manualshive.com logo in svg

Ericsson ECN330, User Manual

Share
Download
Ericsson ECN330 User Manual Download Page 663

 Command Line Interface

657

1553-KDU 137 365 Uen D   2006-06-16

To use the SSH server, complete these steps:

1.

Generate a Host Key Pair – Use the 

ip ssh crypto host-key 

generate

 command to create a host public/private key pair. 

2.

Provide Host Public Key to Clients – Many SSH client programs 
automatically import the host public key during the initial connection setup 
with the ECN330-switch. Otherwise, a known hosts file needs to be 
manually created on the management station and the host public key placed 
in it. An entry for a public key in the known hosts file would appear similar to 
the following example:

 

 

10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 
15020245593199868544358361651999923329781766065830956 10825913212890233 
76546801726272571413428762941301196195566782 59566410486957427888146206 
519417467729848654686157177393901647793559423035774130980227370877945452408397175264635
8058176716709574804776117

3.

Import Client’s Public Key to the ECN330-switch – Use the 

copy tftp 

public-key

 command to copy a file containing the public key for all the 

SSH client’s granted management access to the ECN330-switch. (Note that 
these clients must be configured locally on the ECN330-switch with the 

username

 command as described on page 633.) The clients are 

subsequently authenticated using these keys. The current firmware only 
accepts public key files based on standard UNIX format as shown in the 
following example for an RSA Version 1 key:

1024 35 1341081685609893921040944920155425347631641921872958921143173880 

055536161631051775940838686311092912322268285192543746031009371877211996963178136627741
416898513204911720483033925432410163799759237144901193800609025394840848271781943722884
02533115952134861022902978982721353267131629432532818915045306393916643 
[email protected] 

4.

Set the Optional Parameters – Set other optional parameters, including the 
authentication timeout, the number of retries, and the server key size.

5.

Enable SSH Service – Use the 

ip ssh server

 command to enable the 

SSH server on the ECN330-switch.

6.

Configure Challenge-Response Authentication – When an SSH client 
attempts to contact the ECN330-switch, the SSH server uses the host key 
pair to negotiate a session key and encryption method. Only clients that 
have a private key corresponding to the public keys stored on the ECN330-
switch can gain access. The following exchanges take place during this 
process:

A

The client sends its public key to the ECN330-switch. 

Summary of Contents for ECN330

Page 1: ...Created by EBCCW 96 05 Created by EBCCW 00 06 Created by EBCCW 96 05 Created by EBCCW 00 06 ECN330 switch User Guide Created by EBCCW 00 06 EDA Ethernet Layer 3 Switch...

Page 2: ...document are subject to revision without notice due to continued progress in methodology design and manufacturing Ericsson shall have no liability for any error or damage of any kind resulting from t...

Page 3: ...tenance 17 3 1 Replacing a Fuse 17 3 2 Replacing a Fan Tray 18 4 Management Features Overview 21 4 1 Key Features 21 4 2 Description of Features 23 4 3 System Defaults 30 5 Initial Configuration 35 5...

Page 4: ...ice 342 6 16 Multicast Filtering 352 6 17 Configuring Domain Name Service 370 6 18 Dynamic Host Configuration Protocol 376 6 19 Configuring Router Redundancy 387 6 20 IP Routing 397 6 21 Multicast Rou...

Page 5: ...ommands 935 7 22 Domain Name Service Commands 963 7 23 Dynamic Host Configuration Protocol Commands 974 7 24 Router Redundancy Commands 998 7 25 IP Interface Commands 1015 7 26 IP Routing Commands 102...

Page 6: ...1553 KDU 137 365 Uen D 2006 06 16 Contents List of Abbreviations 1183 Glossary 1191 Index 1201...

Page 7: ...explanation of different standards for example spanning tree but rather their implementation in the ECN330 switch For a more comprehensive knowledge and understanding of the standards please refer to...

Page 8: ...ument is optional and can be omitted If used the brackets are not typed argument1 argument2 means that either argument1 or argument 2 can be used as a value for this parameter 1 2 Revision History Thi...

Page 9: ...6 and section 7 6 10 Changed the allowed string length for view name to 16 characters Ethernet Automatic Protection Switching Configuration section 6 11 A note was added to the end of the Functional...

Page 10: ...um string length for class map name to 16 characters policy map section 7 20 3 Changed the maximum string length for policy map name to 16 characters show ip igmp groups section 7 21 23 Changed the di...

Page 11: ...d level aggregation switch in the EDA network As well as its Power over Ethernet capabilities the ECN330 switch provides comprehensive network management features such as Spanning Tree Protocol multic...

Page 12: ...t Options The ECN330 switch contains a comprehensive array of LEDs for at a glance monitoring of network and port status It also includes a management agent that enables configuration and monitoring o...

Page 13: ...the ECN330 Installation Guide Each line is 100 individually controlled with an auto detect circuit that opens up if a load within the EDA specified range is detected and shuts down if the load exceeds...

Page 14: ...s disabled and cannot be used The ECN330 switch can also be configured to force the use of an RJ 45 port or SFP slot as required SFP is a new specification for compact modular transceivers that are ho...

Page 15: ...can be established by connecting both power inputs Figure 2 Power Supply Input Connectors and Fuses 2 2 4 Console Port Pin Assignments The DB 9 serial port on the ECN330 s front panel is used to conne...

Page 16: ...s DB9 DTE Pin PC DB9 DTE Pin PC DB25 DTE Pin BB 104 RxD Received Data 2 2 3 BA 103 TxD Transmitted Data 3 3 2 AB 102 SG Signal Ground 5 5 7 No other pins are used ECN330 s 9 Pin Serial Port Null Modem...

Page 17: ...located on the front panel for easy viewing are shown in Figure 4 and described in Table 4 on page 11 Figure 4 System and Port Status LEDs Table 4 System and Port Status LEDs LED Condition Status Sys...

Page 18: ...s cooling fans are operating normally CTRL Flashing Green fast ENC self test and boot in progress during start Steady Green ENC in normal operation Steady Red Error in ENC Fallback state and when boot...

Page 19: ...oth fans have failed in which case the fan tray should be replaced Figure 5 Fan Tray Gigabit Combo Ports Ports 25 26 E RJ45 O SFP Steady or Flashing Green Port has established a valid 10 100 or 1000 M...

Page 20: ...supported by the attached device otherwise the port can be configured manually All RJ45 ports support auto MDI MDI X pinout selection Unshielded UTP cable supported on all RJ45 ports Category 3 or bet...

Page 21: ...ice VLANs VLANs used for End user traffic based on the IEEE 802 1Q standard Multicast Switching based on IGMP Snooping Link redundancy supported with Multiple Spanning Tree MSTP Link aggregation by ut...

Page 22: ...Introduction to the ECN330 switch 16 1553 KDU 137 365 Uen D 2006 06 16...

Page 23: ...new 20 A 250 V fuse Warning First power off the ECN330 before replacing a DC power supply fuse To replace a fuse follow these steps 1 Remove the 48 VDC power source from the ECN330 2 Unscrew the fuse...

Page 24: ...ut the fan tray should be replaced as soon as possible The ECN330 s fan tray can be completely removed without powering off the unit To replace a fan tray follow these steps 1 Remove the fan tray plas...

Page 25: ...ing it back into the empty slot Push in firmly so that the fan tray s connector is fully engaged with the ECN330 5 Screw and tighten the fan tray s screw 6 Check that the FAN status LED on the ECN330...

Page 26: ...Maintenance 20 1553 KDU 137 365 Uen D 2006 06 16...

Page 27: ...ed to maximize the ECN330 switch s performance for a particular network environment 4 1 Key Features Table 5 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Aut...

Page 28: ...namic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanni...

Page 29: ...atures Configuration Backup and Restore The current configuration settings can be saved to a file on a TFTP server and later download this file to restore the ECN330 switch configuration settings Auth...

Page 30: ...de on the same subnet Since it is not practical to have a DHCP server on every subnet DHCP Relay is also supported to allow dynamic configuration of local clients from a DHCP server located in a diffe...

Page 31: ...not be written to the address table Static addresses can be used to provide network security by restricting access for a known host to a specific port IEEE 802 1D Bridge The ECN330 switch supports IEE...

Page 32: ...ECN330 switch supports up to 4094 VLANs A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network The...

Page 33: ...at passes between different subnetworks The wire speed routing provided by the ECN330 switch lets network segments or VLANs be easily linked together without having to deal with the bottlenecks or con...

Page 34: ...or DSCP values or VLAN lists Using access lists allows traffic to be selected based on the Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of...

Page 35: ...capsulates Ethernet frames in MPLS packets and uses label stacking to forward them across an MPLS tunnel Tunnel labels define the path across the MPLS network and virtual channel labels define the ent...

Page 36: ...Factory_Default_Config cfg To reset the ECN330 switch defaults this file should be set as the startup configuration file See section 7 5 18 on page 568 Table 6 lists some of the basic system defaults...

Page 37: ...ed TACACS Authentication Disabled 802 1X Port Authentication Disabled HTTPS Enabled SSH Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTT...

Page 38: ...abled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Disabled Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1...

Page 39: ...rity Disabled IP Port Priority Disabled IP Settings Management VLAN ECN330 mode VLAN 246 249 ECN330 switch mode VLAN 246 IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client En...

Page 40: ...ng Layer 2 Snooping Enabled Querier Disabled IGMP Layer 3 Disabled Multicast Routing DVMRP Disabled PIM DM Disabled PIM SM Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Lo...

Page 41: ...he ECN330 switch is rebooted Saved configuration files can be selected as a system start up file or can be uploaded through TFTP to a server for backup A file named Factory_Default_Config cfg contains...

Page 42: ...be a period Valid characters are A Z a z 0 9 and _ 5 2 Connecting to the ECN330 switch 5 2 1 Configuration Options When the ECN330 switch is set to ECN330 mode see Enabling the SBC to Access Advanced...

Page 43: ...nt enable the following management functions to be performed Set user names and passwords Set an IP interface for any VLAN Configure SNMP parameters Enable or disable any port Set the speed and duplex...

Page 44: ...ware and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable s to the RS 232 serial port on the ECN330 switch 3 Make sure the terminal emulation software is...

Page 45: ...AN has been defined To define a management VLAN see section 5 3 4 3 on page 45 After configuring the ECN330 switch s IP parameters the onboard configuration program can be accessed from anywhere withi...

Page 46: ...modify the running configuration file and are not saved when the ECN330 switch is rebooted To save configuration changes use the copy running config startup config command to create a configuration f...

Page 47: ...access to the ECN330 switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter...

Page 48: ...ure management access a management VLAN should be defined which restricts management access to only the specified VLAN interface Any IP address assigned to the management VLAN can be used to manage th...

Page 49: ...network Press Enter 3 Type exit to return to the global configuration mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the ECN330 switch belongs type ip...

Page 50: ...r 246 for ECN330 switch mode To dynamically configure an address for VLAN 246 type interface vlan 246 and press Enter 2 At the interface configuration mode prompt use one of the following commands To...

Page 51: ...LAN is sent to the SBC and not to the ECN330 switch s CPU Note If the management VLAN is connected to a management network that includes several IP subnets a static route must be configured for each s...

Page 52: ...e managers through trap messages which inform the manager that certain events have occurred The ECN330 switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management...

Page 53: ...1 and 2c clients is not intended to be utilized it is recommended that both of the default community strings be deleted If there are no community strings then SNMP management access from version 1 and...

Page 54: ...The following example creates a trap host for each type of SNMP client 5 3 5 3 Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients first create a view that...

Page 55: ...Management Protocol on page 106 or refer to the specific CLI commands for SNMP starting on page 608 Console config snmp server view mib 2 1 3 6 1 2 1 included Console config snmp server view 802 1d 1...

Page 56: ...Initial Configuration 50 1553 KDU 137 365 Uen D 2006 06 16...

Page 57: ...a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 42 2 Set user names and passwords using an out of ba...

Page 58: ...r a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name is admin with corresponding password of admin 6 2 1 Home Page Wh...

Page 59: ...rsions of stored pages should be Every visit to the page Note When using Internet Explorer 5 0 the screen may have to be manually refreshed after making configuration changes by pressing the browser s...

Page 60: ...ormation 69 System Mode Configure the ECN330 switch to operate in normal mode or one of the tunneling modes QinQ or L2MPLS 71 System MTU Sets the maximum transfer unit for traffic crossing the ECN330...

Page 61: ...Sends an SMTP client message to a participating server 101 Reset Restarts the ECN330 switch 101 SNTP 104 Configuration Configures SNTP client settings including a specified list of servers 104 Clock...

Page 62: ...gs 140 Host Key Settings Generates the host key pair public and private 138 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 1...

Page 63: ...ays port connection status 184 Trunk Information Displays trunk connection status 184 Port Configuration Configures port connection settings 187 Trunk Configuration Configures trunk connection setting...

Page 64: ...e input rate limit for each port for each VLAN 212 Input Trunk Configuration Sets the input rate limit for each trunk 211 Output Port Configuration Sets the output rate limit for each port 211 Output...

Page 65: ...tings for STP RSTP and MSTP 238 Port Information Displays individual port settings for STA 243 Trunk Information Displays individual trunk settings for STA 243 Port Configuration Configures individual...

Page 66: ...tagged 283 Static List Used to create or remove VLAN groups 284 Static Table Modifies the settings for an existing VLAN 287 Static Membership Configures membership type for interfaces including tagged...

Page 67: ...a VLAN to operate as an L2MPLS tunnel associates input output MPLS labels with the VLAN 319 Port Configuration Sets the MPLS characteristics for an uplink port 320 Trunk Configuration Sets the MPLS c...

Page 68: ...rity Status Globally enables or disables IP Port Priority 340 IP Port Priority Sets TCP UDP port priority defining the socket number and associated class of service value 340 QoS 342 DiffServ Configur...

Page 69: ...omain name and domain list and specifies IP address of name servers for dynamic lookup 370 Static Host Table Configures static entries for domain name to address mapping 372 Cache Displays cache entri...

Page 70: ...earned entries in the IP routing table 408 Other Addresses Shows internal addresses used by the ECN330 switch 410 Statistics Shows statistics on ARP requests sent and received 412 IGMP 362 Interface S...

Page 71: ...outing 469 Multicast Routing Table Shows each multicast route the ECN330 switch has learned 470 VRRP 389 Group Configuration Configures VRRP groups including virtual interface address advertisement in...

Page 72: ...ertise at an area boundary 446 Interface Configuration Shows area ID and designated router also configures OSPF protocol settings and authentication for each interface 449 Virtual Link Configuration C...

Page 73: ...481 Routing Table Displays DVMRP routing information 482 PIM DM General Settings Enables or disables PIM DM globally for the ECN330 switch 484 Interface Settings Enables or disables PIM DM per interfa...

Page 74: ...to the BSR 504 RP Hash Displays the RP elected for the specified multicast group the source of this information and the method of election 506 BSR Router Information Displays information about the BS...

Page 75: ...Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for the ECN330 switch Web server Shows if management a...

Page 76: ...b Click System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to t...

Page 77: ...he following modes Normal Mode The ECN330 switch functions in normal operating mode This is the default operating mode Console config hostname R D 5 Console config snmp server location WC 9 Console co...

Page 78: ...Mode CLI This example sets the ECN330 switch to operate in QinQ mode 6 3 3 Configuring the Maximum Frame Size The maximum transfer unit or frame size for traffic crossing the ECN330 switch should be...

Page 79: ...be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes System MTU 1500 1546 Specifies the...

Page 80: ...nal Management VLAN VLAN 247 is set to obtain an IP address through DHCP allowing management access to the ECN330 switch Information on other default settings for the management VLANs is shown under C...

