfer it with help of X Modem protocol After the file is received the device would restart automatically 2 Erase Flash File Erase Flash File This procedure is used for removal of device configuration In orde...

Page 216: ...ing mode 4 Back Enter your choice or press ESC to exit Description of Stack menu is in table 4 3 6 Back Exit menu To exit the menu and load the device press 6 or esc key Table 6 2 Description of Stack menu handling parameters of device stack Menu name Description 1 Show unit stack id Overview of device ID in stack To see device ID in stack press 1 key Current working mode is stacking Unit stack id...

Page 217: ...s active system software file Selection of active file is executed by following command boot system image 1 image 2 unit unit_id where unit_id is a number of device in stack for device operating in independent mode number of device is not set image 1 image 2 file of system software When working in stack if number of device is not set this command is applied to master device To view current version...

Page 218: ...will be executed during next loading 4 Reboot the switch by command reload console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n Confirm reboot by entering y 6 2 2 Update of loading file of the device initial loader Initial loader is launched just after device power switch on With help of loading file procedure of system testing d...

Page 219: ...h 512 bytes of information each Point means that during copying time out of packages from TFTP server occurred Several points in line can mean that error occurred during copying 2 Reboot the switch by command reload console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n Confirm reboot by entering y ...

Page 220: ...iguration of protocol of multiple spanning trees When one of switches is fault or the channel is broken multiple trees MSTP are rebuild which allows minimizing consequences of the fault Below you can find switches configuration process For faster configuration common configuration template is created this template is uploaded to TFTP server and later is used for configuration of all switches 1 Cre...

Page 221: ...n was completed successfully 726 bytes copied in 00 00 13 hh mm ss console config if do reload You haven t saved your changes Are you sure you want to continue Y N N Y This command will reset the whole system and disconnect your current session Do you want to continue Y N N Y Shutting down console configure console config interface vlan 1 console config if no ip address console config if ip addres...

Page 222: ...witch configuration in which substitution of VLAN 100 101 and 102 to 200 201 and 202 is made console configure console config vlan database console config vlan vlan 200 202 console config vlan exit console config interface GigabitEthernet 1 0 24 console config if switchport mode trunk console config if switchport trunk allowed vlan add 200 202 console config if selective qinq list ingress override...

Page 223: ... multi address traffic traffic of users and control console config interface gi1 0 1 console config if switchport mode trunk console config if switchport trunk allowed vlan add 100 124 1000 1200 console config if exit 5 Configure IGMP snooping globally and on interfaces console config ip igmp snooping console config ip igmp snooping vlan 1000 console config ip igmp snooping vlan 1000 querier conso...

Page 224: ... snooping console config ip igmp snooping vlan 100 console config ip igmp snooping map cpe vlan 5 multicast tv vlan 1000 console config ip igmp snooping map cpe vlan 6 multicast tv vlan 1001 6 Configure control interface console config interface vlan 1200 console config if ip address 192 168 33 100 255 255 255 0 console config if exit Configuration of IGMP Query Authorization via RADIUS The exampl...

Page 225: ...1 0 1 10 console config switchport access vlan 30 console config bridge multicast unregistered filtering console config multicast snooping authorization radius console config exit console config interface gigabitethernet 1 0 4 console config switchport mode trunk console config switchport trunk allowed vlan add 30 console config exit console config interface vlan 1 console config ip address 10 113...

Page 226: ...network topology there is only one ring In this case it is required to define for it only EAPS domain 2 Topology one domain with several rings In topology of network 3 rings can be 2 or more and 2 common hubs between them In this case it is required to define EAPS domain and establish one ring as main and rest of rings as secondary ...

Page 227: ... MES2000 Ethernet Switches 227 3 Topology several domains with common rings In network topology 2 rings can be more than two with one common hub In this case it is required to define EAPS domain for each ring ...

Page 228: ...ow protocol SFMG HCLT Receiving and processing configuration commands of lower level device EVLC Processing of events about change of port status lower level transfer to higher level SELC Receiving events about change of port status lower level transfer to lower level EVAU Processing of events Address Update lower level transfer to higher level SEAU Receiving events Address Update lower level tran...

Page 229: ...face configuration change and transfer messages to registered services LBDR Configuration and receipt of Loopback Detection packages LBDT Sending Loopback Detection packages SFSM Processing sFlow NSCT Configuration of packages interception rate on CPU maintenance of statistics for intercepted packages BRGS Brige security arp inspection dhcp snooping dhcp relay agent ip source guard pppoe intermedi...

Page 230: ...Automatic update and automatic configuration BTPC BOOTP client SETX Receipt of events of end of package sending from CPU to switch lower level EVTX Processing of events of end of package sending from CPU to switch lower level SERX Receipt of events of receipt of package from switch to CPU lower level EVRX Processing of events of receipt of package from switch to CPU lower level transfer of package...

Page 231: ...n 630020 Novosibirsk 29 Okruzhnaya Str Phone 7 383 274 47 87 7 383 272 83 31 E mail techsupp eltex nsk ru In official website of the Eltex Ltd you can find technical documentation and software for products advert to knowledge base leave your interactive inquiry or ask for consultation from engineers of Service center in our technical forum http www eltex nsk ru en http www eltex nsk ru en support ...

Search results

Summary of Contents for MES1000

Reviews:

ELTEX MES1000, Operation Manual, Page: 135 / 231

Search results

Summary of Contents for MES1000

Reviews: