manualshive.com logo in svg

ELTEX MES23xx, Operation Manual

The ELTEX MES23xx Operation Manual is available for free download on our website. This comprehensive manual provides detailed instructions and guidelines for efficiently operating the ELTEX MES23xx product. Visit manualshive.com to easily access and download this user manual, ensuring you have all the necessary information for optimal product use.

Share
Download
background image

 

 

MES53xx, MES33xx, MES23xx Ethernet Switch Series

  

182 

Table 5.210. DoS attack protection configuration commands 

Parameter 

Value/Default value 

Action 

security-suite deny 
martian-addresses 
[reserved] {add | remove} 

ip_address

 

ip_address: 

IP address 

Block  frames  with  invalid  (Martian)  IP  source  addresses 
(loopback, broadcast, multicast). 

security-suite deny syn-fin 

Drops tcp packets that have both SYN and FIN flags. 

security-suite dos protect 
{add | remove} 
{stacheldraht | 
invasor­trojan | 
back­orifice-trojan} 

Drop/allow  certain  types  of  traffic  that  is  commonly  used  by 
malware: 

- stacheldraht

 - filter out TCP packets with source port 16660; 

-  invasor-trojan

  -  filter  out  TCP  packets  with  destination  port 

2140 and source port 1024; 

-  back-orifice-trojan

  -  filter  out  UDP  packets  with  destination 

port 31337 and source port 1024. 

security-suite enable 

-/disabled 

Enable the security-suite command class. 

no security-suite enable 

Disable the security-suite command class. 

Ethernet or port group interface configuration mode commands.

 

Command line prompt in the Ethernet or port group interface configuration mode is as follows: 

console (config-if)# 

Table 5.211. Configuration commands for interface protection from DoS attacks. 

Command 

Value/Default value 

Action 

security-suite deny 
{fragmented | icmp | syn} 
{add | remove} {any |

 

ip_address 

[

mask

]}

 

ip_address: IP address; 

mask: mask in the form of 

IP address or prefix 

Creates a rule denying traffic that match the criteria. 

fragmented

 - fragmented packets; 

icmp

 - ICMP traffic; 

syn

 - syn packets. 

no security-suite deny 
{fragmented | icmp | syn} 

Delete a 'deny' rule. 

security-suite dos 
syn­attack 

rate

{any |

 

ip_address 

[

mask

]}

 

rate: (199..2000) packets 

per second; 

ip_address

: IP address; 

mask: mask in the form of 

IP address or prefix 

Specify  a  threshold  for  syn  requests  for  a  specific  IP 
address/network.  All  frames  exceeding  the  threshold  will  be 
dropped. 

no security-suite dos 
syn­attack {any |

 

ip_address 

[

mask

]} 

Restore the default value. 

11.5

 

Quality of Services (QoS) 

All ports of the switch use the FIFO principles for queuing packets: first in  - first out. This method 

may cause some issues with high traffic conditions because the device will ignore all packets which are not 
included  into  the  FIFO  queue  buffer,  i. e.  such  packets  will  be  permanently  lost.  This  can  be  solved  by 
organizing queues by traffic priority. The QoS mechanism (Quality of Service) implemented in the switches 
allows organisation of 8 queues by packet priority depending on the type of transferred data. 

11.5.1

 

QoS Configuration 

Global configuration mode commands 

Command line prompt in the global configuration mode is as follows: 

console(config)# 

Summary of Contents for MES23xx

Page 1: ...MES53xx MES33xx MES23xx Operation Manual Firmware Version 4 0 4 Backbone Switches Aggregation Switches Access Switches ...

Page 2: ...5 17 1 Rules of multicast addressing 5 17 2 Agent function of IGMP IGMP Snooping 5 19 1 AAA mechanism 5 19 2 RADIUS protocol 5 19 4 TACACS protocol 5 19 5 SNMP Version 1 3 22 07 2016 Chapter added 5 15 6 Configuring G 8032v2 ERPS Changes in sections 2 2 3 L2 functions of the OSI model 5 4 Command of system control 5 8 2 VLAN interface configuration 5 19 1 AAA mechanism 5 19 8 1 Telnet SSH HTTP and...

Page 3: ...upply 30 3 5 Battery connection to MES2324B MES2324FB MES2348B 31 3 6 SFP transceiver installation and removal 31 4 INITIAL SWITCH CONFIGURATION 33 4 1 Configuring the Terminal 33 4 2 Turning on the device 33 4 3 Startup menu 34 4 4 Switch operation modes 34 4 4 1 Switch operation in stacking mode 34 4 5 Switch function configuration 36 4 5 1 Basic switch configuration 36 4 5 2 Security system con...

Page 4: ...estriction 113 7 2 5 IGMP Proxy multicast routing function 115 7 3 Multicast routing PIM protocol 116 7 4 Control functions 119 7 4 1 AAA mechanism 119 7 4 2 RADIUS 123 7 4 4 TACACS 125 7 4 5 Simple network management protocol SNMP 126 7 4 6 Remote network monitoring protocol RMON 129 7 4 7 ACL access lists for device management 136 7 4 8 Access configuration 137 7 5 Alarm log SYSLOG protocol 141 ...

Page 5: ...tion 188 11 6 1 Static Routing Configuration 188 11 6 2 RIP Configuration 189 11 6 3 OSPF and OSPFv3 configuration 191 11 6 4 Configuration of Virtual Router Redundancy Protocol VRRP 196 12 SERVICE MENU CHANGE OF FIRMWARE 198 12 1Startup Menu 198 12 2Updating firmware from TFTP server 198 12 2 1 System firmware update 198 APPENDIX A EXAMPLE OF DEVICE USAGE AND CONFIGURATION 201 APPENDIX B CONSOLE ...

Page 6: ...indicates the default value Calibri Italic Calibri Italic is used to indicate variables and parameters that should be replaced with an appropriate word or string Bold Notes and warnings are shown in semibold Bold Italic Keyboard keys are shown in bold italic within angle brackets Courier New Command examples are shown in Courier New Bold Courier New Command execution results are shown in Courier N...

Page 7: ...uires a network topology that will allow flexible distribution of high speed data flows MES53xx MES33xx MES23xx series switches can be used in large enterprise networks SMB networks and carrier networks These switches deliver high performance flexibility security and multi tier QoS MES5324 and MES3324 switches provide better availability due to protection of nodes that enable fail over operation a...

Page 8: ...00 1000Base T ports supporting PoE and 2x10 100 1000Base T ports 2x1000Base X SFP ports The switches provide end users with connection to SMB networks and carrier networks through the Gigabit Ethernet interface 2 2 Switch Features 2 2 1 Basic Features Table 2 1 lists the basic administrable features of the devices of this series Table 2 1 Basic features of the device Head of Line blocking HOL HOL ...

Page 9: ... IGMP implementation analyses the contents of IGMP packets and discovers network devices participating in multicast groups and forwards the traffic to the corresponding ports MLD Snooping Multicast Listener Discovery MLD protocol implementation allows the device to minimize multicast IPv6 traffic MVR Multicast VLAN Registration This feature can redirect multicast traffic from one VLAN to another u...

Page 10: ...es must support standard IEEE 802 3ah GARP VLAN GVRP GARP VLAN registration protocol dynamically add removes VLAN groups on the switch ports If GVRP is enabled the switch identifies and then distributes the VLAN inheritance data to all ports that form the active topology Port Based VLAN Distribution to VLAN groups is performed according to the ingress ports This solution ensures that only one VLAN...

Page 11: ...management OSPF protocol Open Shortest Path First A dynamic routing protocol that is based on a link state technology and uses Dijkstra s algorithm to find the shortest route OSPF protocol distributes information on available routes between routers in a single autonomous system Supported by MES5324 MES3324F switches Virtual Router Redundancy Protocol VRRP VRRP is designed for backup of routers act...

Page 12: ...nooping binding database and statically configured IP addresses This feature is used to prevent IP address spoofing Dynamic ARP Inspection Protection A switch feature designed for protection from ARP attacks The switch checks the message received from the untrusted port if the IP address in the body of the received ARP packet matches the source IP address If these addresses do not match the switch...

Page 13: ...ta Syslog Syslog is a protocol designed for transmission of system event messages and error notifications to remote servers Simple Network Time Protocol SNTP SNTP is a network time synchronization protocol it is used to synchronize time on a network device with the server and can achieve accuracy of up to 1ms Traceroute Traceroute is a service feature that allows the user to display data transfer ...

Page 14: ... use this function these features should be supported by the transceiver Green Ethernet This mechanism reduces power consumption of the switch by disabling inactive electric ports 2 3 Main specifications Table 2 9 lists main specifications of the switch Table 2 9 Main specifications General parameters Packet processor MES5324 Marvell 98CX8129 A1 Hooper MES3324F Marvell 98DX3336 A1 PonCat3 MES2324 ...

Page 15: ...MES2348B 12Mb MES2348B 24 Mb MAC Address Table MES5324 64K entries some MAC addresses are reserved by the system MES3324F MES2324 MES2324B MES2324FB MES2348B MES2308 MES2308P 16K entries some MAC addresses are reserved by the system TCAM routing volume MES5324 2 K MES3324F 3 K MES2324 MES2324B MES2324FB MES2348B MES2308 MES2308P 1 K L3 Unicast routs number MES5324 8K MES3324F 13K MES2324 MES2324B ...

Page 16: ...erfaces 1 10 40 Gbpselectric interfaces 10 100 1000Mbps SQinQ rules number MES5324 1375 ingress 75 egress MES3324F 1320 ingress 72 egress MES2324 MES2348B MES2324BM ES2324F MES2308 MES2308P 360 ingress 72 egress VLAN support up to 4K active VLANs as per 802 1Q Quality of Services QoS Traffic priority 8 tiers 8 output queues with different priorities for each port Total number of VRRP routers 255 T...

Page 17: ...nd ambient conditions Power supply MES5324 MES3324F AC 220V 20 50 Hz DC 36 72V Power options Single AC or DC power supply Two AC or DC hot swappable power supplies MES2324 MES2308 MES2308P AC 220V 20 50 Hz MES2324B MES2324FB MES2348B AC 220V 20 50 Hz and a lead acid battery Charger specifications charge current 1 7 A voltage of the load current release 10 10 5 V threshold voltage for low batter in...

Page 18: ...scription of connectors LED indicators and controls Ethernet switches MES53xx MES33xx MES23xx have a metal enclosed design for 1U 19 racks 2 4 1 Appearance and description of the front panel of MES53xx MES33xx MES23xx switches Front panel layout of the MES53xx MES33xx and MES23xx series is shown in Figure 1 8 Figure 1 MES5324 front panel Table 2 10 lists connectors LEDs and controls located on the...

Page 19: ...nd resets it to factory default configuration pressing the key for less than 10 seconds reboots the device pressing the key for more than 10 seconds resets the device to factory default configuration 7 1 24 Slots for 10G SFP 1G SFP transceivers 8 XLG1 XLG2 XLG3 XLG4 Slots for XLG1 XLG4 transceivers Transceivers 40GQSFP Figure 2 MES3324F front panel Table 2 11 lists connectors LEDs and controls loc...

Page 20: ... it to factory default configuration pressing the key for less than 10 seconds reboots the device pressing the key for more than 10 seconds resets the device to factory default configuration 5 1 24 Slots for 1GSFP transceivers 6 11 12 23 24 Combo ports 10 100 1000 Base T RJ45 ports 7 XG1 XG2 XG3 XG4 Slots for 10GSFP 1GSFP transceivers Figure 3 MES2324 front panel Figure 4 MES2324B front panel Figu...

Page 21: ...erface status LED 7 XG1 XG2 XG3 XG4 Slots for 10GSFP 1GSFP transceivers Table 2 13 lists connectors LEDs and controls located on the front panel of the MES2324B MES2324FB MES2348B switches Table 2 13 Description of MES2324B 2324FB 2 MES2348B connectors LEDs and front panel controls No Front panel element Description 1 110 250VAC 60 50Hz max 2A Connector for AC power supply 2 12VDC max 3A Terminals...

Page 22: ...348B 48 x 10 100 1000Base T RJ 45 7 Link Speed Optical interface status LED 8 XG1 XG2 XG3 XG4 Slots for 10GSFP 1GSFP transceivers Figure 7 MES2308 front panel Figure 8 MES2308P front panel Table 2 14 lists connectors LEDs and controls located on the front panel of the MES2308 MES2308P Table 2 14 Description of MES2308 2308P connectors LEDs and front panel controls Front panel element Description 1...

Page 23: ...status LED 8 11 12 Slots for 1GSFP tranceivers 2 5 Rear panel of the device The rear panel layout of MES5324 series switches is depicted in Figure 9 Figure 9 MES5324 rear panel Table 2 15 lists rear panel connectors of the switch Table 2 15 Description of the rear panel connectors of the switch No Rear panel element Description 1 Earth bonding point Earth bonding point of the device 2 Removable fa...

Page 24: ...f MES23xx series switches is depicted in Figure Ошибка Источник ссылки не найден Ошибка Источник ссылки не найден Figure 11 MES2324 MES2324B rear panel Figure 12 MES2324FB rear panel Figure 13 MES2348B rear panel Table 2 17 Description of the rear panel connectors of the MES2324 MES2348B switches Rear panel element Description 1 Earth bonding point Earth bonding point of the device 2 Fans 3 12VDC ...

Page 25: ...s of the device have air vents for heat removal Do not block air vents This may cause the components to overheat which may result in device malfunction For recommendations on device installation see section Installation and connection 2 5 2 Light Indication Ethernet interface status is represented by two LEDs green LINK ACT and red SPEED Location of LEDs is shown in Figure 15 17 Figure 17 QSFP tra...

Page 26: ...d on Flashes Data transfer is in progress Table 2 19 XG port state LED SPEED indicator is lit LINK ACT indicator is lit Ethernet interface state Off Off Port is disabled or connection is not established Off Solid on 1 Gbps connection is established Solid on Solid on 10 Gbps connection is established X Flashes Data transfer is in progress Unit ID 1 8 LED indicates the stack unit number System indic...

Page 27: ...ation mode Solid green Backup power supply is connected and in normal operation Solid red Backup power supply is missing or failed Off Backup power supply is not connected Battery MES2324B MES2324FB MES2348B Battery status LED Solid green Battery connected power good Flashing green Battery charging Solid orange Main power disconnected battery discharging Flashing red green Low battery Solid red Ba...

Page 28: ...ing 1 Align four mounting holes in the support bracket with the corresponding holes in the side panel of the device 2 Use a screwdriver to screw the support bracket to the case 3 Repeat steps 1 and 2 for the second support bracket 3 2 Device rack installation To install the device to the rack 1 Attach the device to the vertical guides of the rack 2 Align mounting holes in the support bracket with ...

Page 29: ...igure 21 Device rack installation Figure 22 shows an example of MES5324 rack installation Figure 22 MES5324 switch rack location Do not block air vents and fans located on the rear panel to avoid components overheating and subsequent switch malfunction ...

Page 30: ... or by checking diagnostics available through the switch management interfaces 3 4 Connection to power supply 1 Prior to connecting the power supply the device case must be grounded Use an insulated stranded wire to ground the case The grounding device and the ground wire cross section must comply with Electric Installation Code 2 If you intend to connect a PC or another device to the switch conso...

Page 31: ...erved when connecting the battery Battery capacity min 20Ah Figure 24 Connecting the battery to the device 3 6 SFP transceiver installation and removal Optical modules can be installed when the terminal is turned on or off 1 Insert the top SFP module into a slot with its open side down and the bottom SFP module with its open side up Figure 25 SFP transceiver installation 2 Push the module When it ...

Page 32: ...ch Series 32 Figure 26 Installed SFP transceivers To remove a transceiver perform the following actions 1 Unlock the module s latch Figure 27 Opening SFP transceiver latch 2 Remove the module from the slot Figure 28 SFP transceiver removal ...

Page 33: ...g from SPI flash General initialization Version 1 0 0 High speed PHY Version 2 1 5 COM PHY V20 Update Device ID PEX0784611AB Update Device ID PEX1784611AB Update Device ID PEX2784611AB Update Device ID PEX3784611AB Update Device ID PEX4784611AB Update Device ID PEX5784611AB Update Device ID PEX6784611AB Update Device ID PEX7784611AB Update Device ID PEX8784611AB Update PEX Device ID 0x78460 High s...

Page 34: ...3_Q3 0 4 0 1 Loading system images active image Autoboot in 2 seconds press RETURN or Esc to abort and enter prom Startup menu view Startup Menu 1 Restore Factory Defaults 2 Password Recovery Procedure 3 Back Enter your choice or press ESC to exit Table 4 1 Startup menu interface functions Function Description Restore Factory Defaults Restore factory default configuration Password Recovery Procedu...

Page 35: ...lue Action stack configuration links fo1 4 te1 4 gi9 12 Assign the interfaces to synchronize switch in the stack stack configuration unit id unit_id unit_id 1 8 auto auto Specify the device number unit id to a local device where the command is executed The device number change takes effect after the switch is restarted no stack configuration Remove stack settings stack unit unit_id unit_id 1 8 all...

Page 36: ...ole write 4 5 1 Basic switch configuration Prior to configuration connect the device to the PC using the serial port Run the terminal emulation application on the PC according to Paragraph 4 1 Terminal Configuration During initial configuration you can define which interface will be used for remote connection to the device Basic configuration includes 1 Set up the admin password with level 15 priv...

Page 37: ...physical port port group by default VLAN 1 interface has the IP address 192 168 1 239 mask 255 255 255 0 Gateway IP address should belong to the subnet that has one of the IP interfaces of the device If the IP address is configured for the physical port or port group interface this interface will be deleted from its VLAN group If all switch IP addresses are deleted you can access it via IP 192 168...

Page 38: ...dress I F I F Status Type Directed Prec Redirect Status admin oper Broadcast 10 10 10 3 24 vlan 1 UP UP DHCP disable No enable Valid 4 5 1 4 Configuring SNMP settings for accessing the device The device equipped with an integrated SNMP agent and supports protocol versions 1 2 3 The SNMP agent supports standard MIB variables To enable device administration via SNMP you have to create at least one c...

Page 39: ... system security the switch uses AAA mechanism Authentication Authorization Accounting The SSH mechanism is used for data encryption Authentication the process of mapping with the existing account in the security system Authorization access level verification the process of defining specific privileges for the existing account already authorized in the system Accounting user resource consumption m...

Page 40: ...ion default console config line enable authentication default console config line password telnet Enter telnet in response to the password prompt that appears during the registration in the telnet session 4 5 2 3 Setting SSH password console config aaa authentication login default line console config aaa authentication enable default line console config ip ssh server console config line ssh consol...

Page 41: ...ngs of the switch Global configuration mode commands are available in any configuration submode Use the configure command to enter this mode console configure console config Terminal configuration mode line configuration This mode is designed for terminal operation configuration You can enter this mode from the global configuration mode console config line console telnet ssh console config line 5 ...

Page 42: ...t is as follows console console config console config line Table 5 3 Basic commands available in all configuration modes Command Value Default value Action exit Exit any configuration mode to the upper level in the CLI command hierarchy end Exit any configuration mode to the command mode Privileged EXEC do Execute a command of the command level EXEC from any configuration mode help Show help on av...

Page 43: ... Value Default value Action begin pattern Show strings that begin with the pattern include pattern Display all strings that contain the template exclude pattern Display all strings that doesn t contain the template 5 3 Macrocommand configuration Using this function you can create unified sets of commands macros to be later used for configuration purposes Global configuration mode commands Command ...

Page 44: ... 4 System management commands EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 10 System management commands in EXEC mode Command Value Default value Action ping ip A B C D host size size count count timeout timeout source A B C D host 1 158 characters size 64 1518 64 bytes count 0 65535 4 timeout 50 65535 2000 ms This command is used to transmit ICMP requests ...

Page 45: ...535 23 Open TELNET session for the network node A B C D network node IPv4 address host domain name of the network node port TCP port which is used by Telnet keyword keyword Specific Telnet commands and keywords are given in tables 5 14 ssh A B C D host port keyword1 host 1 158 characters port 1 65535 22 Open SSH session for the network node A B C D network node IPv4 address host domain name of the...

Page 46: ...tes hh mm minutes 1 999 hh 0 23 mm 0 59 Set the time period for delayed device restart reload at hh mm hh 0 23 mm 0 59 Set the device reload time reload cancel Cancel delayed restart show cpu utilization Show statistics on CPU load show cpu input rate Show statistics on the speed of ingress frames processed by CPU Example use of the traceroute command console traceroute ip eltex com Tracing the ro...

Page 47: ...ne EL command through telnet x Return to the command line mode You can also use additional options in the Telnet and SSH open session commands Table 5 15 Keywords used in the Telnet and SSH open session commands Option Description echo Locally enable the echo function suppress console output password Set the password for the SSH server quiet Suppress output of all Telnet messages source interface ...

Page 48: ...es ipv6 entries ipv6_entries ipm entries ipm_entries ipmv6 entries ipmv6_entries ip_entries 8 8024 5120 ipv6_entries 32 8048 1024 ipm_entries 8 8024 512 ipmv6_entries 32 8048 512 Set the size of the routing table 5 5 Password parameters configuration commands This set of commands is used to configure minimum complexity and validity period for the password Global configuration mode commands Command...

Page 49: ... 19 Table 5 19 Keywords and their description Keyword Description flash Source or destination address for non volatile memory Non volatile memory is used by default if the URL address is defined without the prefix prefixes include flash tftp scp running config Current configuration file mirror config Copy of the running configuration file startup config Initial configuration file active image Acti...

Page 50: ... image inactive image logging file file 1 160 characters Show file content startup config show the content of the initial configuration file running config show the content of the current configuration file flash display files from the flash memory of the device usb display files from the USB flash drives mirror config show the current configuration file content from the mirror active image displa...

Page 51: ...e switch downloads the first block 512 bytes of the firmware image from the TFTP server where the firmware is stored 3 The switch compares firmware image file version downloaded from TFTP server with the active image of the switch firmware If they differ the switch downloads the firmware image from the TFTP server and makes it active 4 When the firmware image download is finished the switch restar...

Page 52: ...e name of the software image host mes2124 test hardware ethernet a8 f9 4b 85 a2 00 mac address of the switch filename mesXXX test cfg switch configuration name option image filename 35265 18 1 16 mesXXX 401 ros name of the text file containing the name of the software image next server 192 168 1 3 TFTP server IP address fixed address 192 168 1 36 switch IP address 5 7 System time configuration By ...

Page 53: ...ht saving time starts and ends for a specific year Zone description should be specified first DST start time second and DST end time third zone abbreviation of the phrase zone description date date month month year year hh hours mm minutes offset number of minutes added for the daylight saving change clock summer time zone date month date year hh mm month date year hh mm offset clock summer time z...

Page 54: ... Allow unicast SNTP client operation no sntp unicast client enable Set the default value sntp unicast client poll denied Allow sequential polling of the selected unicast SNTP servers no sntp unicast client poll Set the default value sntp server ipv4_address ipv6_address ipv6_link_local_address vlan integer ch integer isatap integer physical port name hostname poll key keyid hostname 1 158 characte...

Page 55: ...mertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Synchronization status is indicated by the additional character before the time value Example 15 29 08 PDT UTC 7 Jun 17 2009 The following symbols are used The dot means that the time is valid but there is no synchronization with the SNTP server No symbol means that the time is valid and time is synchronized Asteri...

Page 56: ...iguration commands Command Value Default value Action absolute end start hh mm date month year hh 0 23 mm 0 59 date 1 31 month jan dec year 2000 2097 Set the start and or the end of the time range in the following format hour minute day month year no absolute end start Delete a time range periodic list hh mm to hh mm all weekday hh 0 23 mm 0 59 weekday mon sun Set a time range for one weekday or e...

Page 57: ...al interfaces where group sequential number of a group total number in accordance with Table 2 9 Main specifications Link agregation LAG string fo_port sequential number of 40G interfaces specified as follows 1 8 0 1 4 te_port sequential number of 10G interfaces specified as follows 1 8 0 1 24 gi_port sequential number of 1G interfaces specified as follows 1 8 0 1 loopback_id sequential number of ...

Page 58: ...erface specified as follows 1 8 0 1 4 gi_port sequential number of 1G interface specified as follows 1 8 0 1 48 loopback_id sequential number of virtual interface corresponding Table 2 9 Main specifications Number of virtual Loopback interfaces string For MES2308 and MES2308P Table 5 31 List of interface selection commands for MES2308 2308P Command Destination interface gigabitethernet gi_port For...

Page 59: ... configure console config interface range port channel 1 8 console config if Table 5 28 Ethernet and Port Channel interface configuration mode commands Command Value Default value Action shutdown enabled Disable the current interface Ethernet port channel no shutdown Enable the current interface description descr descr 1 64 characters no description Add interface description Ethernet port channel ...

Page 60: ... acl deny stp bpdu guard stp loopback guard udld storm control link flapping denied Enable automatic interface activation after it is disconnected in the following cases loopback detection loopback detection port security security breach for port security dot1x src address MAC based user authentication failed acl deny non compliance with access lists ACL stp bpdu guard BPDU Guard activation unauth...

Page 61: ...t te_port fortygigabitethernet fo_port port channel group detailed gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Show autonegotiation parameters announced for an Ethernet port or port group show interfaces description Show descriptions for all interfaces show interfaces description oob gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel...

Page 62: ... 1G Copper Down Access gi1 0 16 1G Copper Down Access gi1 0 17 1G Copper Down Access gi1 0 18 1G Copper Down Access gi1 0 19 1G Copper Down Access gi1 0 20 1G Copper Down Access gi1 0 21 1G Copper Down Access gi1 0 22 1G Copper Down Access gi1 0 23 1G Copper Down Access gi1 0 24 1G Copper Down Access te1 0 1 10G Fiber Down Trunk te1 0 2 10G Fiber Down Access te1 0 3 10G Fiber Down Access te1 0 4 1...

Page 63: ...h Show interface statistics console show interfaces counters Port InUcastPkts InMcastPkts InBcastPkts InOctets te1 0 1 0 0 0 0 te1 0 2 0 0 0 0 te1 0 5 0 0 0 0 te1 0 6 0 2 0 2176 te1 0 7 0 1 0 4160 te1 0 8 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets te1 0 1 0 0 0 0 te1 0 2 0 0 0 0 te1 0 3 0 0 0 0 te1 0 4 0 0 0 0 te1 0 5 0 0 0 0 te1 0 6 0 545 83 62186 te1 0 7 0 1424 216 164048 te1 ...

Page 64: ...mber of multicast packets sent OutBcastPkts The number of broadcast packets sent Alignment Errors The number of frames that failed integrity verification whose number of bytes mismatches the length and frame check sequence validation FCS FCS Errors The number of frames whose byte number matches the length that failed frame check sequence FCS validation Single Collision Frames The number of frames ...

Page 65: ...ent 5 9 2 VLAN interface configuration VLAN configuration mode commands Command line prompt in the VLAN configuration mode is as follows console configure console config vlan database console config vlan This mode is available in the global configuration mode and designed for configuration of VLAN parameters Table 5 32 VLAN configuration mode commands Command Value Default value Action vlanVLANlis...

Page 66: ...g interface fortygigabitethernet fo_port tengigabitethernet te_port gigabitethernet gi_port oob port channel group range console config if This mode is available from the configuration mode and designed for configuration of interface parameters switch port or port group operating in the load distribution mode or the interface range parameters The port can operate in four modes access an untagged a...

Page 67: ... Add a port VLAN identifier PVID for the main interface vlan_id VLAN port ID no switchport general pvid Set the default value switchport general ingress filtering disable filter is enabled Disable filtering of ingress packets on the main interface based on their assigned VLAN ID no switchport general ingress filtering disable Enable filtering of ingress packets on the main interface based on their...

Page 68: ... multicast traffic for the interface switchport forbidden vlan add vlan_list vlan_list 2 4094 all all VLAN are enabled for this port Deny adding specified VLANs for this port vlan_list list of VLAN IDs To define a VLAN number range enter values separated by commas or enter the starting and ending values separated by a hyphen switchport forbidden vlan remove vlan_list Allow adding the selected VLAN...

Page 69: ... send and receive multicast traffic show vlan protocols groups Show information on protocol groups show vlan macs groups Show information on MAC address groups show interfaces switchport gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Show port or port group configuration show inte...

Page 70: ...Ingress Filtering true Acceptable Frame Type admitAll Ingress UnTagged VLAN NATIVE 1 Protected Disabled Port is member in Vlan Name Egress rule Added by 1 1 Untagged D 2 2 Tagged S 3 3 Tagged S 4 4 Tagged S 5 5 Tagged S 6 6 Tagged S 8 8 Tagged S 28 28 Tagged S Forbidden VLANS Vlan Name Classification rules Protocol based VLANs Group ID Vlan ID Mac based VLANs Group ID Vlan ID IP interface configur...

Page 71: ...Customer VLAN and block traffic A list of traffic processing rules is created for the device Ethernet and Port Channel interface interface range configuration mode commands Command line prompt in the configuration interface configuration mode is as follows console configure console config interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port oob port channel gro...

Page 72: ...ctive qinq interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Show the list of selective qinq rules for the selected port Examples of command usage Create a rule that will replace the outer stamp 11 of the ingress packet with 10 console configure console config interface ten...

Page 73: ...ffic volume If broadcast traffic is detected the interface may be disabled shutdown or a record is added to log trap no storm control broadcast Disable broadcast traffic control EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 41 EXEC mode commands Command Value Default value Action show storm control interface gigabitethernet gi_port tengigabitethernet te_port...

Page 74: ...o add a port to a channel with LACP in active mode no channel group Remove an Ethernet interface from a port group Global configuration mode commands Command line prompt in the global configuration mode is as follows console configure console config Table 5 43 Global configuration mode commands Command Value Default value Action port channel load balance src dst mac ip src dst mac src dst mac Spec...

Page 75: ...nds Command line prompt in the Ethernet interface configuration mode is as follows console config if Table 5 46 Ethernet interface configuration mode commands Command Value Default value Action lacp timeout long short The long value is used by default Set LACP administrative timeout long long timeout short short timeout no lacp timeout Set the default value lacp port priority value value 1 65535 1...

Page 76: ...n see the corresponding configuration sections Ethernet port group or VLAN interface configuration mode commands Command line prompt in the Ethernet port group or VLAN and Loopback interface configuration mode is as follows console config if Table 5 48 Ethernet interface configuration mode commands Command Value Default value Action ip address ip_address mask prefix_length prefix length 8 30 Set a...

Page 77: ...tethernet te_port fortygigabitethernet fo_port vlan vlan_id port channel group oob force autoconfig gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 vlan_id 1 4094 Send an IP update request to the DHCP server force autoconfig download the configuration from the TFTP server when IP address is updated show ip helper address Show the broadcast UDP packet forwarding table EXEC mode c...

Page 78: ...Ethernet interface configuration mode commands Command Value Default value Action green ethernet energy detect enabled Enable the power saving mode for the interface no green ethernet energy detect Disable the power saving mode for the interface green ethernet short reach enabled Enable the power saving mode based on the cable length no green ethernet short reach Disable the power saving mode base...

Page 79: ...ing tables and boosts router performance by using neighbour discovery Local IPv6 addresses IPv6Z are assigned to the interfaces use the following format in the command syntax for IPv6Z addresses ipv6 link local address interface name where interface name the name of the interface interface name vlan integer ch integer physical port name integer decimal number integer decimal number decimal number ...

Page 80: ...o ipv6 unicast routing Disable forwarding of unicast packets Interface VLAN Ethernet Port Channel configuration mode commands Command line prompt in the interface configuration mode is as follows console config if Table 5 56 Interface configuration mode commands Ethernet VLAN Port channel Command Value Default value Action ipv6 enable disabled Enable IPv6 support for the interface noipv6 enable Di...

Page 81: ...te_port fortygigabitethernet fo_port port channel group vlan vlan_id gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 vlan_id 1 4094 Show information from the cache on the neighbour IPv6 devices clear ipv6 neighbors Clear the cache that contains the information on neighbour IPv6 devices Information on static entries will remain EXEC mode commands Command line prompt in the EXEC m...

Page 82: ...used by the application to correct invalid domain names domain names without a dot If a domain name does not have a dot the dot will be appended to it followed by the domain name specified in the command no ip domain name Remove the default domain name ip host name address1 address2 address4 name 1 158 characters Specify static mapping between network node names and IP addresses add the mapping to...

Page 83: ...bitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group vlan vlan_id oob Remove a static mapping entry between IP and MAC addresses from the ARP table for a specified interface arp timeout sec sec 1 40000000 60000 seconds Set the dynamic entry timeout in the ARP table in seconds no arp timeout Set the default value ip arp proxy disable disabled Disable ARP re...

Page 84: ...ble console show arp VLAN Interface IP address HW address status vlan 1 te0 12 192 168 25 1 02 00 2a 00 04 95 dynamic 5 16 3 GVRP configuration GARP VLAN Registration Protocol GVRP This protocol is used to distribute VLAN identifiers in the network The basic function of GVRP protocol is used to discover information on VLAN networks that are not in the database upon receiving GVRP messages The swit...

Page 85: ...te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 8 Clear collected GVRP statistics EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 67 EXEC mode commands Command Value Default value Action show gvrp configuration gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group detailed gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port ...

Page 86: ...XEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 70 EXEC mode commands Command Value Default value Action show loopback detection gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group detailed gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Show the state of the loopback detection mechanism 5 16 5 S...

Page 87: ...nd learning states before switching to the forwarding mode no spanning tree forward time Set the default value spanning tree hello time seconds seconds 1 10 2 seconds Set the interval for broadcasting Hello messages to the communicating switches no spanning tree hello time Set the default value spanning tree loopback guard denied Enable protection that disables any interface when a BPDU packet is ...

Page 88: ...ority value must be divisible by 16 no spanning tree port priority Set the default value spanning tree portfast auto disabled Specify the mode in which the port immediately switches to transmission mode when the link is established before the timer expires auto add 3 second delay before entering the transmission mode no spanning tree portfast Enable immediate transition into the transmission mode ...

Page 89: ...rface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Restarts the protocol migration process Restart STP tree recalculation EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 75 EXEC mode commands Command Value Default value Action show spanning ...

Page 90: ...t configuration console config mst Table 5 77 MSTP configuration mode commands Command Value Default value Action instance instance_id vlan vlan_range instance_id 1 15 vlan_range 1 4094 Create a mapping between MSTP instance and VLAN groups instance id MSTP instance identifier vlan range VLAN group number no instance instance_id vlan vlan_range Remove the mapping between an MSTP instance and VLAN ...

Page 91: ...ort port channel group instance instance_id gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 instance_id 1 64 Show STP configuration instance_id MSTP instance identifier show spanning tree detail active blockedports instance instance_id instance_id 1 4094 5 16 6 Show detailed information on STP configuration information on active or blocked ports active show information about act...

Page 92: ... Dsbl No te1 0 2 disabled 128 2 100 Dsbl Dsbl No te1 0 5 disabled 128 5 100 Dsbl Dsbl No te1 0 6 enabled 128 6 4 Frw Desg Yes P2P RSTP te1 0 7 enabled 128 7 100 Dsbl Dsbl No te1 0 8 enabled 128 8 100 Dsbl Dsbl No te1 0 9 enabled 128 9 100 Dsbl Dsbl No gi1 0 1 enabled 128 49 100 Dsbl Dsbl No Po1 enabled 128 1000 4 Dsbl Dsbl No 5 16 6 G 8032v2 ERPS protocol configuration ERPS Ethernet Ring Protectio...

Page 93: ...t vlan_list 2 4094 all Delete VLAN range from the list of the secure VLAN vlan_list VLAN list for deletion port west east gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 Select west east port of the switch connected to the ring noport west east Delete west east port of the switch connected to the ring rpl west ...

Page 94: ...e moment of the entering in the ring configuration mode EXEC command mode Command line prompt in the EXEC mode is as follows console Table 5 82 EXEC mode commands Command Value Action show erps vlanvlan_id vlan_id 1 4094 Request information about general ERPS status or status of the specified ring 5 16 7 LLDP configuration The main function of Link Layer Discovery Protocol LLDP is the exchange of ...

Page 95: ... 4095 priority 0 7 value 0 63 Specify a rule for the network policy parameter device network policy This parameter is optional for the LLDP MED protocol extension number sequential number of a network policy rule application main function defined for this network policy rule vlan_id VLAN identifier for this rule tagged untagged specify whether the VLAN used by this rule is tagged or untagged prior...

Page 96: ...art IP address from the dynamic IP address range If dynamic addresses are not available the system chooses the start IP address from the available static IP address range no lldp management address Remove the control IP address lldp notification enable disable By default LLDP notifications are disabled Enable disable LLDP notifications on the interface enable enable disable disable no lldp notific...

Page 97: ...o_port 1 8 0 1 4 Show LLDP MED protocol extension configuration for all physical interfaces or specific interfaces only show lldp local gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port oob gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 Show LLDP information announced by this port show lldp local tlvs overloading gigabitethernet gi_port tengigabitethernet te_...

Page 98: ...opping them TTL Timer Hold multiplier Reinit delay Specify the minimum amount of time for the port to wait before sending the next LLDP message Tx delay Specify the delay between the subsequent LLDP frame transmissions initiated by changes of values or status Port Port number State Port operation mode for LLDP Optional TLVs TLV options Possible values PD Port description SN System name SD System d...

Page 99: ... description Neighbour device description Port description Neighbour device port description Management address Device management address Auto negotiation support Specify if the automatic port mode identification is supported Auto negotiation status Specify if the automatic port mode identification support is enabled Auto negotiation Advertised Capabilities Specify the modes supported by automatic...

Page 100: ...hold Restore the default value ethernet oam link monitor frame seconds window window window 100 9000 100 ms Set the time range for the frame period event no ethernet oam link monitor frame seconds window Restore the default value ethernet oam mode active passive active Set the OAM protocol operation mode active switch continuously sends OAMPDU passive switch starts to send OAMPDU only if you have ...

Page 101: ...Displays Ethernet OAM protocol status for specified interface show ethernet oam statistics interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port gi_port 1 8 0 1 48 te_port 1 8 0 1 24 6 fo_port 1 8 0 1 4 Displays statistic of the protocol messages exchange for the specified interface show ethernet oam status interface gigabitethernet gi_port tengigabitethernet te...

Page 102: ...d to VLAN as a tagged port Voice VLAN is used in the following cases VoIP equipment is configured to send tagged packets with the Voice VLAN ID configured on the switch VoIP equipment sends untagged DHCP requests DHCP server reply contains Option 132 VLAN ID which allows the device to perform automatic VLAN assignment for traffic marking Voice VLAN The list of OUI of major VoIP equipment manufactu...

Page 103: ...ssing 7 2 1 Multicast addressing rules These commands are used to set multicast addressing rules on the link and network layers of the OSI network model VLAN interface configuration mode commands Command line prompt in the VLAN interface configuration mode is as follows console config if Table 5 92 VLAN interface configuration mode commands Command Value Default value Description bridge multicast ...

Page 104: ...t all multicast packets remove remove the port group aggregated ports from the a deny rule Interfaces must be separated by and no bridge multicast forbidden forward all Restore the default value bridge multicast ip address ip_multicast_address add remove gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port ...

Page 105: ...ss from the table bridge multicast ipv6 forbidden ip address ipv6_multicast_address add remove gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Deny the connection of the port s to a multicast IPv6 address ipv6_multicast_address multicast IP address add add port s into the banned li...

Page 106: ...value mac address table learning vlan vlan_id vlan_id 1 4094 all Enabled by default Enable MAC address learning in the current VLAN no mac address table learning vlan vlan_id Disable MAC address learning in the current VLAN mac address table static mac_address vlan vlan_id interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group permanent delete ...

Page 107: ...terface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group address mac_address gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 vlan_id 1 4094 Show the MAC address table for the selected interface or for all interfaces dynamic show dynamic entries only static show static entries only secure show secure entries only vlan_id VLAN ID m...

Page 108: ...idge multicast mode vlan vlan_id vlan_id 1 4094 Show multicast addressing mode for the selected interface or for all VLAN interfaces vlan_id VLAN ID show bridge multicast reserved addresses Show the rules defined for multicast reserved addresses Examples of command usage Enable multicast address filtering on the switch Set the MAC address aging time to 450 seconds enable forwarding of unregistered...

Page 109: ...ethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group vlan_id 1 4094 gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Register multicast IP address in the multicast addressing table and statically add group interfaces for the current VLAN vlan_id VLAN ID ip_multicast_address multicast IP address Interfaces must be separated by and no ip igmp ...

Page 110: ...vlan_id immediate leave host based vlan_id 1 4094 disabled Enable IGMP Snooping Immediate Leave process for the current VLAN The port will be immediately deleted from the IGMP group after an IGMP leave message is received host based fast leave mechanism can only work if all users connected to the port unsubscribes from the group usage count is conducted on the base of SourceMAC addresses in the IG...

Page 111: ...ault value Action show ip igmp snooping mrouter interface vlan_id vlan_id 1 4094 Show information on learned multicast routers in the selected VLAN group show ip igmp snooping groups vlan vlan_id ip multicast address ip_multicast_address ip address ip_address vlan_id 1 4094 Show information on learned multicast groups show ip igmp snooping cpe vlans vlan vlan_id vlan_id 1 4094 Show the table of ma...

Page 112: ...erface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group vlan_id 1 4094 gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Add a rule that prohibits registration of listed ports as MLD mrouter no ipv6 mld snooping vlan vlan_id forbidden mrouter interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port ...

Page 113: ...aximum response delay that will be used to calculate the maximum response delay code no ipv6 mld query max response time Restore the default value ipv6 mld robustness value value 1 7 2 Specify the robustness value If data loss occurs in the link the robustness value should be increased no ipv6 mld robustness Restore the default value ipv6 mld version version Version 1 2 2 Specify the protocol vers...

Page 114: ...6 multicast address Set the match of the profile to the specified range of the IPv6 multicast addresses no match ipv6low_ipv6 high_ipv6 Delete the match to the specified range of the IPv6 multicast addresses permit no permit IGMP reports will be missed if IGMP reports are not matched to one of the specified ranges no permit IGMP reports will be dropped if IGMP reports are not matched to one of the...

Page 115: ...from the devices connected to those interfaces The number of multicast groups supported by IGMP Proxy protocol is specified in the Table 2 9 Main specifications IGMP Proxy supports up to 512 downlink interfaces IGMP Proxy restrictions IGMP Proxy is not supported on LAG groups Only one uplink interface can be defined When V3 version of IGMP is used only exclude G and include G queries are processed...

Page 116: ...ation about the status of IGMP proxy for specific interfaces console show ip igmp proxy interface the switch is the Querier on the interface IP Forwarding is enabled IP Multicast Routing is enabled IGMP Proxy is enabled Global Downstream interfaces protection is enabled SSM Access List Name Interface Type Interface Protection vlan5 upstream vlan30 downstream default 7 3 Multicast routing PIM proto...

Page 117: ...ddress unicast_address multicast_subnet Create a static rendezvous Point RP optionally specify a multicast subnetwork for this RP unicast_addr IP address multicast multicast subnetwork no ip pim rp address unicast_address multicast_subnet Delete a static RP or RP for a specific subnetwork ipv6 pim rp addressipv6_unicast_addre ss ipv6_multicast_ subnet Create a static rendezvous Point RP optionally...

Page 118: ... the default value ip ip ipv6 pim hello interval secs secs 1 18000 30 seconds Specify a sending period for hello packets sec hello packet sending period no ip ipv6 pim hello interval Return the default value ip ipv6 pim join prune interval interval interval 1 18000 60 seconds Specify a time period during which the switch will send join or prune messages interval join or prune messages sending inte...

Page 119: ...p ipv6 pim counters Reset PIM counters to zero Example use of commands Basic configuration of PIM SM with a static RP 1 1 1 1 Routing protocol should be pre configured console configure console config ip multicast routing console config ip pim rp address 1 1 1 1 7 4 Control functions 7 4 1 AAA mechanism To ensure system security the switch uses AAA mechanism Authentication Authorization Accounting...

Page 120: ...d encrypted password for example an encrypted password copied from another device no enable password level level Remove the entry for the corresponding privilege level username name nopassword password password password encrypted encrypted_password priveliged level name 1 20 characters password 1 64 characters encrypted_password 1 64 characters level 1 15 Add a user to the local database level pri...

Page 121: ...es Yes User identification NAS IP Address 4 Yes Yes The IP address of the switch used for Radius server sessions Class 25 Yes Yes An arbitrary value included in all session accounting messages Called Station ID 30 Yes Yes The IP address of the switch used for control sessions Calling Station ID 31 Yes Yes User IP address Acct Session ID 44 Yes Yes Unique accounting identifier Acct Authentic 45 Yes...

Page 122: ...for console telnet ssh default use the default list created by the aaa authentication login default command list_name use the list created by the aaa authentication login list_name command no enable authentication Set the default value password password encrypted password 0 159 characters Specify the terminal password encrypted encrypted password for example an encrypted password copied from anoth...

Page 123: ...pe the type of usage of the RADIUS server encrypted set the key in the encrypted form 7 4 3 If timeout retries time secret_key parameters are not specified in the command the current RADIUS server uses the values configured with the following commands encryptedradius server host ipv4 address ipv6 address hostname auth port auth_port acct portacct_port timeout timeout retransmit retries deadtime ti...

Page 124: ...e Privileged EXEC mode is as follows console Table 5 121 Privileged EXEC mode commands Command Value Default value Action show radius servers key Show RADIUS server configuration parameters this command is available to privileged users only show radius server statistics group accounting configuration rejected secret user Show RADIUS statistics user information RADIUS server configuration Example u...

Page 125: ...rs port 0 65535 49 timeout 1 30 seconds secret_key 0 128 characters priority 0 65535 0 Add the selected server into the list of TACACS servers used ip_address IP address of the TACACS server hostname TACACS server network name single connection restrict the number of connection for data exchange with the TACACS server to one at a time port port number for data exchange with the TACACS server timeo...

Page 126: ...n of network management stations and network elements hosts gateways routers terminal servers that create management communications between network management stations and network agents The switches can use SNMP for remote control and monitoring of the device The device supports SNMPv1 SNMPv2 SNMPv3 Global configuration mode commands Command line prompt in the global configuration mode is as foll...

Page 127: ...tify notify_view read read_view write write_view group_name 1 30 characters notify_view 1 32 characters read_view 1 32 characters write_view 1 32 characters Create an SNMP group or mapping table between SNMP users and SNMP view rules v1 v2 v3 SNMP v1 v2 v3 security model noauth auth priv authentication type for SNMP v3 noauth w o authentication auth authentication w o encryption priv authenticatio...

Page 128: ...e local SNMP device identifier engine ID snmp server source interface traps informs gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group loopback loopback_id vlan vlan id vlan_id 1 4094 gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 loopback_id 1 64 group 1 16 Specify a device interface whose IP address will be used as the default source addre...

Page 129: ...MP trap message transmission when the port state changes no snmp trap link status Disable SNMP trap message transmission when the port state changes Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows Table 5 126 Privileged EXEC mode commands Command Value Default value Action show snmp Show SNMP connection status show snmp engineID Show the local SNMP devic...

Page 130: ...compared with the thresholds absolute the absolute value of the selected variable will be compared to the threshold at the end point of the control interval delta the value of the variable selected in the last selection will be deducted from the current value and the difference will be compared to the thresholds the difference between the variable values at the start and end points of the control ...

Page 131: ...thernet fo_port port channel group gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Show the statistics for the Ethernet or port group interface used for remote monitoring show rmon collection stats gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group Show information on the requested statistics groups show rmon history index throughp...

Page 132: ...ts but formed correctly in other respects Fragments The number of packets received with a length of less than 64 bytes w o frame bits but with checksum bits that have invalid checksum with an integer number of bytes frame check sequence validation errors FCS or with a non integer number of bytes alignment errors Jabbers The number of packets received with a length of more than 1518 bytes w o frame...

Page 133: ...ved including bad packets during the entry generation period Broadcast The number of good packets received during the entry generation period forwarded to broadcast addresses Multicast The number of good packets received during the entry generation period forwarded to multicast addresses Utilization An estimated average bandwidth of the physical layer for this interface during the entry generation...

Page 134: ...m table Index OID Owner 1 1 3 6 1 2 1 2 2 1 10 1 CLI 2 1 3 6 1 2 1 2 2 1 10 1 Manager Table 5 133 Result description Parameter Description Index Index that uniquely identifies the entry OID Controlled variable OID Owner User that created the entry Show alarm events configuration with index 1 console show rmon alarm 1 Alarm 1 OID 1 3 6 1 2 1 2 2 1 10 1 Last sample Value 878128 Interval 30 Sample Ty...

Page 135: ... Rising Threshold Rising threshold value When the selected variable value is less than the threshold in the previous control interval and is greater or equal to threshold value in the current control interval a single event is generated Falling Threshold Falling threshold value When the selected variable value is greater than the threshold in the previous control interval and is less or equal to t...

Page 136: ...ss control list configuration mode no management access list name Remove an access control list management access class console only name name 1 32 characters Restrict device management by a specific access list Activate a specific access list console only device management is available via the console only no management access class Remove a device management restriction defined by a specific acc...

Page 137: ...p oob vlan vlan_id service service Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows console Table 5 139 Privileged EXEC mode commands Command Value Default value Action show management access list name name 1 32 characters Show access control lists show management access class Show information on the active access control lists 7 4 8 Access configuration ...

Page 138: ...n_id 1 4094 Set the interface for IPv6 ssh session no ipv6 ssh client source interface Delete the interface ip ssh pubkey auth By default public key is not allowed Enable the use of a public key for incoming SSH sessions no ip ssh pubkey auth Disable the use of a public key for incoming SSH sessions ip ssh password auth Disabled by default Enable password authentication mode no ip ssh password aut...

Page 139: ...racters Enter the individual public key generation mode rsa generate an RSA key dsa generate a DSA key no user key username Remove the public key for a specific user Command line prompt in the individual public key generation mode is as follows console configure console config crypto key pubkey chain ssh console config pubkey chain user key eltex rsa console config pubkey key Table 5 146 Individua...

Page 140: ...e166DqVX1gWmNzNR4DYDvSzg0lDnwCAC8 Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 7 4 8 2 Terminal configuration commands Terminal configuration commands are used for the local and remote console configuration Global configuration mode commands Command line prompt in the global configuration mode is as follows console config Table 5 143 Global configuration mode commands Command Val...

Page 141: ... text host 1 158 characters port 1 65535 514 level see Table 6 101 facility local0 7 local7 text 1 64 characters Enable alarm and debug message transmission to a remote SYSLOG server ip_address IPv4 or IPv6 address of the SYSLOG server host SYSLOG server network name port port number for sending messages via SYSLOG level importance level for messages sent to a SYSLOG server facility the service tr...

Page 142: ...gation aging time Set the default value Each message has its own importance level Table 5 152 lists message types in descending order of importance level Table 5 147 Message importance type Message importance type Description Emergencies A critical error has occurred in the system the system may not operate properly Alerts Immediate action is required Critical A critical error has occurred in the ...

Page 143: ... frames on the port are dropped network allow exchange of data no port monitor mode Return the default value port monitor remote vlan vlan_id cos priority tx rx vlan_id 1 4094 priority 0 7 0 Destination of the VLAN for remote monitoring RSPAN to which the packets from monitored interfaces will be placed no port monitor remote vlan vlan_id Remove the VLAN for remote monitoring Ethernet interface co...

Page 144: ...function RSPAN on the customizable interface EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 151 EXEC mode commands Command Value Default value Action show ports monitor Show information on monitored and controlling ports Examples of command usage Specify Ethernet interface 13 as the controlling interface for Ethernet interface 18 Transfer all traffic from int...

Page 145: ...default source address for statistics collection no sflow receiver source interface Delete the explicitly specified interface whose address is used to send sflow statistics Ethernet interface configuration mode commands Command line prompt in the Ethernet interface configuration mode is as follows console configure console config interface gigabitethernet gi_port tengigabitethernet te_port fortygi...

Page 146: ... console configure console config sflow receiver 1 10 0 80 1 console config interface range tengigabitethernet 1 0 1 24 console config if range sflow flowing sample 1 10240 console config if sflow counters sampling 240 1 8 2 Physical layer diagnostics functions Network switches are equipped with the hardware and software tools for diagnostics of physical interfaces and communication lines You can ...

Page 147: ...ing of communication line condition The switch periodically polls optical interface parameters and compares them to the threshold values defined by the transceiver manufacturer If the parameters fall outside of the allowable limits the switch will generate warning and alarm messages Command line prompt in the EXEC mode is as follows console Table 5 157 Optical transceiver diagnostics command Comma...

Page 148: ...ing E error OK value is good 8 3 Power supply via Ethernet PoE lines Switch models with the P suffix in name support power supply via Ethernet line in accordance with IEEE 802 3fa PoE and IEE 802 2at PoE Global configuration mode commands Command line prompt in the global configuration mode is as follows console config Table 5 159 Global configuration mode commands Command Value Default value Acti...

Page 149: ...quipment administration nopower inline powered device Delets earlier specified PoE device description power inline priority critical high low low Sets the PoE interface priority during control of the power supply critical set the highest power supply priority Power supply with such priority will be stopped last in case of PoE system overload high set the high power supply priority low set the low ...

Page 150: ... Show the power supply status of the chosen interface console showpowerinlinegi1 0 1 Interface Admin Oper Power W Class Device Priority gi1 0 1 Auto Searching 0 0 0 low Port Status Port is off Detection is in process Port standard 802 3AT Admin power limit for port power limit mode 30 0 watts Time range Operational power limit 30 0 watts Spare pair Disabled Negotiated power 0 watts None Current mA...

Page 151: ...based on identification of the MAC address permitted to access the switch MAC addresses can be configured manually or learned by the switch After the required addresses are learned block the port and protect it from packets with unknown MAC addresses Thus when the blocked port receives a packet and the packet s source MAC address is not associated with this port protection mechanism will be activa...

Page 152: ...addresses associated with the interface into a file and deny new address learning and ageing of already learned addresses no port security mode Set the default value EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 164 EXEC mode commands Command Value Default value Action show ports security gigabitethernet gi_port tengigabitethernet te_port fortygigabitetherne...

Page 153: ...commands Command line prompt in the global configuration mode is as follows console config Table 5 165 Global configuration mode commands Command Value Default value Action dot1x system auth control disabled Enable 802 1X authentication mode on the switch no dot1x system auth control Disable 802 1X authentication mode on the switch aaa authentication dot1x default none radius none radius radius Sp...

Page 154: ...the switch will not accept nor initiate any authentication messages no dot1x timeout quiet period Set the default value dot1x timeout tx period period period 30 65535 30 seconds Specify the period during which the switch will wait for the response to the request or EAP identification from the client before re sending the request no dot1x timeout tx period Set the default value dot1x max req count ...

Page 155: ...ce 8 console show dot1x interface tengigabitethernet 1 0 8 Authentication is enabled Authenticating Servers Radius Unauthenticated VLANs Authentication failure traps are disabled Authentication success traps are disabled Authentication quiet traps are disabled te1 0 8 Host mode multi host Port Administrated Status auto Guest VLAN disabled Open access disabled Server timeout 30 sec Port Operational...

Page 156: ...identifier Show statistics on 802 1X for Ethernet interface 8 console show dot1x statistics interface tengigabitethernet 1 0 8 EapolFramesRx 12 EapolFramesTx 8 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 4 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 5 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 00 00 02 56 54 38 Tabl...

Page 157: ... in this case only tagged packets can be received in an unauthorized state Global configuration mode commands Command line prompt in the global configuration mode is as follows console config Table 5 170 Global configuration mode commands Command Value Default value Action dot1x guest vlan timeout timeout timeout 30 180 Specify the timeout between 802 1x authentication mode activation or port acti...

Page 158: ...eb enable Web based authentication Guest VLAN must be enabled when authentication based on MAC address is used There must be no static MAC address bindings Re authentication function must be enabled no dot1x authentication Disable authentication based on user MAC addresses dot1x max hosts hosts hosts 1 4294967295 Set the maximum number of hosts to be authenticated no dot1x max hosts Return the def...

Page 159: ...rcing DHCP server to report all available addresses and from the server side by spoofing The switch firmware features the DHCP snooping function that ensures device protection from attacks via DHCP The device discovers DHCP servers in the network and allows them to be used only via trusted interfaces The device also controls client access to DHCP servers using a mapping table DHCP Option 82 is use...

Page 160: ... ingress DHCP packets with Option 82 from untrusted ports are blocked Allow egress DHCP packets with Option 82 from untrusted ports no ip dhcp snooping information option allowed untrusted Deny ingress DHCP packets with Option 82 from untrusted ports ip dhcp snooping verify Verification is enabled by default Enable verification of client and source MAC addresses received in a DHCP packet on untrus...

Page 161: ...tion ip dhcp snooping binding mac_address vlan_idip_address gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group expiry seconds infinite gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 seconds 10 4294967295 seconds Add the mapping between the client MAC address and the VLAN group and IP address for the selected interface to the DHCP ...

Page 162: ...p snooping DHCP snooping is globally enabled DHCP snooping is configured on following VLANs 2 5 DHCP snooping database enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface Trusted te0 17 yes 11 1 4 Client IP address protection IP Source Guard IP address protection function IP Source Guard filters the traffic received from the interface based on DHCP snoo...

Page 163: ...lt value Action ip source guard This feature is disabled by default Enable client IP address protection feature on the interface no ip source guard Disable client IP address protection feature on the interface Privileged EXEC mode commands Command line prompt in the Privileged EXEC mode is as follows console Table 5 183 Privileged EXEC mode commands Command Value Default value Action ip source gua...

Page 164: ...RP e g ARP spoofing ARP inspection is based on static mappings between specific IP and MAC addresses for a VLAN group If a port is configured as untrusted for the ARP Inspection feature it must also be untrusted for DHCP snooping and the mapping between MAC and IP addresses for this port should be static Otherwise the port will not respond to ARP requests Untrusted ports are checked for correspond...

Page 165: ...te messages immediately infinite do not generate the log messages no ip arp inspection logging interval Set the default value Ethernet or port group interface interface range configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows console config if Table 5 186 Ethernet interface and interface group configuration mode commands Command...

Page 166: ...hing list to VLAN 11 console configure console config ip arp inspection list create list console config ARP list ip 192 168 16 98 mac address 0060 70AB CCCD console config ARP list exit console config ip arp inspection list assign 11 list Show the lists of static IP and MAC address mappings console show ip arp inspection list List name servers Assigned to VLANs 11 IP ARP 192 168 16 98 0060 70AB CC...

Page 167: ... ip dhcp relay enable Disable DHCP Relay agent feature on the interface EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 191 EXEC mode commands Command Value Default value Action show ip dhcp relay Show the DHCP Relay agent feature configuration for the switch and for interfaces separately and the list of available servers Examples of command usage Show DHCP Re...

Page 168: ...nce with TR 101 slot port vlan Setting the parameter set and spacer between them which are used for forming the circuit id suboption The following symbolic notations are used in the command sp slot port sv slot vlan pv port vlan spv slot port vlan no pppoe intermediate agent format type option Recovery the default settings Interface configuration mode commands Command line prompt in the interface ...

Page 169: ...ed as untrusted nopppoeintermediate agenttrust Recovery the default value pppoe intermediate agent vendor tag strip disabled Permit to delete vendor specific option from PADO PADS and PADT packets before transmitting them to the users The function can be used only on the interface where PPPoE IA operation is permitted and on the trusted interface Usually deletion function is configured on the inte...

Page 170: ...terface is not explicitly defined in the command the command will be applied for all intrerfaces with accepted PPPoE IA and all the trusted ports show pppoe intermediate agent sessions gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channelgroup gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 Display all the registered client sessions If inte...

Page 171: ...ddress Manual IP address backup for a DHCP client ip_address the IP address which will be assigned to the client s physical address mask prefix_length subnet mask prefix length id NIC physical address identifier mac_address MAC address no address Remove reserved IP addresses client name name name 1 32 characters Specify the name of the DHCP client no client name Remove the name of the DHCP client ...

Page 172: ...of the NetBIOS Microsoft node for DHCP clients b node broadcast node p node point to point m node mixed node h node hybrid node no netbios node type Set the default value next server ip_address The command is used to inform DHCP client about the address of the server TFTP as a rule with the boot file no next server Set the default value next server name name name 1 64 characters The command is use...

Page 173: ...d status of the IP addresses show ip dhcp server statistics Display statistics of the DHCP server Examples of command usage Configure the test DHCP pool and specify the following parameters for the DHCP client domain name test ru default gateway 192 168 45 1 and default DNS server 192 168 45 112 console console configure console config ip dhcp pool network test console config dhcp address 192 168 ...

Page 174: ...pv6 access list extended access_list Remove an extended IPv6 ACL mac access list extended access_list Create a new MAC based ACL and enter its configuration mode if the list does not exist or the configuration mode of a previously created list no mac access list extended access_list Remove a MAC based ACL time range time_name time_name 0 32 characters Enter the time range configuration mode and de...

Page 175: ...n the EXEC mode appears as follows console Table 5 203 ACL display commands Command Value Default value Action show time range time_name Display the time range configuration 11 3 1 IPv4 based ACL Configuration This section provides description of main parameters and their values for IPv4 based ACL configuration commands In order to create an IPv4 based ACL and enter its configuration mode use the ...

Page 176: ...traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain_name request domain_name reply skip photuris or the numeric value of the message type 0 255 icmp_code ICMP message code Code of ICMP messages used for ICMP packets filtering Possible message codes for the icmp_code field 0 255 igmp_type IGMP message type Type of IGMP messages used...

Page 177: ...conditions will be processed by the switch permit tcp any source source_wildcard any source_port any destination destination_wildcard any destination_port dscp dscp precedence precedence match all list_of_flags time range time_name ace priority index Add a permit filtering entry for the TCP The packets that meet the entry s conditions will be processed by the switch permit udp any source source_wi...

Page 178: ...ical interface receiving the packet will be disabled If the log input keyword is specified a message will be sent to the system log 11 3 2 IPv6 ACL Configuration This section provides description of main parameters and their values for IPv6 based ACL configuration commands In order to create an IPv6 based ACL and enter its configuration mode use the following command ipv6 access list access list F...

Page 179: ...it that satisfies the conditions of a deny command that describes that field log input Message log Enable message logging upon receiving a packet that matches the entry ace priority Rule index Rule index in the table The lower the index the higher the priority of the rule 1 2147483647 In order to select the complete range of parameters except dscp and ip precedence use parameter any As soon as at ...

Page 180: ...iority index Add a deny filtering entry for the TCP The packets that meet the entry s conditions will be blocked by the switch If the disable port keyword is specified the physical interface receiving the packet will be disabled If the log input keyword is specified a message will be sent to the system log deny udp any source_prefix length any source_port any destination_prefix length any destinat...

Page 181: ...ogging upon receiving a packet that matches the entry time_name Name of the time range configuration profile Specify configuration of time periods ace priority Rule index The index indicates position of the rule in the table The lower the index the higher the priority 1 to 2 147 483 647 In order to select the complete range of parameters except dscp and ip precedence use parameter any As soon as a...

Page 182: ...and Value Default value Action security suite deny fragmented icmp syn add remove any ip_address mask ip_address IP address mask mask in the form of IP address or prefix Creates a rule denying traffic that match the criteria fragmented fragmented packets icmp ICMP traffic syn syn packets no security suite deny fragmented icmp syn Delete a deny rule security suite dos syn attack rate any ip_address...

Page 183: ...yte exceed action drop policed dscp transmit aggregate_policer_name 1 32 characters committed_rate_kbps 3 57982058 kbps excess_burst_byte 3000 19 173 960 bytes Define a configuration template that limits bandwidth while guaranteeing a certain data transfer rate The marked bucket algorithm is used to reduce the bandwidth The algorithm decides whether to send or drop the packet Algorithm s parameter...

Page 184: ...ue 1 DSCP 8 15 queue 2 DSCP 16 23 queue 3 DSCP 24 31 queue 4 DSCP 32 39 queue 5 DSCP 40 47 queue 6 DSCP 48 55 queue 7 DSCP 56 63 queue 8 Set correspondence between DSCPs of ingress packets and queues dscp_list define up to 8 DSCP values separated by spaces no qos map dscp queue dscp_list Set the default values qos trust cos dscp cos dscp cos Set the switch trusted mode in the QoS basic mode CoS or...

Page 185: ...igure console config policy map policy map name console config pmap Table 5 214 Commands for traffic classification strategy edit mode Command Value Default value Action class class_map_name access group acl_name class_map_name 1 32 characters acl_name 1 32 characters Define a traffic classification rule and enter the policy map class configuration mode acl_name define traffic filtering rules acco...

Page 186: ...fic classification rule Ethernet or port group interface configuration mode commands Command line prompt in the Ethernet or port group interface configuration mode is as follows console config if Table 5 216 Ethernet or port group interface configuration mode commands Command Value Default value Action service policy input output policy_map_name policy_map_name 1 32 characters Assign a traffic cla...

Page 187: ...queue processing algorithm WRR or EF queues WRR weight queue class of service and EF priority policers traffic classification strategies configured for the interface shapers traffic shaping show qos map dscp queue dscp dp policed dscp dscp mutation Display information on fields replacement in packets which are used by QoS dscp queue table of correspondence between DSCP and queues dscp dp table of ...

Page 188: ...t value set 1 all priorities all queues high drop priority set 2 all priorities all queues low drop priority Enable QoS statistics for transmit queues set define a set of counters queue specifies the transmit queue dp define drop priority no qos statistics queues set Disable QoS statistics for outgoing queues Ethernet or port group interface configuration mode commands Command line prompt in the E...