Page 81: ...play hardware firmware version numbers for the main board and management software as well as the power status of the system Field Attributes Main Board Serial Number The serial number of the ECN330 sw...

Page 82: ...rsion of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that the ECN330 switch is operating as Master that is operating stand alone These additi...

Page 83: ...ing of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 324 Static Entry Individual Port The ECN330 switch allows static filtering for unicast and multicast...

Page 84: ...h does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 14 Bridge Extension Configuration CLI Ente...

Page 85: ...s both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end...

Page 86: ...CN330 switch The management VLAN applies to management access through the web Telnet SSH and SNMP To specify a management VLAN see Configuring Management VLANs on page 278 By default the ECN33o switch...

Page 87: ...fic to a configured IP interface based on the following order of precedence IP General Routing Interface menu page 403 Static routes page 421 and then Dynamic routing using RIP page 424 or OSPF page 4...

Page 88: ...outing to specific subnets Default 255 0 0 0 Default Gateway IP address of the gateway router between this device and management stations that exist on other network segments Default 0 0 0 0 6 3 8 1 M...

Page 89: ...her network segments then specify the default gateway and click Apply Figure 17 Default Gateway CLI Specify the management interface IP address and default gateway Console config Console config interf...

Page 90: ...VLAN to which the management station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save the changes Then click Restart DHCP to immediately request a new address Note that the ECN...

Page 91: ...start DHCP service through the CLI Web If the address assigned by DHCP is no longer functioning the IP settings will not be able to be renewed through the web interface The DHCP service can only be re...

Page 92: ...within the ECN330 switch directory assigning it a new name file to tftp Copies a file from the ECN330 switch to a TFTP server tftp to file Copies a file from a TFTP server to the ECN330 switch TFTP S...

Page 93: ...method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the ECN330 switch to overwrite or specify a new file name th...

Page 94: ...s the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the ECN330 switch To start the new firm...

Page 95: ...onfiguration file to tftp Copies a file from the ECN330 switch to a TFTP server running config to file Copies the running configuration to a file running config to startup config Copies the running co...

Page 96: ...3 10 1 Downloading Configuration Settings from a Server The configuration file can be downloaded under a new file name and then set as the startup file or the current startup configuration file can be...

Page 97: ...tings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the ECN330 switch and then restart the ECN330 switch If the startup configuration f...

Page 98: ...password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the...

Page 99: ...th password protection the system prompts for the password If the correct password is entered the system shows a prompt Default No password Login Enables password checking at login Select authenticati...

Page 100: ...e ECN330 switch Default Enabled Telnet Port Number Sets the TCP port number for Telnet on the ECN330 switch Range 1 65535 Default 23 Login Timeout Sets the interval that the system waits for a user to...

Page 101: ...d amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts These parameters can only be configured in the CLI Password Specifies a password...

Page 102: ...ied Severe error messages that are logged to flash memory are permanently stored in the ECN330 switch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash me...

Page 103: ...levels up to the specified level For example if level 7 is specified all messages from level 0 to level 7 will be logged to RAM Range 0 7 Default 7 Note The Flash Level must be equal to or less than t...

Page 104: ...r other management stations to be configured Event messages can also be limited to send only those messages at or above a specified level Command Attributes Remote Log Status Enables disables the logg...

Page 105: ...erver for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be sent to the remote server Range 0 7 Default 7 Host IP List Displays the...

Page 106: ...eset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 28 Displaying Logs Console config logging host 10 1 0 9 Console config logging facility 23 Console config logging...

Page 107: ...ECN330 Severity Sets the syslog severity threshold level see the table on page 97 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For...

Page 108: ...t the minimum severity level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List...

Page 109: ...ystem Web Click System Reset Click the Reset button to restart the ECN330 switch When prompted confirm to reset the ECN330 switch Figure 30 Resetting the System Console config logging sendmail host 19...

Page 110: ...the ECN330 switch periodically sends a request for a time update to a configured time server Up to three time server IP addresses can be configured The ECN330 switch will attempt to poll each server...

Page 111: ...zero degrees longitude To display a time corresponding to the local time indicate the number of hours and minutes the time zone is east before or west after of UTC Command Attributes Current Time Dis...

Page 112: ...ing devices on a network Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environme...

Page 113: ...ion as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are three secur...

Page 114: ...noAuthNoPriv private default view default view none Community string only v2c noAuthNoPriv user defined user defined user defined user defined Community string only v3 noAuthNoPriv user defined user...

Page 115: ...ty reasons consider removing the default strings Command Attributes SNMP Community Capability The ECN330 switch supports up to five community strings Current Displays a list of the community strings c...

Page 116: ...t station using SNMP network management software Up to five management stations can be specified to receive authentication failure messages and other trap messages from the ECN330 switch Command Usage...

Page 117: ...tions as traps or informs To send an inform to a SNMPv2c host complete these steps 1 Enable the SNMP agent page 108 2 Enable trap informs as described in the following pages 3 Create a view with the r...

Page 118: ...ication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Trap...

Page 119: ...es for Authentication and Link up down traps and then click Apply Figure 35 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps 6 4 4 Configuring SNMPv...

Page 120: ...ocal engine ID is automatically generated that is unique to the ECN330 switch This is referred to as the default engine ID If the local engineID is deleted or changed all SNMP users will be cleared Al...

Page 121: ...refore the remote agent s SNMP engine ID needs to be configured before sending proxy requests or informs to it See Specifying Trap Managers and Trap Types on page 110 and Configuring Remote SNMPv3 Use...

Page 122: ...l used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is n...

Page 123: ...page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change t...

Page 124: ...Specifying Trap Managers and Trap Types on page 110 and Specifying a Remote Engine ID on page 115 Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters Grou...

Page 125: ...entication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model A...

Page 126: ...mote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user che...

Page 127: ...level used for the group noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only availabl...

Page 128: ...to the Alarm Description manual for a list of supported notification messages Web Click SNMP SNMPv3 Groups Click New to configure a new group In the New Group page define a name assign a security mod...

Page 129: ...w OID Subtrees Shows the currently configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows the object identifiers of branches within the MIB tr...

Page 130: ...in the ECN330 switch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the curre...

Page 131: ...ole config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config exit Console show snmp view View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvol...

Page 132: ...management access to the web SNMP or Telnet interface 6 5 1 Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for al...

Page 133: ...configure a new user account enter the user name access level and password then click Add To change the password for a specific user enter the user name and new password confirm the password by enteri...

Page 134: ...e levels for each user that requires management access to the ECN330 switch Figure 43 Authentication Server Operation RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while T...

Page 135: ...cked Command Attributes Authentication Select the authentication or authentication sequence required Local User authentication is performed only locally by the ECN330 switch Radius User authentication...

Page 136: ...onds the ECN330 switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13...

Page 137: ...curity Authentication Settings To configure local or remote authentication preferences specify the authentication sequence that is one to three methods fill in the parameters for RADIUS or TACACS auth...

Page 138: ...radius server host 192 168 1 25 Console config radius server port 181 Console config radius server key green Console config radius server retransmit 5 Console config radius server timeout 10 Console s...

Page 139: ...the status bar for Internet Explorer 5 x or above and Netscape Navigator 4 x or above The following web browsers and operating systems currently support HTTPS Table 11 HTTPS System Support To specify...

Page 140: ...plorer display will be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority To replace...

Page 141: ...The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to the ECN330 switch...

Page 142: ...e ECN330 switch Otherwise a known hosts file needs to be manually created on the management station and the host public key placed in it An entry for a public key in the known hosts file would appear...

Page 143: ...ake place during this process A The client sends its public key to the ECN330 switch B The ECN330 switch compares the client s public key to those stored in memory C If a match is found the ECN330 swi...

Page 144: ...sed on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair that is public and private keys Range RSA Version 1 DSA V...

Page 145: ...2006 06 16 Web Click Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key...

Page 146: ...host key Console show public key host Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 82409690947448320102524878965977592168322225584652387791546479807 39631403386...

Page 147: ...fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies the SSH server key size Range 512 896 bits Default 768 The server key is a privat...

Page 148: ...witch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the ECN330 switch dyna...

Page 149: ...e 187 Command Attributes Port Port number Name Descriptive text page 187 Disable MAC Learning Disables MAC address learning for the selected port and flush all MAC addresses that have learned on this...

Page 150: ...n invalid address is detected on a port mark the checkbox in the Status column to enable security for a port set the maximum number of MAC addresses allowed on a port and click Apply Figure 48 Port Se...

Page 151: ...h the client and a remote RADIUS authentication server to verify user identity and access rights When a client that is Supplicant connects to a ECN330 port the ECN330 switch that is Authenticator resp...

Page 152: ...configured The RADIUS server and 802 1X client support EAP The ECN330 switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have t...

Page 153: ...Web Click 802 1X Information Figure 50 802 1X Global Information CLI This example shows the default global setting for 802 1X Console show dot1x Global 802 1X Parameters system auth control enable 80...

Page 154: ...example enables 802 1X globally for the ECN330 switch 6 5 6 3 Configuring Port Settings for 802 1X When 802 1X is enabled the parameters for the authentication process that runs between the client and...

Page 155: ...new device is plugged into an ECN330 port Default Disabled Max Request Sets the maximum number of times the ECN330 port will retransmit an EAP request packet to the client before it times out the aut...

Page 156: ...nsole config if dot1x port control auto Console config if dot1x re authentication Console config if dot1x max req 5 Console config if dot1x timeout quiet period 40 Console config if dot1x timeout re a...

Page 157: ...od 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 7 Authen...

Page 158: ...ed Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticat...

Page 159: ...rt and then click Query Click Refresh to update the statistics Figure 53 802 1X Statistics Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth...

Page 160: ...CN330 switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Ea...

Page 161: ...utes Web IP Filter Configures IP address es for the web group SNMP IP Filter Configures IP address es for the SNMP group Telnet IP Filter Configures IP address es for the Telnet group IP Filter List I...

Page 162: ...esses or other more specific criteria The ECN330 switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dro...

Page 163: ...number If the TCP protocol is specified packets can also be filtered based on the TCP control code MAC ACL mode MAC ACL filters packets based on the source or destination MAC address and the Ethernet...

Page 164: ...sk can configure the VLAN ID field so the masks may be completely the same If this happens there will be only one copy in database and deleting either one of these two entries will remove the mask fro...

Page 165: ...ACL for ingress ports G If no explicit rule is matched the implicit default is permit all 2 VLAN ACLs are then checked 6 6 1 1 Setting the ACL Name and Type Use the ACL Configuration page to designate...

Page 166: ...ddress Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Addres...

Page 167: ...168 92 31 x using a bitmask 6 6 1 3 Configuring an Extended IP ACL Command Attributes Action An ACL can contain permit rules deny rules or a combination of both Default Permit rules Source Destination...

Page 168: ...Port Bitmask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Con...

Page 169: ...e Set any other required criteria such as service type protocol type or TCP control code Then click Add Figure 57 Configuring Extended IP ACLs CLI This example adds three rules 1 Accept any incoming p...

Page 170: ...ce or destination MAC address VID VLAN ID Range 1 4093 VID Bitmask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A deta...

Page 171: ...s Select the address type Any Host or MAC If Host is selected enter a specific address for example 11 22 33 44 55 66 If MAC is selected enter a base address and a hexadecimal bitmask for an address ra...

Page 172: ...user defined masks can also be configured for an ingress or egress ACL A mask must be bound exclusively to one of the basic ACL types that is Ingress IP ACL Egress IP ACL Ingress MAC ACL or Egress MA...

Page 173: ...for one of the basic mask types to open the configuration page Figure 59 Choosing ACL Mask Types CLI This example creates an IP ingress mask and then adds two rules Each rule is checked in order of p...

Page 174: ...ion IP address Use Any to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Source or d...

Page 175: ...figuring an IP ACL Mask CLI This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1...

Page 176: ...mmand Attributes Source Destination Address Type Use Any to match any address Host to specify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any...

Page 177: ...d rules in the MAC ingress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type...

Page 178: ...ring and one IP ACL and one MAC ACL to any port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console...

Page 179: ...attempt is made to bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 12 IP Specifies the IP ACL to bind to a port M...

Page 180: ...ch ingress traffic is checked against the ACL rules see Configuring a VLAN Mask for IP ACLs on page 178 and Configuring a VLAN Mask for MAC ACLs on page 180 3 Bind the VLAN ACL to one or more VLANs se...

Page 181: ...ge for the new access map Figure 63 Creating a VLAN Access Map CLI This example creates a VLAN access map named RD 6 6 4 2 Specifying the Associated IP MAC ACLs and Action Command Usage Use existing I...

Page 182: ...re binding the map to a VLAN or all packets could be dropped Command Attributes IP Sets the access map to match packets against an IP ACL MAC Sets the access map to match packets against a MAC ACL Act...

Page 183: ...to an ACL mask Packets entering a VLAN member port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not th...

Page 184: ...and Precedence can be enabled if DSCP is not selected Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly...

Page 185: ...rotocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add Figure 65 Configuring an VLAN IP ACL Mask CLI The following exampl...

Page 186: ...re it can be bound to a port Command Attributes Source Destination Address Type Use Any to match any address Host to specify the host address for a single node or MAC to specify a range of addresses O...

Page 187: ...Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 66 Configuring an VLAN MAC ACL Mask CLI The following example creates a mask that checks packet format mat...

Page 188: ...fore it can be bound to a VLAN Only one VLAN access map can be bound to a VLAN If more than one access map is bound to the same VLAN only the later one will be used When an IP or MAC access list is bo...

Page 189: ...move buttons to select the VLANs to which the access map is bound then click Apply Figure 67 Mapping Access Maps to VLANs CLI This examples binds vlanMAP1 to VLAN 2 Console config vlan filter vlanMAP1...

Page 190: ...ink is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or...

Page 191: ...ch s IP Address on page 80 Configuration Name Interface label Port Admin Shows if the interface is enabled or disabled that is up or down Speed duplex Shows the current speed and duplex mode Auto or f...

Page 192: ...Max MAC Count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port Security Action Shows the response to take when a security violation is detected shutdown trap...

Page 193: ...rmal behavior for example excessive collisions and then reenabled after the problem has been resolved An interface may also be disabled for security reasons Speed Duplex Allows the port speed and dupl...

Page 194: ...10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Giga...

Page 195: ...erred Auto Uses SFP port if both combination types are functioning and the SFP port has a valid link This is the default Trunk Indicates if a port is a member of a trunk To create trunks and select po...

Page 196: ...LACP as long as they are not already configured as part of a static trunk If ports on another device are also configured as LACP the ECN330 switch and the other device will negotiate a trunk link betw...

Page 197: ...static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a trunk must be configured in an identical manner including communic...

Page 198: ...n interface before connecting the ports and also disconnect the ports before removing a static trunk through the configuration interface Command Attributes Current Member List Shows configured trunks...

Page 199: ...annel group 1 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 Information of Trunk 1...

Page 200: ...available trunk ID If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active link...

Page 201: ...DU 137 365 Uen D 2006 06 16 Web Click Port LACP Configuration Select any of the ECN330 switch ports from the scroll down port list and click Add After completing adding ports to the member list click...

Page 202: ...n Key must be set to the same value for a port to be allowed to join a channel group Console config interface ethernet 1 1 Console config if lacp Console config if exit Console config interface ethern...

Page 203: ...fault 32768 Ports must be configured with the same system priority to join the same LAG System priority is combined with the ECN330 switch s MAC address to form the LAG identifier This identifier is u...

Page 204: ...t Priority for the Port Actor These settings can also be configured for the Port Partner However note that these settings only affect the administrative state of the partner and will not take effect u...

Page 205: ...ethernet 1 10 Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid Cha...

Page 206: ...up Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received...

Page 207: ...ember port to display the corresponding information Figure 75 LACP Port Counters Information CLI The following example displays LACP counters for port channel 1 Console show lacp 1 counters Port chann...

Page 208: ...ACP Internal Configuration Information Field Description LACP System Priority LACP system priority assigned to this port channel LACP Port Priority LACP port priority assigned to this interface within...

Page 209: ...llection of incoming frames on this link is enabled that is collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol...

Page 210: ...g example displays the LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Interna...

Page 211: ...rrent administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Prio...

Page 212: ...g the ECN330 switch 206 1553 KDU 137 365 Uen D 2006 06 16 Web Click Port LACP Port Neighbors Information Select a port channel to display the corresponding information Figure 77 LACP Port Neighbors In...

Page 213: ...rotected from broadcast storms by setting a threshold for broadcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Con...

Page 214: ...TX 1000BASE T or SFP Protect Status Shows whether or not broadcast storm control has been enabled Default Enabled Threshold Threshold as percentage of port bandwidth Options 500 262143 packets per se...

Page 215: ...nner Figure 79 Configuring Port Mirroring Console config interface ethernet 1 1 Console config if no switchport broadcast Console config if exit Console config interface ethernet 1 2 Console config if...

Page 216: ...e same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 28 Type Selects which traffic...

Page 217: ...input rate limit for any port within a specific VLAN can also be configured When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity N...

Page 218: ...uration for an Interface CLI This example sets the rate limit for input and output traffic passing through port 1 to 64000 Kbps 640 Mbps 6 7 6 2 Setting Rate Limits for Ports within Each VLAN Command...

Page 219: ...on VLAN 248 6 7 7 Showing Port Statistics Standard statistics can be displayed for network traffic from the Interfaces Group and Ethernet like MIBs as well as a detailed breakdown of traffic based on...

Page 220: ...a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed...

Page 221: ...cast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or n...

Page 222: ...sion Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfu...

Page 223: ...tatistic can be used as a reasonable indication of Ethernet utilization Collisions The best estimate of the total number of collisions on this Ethernet segment Received Frames The total number of fram...

Page 224: ...ding FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits...

Page 225: ...30 switch 219 1553 KDU 137 365 Uen D 2006 06 16 Web Click Port Port Statistics Select the required interface and click Query To update the screen use the Refresh button at the bottom of the page Figur...

Page 226: ...stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit er...

Page 227: ...d by the ECN330 switch before power is supplied If the power required by a device exceeds the power budget of the port or the whole switch power is not supplied Ports can be set to one of three power...

Page 228: ...of software running on the PoE controller subsystem in the ECN330 switch Web Click PoE Power Status Figure 84 Displaying the Global PoE Status CLI This example displays the current power status for t...

Page 229: ...ower priority settings to limit the supplied power Command Attributes Power Allocation The power budget for the ECN330 If devices connected to the ECN330 require more power than the ECN330 switch budg...

Page 230: ...Attributes Port The port number Admin Status The administrative status of PoE power on the port Mode The current operating status of PoE power on the port Power Allocation The configured power budget...

Page 231: ...rned on If a device is connected to a critical or high priority port and causes the ECN330 switch to exceed its budget port power is turned on but the ECN330 switch drops power to one or more lower pr...

Page 232: ...24700 milliwatts However the maximum guaranteed power that can be delivered to any port is only 23100 miliwatts Web Click PoE Power Port Configuration Enable PoE power on selected ports set the priori...

Page 233: ...ress can be assigned to a specific interface on the ECN330 switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the addr...

Page 234: ...e Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the ECN330 switch When the destination address for inbound traffic is found in the data...

Page 235: ...s Table Lists all the dynamic addresses Web Click Address Table Dynamic Addresses Specify the search type that is mark the Interface MAC Address or VLAN checkbox select the method of sorting the displ...

Page 236: ...time click Apply Figure 90 Address Aging CLI This example sets the aging time to 400 seconds 6 9 4 Setting an Address Threshold A trap message can be sent when entries in the address table exceed a s...

Page 237: ...able network loops and to provide backup links between switches bridges or routers This allows the ECN330 switch to interact with other bridging devices an STA compliant switch bridge or router in the...

Page 238: ...BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This bridge will then initiate negotiations with other bridges to reconfigure the network to r...

Page 239: ...n Identifiers including Region Name Revision Level and Configuration Digest see Configuration Settings for MSTP on page 241 An MST Region may contain multiple MSTP Instances An Internal Spanning Tree...

Page 240: ...eiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA infor...

Page 241: ...g Tree IEEE 802 1s Instance Instance identifier of this spanning tree This is always 0 for the CIST VLANs configuration VLANs assigned to the CIST Priority Bridge priority is used in selecting the roo...

Page 242: ...ng information that would make it return to a discarding state otherwise temporary data loops might result Max hops The max number of hop counts for the MST region Remaining hops The remaining number...

Page 243: ...ec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 13380 Transmission lim...

Page 244: ...orts connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If...

Page 245: ...nning tree used on the ECN330 switch STP Spanning Tree Protocol IEEE 802 1D when this option is selected the ECN330 switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree I...

Page 246: ...for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports...

Page 247: ...g the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which...

Page 248: ...Configuring the ECN330 switch 242 1553 KDU 137 365 Uen D 2006 06 16 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 96 STA Configuration...

Page 249: ...rval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues...

Page 250: ...he ECN330 switch must communicate with the root of the Spanning Tree Oper Path Cost Operational Path Cost The contribution of this port to the cost of paths towards the spanning tree root which includ...

Page 251: ...See the preceding item Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on an ECN330 switch is the same the port with the highest priority...

Page 252: ...s quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfigurati...

Page 253: ...udes both ports and trunks Command Attributes The following attributes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interfa...

Page 254: ...owest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where mo...

Page 255: ...s they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding dat...

Page 256: ...l Spanning Tree MST Instance 0 that connects all bridges and LANs within the MST region The ECN330 switch supports up to 65 instances Try to group VLANs which cover the same general area of the networ...

Page 257: ...with the same MSTI settings Command Attributes MST Instance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Option...

Page 258: ...Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identif...

Page 259: ...Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission lim...

Page 260: ...elected MST instance Field Attributes MST Instance ID Instance identifier to configure Range 0 4094 Default 0 The other attributes are described under Displaying Interface Settings page 243 Web Click...

Page 261: ...oot Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology...

Page 262: ...dictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a tr...

Page 263: ...ystem automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Range E...

Page 264: ...An EAPS Domain exists on a single Ethernet ring Any VLAN that is to be protected is configured on all ports in the ring for the given EAPS Domain Each EAPS Domain has a single designated master node...

Page 265: ...received on its secondary port and the master node resets its fail period timer and continues normal operation If the master node does not receive the health check frame before the fail period timer...

Page 266: ...normal state Multiple EAPS Domains An EAPS enabled ECN330 switch can be part of more than one ring Hence an EAPS enabled ECN330 switch can belong to more than one EAPS Domain at the same time Each EA...

Page 267: ...t from the other direction in the ring 4 Configure the primary and secondary ports Each node on the ring connects to it through two ring ports Configure one port as the primary port and the other as t...

Page 268: ...eck box in the required field EAPS Domain Configuration Primary Port or Secondary Port section 6 11 2 on page 265 10 Display EAPS status information Refer to the EAPS Domain List to view EAPS status i...

Page 269: ...master node sends a health check packet to ensure the ring status and starts the health check packet fair timer at once Handling health check packet fail timer events If this event occurs the ring top...

Page 270: ...ress 6 11 1 EAPS Configuration Use the EAPS Configuration page to globally enable or disable EAPS on the ECN330 switch Command Usage The EAPS function must be enabled on the ECN330 switch before an EA...

Page 271: ...hines will start and the domain will enter the active state To create an EAPS domain 1 Enter a suitable name in the Domain Name field on the EAPS Domain Configuration page and click the New button 2 C...

Page 272: ...warding This EAPS domain is running but the new link port is temporarily blocked When the state changes from link down to link up on a transit node the new link port is temporarily blocked until the m...

Page 273: ...Also the ring ports of the CVLAN must be tagged Failure to observe these restrictions can result in a loop in the network Once the domain has been activated by setting the Domain Status to Enabled the...

Page 274: ...on the master node Once set the master node will send the newly configured fail time to all transit nodes forcing each node to update its fail timer The transit nodes then check for a health check pa...

Page 275: ...ring Range 1 4094 Up to nine Protected VLANs can be configured in an EAPS domain First create the VLANs to be used as Protected VLANs see Creating VLANs on page 284 and then add the Protected VLAN to...

Page 276: ...Configuration page Configure the EAPS parameters for this node including the control VLAN the primary and secondary ports the timers EAPS node type and domain status and click Apply Then click the Mod...

Page 277: ...witch Console config eaps domain rd Console config eaps control vlan 3 Console config eaps port primary 26 Console config eaps port secondary 27 Console config eaps hellotime 2 Console config eaps fai...

Page 278: ...without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multim...

Page 279: ...compliant devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if a port on the ECN330 switch has to participate in one or more VLA...

Page 280: ...ease security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the ECN330 switch Packets are forwarded only between ports that are de...

Page 281: ...so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in the network enable GVRP on the links between these devices Also...

Page 282: ...ain any VLAN compliant devices including the destination host the ECN330 switch must first strip off the VLAN tag before forwarding the frame When the ECN330 switch receives a tagged frame it will pas...

Page 283: ...ld Attributes VLAN Basic Information VLAN Version Number The VLAN version used by the ECN330 switch as specified in the IEEE 802 1Q standard This parameter is displayed in the web interface only Maxim...

Page 284: ...witch Only IP addresses assigned to these management VLANs can be used to manage the ECN330 switch The default management VLANs assigned to the switch are described under Enabling the SBC to Access Ad...

Page 285: ...s nor is the management IP interface advertised by routing protocols to other routers A management VLAN cannot be deleted when a IP address is assigned to the interface To change a management VLAN fir...

Page 286: ...the Management VLAN Configuration Guide Note that the ECN330 switch does not have to be configured for the DMV It automatically supports the DMV for all embedded nodes External External Management VL...

Page 287: ...nk or zero no VLAN is defined for the corresponding management VLAN on the ECN330 switch Range 0 4094 Default Internal 247 Dynamic 248 External 246 Native 4093 FSA 249 Web Click VLAN 802 1Q VLAN Basic...

Page 288: ...Console config interface ethernet 1 1 Console config if switchport allowed vlan add 349 tagged Console config exit Console config interface ethernet 1 24 Console config if switchport allowed vlan add...

Page 289: ...t based VLAN using one or two switches tagging can be disabled Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created System Up Time Status Shows ho...

Page 290: ...ups Shows the VLAN interface members CLI Current VLAN information can be displayed with the following command 6 12 1 7 Creating VLANs Use the VLAN Static List to create or remove VLAN groups To propag...

Page 291: ...rational Disable VLAN is suspended that is does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended that is does not pass packets Add...

Page 292: ...s Port Channels Eth1 25 S Eth1 26 S Eth1 27 S Eth1 28 S VLAN ID 247 Type Static Name intmgm Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Et...

Page 293: ...rs Note VLAN 1 is the default untagged VLAN containing all ports on the ECN330 switch and can only be modified by first reassigning the default port VLAN ID as described under 6 12 1 10 Configuring VL...

Page 294: ...he VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an...

Page 295: ...VLAN 2 6 12 1 9 Adding Static Members to VLANs Port Index Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Po...

Page 296: ...e click Apply Figure 115 VLAN Static Membership CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 6 12 1 10 Configuring VLAN Behavior for Interfaces VLAN behavior...

Page 297: ...ive all frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which t...

Page 298: ...ode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the sourc...

Page 299: ...ion CLI This example sets port 3 to accept only tagged frames assigns PVID 3 as the native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console config interfac...

Page 300: ...figuring a MAC address for a VLAN all Layer 3 traffic originating from this VLAN will use the specified MAC address MAC addresses used for VLANs have the following restrictions Cannot be a broadcast M...

Page 301: ...dress for VLAN 3 Console config interface vlan 3 Console config if mac address 00 01 02 03 0d 0e Console config if exit Console show vlan mac address VLAN MAC Address Status Type Name 1 00 01 02 03 0d...

Page 302: ...AN SPVLAN for customers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same cus...

Page 303: ...t Packets entering a QinQ tunnel port are processed in the following manner 1 New SPVLAN tags are added to all incoming packets no matter how many tags they already have The ingress process constructs...

Page 304: ...essed in the following manner 1 If incoming packets are untagged the PVID VLAN native tag is added 2 If the ether type of an incoming packet single or double tagged is not equal to the TPID of the upl...

Page 305: ...link port s native VLAN the uplink port must be an untagged member of the SPVLAN Then the outer SPVLAN tag will be stripped when the packets are sent out Another reason is that it causes none customer...

Page 306: ...ior for Interfaces on page 290 7 Configure system MTU to 1526 if jumbo frames are not enabled see Configuring the Maximum Frame Size on page 72 8 Configure the QinQ uplink port to join the SPVLAN as a...

Page 307: ...orward traffic for the internal management VLANs VIDs 247 249 between the QinQ tunnel port and the SBC connected to port 28 Default Automatically enabled for any QinQ tunnel port Before enabling addre...

Page 308: ...tatic address entry for any internal management VLAN is added to the address table If multiple internal management VLANs are configured multiple entries are added to the address table When a tunnel po...

Page 309: ...has been associated with the primary group An isolated VLAN contains isolated ports that cannot communicate with any other hosts within the isolated VLAN and can only communicate with promiscuous port...

Page 310: ...rrently the native VLAN of a private port will not automatically change to the private VLAN when assigning a promiscuous port to a primary VLAN or assigning an isolated port to an isolated VLAN as des...

Page 311: ...N330 switch configured with primary VLAN 3 and isolated VLANs 4 and 5 The isolated VLANs are associated with VLAN 3 Port 3 has then been configured as a promiscuous port and mapped to the Primary VLAN...

Page 312: ...d isolated VLANs Isolated Conveys traffic only between the VLAN s isolated ports and to promiscuous ports in the associated primary VLAN Traffic between isolated ports within the VLAN is blocked Curre...

Page 313: ...N Non Association Isolated VLANs not associated with the selected primary VLAN Web Click VLAN Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more i...

Page 314: ...n the assigned primary VLAN and with interfaces within any isolated VLANs associated with the primary VLAN Isolated An isolated port that can only communicate with the promiscuous ports in the associa...

Page 315: ...associated with VLAN 4 and 5 respectively This means that traffic for port 4 and 5 can only pass through port 3 6 12 2 5 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration an...

Page 316: ...s within the primary VLAN and between promiscuous ports and isolated ports within the associated isolated VLANs Isolated VLAN Conveys traffic only between the VLAN s isolated ports and promiscuous por...

Page 317: ...l network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets...

Page 318: ...he only option for the LLC_other frame type is IPX_raw The options for all other frames types include IP ARP RARP Note SNAP frame types are not supported by the ECN330 switch due to hardware limitatio...

Page 319: ...l type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to th...

Page 320: ...provide connectivity between customer sites over existing Layer 2 networks Instead of using separate networks for each customer service providers can use a common MPLS network to transport Layer 2 Eth...

Page 321: ...ints to be configured at the two edge switches Only the edge switches at the ingress and egress points of the MPLS backbone know about the VCs dedicated to transporting Layer 2 traffic Other routers d...

Page 322: ...ed to multiple VLANs The input VC and output VC should normally be configured to the same value Also note that a maximum 8 input VCs and 8 output VCs are supported on the ECN330 switch 4 The network c...

Page 323: ...etwork supports STP or EAPS A VC can be associated with multiple VLANs But a VLAN can only be associated with one input VC and one output VC MPLS packets with Control Word cannot be received correctly...