Page 189: ... all gateways no ip route prefix mask prefix_length gateway reject route Delete a rule from the static routing table EXEC mode commands Command line prompt in the EXEC mode is as follows console Table 5 222 EXEC mode commands Command Value Default value Action show ip route connected static address ip_address mask prefix_length longer prefixes Display routing table which satisfies the specified cr...

Page 190: ...Remove RIP global configuration RIP configuration mode commands Command line prompt is as follows console config rip Table 5 225 RIP configuration mode commands Command Value Default value Action default metric metric metric 1 15 1 Specify the metric value that will be used when announcing routes that are obtained by other routing protocols To set the default value do not specify this parameter no...

Page 191: ...d via RIP no ip rip default information originate Set the default value ip rip authentication mode text md5 Authentication is disabled by default Enable authentication in RIP and define its type text clear text authentication md5 MD5 authentications no ip rip authentication mode Set the default value ip rip authentication key chain key_chain key_chain 1 32 characters Specify a set of keys that can...

Page 192: ...iguration mode commands Command Value Default value Action router ospf process_id process_id 1 65535 1 Enable routing via OSPF Specify the process ID no router ospf process_id Disable routing via OSPF ipv6 router ospf process_id process_id 1 65535 1 Enable routing via OSPFv3 protocol Specify the process ID no ipv6 router ospf process_id Disable routing via OSPFv3 protocol ipv6 distance ospf inter ...

Page 193: ...y metric metric metric type type 1 type 2 route map name match internal external 1 external 2 subnets Disable a specific function redistribute rip metric metric route map name subnets metric 1 65535 name 1 255 characters Import routes from RIP to OSPF metric a metric for imported routes name the name of the import policy that allows filtering and changes in imported routes subnets allows you to im...

Page 194: ...tive integer Set the cost of a summary route used for stub and NSSA areas for IPv4 no area A B C D default cost Set the default value area A B C D authentication message digest A B C D router ID in the IPv4 address format disabled Enable authentication for all interfaces for a given area for IPv4 message digest with MD5 encryption no area A B C D authentication message digest Disable authenticatio...

Page 195: ... hello interval interval interval 1 65535 10 seconds Set the time interval in seconds after which the router sends the next hello package from the interface no ip ospf hello interval Set the default value ip ospf mtu ignore enabled Disable MTU verification no ip ospf mtu ignore Set the default value ip ospf passive interface disabled Prohibit an IP interface from exchanging protocol messages with ...

Page 196: ...very confirmation e g Database Description package or Link State Request packages no ipv6 ospf retransmit interval Set the default value ipv6 ospf transmit delay delay delay 1 65535 1 seconds Specify an approximate time in seconds required to transfer a channel status packet no ip ospf transmit delay Set the default value Privileged EXEC mode commands Command line prompt in the Privileged EXEC mod...

Page 197: ...P router vrrp vrid ip ip_address vrid 1 255 Specify the IP address of a VRRP router no vrrp vrid ip ip_address Delete the IP address of a VRRP If no parameters are given then all IP addresses of the virtual router are removed and as a result of which the virtual router vrid will be removed from the device vrrp vrid preempt vrid 1 255 Enabled by default Enable the mode in which a backup router with...

Page 198: ...ands Command Value Default value Action show vrrp all brief interface gigabitethernet gi_port tengigabitethernet te_port fortygigabitethernet fo_port port channel group vlan vlan_id gi_port 1 8 0 1 48 te_port 1 8 0 1 24 fo_port 1 8 0 1 4 group 1 16 vlan_id 1 4094 Show brief or detailed information for all or one configured virtual VRRP router all show information about all virtual routers includin...

Page 199: ...on 2 Password Recovery Procedure This procedure is used to recover a lost password it allows the user to connect to the device without a password To recover password press 2 during next connection to the device the password will be ignored Current password will be ignored To return to Startup menu press Enter key Press Enter To Continue 3 Back To exit from the menu and boot the device press Enter ...

Page 200: ...les of command usage console boot system tftp 10 10 10 1 mes5324 401 ros 26 Feb 2016 11 07 54 COPY I FILECPY Files Copy source URL tftp 10 10 10 1 mes5324 401 ros destination URL flash system images mes5324 401 ros 26 Feb 2016 11 08 53 COPY N TRAP The copy operation was completed successfully Copy 20644469 bytes copied in 00 00 59 hh mm ss The new firmware will be active after the reboot of the sw...

Page 201: ...MES53xx MES33xx MES23xx Ethernet Switch Series 201 Confirm reboot by entering y ...

Page 202: ...using ports te1 and te2 Below you can find a diagram illustrating logic topology of the network Figure 25 Configuration of the multiple spanning tree protocol When one of the switches fails or the link is broken multiple MSTP trees are rebuilt which mitigates the consequences of the failure Below you can find the configuration processes for the switches For faster configuration a common configurat...

Page 203: ...gress filtering disable selective qinq list ingress permit ingress_vlan 27 selective qinq list ingress add_vlan 20 exit Substitution of CVLAN In transportation networks the tasks of VLAN spoofing prevention are not uncommon for example there is a typical configuration of access level switches but user traffic VOIP and control traffic needs to be transmitted in various VLANs to different directions...

Page 204: ... console config vlan database console config vlan vlan 100 124 1000 1200 console config vlan exit 3 Configure user ports console config interface range te1 0 10 24 console config if switchport mode access console config if switchport access vlan 100 console config if switchport access multicast tv vlan 1000 console config if bridge multicast unregistered filtering console config if exit 4 Configur...

Page 205: ...tomer vlan 100 console config if switchport customer multicast tv vlan add 1000 1001 console config if exit 4 Configure an uplink port by allowing transfer of multicast traffic user traffic and control console config interface te1 0 10 console config if switchport mode trunk console config if switchport trunk allowed vlan add 100 1000 1001 1200 console config if exit 5 Configure IGMP snooping glob...

Page 206: ...MES53xx MES33xx MES23xx Ethernet Switch Series 206 APPENDIX B CONSOLE CABLE Figure 26 Console cable connection ...

Page 207: ...84D 0x22EC 0x86DF 0x88b6 0x88d2 0x88e7 0x88fb 0x8810 0x8826 0x8839 0x884E 0x22ED 0x885b 0x88b7 0x88d3 0x88e8 0x88fc 0x8811 0x8827 0x883A 0x884F 0x22EE 0x885c 0x88b8 0x88d4 0x88e9 0x88fd 0x8812 0x8828 0x883B 0x8850 0x22EF 0x8869 0x88b9 0x88d5 0x88ea 0x88fe 0x8813 0x8829 0x883C 0x8851 0x22F0 0x886b 0x88ba 0x88d6 0x88eb 0x88ff 0x8814 0x882A 0x883D 0x8852 0x22F1 0x8881 0x88bf 0x88d7 0x88ec 0x8800 0x88...

Page 208: ...zhnaya st 29 Phone 7 383 274 47 87 7 383 272 83 31 E mail techsupp eltex nsk ru Visit the Eltex Ltd website to find technical documentation and firmware for our products review our knowledge base and consult Service centre engineers on the technical forum Official web site http eltex nsk ru Technical forum http eltex nsk ru forum Knowledge base http eltex nsk ru support knowledge Download centre h...

Reviews:

No comments

Related manuals for MES23xx

D-Link DAP-1650 Quick Install Manual preview
DAP-1650
Brand: D-Link Pages: 16
D-Link DCH-G020 How-To preview
DCH-G020
Brand: D-Link Pages: 2
JB Systems Light SW-416 Operation Manual preview
SW-416
Brand: JB Systems Light Pages: 15
Xantech AC1 Installation Instructions preview
AC1
Brand: Xantech Pages: 2
Dexon DIMAX404 User Manual preview
DIMAX404
Brand: Dexon Pages: 31
Larson Electronics EXHL-TRN-LE1 Series Manual preview
EXHL-TRN-LE1 Series
Brand: Larson Electronics Pages: 2
Transition Networks SISTG1040-242-LRT Install Manuals preview
SISTG1040-242-LRT
Brand: Transition Networks Pages: 31
PNI CT25WIFI User Manual preview
CT25WIFI
Brand: PNI Pages: 92
Comtech EF Data CRS-280 Installation And Operation Manual preview
CRS-280
Brand: Comtech EF Data Pages: 70
Campbell Hausfeld CW301300AJ Additional Operating Instructions preview
CW301300AJ
Brand: Campbell Hausfeld Pages: 4
Unipoe PM5003GSN User Manual preview
PM5003GSN
Brand: Unipoe Pages: 9
Cabletron Systems ELS10-26TX User Manual preview
ELS10-26TX
Brand: Cabletron Systems Pages: 116
Sven HB-012 User Manual preview
HB-012
Brand: Sven Pages: 4
Linkskey LKV-T02 Quick Installation Manual preview
LKV-T02
Brand: Linkskey Pages: 2
TP-Link P1201-08 User Manual preview
P1201-08
Brand: TP-Link Pages: 34
Contemporary Controls CTRLink EISK8P-GT Installation Manual preview
CTRLink EISK8P-GT
Brand: Contemporary Controls Pages: 4
ANTAIRA LMP-2012G-SFP Series Quick Installation Manual preview
LMP-2012G-SFP Series
Brand: ANTAIRA Pages: 2
Exsys EX-1189HMVS-3 Manual preview
EX-1189HMVS-3
Brand: Exsys Pages: 16

Brands by name

Popular brands

Load more brands