Page 324: ...the Control Word And it must be supported to receive a Control Word from an implementation having implemented the optional Control Word and the egress R2 Martini tunnel end point defined in the draft...

Page 325: ...put Label section 6 13 1 on page 319 5 Configure a Gigabit Ethernet port to L2MPLS uplink mode L2MPLS Port Configuration Status section 6 13 2 on page 320 6 Specify the tunnel label virtual channel VC...

Page 326: ...page to set the operational characteristics for an MPLS uplink port Command Attributes Port Port number Range 1 27 Status Configures a port to enter L2MPLS uplink port mode Tunnel Label 0 255 Sets the...

Page 327: ...uplink port takes precedence over the System MTU see Configuring the Maximum Frame Size on page 72 Also note that if the MTU setting for the uplink port has been specified then setting the system MTU...

Page 328: ...tate is down ADMIN DOWN The VC has been administratively disabled Local VC Label This label determines the egress interface of a packet arriving from the MPLS backbone Remote VC Label This label is us...

Page 329: ...k Port CLI The following example displays the settings for an L2MPLS tunnel and uplink port Console sh mpls l2trnasport MPLS Vlan Infomation Client Intf VC State Local VC Label Remote VC Label Vlan9 U...

Page 330: ...ified default port priority and then sorted into the appropriate priority queue at the output port Command Usage The ECN330 switch provides eight priority queues for each port It can use Weighted Roun...

Page 331: ...ECN330 switch 325 1553 KDU 137 365 Uen D 2006 06 16 Web Click Priority Default Port Priority or Default Trunk Priority Modify the default priority for any interface then click Apply Figure 131 Defaul...

Page 332: ...the IEEE 802 1p standard for various network applications are shown in Table 19 However priority levels can be mapped to the ECN330 switch s output queues in any way that benefits application traffic...

Page 333: ...Traffic Class Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Note This parameter is displayed in the CLI as Queue ID Priority Level Traffic Type 0 default Best Effort 1 Backg...

Page 334: ...te Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the ECN330 switch Console config interface ethern...

Page 335: ...t selection WFQ Shares bandwidth at the egress ports by specifying a minimum bandwidth for each queue Guaranteed bandwidth is first supplied to each queue any remaining bandwidth is distributed in a r...

Page 336: ...the Service Weight for Traffic Classes The ECN330 switch can use the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue As described in 6 14 1 2 Map...

Page 337: ...s for each traffic class that is queue Note This parameter is displayed in the CLI as Queue ID Weight Value Set a new weight for the selected traffic class Range 1 15 Web Click Priority Queue Scheduli...

Page 338: ...Q shares bandwidth at the egress ports by specifying a minimum bandwidth for each queue Guaranteed bandwidth is first supplied to each queue any remaining bandwidth is distributed in a round robin fas...

Page 339: ...bps for Fast Ethernet ports 1 100000000 kbps for Gigabit Ethernet ports Granularity 64 kbps Web Click Priority WFQ Minimum Bandwidth Select an interface highlight a queue in the Minimum Bandwidth Tabl...

Page 340: ...ch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic the ECN330 switch maps priority values to the output queues in the...

Page 341: ...ning eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The default IP Precedence values are mapped one to one to Class of...

Page 342: ...map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Web Click Priority IP Precedence Priority Select an en...

Page 343: ...for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the ECN330 switch Console config map ip precedence Console config interface e...

Page 344: ...different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in Table 21 Note that all the DSCP values that are not specified are mapped to CoS value...

Page 345: ...ample globally enables DSCP Priority service on the ECN330 switch maps DSCP value 0 to CoS value 1 on port 1 and then displays the DSCP Priority settings Console config map ip dscp Console config inte...

Page 346: ...more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority Interface Selects the port or trunk inte...

Page 347: ...ority service on the ECN330 switch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Note Mapping specific values for IP Port Priority is implemented as an int...

Page 348: ...switches or routers along the path Priority can then be assigned based on a general policy or a detailed examination of the packet However note that detailed examination of packets should take place c...

Page 349: ...a specified class Command Usage To configure a Class Map follow these steps Open the Class Map page and click Add Class When the Class Configuration page opens fill in the Class Name field and click...

Page 350: ...eria used to classify ingress traffic on this page Remove Class Removes the selected class Class Configuration Class Name Name of the class map Range 1 16 characters Type Only one match command is per...

Page 351: ...e specified criteria to the class Only one entry is permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffServ then click Add Class to create a new class or Edit Ru...

Page 352: ...hat an IP packet will receive in the Action field defining the maximum throughput and burst rate in the Meter field and the action that results from a policy violation in the Exceed field Then finally...

Page 353: ...ervice ingress traffic on this page Add Policy Opens the Policy Configuration page Enter a policy name and description on this page and click Add to open the Policy Rule Settings page Enter the criter...

Page 354: ...cedence value in a matching packet as specified in Match Class Settings on page 343 Range CoS 0 7 DSCP 0 63 IP Precedence 0 7 Meter Check this to define the maximum throughput burst rate and the actio...

Page 355: ...KDU 137 365 Uen D 2006 06 16 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Cla...

Page 356: ...defined in the class map then define a policy map and finally bind the service policy to the required interface Only one policy map can be bound to an interface The current firmware does not allow a...

Page 357: ...ettings Check Enabled and choose a Policy Map for a port from the scroll down box then click Apply Figure 143 Service Policy Settings CLI This example applies a service policy to an ingress interface...

Page 358: ...which subscribed to this service Figure 144 Multicast Filtering Concept The ECN330 switch can use Internet Group Management Protocol IGMP to filter multicast traffic IGMP Snooping can be used to passi...

Page 359: ...ny host to inform its local router that it wants to receive transmissions addressed to a specific multicast group A router or multicast enabled switch can periodically ask their hosts if they want to...

Page 360: ...cast router switch connected over the network to an interface on the ECN330 This interface will then join all the current multicast groups supported by the attached router switch to ensure that multic...

Page 361: ...by subjecting it to IGMP snooping If no router port exists on the VLAN the traffic will simply be dropped IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they wan...

Page 362: ...00 IGMP Query Timeout The time the ECN330 switch waits after the previous querier stops before it considers the router port the interface which had been receiving query packets to have expired Range 3...

Page 363: ...Console config ip igmp snooping querier Console config ip igmp snooping query count 10 Console config ip igmp snooping query interval 100 Console config ip igmp snooping query max response time 100 C...

Page 364: ...h The Multicast Router Port Information page can be used to display the ports on the ECN330 switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of c...

Page 365: ...d by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the ECN330 Command Attributes Interface Activates the Port or Trunk scroll down list...

Page 366: ...c multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Web Click IGMP Snooping IP Multicast R...

Page 367: ...lticast service on the ECN330 switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast ad...

Page 368: ...and then displays all the known multicast services supported on VLAN 1 6 16 2 6 Setting IGMP Snooping Status per Interface IGMP Snooping status can be configured both globally for the ECN330 switch o...

Page 369: ...s Enabled VLAN Displays the list of VLAN interfaces for which IGMP Snooping has been enabled VLAN ID ID of configured VLANs Web Click IGMP Snooping IGMP Snooping Status per VLAN Use the Add or Remove...

Page 370: ...nterfaces page 362 Note that Layer 2 snooping and query is disabled if Layer 3 IGMP is enabled 6 16 3 1 Configuring IGMP Interface Parameters The ECN330 switch uses IGMP Internet Group Management Prot...

Page 371: ...advertised in IGMP queries Range 0 25 seconds Default 10 seconds The ECN330 switch must be using IGMPv2 for this command to take effect This command defines how long any responder that is client or r...

Page 372: ...calculating the appropriate range for other IGMP variables such as the Last Member Query Interval Group Membership Interval as well as the Other Querier Present Interval and the Startup Query Count RF...

Page 373: ...e config interface vlan 1 Console config if ip igmp Console config if ip igmp last memb query interval 10 Console config if ip igmp max resp interval 20 Console config if ip igmp query interval 100 Co...

Page 374: ...ibers directly attached or downstream from the ECN330 switch Interface The interface on the ECN330 switch that has received traffic directed to the multicast group address Last Reporter The IP address...

Page 375: ...lick IP IGMP IGMP Group Membership Figure 153 IGMP Group Membership CLI The following shows the IGMP groups currently active on VLAN 1 Console show ip igmp groups vlan 1 GroupAddress InterfaceVlan Las...

Page 376: ...DNS service on the ECN330 switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client that is not fo...

Page 377: ...o incomplete host names Range 1 64 alphanumeric characters 1 5 names Name Server List Specifies the address of one or more domain name servers to use for name to address resolution Range 1 6 IP addres...

Page 378: ...IP addresses If more than one IP address is associated with a host name in the static table or through information returned from a name server a DNS client can try each address in succession until it...

Page 379: ...D 2006 06 16 Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addr...

Page 380: ...e flag is always 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domai...

Page 381: ...dns net 1 4 CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www mi...

Page 382: ...ormation about the host s boot image including the TFTP server to access for download and the name of the boot file or boot information for NetBIOS Windows Internet Naming Service WINS 6 18 1 Configur...

Page 383: ...mmand Attributes VLAN ID ID of configured VLAN VLAN Name Name of the VLAN Server IP Address Addresses of DHCP servers to be used by the ECN330 switch s DHCP relay agent in order of preference Restart...

Page 384: ...st device to download Addresses can be assigned to clients from a common address pool configured for a specific IP interface on the ECN330 switch or fixed addresses can be assigned to hosts based on t...

Page 385: ...uration changes This can be done on the DHCP Server General page 6 18 2 1 Enabling the Server Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assig...

Page 386: ...e 6 18 2 2 Configuring Address Pools IP address pools must be configured for each IP interface that will provide addresses to attached clients through the DHCP server Command Usage First configure add...

Page 387: ...red When searching for a manual binding the ECN330 switch compares the client identifier and then the hardware address for DHCP clients Since BOOTP clients cannot transmit a client identifier a hardwa...

Page 388: ...ss of the primary and alternate DNS server DNS servers must be configured for a DHCP client to map host names to IP addresses Netbios Server IP address of the primary and alternate NetBIOS Windows Int...

Page 389: ...Creating a New Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add Figure 161 DHCP Server Pool Configuration CLI This example adds an address pool and enters DHCP...

Page 390: ...click Apply Figure 162 DHCP Server Pool Network Configuration CLI This example configures a network address pool Console config ip dhcp pool tps Console config dhcp network 10 1 0 0 255 255 255 0 Cons...

Page 391: ...P Server Pool Configuration Click the Configure button for any entry Click the radio button for Host Enter the IP address subnet mask and hardware address for the client device Configure the optional...

Page 392: ...another device Entry Count Number of hosts that have been given addresses by the ECN330 switch Note More than one DHCP server may respond to a service request by a host In this case the host generall...

Page 393: ...aster router fails or can also be configured to share the traffic load The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain networ...

Page 394: ...Backup Routers Master Router Backup Router Virtual Router VR23 VRIP 192 168 1 3 VRID 23 IP R1 192 168 1 3 IP VR23 192 168 1 3 VR Priority 255 VRID 23 IP R2 192 168 1 5 VRIP VR23 192 168 1 3 VR Priorit...

Page 395: ...hed network 6 19 1 1 Configuring VRRP Groups To configure VRRP select an interface on one router in the group to serve as the master virtual router This physical interface is used as the virtual addre...

Page 396: ...rtual group because the IP address owner is off line Virtual Router Priority The Owner of the virtual IP address is automatically assigned the highest possible virtual router priority of 255 The backu...

Page 397: ...ng its state as the master Preemption Shows if this router is allowed to preempt the acting master Priority Priority of this router in the VRRP group AuthType Authentication mode used to verify VRRP p...

Page 398: ...e VRRP group address owner is automatically set to 255 The priority for backup routers is used to determine which router will take over as the acting master router if the current master fails Authenti...

Page 399: ...for a group entry to open the detailed configuration window Enter the IP address of a real interface on this router to make it the master virtual router for the group Otherwise enter the virtual addre...

Page 400: ...e total number of VRRP packets received with an unknown or unsupported version number VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual rou...

Page 401: ...a VLAN configured with an IP interface Range 1 4094 Default 1 VRID VRRP group identifier Range 1 255 Times Become Master Number of times this router has transitioned to master Received Packets Number...

Page 402: ...ved by the virtual router with an invalid value in the type field Error Address List Packets Number of packets received for which the address list does not match the locally configured list for the vi...

Page 403: ...assign all ports that belong to the same group to these VLANs page 287 and then assign an IP interface to each VLAN page 403 By separating the network into different VLANs it can be partitioned into s...

Page 404: ...encompasses tasks required to forward packets for both Layer 2 and Layer 3 as well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC add...

Page 405: ...In order to perform IP switching the ECN330 switch should be recognized by other network nodes as an IP router either by setting it as the default gateway or by redirection from another router throug...

Page 406: ...routing information to be stored in the ECN330 switch either manually or when a connection is set up by an application outside the ECN330 switch Dynamic routing uses a routing protocol to exchange ro...

Page 407: ...hen be used to link the subnetworks by connecting to one port from each available VLAN on the network 6 20 3 Basic IP Interface Configuration To allow routing between different IP subnets IP Routing m...

Page 408: ...ch any routing table entry Valid IP addresses consist of four numbers 0 to 255 separated by periods Web Click IP General Global Settings Set IP Routing Status to Disabled to restrict operation to Laye...

Page 409: ...interface and allows IP packets to be sent to or from the router Before any network interfaces are configured on this router first create a VLAN for each unique user group or for each network applicat...

Page 410: ...t routing to other subnets First specify a primary address and click Set IP Configuration To assign secondary addresses enter these addresses one at a time and click Set IP Configuration after enterin...

Page 411: ...until the packet is delivered to the final destination If there is no entry for an IP address in the ARP cache the router will broadcast an ARP request packet to all devices on the network The ARP req...

Page 412: ...menu can be used to specify the timeout for ARP cache entries or to enable Proxy ARP for specific VLAN interfaces Command Usage The aging time determines how long dynamic entries remain the cache If t...

Page 413: ...and enables Proxy ARP for VLAN 3 6 20 5 3 Configuring Static ARP Addresses For devices that do not respond to ARP requests traffic will be dropped because the IP address cannot be mapped to a physical...

Page 414: ...ck IP ARP Static Addresses Enter the IP address the corresponding MAC address and click Apply Figure 177 ARP Static Addresses CLI This example sets a static entry for the ARP cache 6 20 5 4 Displaying...

Page 415: ...c Changes a selected dynamic entry to a static entry Clear All Deletes all dynamic entries from the ARP cache Entry Count The number of dynamic entries in the ARP cache Note The Dynamic to Static and...

Page 416: ...ing IP address Interface VLAN interface associated with the address entry Entry Count The number of local entries in the ARP cache Console show arp Arp cache timeout 1200 seconds IP Address MAC Addres...

Page 417: ...te local cache entries in the ARP cache Console show arp Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 11 00 11 22 33 44 55 static 2 10 1 0 22 00 00 12 33 89 76 other 2 1...

Page 418: ...all interfaces Table 23 ARP Statistics Web Click IP ARP Statistics Figure 180 ARP Statistics Parameter Description Received Request Number of ARP Request packets received by the router Received Reply...

Page 419: ...mission through small packet networks Console show ip traffic IP statistics Rcvd 5 total 5 local destination 0 checksum errors 0 unknown protocol 0 not a gateway Frags 0 reassembled 0 timeouts 0 fragm...

Page 420: ...s for transmission Output Packet No Route The number of datagrams discarded because no route could be found to transmit them to their destination Note that this includes any datagrams which a host can...

Page 421: ...s including ICMP Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded for example...

Page 422: ...tions such as when a datagram cannot reach its destination when the gateway does not have the buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a sho...

Page 423: ...e Quench messages received sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply mes...

Page 424: ...es IP as the underlying transport mechanism providing access to IP like services UDP packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their ta...

Page 425: ...Errors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port No Ports The total number of received UDP datagrams fo...

Page 426: ...ent Connections The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT Receive Errors The total number of segments received in error for example bad TCP checksum...

Page 427: ...ific route to a subnet rather than using dynamic routing Static routes do not automatically change in response to changes in network topology so only configure a small number of stable routes to ensur...

Page 428: ...h a dynamically learned route If route information is available through more than one of these methods the priority for route selection is local static and then dynamic Also note that the route for a...

Page 429: ...hich generated this route information Options local static RIP OSPF Metric Cost for this interface Entry Count The number of table entries Web Click IP Routing Routing Table Figure 186 IP Routing Tabl...

Page 430: ...lso use methods for preventing loops that would cause endless retransmission of data traffic RIP utilizes the following three methods to prevent loops from occurring Split horizon Never propagate rout...

Page 431: ...are received from other routers To communicate properly with other routers using RIP the RIP version used globally by the router needs to be specified as well as the RIP send and receive versions used...

Page 432: ...econds Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessible that is the metric set to infinite and advertised as unreacha...

Page 433: ...the basic update timer and then click Apply Figure 188 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip Cons...

Page 434: ...dress In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B...

Page 435: ...etting the RIP Receive Version or Send Version for an interface overrides the global setting specified by the RIP General Settings Global RIP Version field The Receive Version can be specified based o...

Page 436: ...protocol packets are caught in a loop links will be congested and protocol packets may be lost However the network will slowly converge to the new state RIP utilizes the following three methods that c...

Page 437: ...Pv1 or RIPv2 packets RIPv2 RIPv2 packets Send Version The RIP version to send on an interface RIPv1 Sends only RIPv1 packets RIPv2 Sends only RIPv2 packets RIPv1 Compatible Route information is broadc...

Page 438: ...routing information with other routers based on an authorized password Note that authentication only applies to RIPv2 Authentication Key Specifies the key to use for authenticating RIPv2 packets For a...

Page 439: ...ges and queries information about the interfaces that are using RIP and information about known RIP peer devices Table 28 RIP Information and Statistics Console config interface vlan 1 Console config...

Page 440: ...vention method is in use AuthType Shows if authentication is set to simple password or none RcvBadPackets Number of bad RIP packets received RcvBadRoutes Number of bad routes received SendUpdates Numb...

Page 441: ...Configuring the ECN330 switch 435 1553 KDU 137 365 Uen D 2006 06 16 Web Click Routing Protocol RIP Statistics Figure 191 RIP Statistics...

Page 442: ...he amount of routing traffic Note The OSPF protocol implemented in this device is based on Version 2 RFC 2328 It also supports Version 1 RFC 1583 compatibility mode to ensure that the same method is u...

Page 443: ...of routing traffic required when sending or receiving routing path updates The separate routing area scheme used by OSPF further reduces the amount of routing traffic and thus inherently provides ano...

Page 444: ...and receive OSPF traffic to neighboring OSPF routers The exchange of OSPF traffic can be further optimized by specifying an area range that covers a large number of subnetwork addresses This is an im...

Page 445: ...er to exchange routing information with boundary routers in other autonomous systems to which it may be attached If a router is enabled as an ASBR then every other router in the autonomous system can...

Page 446: ...tself as a default external route for the AS even if a default external route does not actually exist NotAlways It can only advertise a default external route into the AS if it has been configured to...

Page 447: ...Apply Figure 195 OSPF General Configuration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf Console confi...

Page 448: ...to increase network stability and reduce the amount of routing traffic required through the use of route summaries that aggregate a range of addresses into a single route The backbone or any normal ar...

Page 449: ...nomous system AS However an NSSA can also import external routes from one or more small routing domains that are not part of the AS such as a RIP domain or locally configured static routes This extern...

Page 450: ...a transit area and should therefore be placed at the edge of the routing domain A stub or NSSA can have multiple ABRs or exit points However all of the exit points and local routers must contain the s...

Page 451: ...the stub will become completely isolated Note This router supports up to 16 total areas either normal transit areas stubs or NSSAs Web Click Routing Protocol OSPF Area Configuration Set any area to a...

Page 452: ...ute summaries local changes do not have to be propagated to other area routers This allows OSPF to be easily scaled for larger networks and provides a more stable network topology Figure 200 Route Sum...

Page 453: ...summarized on any bit boundary in a network address To summarize the external LSAs imported into the autonomous system that is local routing domain use the Summary Address Configuration screen page 45...

Page 454: ...for the area range command is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1 1 0 255...

Page 455: ...ter control the timing of link state advertisements set the cost used to select preferred paths and specify the method used to authenticate routing messages Field Attributes OSPF Interface List VLAN I...

Page 456: ...ation delays for an interface when estimating this delay Set the transmit delay according to link speed using larger values for lower speed links The transmit delay must be the same for all routers in...

Page 457: ...the route Authentication Type Specifies the authentication type used for an interface Options None Simple password MD5 Default None Use authentication to prevent routers from inadvertently joining an...

Page 458: ...ally only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value...

Page 459: ...backbone To connect an isolated area to the backbone the logical path can cross a single non backbone area that is transit area to reach the backbone To define this path an ABR must be configured tha...

Page 460: ...to connect two existing backbone areas into a common backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IP address Neighbor Rou...

Page 461: ...ify the settings for an existing link click the Detail button for the required entry modify the link settings and click Set Figure 205 OSPF Virtual Link Configuration CLI This example configures a vir...

Page 462: ...ea This area passes routing information between other areas in the autonomous system The default value 0 0 0 0 is used as the Area ID for the backbone All routers must be connected to the backbone eit...

Page 463: ...The area ID must be in the form of an IP address Note This router supports up to 16 total areas either normal transit areas stubs or NSSAs Web Click Routing Protocol OSPF Network Area Address Configur...

Page 464: ...utes imported into the routing table and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for advertising into the local domai...

Page 465: ...his router supports up 16 Type 5 summary routes Web Click Routing Protocol OSPF Summary Address Configuration Specify the base address and network mask then click Add Figure 207 OSPF Summary Address C...

Page 466: ...tion is not enabled the router will only generate a default external route into the AS if it has been configured to always advertise a default route even if an external route does not actually exist p...

Page 467: ...used to calculate external route costs Options Type 1 Type 2 Default Type 1 Redistribute Metric Metric assigned to all external routes for the specified protocol Range 1 65535 Default 10 Web Click Ro...

Page 468: ...R originates and floods Type 7 external LSAs throughout its area for known network destination outside of the AS However an NSSA ASBR can also be configured to generate a Type 7 default route to areas...

Page 469: ...mation OSPF routers advertise routes using Link State Advertisements LSAs The full collection of LSAs collected by a router interface from the attached area is known as a link state database Routers t...

Page 470: ...to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an autonomous system boundary router ASBR AS External Type 5 An ASBR c...

Page 471: ...LSA in seconds Seq Sequence number of LSA used to detect older duplicate LSAs CheckSum Checksum of the complete contents of the LSA Web Click Routing Protocol OSPF Link State Database Information Spec...

Page 472: ...dentifier for the destination router Next Hop IP address of the next hop toward the destination Cost Link metric for this route Type Router type of the destination either ABR ASBR or both Rte Type Rou...

Page 473: ...state and identification flag States include Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet esta...

Page 474: ...BDR Backup designated router Address IP address of this interface Web Click Routing Protocol OSPF Neighbor Information Figure 213 OSPF Neighbor Information CLI This shows a designated router and backu...

Page 475: ...icast traffic when requested by a local or downstream host When service is requested by a host it can use a Reverse Path Tree RPT that channels the multicast traffic from each source through a single...

Page 476: ...ies for all paths learned by itself or from other routers without considering actual group membership or prune messages The routing table therefore does not indicate that the router has processed mult...

Page 477: ...IGMP report message from host in this subnet P Downstream interface has been recently pruned terminated R Reverse Path Tree RPT bit is set for Sparse Mode S PIM Sparse Mode T Shortest Path Tree SPT b...

Page 478: ...ng the ECN330 switch 472 1553 KDU 137 365 Uen D 2006 06 16 Web Click IP Multicast Routing Multicast Routing Table Click Detail to display additional information for any entry Figure 215 Multicast Rout...

Page 479: ...hen send a prune message back to the source to stop a data stream if the router is attached to a LAN which does not want to receive traffic from a particular multicast group However if a host attached...

Page 480: ...terms of hop count is always used 6 21 3 1 Configuring Global DVMRP Settings DVMRP is used to route multicast traffic to nodes which have requested a specific multicast service through IGMP This rout...

Page 481: ...faces except for the incoming interface Figure 217 DVMRP Broadcasting The router will transmit a prune message back out the receiving interface the parent interface to its upstream neighboring router...

Page 482: ...routers throughout the network to allow DVMRP to function properly However if problems are encountered in maintaining a multicast flow then it may be necessary to modify the protocol variables which c...

Page 483: ...nfigurable from the CLI only Default Gateway Specifies the default DVMRP gateway for IP multicast traffic Default none The specified interface advertises itself as a default route to neighboring DVMRP...

Page 484: ...rameters for DVMRP and displays the current settings Console config router dvmrp Console config router probe interval 30 Console config router nbr timeout 40 Console config router report interval 90 C...

Page 485: ...interface used to calculate distance vectors Status Shows that DVMRP is enabled on this interface DVMRP Interface Settings VLAN Selects a VLAN interface on this router Metric Sets the metric for this...

Page 486: ...ngs modify the Metric if required set the Status to Enabled or Disabled and click Apply Figure 221 DVMRP Interface Settings CLI This example enables DVMRP and sets the metric for VLAN 1 Console config...

Page 487: ...time remaining before this entry will be aged out Capabilities A hexadecimal value that indicates the neighbor s capabilities Each time a probe message is received from a neighbor the router compares...

Page 488: ...routing table includes subnetworks from which IP multicast traffic originates upstream routers that have sent multicast traffic in the past or have been learned through routing messages exchanged with...

Page 489: ...group Interface The IP interface on this router that connects to the upstream neighbor Metric The metric for this interface used to calculate distance vectors Up time The time elapsed since this entry...

Page 490: ...acket and sends a prune message back out the source interface If it is the same interface used by the unicast protocol then the router forwards a copy of the packet to all the other interfaces for whi...

Page 491: ...ive multicast server page 473 It also uses IGMP to determine the presence of multicast group members The main difference is that it uses the router s unicast routing table to determine if the interfac...

Page 492: ...is set to random value between 0 and the Trigger Hello Interval This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello...

Page 493: ...Default 3 Max Graft Retries Configures the maximum number of times to resend a graft message if it has not been acknowledged Range 1 65535 Default 2 Web Click Routing Protocol PIM DM Interface Setting...

Page 494: ...is interface DR Address The designated PIM router for this interface Console config interface vlan 2 Console config if ip pim dense mode Console config if ip pim hello interval 60 Console config if ip...

Page 495: ...IP address of the next hop router Interface VLAN that is attached to this neighbor Up time The duration this entry has been active Expire The time before this entry will be removed Mode PIM mode used...

Page 496: ...see Configuring PIM DM on page 484 PIM SM reduces the amount of multicast traffic by forwarding it only to the ports that are attached to receivers for the group The key components to filtering multic...

Page 497: ...s can now start receiving traffic destined for the client group from the RP or they can identify the senders and optionally set up a direct connection to the source through a shortest path tree SPT if...

Page 498: ...d tree it is also torn down Setting up the SPT requires more memory than when using the shared tree but can significantly reduce group join and data transmission delays The ECN330 switch can also be c...

Page 499: ...IM SM routers within the common multicast domain Use of the Shortest Path Tree SPT can also be disabled for specified multicast groups Command Attributes Ignore RP Set Priority Ignores the priority va...

Page 500: ...ry Range 1 65535 Default 0 which means no limit This parameter can be used to relieve the load on the DR and RP However because register messages exceeding the limit are dropped some receivers may exp...

Page 501: ...path tree SPT directly between the receiver and source and then uses the SPT to send all subsequent packets from the source to the receiver instead of using the shared tree Enable the SPT threshold t...

Page 502: ...0 0 Console show ip pim PIM DM Admin Status Disabled PIM SM Admin Status Enabled Join Prune Interval 80 Register Suppression 500 Register Rate Limit 500 Register CheckSum with Data Enabled Ignore RP...

Page 503: ...he SPT or if there are no longer any group members connected to the interface Command Attributes VLAN VLAN interface Range 1 4094 Default VLAN 1 PIM SM Protocol Status Enables PIM SM on the specified...

Page 504: ...than the hello interval the command will fail Also if the hello holdtime is already configured and the hello interval is set to a value longer than the hello holdtime the command will fail DR Priorit...

Page 505: ...r all multicast groups in the local PIM SM domain if no group address is specified or for the specified group or group range indicated by the mask All routers within the same PIM SM domain must be con...

Page 506: ...algorithm is used to select a candidate for that group Ties between RPs having the same hash value and priority are broken in preference for the RP with the highest address Static definitions for RP a...

Page 507: ...s 192 168 1 1 indicates the RP to use for all multicast groups and the address 10 1 1 1 indicates the RP to use for groups 224 0 0 0 224 255 255 255 Console config ip pim rp address 192 168 1 1 Consol...

Page 508: ...s each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP Command Attributes VLAN Identifier of configured VLAN inter...

Page 509: ...iority for BSR selection then click Apply Figure 232 BSR Candidate Settings CLI The following example configures the router to start sending bootstrap messages out of the interface for VLAN 1 to all o...

Page 510: ...e using the same election process The election process for each group is based on the following criteria Find all RPs with the most specific group range Select those with the highest priority lowest p...

Page 511: ...ed by the candidate RP in the election process The RP candidate with the largest priority is preferred If the priority values are the same the candidate with the larger IP address is elected to be the...

Page 512: ...e type can be either BSR or RP Information Source The device from which information about this RP entry was obtained and the method that was used to map this RP to the specified group Console config i...

Page 513: ...rap or static 6 21 5 8 Displaying the BSR Router Use the BSR Router Information page to display information about the bootstrap router BSR Field Attributes PIMV2 Bootstrap Information BSR Status Shows...

Page 514: ...rface Candidate BSR Priority Priority value used by this BSR candidate Candidate BSR Hash Mask Length The number of significant bits used in the multicast group comparison mask by this BSR candidate C...

Page 515: ...Configuring the ECN330 switch 509 1553 KDU 137 365 Uen D 2006 06 16 Web Click Routing Protocol PIM SM BSR Router Information Figure 235 Displaying BSR Information...

Page 516: ...e in use Sparse Mode Neighbor Count The number of PIM neighbors detected on this interface DR Address The designated PIM router for this interface Console show ip pim bsr router PIMv2 BootStrap Inform...

Page 517: ...up address Mask Length The mask length for the listed multicast group RP Address IP address of the RP for the listed multicast group Info Source The device from which information about this RP entry w...

Page 518: ...rmation CLI This example displays the elected entries in the RP map as well as all of the static entries configured on this router Console show ip pim rp mapping PIM Group to RP Mappings Group s 224 0...

Page 519: ...at is attached to this neighbor Up time The duration this entry has been active Expire The time before this entry will be removed Mode PIM mode used on this interface that is Sparse Web Click Routing...

Page 520: ...Configuring the ECN330 switch 514 1553 KDU 137 365 Uen D 2006 06 16...

Page 521: ...at a command prompt which is similar to entering commands on a UNIX system 7 1 2 Console Connection To access the ECN330 switch through the console port perform these steps 1 At the console prompt ty...

Page 522: ...s for the ECN330 switch is obtained through DHCP by default To access the ECN330 switch through a Telnet session the IP address for the ECN330 switch must be set first and if managing the ECN330 switc...

Page 523: ...is in normal access mode that is Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete the desired tasks 4 When finished exit the session wi...

Page 524: ...er For example to enter configuration mode and enable spanning tree for the ECN330 switch type Console configure Console config spanning tree To enter commands that require parameters enter the requir...

Page 525: ...cess group Access groups access list Access lists arp Information of arp cache bridge ext Bridge extend information calendar Date information class map Display class maps dns DNS information dot1q tun...

Page 526: ...rip Rip router Router running config The system configuration of running snmp SNMP statistics sntp Sntp spanning tree Specify spanning tree ssh Secure shell startup config The system configuration of...

Page 527: ...e history of commands Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed com...

Page 528: ...ith the default user name and password admin The system displays the Console command prompt Privileged Exec mode can also be entered from within Normal Exec mode by typing the enable command followed...

Page 529: ...Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet...

Page 530: ...mands such as parity and databits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ po...

Page 531: ...s list mac mask precedence vlan access map Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl Console config access map 692 Cla...

Page 532: ...the character to display a list of possible matches The following table shows other editing keystrokes that can be used for command line processing Table 31 CLI Editing Keystrokes Console config inter...

Page 533: ...l U Deletes the entire line Ctrl W Deletes the last word typed Ctrl Z Returns to Privileged Exec mode from configuration mode Esc B Moves the cursor back one word Esc D Deletes from the cursor to the...

Page 534: ...ation Configures user names and passwords logon access using local or remote authentication management access through the web server Telnet server and Secure Shell as well as port security IEEE 802 1X...

Page 535: ...or VLAN groups also enables or configures private VLANs protocol VLANs and QinQ tunneling 841 Layer 2 over MPLS Configures MPLS tunnels to maintain VLAN and Layer 2 protocol settings for customer traf...

Page 536: ...terface Configuration LC Line Configuration MST Multiple Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration RC Router Configuration VC VLAN Database Configuration IP Interface...

Page 537: ...tivates global configuration mode PE 534 show history Shows the contents of the command history buffer NE PE 534 reload Restarts the system PE 535 prompt Customizes the CLI prompt GC 536 end Returns t...

Page 538: ...xec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage The default password required to change the command mode from Norma...

Page 539: ...itch s configuration or Ethernet statistics can be displayed To gain access to all commands the privileged mode must be used See section 7 2 8 on page 521 Default Setting None Command Mode Privileged...

Page 540: ...r to enabling some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See section 7 2 8 on page 521 Default Setting None Command Mode...

Page 541: ...tion command history buffer when in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config 7 4 5 reload This command restarts th...

Page 542: ...s example shows how to reset the ECN330 7 4 6 prompt This command customizes the CLI prompt Use the no form to revert to the default prompt Syntax prompt string no prompt string Any alphanumeric strin...

Page 543: ...Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configurat...

Page 544: ...he Global Configuration mode and then quit the CLI session 7 4 9 quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit...

Page 545: ...Command Line Interface 539 1553 KDU 137 365 Uen D 2006 06 16 Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username...

Page 546: ...anagers and version information 542 System Mode Configures the ECN330 switch to operate in normal mode QinQ mode or L2MPLS mode 551 System MTU Enables support for jumbo frames sets the maximum transfe...

Page 547: ...specifies or modifies the host name for the ECN330 switch Use the no form to restore the default host name Syntax hostname name no hostname name The name of this host Maximum length 255 characters Def...

Page 548: ...None Console config hostname Copenhagen Site1 Console config Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to star...

Page 549: ...ls and includes the configuration mode command and corresponding commands This command displays the following information MAC address for the ECN330 switch SNTP server settings Queue mode SNMP communi...

Page 550: ...vel 15 7 1b3231655cebb7a1f783eddf27d254ca VLAN database VLAN 1 name DefaultVlan media ethernet state active VLAN 246 name extmgm media ethernet state active VLAN 247 name intmgm media ethernet state a...

Page 551: ...config This command displays the configuration information currently in use Default Setting None Command Mode Privileged Exec interface VLAN 1 interface VLAN 246 interface VLAN 247 IP address DHCP in...

Page 552: ...iguration mode command and corresponding commands This command displays the following information MAC address for the ECN330 switch SNTP server settings Queue mode SNMP community strings Users names a...

Page 553: ...5c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca VLAN database VLAN 1 name DefaultVlan media ethernet state active VLAN 246 name extmgm media ethernet state active VLAN 247 name intm...

Page 554: ...show system This command displays system information Default Setting None Command Mode Normal Exec Privileged Exec interface VLAN 1 interface VLAN 246 interface VLAN 247 IP address DHCP interface VLAN...

Page 555: ...lnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System Description ECN330 SW version CXC 132 8902 V1 2 System OID String 1 3 6 1 4 1 193 72 1400 System In...

Page 556: ...ersion information for the system Default Setting None Command Mode Normal Exec Privileged Exec Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 R...

Page 557: ...mal mode QinQ mode or L2MPLS mode Table 37 System Mode Commands Console show version Unit1 Serial Number A422000632 Hardware Version R0B EPLD Version 1 02 Number of Ports 28 Main Power Status Up Agent...

Page 558: ...itch to L2MPLS mode and allows all L2MPLS commands to be configured For an explanation of L2MPLS see Layer 2 over MPLS Commands on page 890 Default Setting No system mode is set the ECN330 switch func...

Page 559: ...ystem mode This command displays the ECN330 switch system mode Command Mode Privileged Exec Command Usage The system mode displays as QinQ L2MPLS or Normal mode Example Related Commands system mode se...

Page 560: ...Setting Disabled Command Mode Global Configuration Command Usage The ECN330 switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames on Gigabit Ethernet...

Page 561: ...ize And for half duplex connections all devices in the collision domain would need to support jumbo frames Example Related Commands system mtu section 7 5 10 on page 555 7 5 10 system mtu This command...

Page 562: ...enable for disable jumbo frames for the Gigabit Ethernet ports Example Related Commands jumbo frame section 7 5 9 on page 554 show system mtu section 7 5 11 on page 556 7 5 11 show system mtu This co...

Page 563: ...Default Setting Enabled ECN330 Mode Command Mode Global Configuration Command Usage Use the sbc power command to turn on the SBC and toggle the console interface to SBC display mode When the SBC is en...

Page 564: ...this file and the system is restarted After the system reboots the management VLANs 247 249 and 4093 are not set nor reserved as in ECN330 mode and can now be configured Only the default External Man...

Page 565: ...Syntax sbc ctrlled mode mode Tests the SBC LED using the specified mode The available options include 0 off 1 red no flashing 2 red flashes one time per second 3 red flashes two times per second 4 re...

Page 566: ...current image or the file can be first downloaded using a different name from the current runtime code file and then the new file set as the startup file Saving or Restoring Configuration Settings Co...

Page 567: ...ig startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key file Keyword...

Page 568: ...period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the ECN330 switch Valid characters A Z a z 0 9 _ Due to the size limit of the flash mem...

Page 569: ...erver ip address 10 1 0 19 Choose file type 1 config 2 opcode 3 diag 4 loader 2 Source file name CXC_132_8902_V3 15 BIX Destination file name CXC_132_8902_V3 15 BIX Write to FLASH Programming Write to...

Page 570: ...Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Su...

Page 571: ...Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example...

Page 572: ...rom Boot ROM or diagnostic image file config ECN330 switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors infor...

Page 573: ...ame The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir Fil...

Page 574: ...the system Syntax boot system boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename...

Page 575: ...serial port These commands are used to set communication parameters for the serial port or Telnet a virtual terminal Table 42 Line Commands Console config boot system config startup Console config Co...

Page 576: ...mpts LC 576 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command LC 577 d...

Page 577: ...ample To enter console line mode enter the following command Related Commands show line section 7 5 31 on page 583 show users section 7 5 5 on page 549 7 5 20 login Use this command to enable password...

Page 578: ...he username command the default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively...

Page 579: ...mmand Usage When a connection is started on a line with password protection the system prompts for the password If the correct password is entered the system shows a prompt The password thresh command...

Page 580: ...tax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 300 second...

Page 581: ...meout seconds no exec timeout seconds Integer that specifies the timeout interval Range 0 65535 seconds 0 no timeout Default Setting Console No timeout Telnet 10 minutes Command Mode Line Configuratio...

Page 582: ...emove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three at...

Page 583: ...e 577 7 5 25 silent time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thr...

Page 584: ...ds password thresh section 7 5 24 on page 576 7 5 26 databits Use this command to set the number of data bits per character that are interpreted and generated by the console port Use the no form to re...

Page 585: ...aracter If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity section 7 5 27 on page 579 7 5 27 parity Use this command t...

Page 586: ...fy no parity enter this command 7 5 28 speed Use this command to set the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to r...

Page 587: ...ot be supported The system indicates if the selected speed is not supported Example To specify 57600 bps enter this command 7 5 29 stopbits Use this command to set the number of the stop bits transmit...

Page 588: ...ifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifie...

Page 589: ...e console access Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console show line Console Configuration Password Threshold 3 time...

Page 590: ...etting None Command Function Mode Page logging on Controls logging of error messages GC 584 logging history Limits syslog messages saved to switch memory based on severity GC 585 logging host Adds sys...

Page 591: ...ry section 7 5 33 on page 585 logging trap section 7 5 36 on page 589 clear log section 7 5 37 on page 590 7 5 33 logging history This command limits syslog messages saved to switch memory based on se...

Page 592: ...cription debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions for example return...

Page 593: ...server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage Using this command more than o...

Page 594: ...sed by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag s...

Page 595: ...ogging trap level no logging trap level One of the syslog severity levels listed in the table on page 585 Messages sent include the selected level up through level 0 Default Setting Disabled Level 7 0...

Page 596: ...g buffer Syntax clear log flash ram flash Event history stored in flash memory permanent memory ram Event history stored in temporary RAM memory flushed on power reset Default Setting Flash and RAM Co...

Page 597: ...rary RAM that is memory flushed on power reset sendmail Displays settings for the SMTP event handler page 599 trap Displays settings for the trap function Default Setting None Command Mode Privileged...

Page 598: ...ging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 19...

Page 599: ...Event history stored in flash memory that is permanent memory ram Event history stored in temporary RAM that is memory flushed on power reset Default Setting None Command Mode Privileged Exec REMOTELO...

Page 600: ...function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 function 1 and event no 1 Console Command Function Mode Page logging sendmail host SMTP servers to r...

Page 601: ...e entered to specify each server To send email alerts the ECN330 switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a...

Page 602: ...he selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshold All events at this level...

Page 603: ...email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage The source email may be a s...

Page 604: ...ging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage U...

Page 605: ...dling Use the no form to disable this function Syntax no logging sendmail Default Setting Disabled Command Mode Global Configuration Example 7 5 45 show logging sendmail This command displays the sett...

Page 606: ...gging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enable Console...

Page 607: ...Default Setting Disabled Command Mode Global Configuration Command Usage The time acquired from time servers is used to record accurate dates and times for log events Without SNTP the ECN330 switch o...

Page 608: ...nd with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Command Mode Gl...

Page 609: ...set through the sntp poll command Example Related Commands sntp client section 7 5 46 on page 601 sntp poll section 7 5 48 on page 603 show sntp section 7 5 49 on page 604 7 5 48 sntp poll This comman...

Page 610: ...he SNTP client and whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for send...

Page 611: ...after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command...

Page 612: ...if the ECN330 switch is not configured to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 minute Minute Range 0...

Page 613: ...2 34 March 21st 2003 7 5 52 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example This example shows how to display the current sys...

Page 614: ...s views for the MIB tree configure SNMP user groups with the required security model that is SNMP v1 v2c or v3 and security level that is authentication and privacy and then assign SNMP users to these...

Page 615: ...bled Command Mode Global Configuration Example show snmp engine id Shows the SNMP engine ID PE 621 snmp server view Adds an SNMP view GC 622 show snmp view Shows the SNMP views PE 623 snmp server grou...

Page 616: ...of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input...

Page 617: ...e is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of alt...

Page 618: ...th 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized...

Page 619: ...he system contact information Syntax snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 characters Default Setting None Co...

Page 620: ...emove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global...

Page 621: ...to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0...

Page 622: ...nmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some n...

Page 623: ...ee section 7 6 10 on page 622 5 Create a group that includes the required notify view see section 7 6 12 on page 625 6 Specify a remote engine ID where the user resides see section 7 6 9 on page 621 7...

Page 624: ...n Keyword to issue link up or link down traps Default Setting Issue authentication and link up down traps Command Mode Global Configuration Command Usage If an snmp server enable traps command is not...

Page 625: ...he Notify View assigned by the snmp server group command see section 7 6 12 on page 625 Example Related Commands snmp server host section 7 6 6 on page 615 7 6 8 snmp server engine id This command con...

Page 626: ...te engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative ag...

Page 627: ...engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Remote SNMP engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Field Description Local SNMP engineID String identifying t...

Page 628: ...characters oid tree Object identifier of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Refer to the examples included Defines an included view exclu...

Page 629: ...w includes the MIB 2 interfaces table and the mask selects all index entries 7 6 11 show snmp view This command shows information on the SNMP views Command Mode Privileged Exec Console config snmp ser...

Page 630: ...ype included Storage Type permanent Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type volatile Row Status active Console Field Description View Name Name of an SNMP...

Page 631: ...o authentication or with authentication and privacy See Simple Network Management Protocol on page 106 for further information about these authentication and encryption options readview Defines the vi...

Page 632: ...tication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command section 7 6 7 on page 618 Example 7 6 13 show snmp group...

Page 633: ...ew none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status act...

Page 634: ...e of an SNMP group to which the user is assigned Range 1 32 characters remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP versio...

Page 635: ...er resides Then use the snmp server user command to specify the user and the IP address for the remote device where the user resides The remote agent s SNMP engine ID is used to compute authentication...

Page 636: ...vacy Protocol des56 Storage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvo...

Page 637: ...Command Line Interface 631 1553 KDU 137 365 Uen D 2006 06 16 Row Status The row status of this entry SNMP remote user A user associated with an SNMP engine on a remote device Field Description...

Page 638: ...ment access 633 Authentication Sequence Defines logon authentication method and precedence 636 RADIUS Client Configures settings for authentication through a RADIUS server 640 TACACS Client Configures...

Page 639: ...d is required or specify or change a user s access level Use the no form to remove a user name Syntax username name access level level nopassword password 0 7 password no username name name The name o...

Page 640: ...password is required for compatibility with legacy password settings that is plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration fil...

Page 641: ...s encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 This default password is supe...

Page 642: ...sers logging into the system for management access The commands in this section can be used to define the authentication method and sequence Table 56 Authentication Sequence Commands Console config en...

Page 643: ...le TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the p...

Page 644: ...ntication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command see page 532 Use the no form to restore the default Syntax authentic...

Page 645: ...e user name password and privilege level must be configured on the authentication server Three authentication methods can be specified in a single command to indicate the authentication sequence For e...

Page 646: ...with associated privilege levels for each user or group that require management access to an ECN330 switch Table 57 RADIUS Client Commands Command Function Mode Page radius server host Specifies the...

Page 647: ...r responds or the retransmit period expires host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authenticat...

Page 648: ...default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configur...

Page 649: ...o not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example 7 7 8 radius server retransmit This command sets the number of retries...

Page 650: ...requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the ECN330 switch waits...

Page 651: ...ng None Command Mode Privileged Exec Example Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times...

Page 652: ...er or group that require management access to an ECN330 switch Table 58 TACACS Client Commands 7 7 11 tacacs server host This command specifies the TACACS server Use the no form to restore the default...

Page 653: ...r TCP port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default...

Page 654: ...server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Config...

Page 655: ...erver configuration Server IP address 10 11 12 13 Communication key with TACACS server Server port number 49 Console Command Function Mode Page ip http port Specifies the port to be used by the web br...

Page 656: ...ber no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server section 7 7...

Page 657: ...ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access that is an encrypted connection to the ECN330 switch s...

Page 658: ...he connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status ba...

Page 659: ...ce Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Glob...

Page 660: ...the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet serve...

Page 661: ...tch for management using the SSH protocol Note The ECN330 switch supports both SSH Version 1 5 and 2 0 clients Table 62 Secure Shell Commands Console config ip telnet server Console config ip telnet p...

Page 662: ...entication keys still have to be generated on the ECN330 switch and the SSH server enabled copy tftp public key Copies the user s public key from a TFTP server to the ECN330 switch PE 561 delete publi...

Page 663: ...switch Note that these clients must be configured locally on the ECN330 switch with the username command as described on page 633 The clients are subsequently authenticated using these keys The curre...

Page 664: ...e client is authenticated Note To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known ho...

Page 665: ...ction 7 7 25 on page 663 show ssh section 7 7 29 on page 666 7 7 21 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh t...

Page 666: ...ed Commands exec timeout section 7 5 23 on page 575 show ip ssh section 7 7 28 on page 666 7 7 22 ip ssh authentication retries This command configures the number of times the SSH server attempts to r...

Page 667: ...re the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Default Setting 768 bits Command Mode Global Configuration Co...

Page 668: ...ublic key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key C...

Page 669: ...Exec Command Usage This command stores the host key pair in memory that is RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add...

Page 670: ...om memory that is RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type rsa RSA key type Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command cle...

Page 671: ...sh server section 7 7 20 on page 658 7 7 27 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default...

Page 672: ...d Exec Example 7 7 29 show ssh This command displays the current Secure Shell SSH server connections Command Mode Privileged Exec Example Console show ip ssh SSH Enabled version 1 99 Negotiation timeo...

Page 673: ...ion Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can...

Page 674: ...Usage If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed Encryption continued Terminology...

Page 675: ...a device with an unauthorized MAC address attempts to use the ECN330 port the intrusion will be detected and the ECN330 switch can automatically take action by disabling the port and sending a trap me...

Page 676: ...mac count action Response to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count a...

Page 677: ...st use the port security max mac count command to set the number of addresses and then use the port security command to enable security on the port Use the no port security max mac count command to di...

Page 678: ...enables MAC address learning on the selected port Use the no form to disable MAC address learning Syntax no mac learning Default Setting Enabled Command Mode Interface Configuration Ethernet Command U...

Page 679: ...rt Authentication has been globally enabled on the ECN330 switch with the dot1x system auth control command section 7 7 34 on page 675 GVRP has been enabled on a port with the switchport gvrp command...

Page 680: ...entication Commands Console show mac learning Port MAC Learng stuatus 1 1 Enable 1 2 Disable 1 3 Enable 1 4 Enable 1 5 Enable Command Function Mode Page dot1x system auth control Enables dot1x globall...

Page 681: ...679 dot1x re authentication Enables re authentication for all ports IC 680 dot1x timeout quiet period Sets the time that an ECN330 port waits after the Max Request Count has been exceeded before attem...

Page 682: ...his command sets the maximum number of times the ECN330 port will retransmit an Extensible Authentication Protocol EAP request identity packet to the client before it times out the authentication sess...

Page 683: ...port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant ac...

Page 684: ...t count no dot1x operation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the max...

Page 685: ...enticate interface interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 Command Mode Privileged Exec Command Usage The re authentication process verifi...

Page 686: ...rd on the RADIUS server During re authentication the client remains connected the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the p...

Page 687: ...after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form of this command to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout...

Page 688: ...e number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example 7 7 43 dot1x timeout tx period This command sets the time that an interface on the ECN330 waits duri...

Page 689: ...n related settings on the ECN330 switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit This i...

Page 690: ...orized Authorization status displays yes or n a not authorized 802 1X Port Details Displays detailed port access control settings and the current status for each interface as described in the precedin...

Page 691: ...255 used by the Authenticator to identify the current authentication session that is the current unit among multiple hosts Authenticator State Machine State Current status of authentication including...

Page 692: ...nabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 28 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 se...

Page 693: ...all client http client snmp client telnet client start address end address all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client...

Page 694: ...ndividual addresses or address ranges When entering addresses for the same group that is SNMP web or Telnet the ECN330 switch will not accept overlapping address ranges When entering addresses for dif...

Page 695: ...tp client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console show ma...

Page 696: ...he precedence in which the rules are checked and then bind the list to a specific port This section describes the Access Control List commands Table 67 Access Control List Commands Command Groups Func...

Page 697: ...andard or extended IP ACLs GC 692 permit deny Filters packets matching a specified source IP address STD ACL 693 permit deny Filters packets meeting the specified criteria including source and destina...

Page 698: ...n IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all...

Page 699: ...yntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific...

Page 700: ...n IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol number udp any source address bitmask host sourc...

Page 701: ...0 65535 dport Protocol destination port number Includes TCP UDP or other protocol types Range 0 65535 port bitmask Decimal number representing the port bits to match Range 0 65535 control flags Decim...

Page 702: ...o match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the cod...

Page 703: ...p section 7 8 1 on page 692 7 8 4 show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL...

Page 704: ...precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified IP ACLs Command Mode Global Configu...

Page 705: ...ask for IP ACLs This mask defines the fields to check in the IP header Use the no form to remove a mask Syntax no mask protocol any host source bitmask any host destination bitmask precedence tos dscp...

Page 706: ...ge 0 63 Default Setting None Command Mode IP Mask Command Usage Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked...

Page 707: ...10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host any entry Console config access list ip mask precedence in Console config ip mask...

Page 708: ...ig std acl deny host 171 69 198 102 Console config std acl end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console configure Console config access list ip m...

Page 709: ...l end Console show access list IP extended access list A3 deny host 171 69 198 5 any deny 171 69 198 0 255 255 255 0 any source port 23 Console config Console config access list ip mask precedence out...

Page 710: ...y control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask pr...

Page 711: ...Command Mode Privileged Exec Example Related Commands mask IP ACL section 7 8 6 on page 699 7 8 8 ip access group This command binds a port to an IP ACL Use the no form to remove the port Syntax no i...

Page 712: ...to a different ACL the ECN330 switch will replace the old binding with the new one A mask must be configured for an ACL rule before it can be bound to a port Example Related Commands show ip access li...

Page 713: ...AC ACL Commands Console show ip access group Interface ethernet 1 2 IP standard access list david Console Command Function Mode Page access list mac Creates a MAC ACL and enters configuration mode GC...

Page 714: ...Command Usage An egress ACL must contain all deny rules When a new ACL is created or configuration mode for an existing ACL entered use the permit or deny command to add new rules to the bottom of th...

Page 715: ...the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask Note...

Page 716: ...I packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source or destination address host A specific MAC address source Source MAC address dest...

Page 717: ...00 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac sect...

Page 718: ...ss list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mo...

Page 719: ...mask defines the fields to check in the packet header Use the no form to remove a mask Syntax no mask pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype...

Page 720: ...etting None Command Mode MAC Mask Command Usage Up to seven masks can be assigned to an ingress or egress ACL Packets crossing a port are checked against all the rules in the ACL until a match is foun...

Page 721: ...id 3 Console config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 Console config access list mac mask precedence in Console c...

Page 722: ...00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 ethertype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 0...

Page 723: ...t this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound...

Page 724: ...ac access group This command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Related Commands mac access group section 7 8 16 on page 717 Console config interface ethernet 1...

Page 725: ...ap configuration mode GC 720 match Sets the match criteria for one IP ACL or one MAC ACL Access Map 722 action Sets the action for a VLAN access map entry to forward or drop matching packets Access Ma...

Page 726: ...when a match is found 4 Select a VLAN IP or VLAN MAC ACL mask using the access list ip mac mask precedence command section 7 8 22 on page 726 5 Configure the required mask with the IP mask command sec...

Page 727: ...d action for this entry Use the vlan filter command to bind a VLAN map to one or more VLANs Example The following command creates a VLAN access map called vlanMAP1 sets the match criteria for an IP AC...

Page 728: ...ame of access list against which to match packets Default Setting No match parameters are set Command Mode Access Map Configuration Command Usage Use the match command to specify match criteria for th...

Page 729: ...n page 731 7 8 20 action This command sets the action for a VLAN access map entry to forward or drop matching packets for a VLAN access map entry Use the no form to restore the default setting Syntax...

Page 730: ...sume a forward action for this entry Example The following command creates a VLAN access map called vlanMAP1 sets the match criteria for an IP ACL called ipACL1 sets the action for forward matching pa...

Page 731: ...ged Exec Command Usage Use the show ip access list or show ip mac access list command to display the ACLs used by the access map Example Related Commands vlan access map section 7 8 18 on page 720 mat...

Page 732: ...n interface will fail If conflicting rules are created the ECN330 switch will use the mask priority to determine which rule to apply When an ACL port binding is removed the ECN330 switch removes the m...

Page 733: ...x no mask protocol any host source bitmask any host destination bitmask precedence tos dscp source port port bitmask destination port port bitmask control flag flag bitmask protocol Check the protocol...

Page 734: ...ked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask not just the order in which the ACL rules were entered If dscp is ent...

Page 735: ...mask precedence vlan section 7 8 22 on page 726 7 8 24 mask MAC Mask This command sets a precedence mask for packet filtering used in MAC ACL rules This mask defines the fields to check in the packet...

Page 736: ...e ACL until a match is found The order in which these packets are checked is determined by the mask not just the order in which the ACL rules were entered The VLAN ID field is not specified in the IP...

Page 737: ...ers list A list of one or more VLANs Range 1 4094 Default Setting None Command Mode Global Configuration Command Usage A mask must be configured for any access map before it can be bound to a VLAN Onl...

Page 738: ...720 show vlan access map section 7 8 21 on page 725 7 8 26 show vlan filter This command displays information about the specified VLAN access map or all VLAN access maps Syntax show vlan filter access...

Page 739: ...onsole show vlan filter access map vlanMAP1 VLAN Access map vlanMAP1 Applied VLAN Lists 1 2 Match IP ACL ipACL1 Match MAC ACL macACL1 Action forward Console show vlan filter vlan 1 VLAN ID 1 Access ma...

Page 740: ...the associated mask Example Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 255 255 15 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any pe...

Page 741: ...5 Uen D 2006 06 16 7 8 28 show access group This command shows the port assignments of ACLs Command Mode Privileged Executive Example Console show access group Interface ethernet 1 2 IP standard acces...

Page 742: ...e speed and duplex operation of a given interface when autonegotiation is disabled IC 739 negotiation Enables autonegotiation of a given interface IC 740 capabilities Advertises the capabilities of a...

Page 743: ...ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 vlan vlan id Range 1 4094 Defa...

Page 744: ...description string no description string A comment or description that identifies what is attached to this interface Range 1 64 characters Default Setting None Command Mode Interface Configuration Et...

Page 745: ...operation Default Setting Auto negotiation is enabled by default Auto negotiation cannot be disabled for Gigabit Ethernet ports which only operate at 1000full 1 Gbps full duplex When auto negotiation...

Page 746: ...configures port 5 to 100 Mbps half duplex operation Related Commands negotiation section 7 9 4 on page 740 capabilities section 7 9 5 on page 741 7 9 4 negotiation This command enables auto negotiatio...

Page 747: ...t ports auto MDI MDI X pin signal configuration will also be disabled for the RJ45 ports Example The following example configures port 11 to use auto negotiation Related Commands negotiation section 7...

Page 748: ...etting 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE X SFP 1000full Command Mode Interface Configuration Ethernet Port Channel Command Usage Auto...

Page 749: ...l Syntax no flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end...

Page 750: ...by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unle...

Page 751: ...RJ45 port sfp forced Always uses the SFP port even if module not installed sfp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting...

Page 752: ...enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows a port to be disabled due to abnormal behavior for example excessive collisions and then reenabled...

Page 753: ...Setting Enabled for all ports Packet rate limit 500 packets per second Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above...

Page 754: ...an aggregated link Range 1 13 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statisti...

Page 755: ...ort Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 vlan vlan id Range 1 4094 Default Setting Shows the status for all interf...

Page 756: ...abilities 10half 10full 100half 100full Broadcast Storm Enabled Broadcast Storm Limit 500 packets second Flow Control Disabled LACP Disabled Port Security Disabled Max MAC Count 0 Port Security Action...

Page 757: ...is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 Default Setting Shows the counters for all interfaces Comman...

Page 758: ...0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac re...

Page 759: ...Syntax show interfaces switchport interface interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggr...

Page 760: ...led Allowed Vlan 1 u Forbidden Vlan Private VLAN Mode NONE Private VLAN host association NONE Private VLAN Mapping NONE Console Field Description Broadcast threshold Shows if broadcast storm suppressi...

Page 761: ...abled section 7 17 1 3 on page 844 Allowed Vlan Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged section 7 17 10 on page 861 Forbidden Vlan Shows the VLANs t...

Page 762: ...or example a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Table 74 Link Aggregation Commands Command Function Mode Page Manual Con...

Page 763: ...the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a...

Page 764: ...to be allowed to join a channel group If a link goes down LACP port priority is used to select the backup link 7 10 1 channel group This command adds a port to a trunk Use the no form to remove a por...

Page 765: ...d for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has als...

Page 766: ...hernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console config exit Console show interfaces status port c...

Page 767: ...during LAG negotiations Range 0 65535 Default Setting 32768 Command Mode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG Syste...

Page 768: ...must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 Default Setting 0 Command Mode Interface Configuration Ethernet Command Usage Ports are only a...

Page 769: ...e and will only take effect the next time an aggregate link is established with the partner Example 7 10 5 lacp admin key Port Channel This command configures a port channel s LACP administration key...

Page 770: ...p admin key Ethernet Interface used by the interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 Example 7 10 6 lacp port priority This com...

Page 771: ...rts have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are...

Page 772: ...channel Local identifier for a link aggregation group Range 1 13 counters Statistics for LACP protocol messages internal Configuration settings and operational state for local side neighbors Configura...

Page 773: ...valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LAC...

Page 774: ...Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeout LACP activity Field Description Oper Key Current operati...

Page 775: ...eceived protocol information Collecting Collection of incoming frames on this link is enabled that is collection is currently enabled and is not expected to be disabled in the absence of administrativ...

Page 776: ...long timeout Oper State distributing collecting synchronization aggregation long timeout LACP activity Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner O...

Page 777: ...e of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin State Administrative values of the partner s state parameters See preceding table Ope...

Page 778: ...2768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 7 32768 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4 73 A0 9 32768 00 30 F1 D4 73 A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D...

Page 779: ...erface rx tx both no port monitor interface interface ethernet unit port source port unit ECN330 switch unit 1 port Physical port number on the ECN330 rx Mirror received packets tx Mirror transmitted...

Page 780: ...rt speeds should match otherwise traffic may be dropped from the monitor port Multiple mirror sessions can be created but all sessions must share the same destination port However avoid sending too mu...

Page 781: ...ured source port destination port and mirror mode that is RX TX or RX TX Example The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config i...

Page 782: ...c rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Table 80 Rate Limit Commands 7 12 1 rate limit This...

Page 783: ...restore the default rate Use the no form to restore the default status of disabled Use the vlan option to configure the input rate limit for a port within the specified VLAN Command Mode Interface Co...

Page 784: ...can be set to one of three power priority levels critical high or low To control power supply within the ECN330 s budget ports set at critical or high priority have power enabled in preference to thos...

Page 785: ...Setting 555 watts Command Mode Global Configuration Command Usage Setting a maximum power budget for the ECN330 enables power to be centrally managed preventing overload conditions at the power source...

Page 786: ...Syntax power inline auto test no power inline auto The ECN330 switch automatically detects if an EDA device is connected to the port and turns power on or off accordingly test Forces the port into a...

Page 787: ...yntax power inline maximum allocation milliwatts no power inline maximum allocation miliwatts The maximum power budget for the port Range 3000 24700 milliwatts Note The maximum power allocation that c...

Page 788: ...r remains off Example 7 13 4 power inline priority This command sets the power priority for specific ports Use the no form to restore the default setting Syntax power inline priority priority no power...

Page 789: ...CN330 to exceed its budget is supplied power but the ECN330 switch drops power to one or more lower priority ports Power is dropped from low priority ports in sequence starting from port number 1 Exam...

Page 790: ...5 enable off 23100 0 low Eth 1 6 enable off 23100 0 low Eth 1 7 enable on 23100 8597 low Eth 1 23 enable off 23100 0 low Eth 1 24 enable off 23100 0 low Console Field Description Admin The power mode...

Page 791: ...onsumption 15 watts Thermal Temperature 41 in Celsius Software Version Version 0x1B6F Build 0x07 Console Field Description Maximum Available Power The available power budget for the ECN330 configurabl...

Page 792: ...address table static Maps a static address to a port in a VLAN GC 787 clear mac address table dynamic Removes any learned entries from the forwarding database PE 788 show mac address table Displays en...

Page 793: ...ess table static mac address vlan vlan id mac address MAC address interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assi...

Page 794: ...n a static address is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed...

Page 795: ...tch in the address interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 vl...

Page 796: ...means any The maximum number of address entries is 8191 Example The following example displays the MAC addresses of all Ericsson IP DSLAMs and FE E1s switches connected to the ECN330 switch All Ericss...

Page 797: ...e the default aging time Syntax mac address table aging time seconds no mac address table aging time seconds Time in number of seconds 10 1000000 0 to disable aging Default Setting 300 seconds Command...

Page 798: ...his trap has been sent the next trigger time for this trap is after the MAC address entries fall below the falling threshold and then exceed the rising threshold again Default Disabled falling thresho...

Page 799: ...D 2006 06 16 7 14 6 show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console show mac addr...

Page 800: ...ime Configures the spanning tree bridge forward time GC 799 spanning tree hello time Configures the spanning tree bridge hello time GC 800 spanning tree max age Configures the spanning tree bridge max...

Page 801: ...the spanning tree path cost of an interface IC 811 spanning tree port priority Configures the spanning tree priority of an interface IC 812 spanning tree edge port Enables fast forwarding for edge por...

Page 802: ...and to provide backup links between switches bridges or routers This allows the ECN330 switch to interact with other bridging devices that is an STA compliant switch bridge or router in the network t...

Page 803: ...ee mode stp Spanning Tree Protocol IEEE 802 1D rstp Rapid Spanning Tree Protocol IEEE 802 1w mstp Multiple Spanning Tree Protocol IEEE 802 1s Default Setting RSTP Command Mode Global Configuration Com...

Page 804: ...a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple sp...

Page 805: ...Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states that is discarding to learning to forwarding This delay is required b...

Page 806: ...ime time Time in seconds Range 1 10 seconds The minimum value is calculated as max age 2 1 though never greater than 10 Default Setting 2 seconds Command Mode Global Configuration Command Usage This c...

Page 807: ...never greater than 40 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration mess...

Page 808: ...ity priority Priority of the bridge Range 0 65535 Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768...

Page 809: ...000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path...

Page 810: ...ng tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BP...

Page 811: ...page 809 7 15 10 mst vlan This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs Syntax no...

Page 812: ...me general area of the network However remember that all bridges within the same MSTI Region section 7 15 12 on page 807 must be configured with the same set of instances and the same instance on each...

Page 813: ...me priority the device with the lowest MAC address will then become the root device The ECN330 switch can be set to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate d...

Page 814: ...o one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision section 7 15 13 on page 808 7 15 13 revision This command configure...

Page 815: ...gion And all bridges in the same region must be configured with the same MST instances Example Related Commands name section 7 15 12 on page 807 7 15 14 max hops This command configures the maximum nu...

Page 816: ...he maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example 7 15 15 sp...

Page 817: ...000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Setting By default the system automatically detects the speed and duplex...

Page 818: ...o specify auto configuration mode Path cost takes precedence over port priority When spanning tree pathcost method section 7 15 7 on page 803 is set to short the maximum value for path cost is 65 535...

Page 819: ...ctive link in the spanning tree Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Example Related Commands spanning tree cost sectio...

Page 820: ...ld address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems Howe...

Page 821: ...vergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be en...

Page 822: ...Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be...

Page 823: ...00 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Setting By default the system automatically detects the speed and...

Page 824: ...cost takes precedence over interface priority Example Related Commands spanning tree mst port priority section 7 15 22 on page 818 7 15 22 spanning tree mst port priority This command configures the i...

Page 825: ...faces on an ECN330 switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one interface is assigned...

Page 826: ...channel id The assigned number of an aggregated link Range 1 13 Command Mode Privileged Exec Command Usage If at any time the ECN330 switch detects STP BPDUs including Configuration or Topology Change...

Page 827: ...1 13 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mode Privileged Exec Command Usage Use the show spanning tree command wi...

Page 828: ...on 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Des...

Page 829: ...Command Mode Privileged Exec Example Fast forwarding disable Forward transitions 1 Admin edge port enable Oper edge port disable Admin Link type auto Oper Link type point to point Spanning Tree Status...

Page 830: ...his port will be reset to operate as a normal port The database of this domain will then be cleared 2 Define the EAPS mode of the ECN330 switch After creating an EAPS domain define the EAPS mode for t...

Page 831: ...The CVLAN is automatically assigned a QoS profile of Qp8 with the QoS High priority setting The CVLAN must NOT be configured with an IP address In addition only ring ports may be added to the CVLAN No...

Page 832: ...830 to unconfigure an EAPS primary or secondary ring port for an EAPS domain 10 Display EAPS status information Use the show eaps command section 7 16 10 on page 836 to display general EAPS status in...

Page 833: ...ange messages to transit nodes Only one master node can be set for a domain transit Configures the ECN330 switch as a transit node in the EAPS domain Transit nodes receive master control messages dete...

Page 834: ...ich the master node sends health check packets Range 1 3 seconds Default Setting 1 second Command Mode EAPS Domain Configuration Command Usage The hello time should be set on the master node Once set...

Page 835: ...ackets Range 3 9 seconds Default Setting 3 seconds Command Mode EAPS Domain Configuration Command Usage The fail time should be set on the master node Once set the master node will send the newly conf...

Page 836: ...rt of the protection switching scheme one port as the primary port and another as the secondary port Use the no form to remove a primary or secondary port from the ring Syntax port primary secondary p...

Page 837: ...to be transmitted and received through it The primary port and secondary port must be removed from an EAPS domain with the no port command before specifying a new primary or secondary port Example 7...

Page 838: ...main The Control VLAN must not be configured with an IP address In addition only ring ports may be added to the Control VLAN No other ports can be members of this VLAN Also the ring ports of the CVLAN...

Page 839: ...create the VLANs to be used as Protected VLANs vlan section 7 17 3 on page 850 add the primary and secondary ring ports as tagged members to this VLAN switchport allowed vlan section 7 17 10 on page 8...

Page 840: ...ommand Usage An EAPS domain containing one Control VLAN and one or more Protected VLANs must be enabled with the enable command and the EAPS function enabled on the ECN330 switch with the eaps command...

Page 841: ...containing one Control VLAN and one or more Protected VLANs must be enabled with the enable command section 7 16 8 on page 834 and the EAPS function enabled on the ECN330 switch with the eaps command...

Page 842: ...ommand Usage Enter the show eaps command without any argument to display a summary of status information for all configured EAPS domains Enter the show eaps command followed by a domain name to displa...

Page 843: ...te Init The EAPS domain has started but has not yet determined the status of the ring Complete The ring is in the COMPLETE state for this EAPS domain Failed There is a break in the ring for this EAPS...

Page 844: ...cted VLANs in this domain Console show eaps r d EAPS Enabled Yes Number of EAPS instances 1 EAPSD Bridge links 2 Name r d State Init Enabled Yes Mode Master Pimary port 25 Port status Down secondary p...

Page 845: ...ort Hello Timer interval The interval at which the master node sends health check packets on the domain ring Fail Timer interval The time the master node waits for a health check packet before declari...

Page 846: ...nterface 840 1553 KDU 137 365 Uen D 2006 06 16 Mode Shows if the ECN330 switch is a master or transit node CVID Shows the Control VLAN ID Vcount Shows the number of Protected VLANs in this domain Fiel...

Page 847: ...learning shows the configuration for bridge extension MIB 842 Editing VLAN Groups Sets up VLAN groups including name VID and state 848 Configuring VLAN Interfaces Configures VLAN interface parameters...

Page 848: ...on GVRP is included for future use only It is recommended not to use GVRP in the EDA system Table 90 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally...

Page 849: ...ommand Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registr...

Page 850: ...and enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Console show bridge ext Max Supp...

Page 851: ...1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 Default Setting Shows both global and interface specific configuratio...

Page 852: ...s leavall 500 18000 centiseconds Default Setting join 20 centiseconds leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Ad...

Page 853: ...ated Commands show garp timer section 7 17 1 6 on page 847 7 17 1 6 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet un...

Page 854: ...on the ECN330 switch Table 91 Commands for Editing VLAN Groups Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall timer 100...

Page 855: ...and delete VLANs After finishing configuration changes the VLAN settings can be displayed by entering the show vlan command Use the interface vlan command mode to define the port membership mode and a...

Page 856: ...AN name vlan name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended...

Page 857: ...gement VLAN is the gateway for the embedded nodes such as ECN330 switch IP DSLAM ESN108 By default it is configured through DHCP with an internal IP address for the ECN330 switch Downlink ports 1 24 a...

Page 858: ...ually configured with an IP address for the ECN330 switch using the same management VLAN as that used by the EDA network Uplink ports 25 27 are configured automatically with the External Management VL...

Page 859: ...er non management VLAN interfaces cannot be used for management access When no management VLAN is defined the ECN330 switch can be managed through any IP address assigned to any VLAN interface Managem...

Page 860: ...tate active Console config exit Console config interface ethernet 1 1 Console config if switchport allowed vlan add 349 tagged Console config exit Console config interface ethernet 1 24 Console config...

Page 861: ...AN membership mode for an interface IC 857 switchport acceptable frame types Configures frame types to be accepted by an interface IC 858 switchport ingress filtering Enables ingress filtering on an i...

Page 862: ...id vlan id ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration m...

Page 863: ...port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN that is associated with the PVID are also transmitted as tagged frames private...

Page 864: ...rt acceptable frame types all The port accepts all frames tagged or untagged tagged The port only passes tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Por...

Page 865: ...rt Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flo...

Page 866: ...tchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is...

Page 867: ...witchport allowed vlan add vlan list tagged untagged remove vlan list no switchport allowed vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan...

Page 868: ...egress If none of the intermediate network devices nor the host at the other end of the connection supports VLANs the interface should be added to these VLANs as an untagged member Otherwise it is on...

Page 869: ...identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No...

Page 870: ...selected VLAN Format examples 00 01 02 03 0d 0e or 000102030d0e Default Setting MAC address of the ECN330 switch Command Mode Interface Configuration VLAN Command Usage It may be necessary to configu...

Page 871: ...describes commands used to display VLAN information Table 93 Commands for Displaying VLAN Information Console config interface vlan 3 Console config if mac address 00 01 02 03 0d 0e Console config if...

Page 872: ...no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The follo...

Page 873: ...CII string from 1 to 32 characters Default Setting Shows the MAC address for all configured VLANs Command Mode Privileged Exec Example The following example shows how to display the MAC address for al...

Page 874: ...ement VLAN 247 Current Dynamic Management VLAN 248 Current External Management VLAN 246 Current Native Management VLAN 4093 Current FSA Management VLAN 249 Console Command Function Mode Page Edit Priv...

Page 875: ...g to a normal VLAN and private VLAN concurrently the native VLAN of a private port will not automatically change to the private VLAN when executing the switchport private vlan mapping or switchport pr...

Page 876: ...ifies an isolated VLAN Ports assigned to an isolated VLAN cannot directly communicate with other isolated port members and can only communicate with promiscuous ports in the associated primary VLAN De...

Page 877: ...e all associations for the specified primary VLAN Syntax private vlan primary vlan id association isolated vlan id add isolated vlan id remove isolated vlan id no private vlan primary vlan id associat...

Page 878: ...rts associated with the isolated VLAN see switchport private vlan host association section 7 17 20 on page 875 automatically join the primary VLAN and the ports mapped to the primary VLAN see switchpo...

Page 879: ...primary VLAN as well as with all the ports in the associated isolated VLANs isolated This port type can subsequently be assigned to an isolated VLAN Default Setting Normal VLAN Command Mode Interface...

Page 880: ...None Command Mode Interface Configuration Ethernet Port Channel Command Usage The interface mapped to a primary VLAN must first be configured as a promiscuous port using the switchport mode private v...

Page 881: ...to remove this association Syntax switchport private vlan host association isolated vlan id no switchport private vlan host association isolated vlan id ID of secondary that is community VLAN Range 1...

Page 882: ...his command shows the private VLAN configuration settings on the ECN330 switch Syntax show vlan private vlan primary isolated primary Displays all primary VLANs along with any assigned promiscuous int...

Page 883: ...al network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type in use by the inbound packets Ta...

Page 884: ...n protocol group command Interface Configuration mode 7 17 22 protocol vlan protocol group Configuring Groups This command creates a protocol group or to add specific protocols to a group Use the no f...

Page 885: ...g for this interface Syntax protocol vlan protocol group group id vlan vlan id no protocol vlan protocol group group id vlan group id Group identifier of this protocol group Range 1 2147483647 vlan id...

Page 886: ...agged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded...

Page 887: ...lan protocol group This command shows the mapping from protocol groups to VLANs for the selected interfaces Syntax show interfaces protocol vlan protocol group interface interface ethernet unit port u...

Page 888: ...otocolGroup ID VLAN ID Eth 1 1 1 vlan2 Console Command Function Mode Page system mode Configures the ECN330 switch to operate in normal mode QinQ mode or L2MPLS mode PE 552 show system mode Displays t...

Page 889: ...dot1q ethertype section 7 17 28 on page 885 5 Configure the QinQ tunnel port to join the SPVLAN as an untagged member switchport allowed vlan section 7 17 10 on page 861 6 Configure the SPVLAN ID as...

Page 890: ...he port as an 802 1Q tunnel port Default Setting All ports are in hybrid mode Command Mode Interface Configuration Ethernet Port Channel Command Usage Use the switchport mode command to set the ECN330...

Page 891: ...he no form to restore the default setting Syntax switchport dot1q ethertype tpid no switchport dot1q ethertype tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select...

Page 892: ...gged frames For example 0x1234 is set as the custom 802 1Q ethertype on a trunk port incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype fie...

Page 893: ...tunnel command section 7 17 26 on page 884 When address monitoring for the QinQ tunnel port is enabled and incoming traffic is tagged for the internal management VLAN 247 or the FSA VLAN 249 an outer...

Page 894: ...ress table When a tunnel port changes to normal mode from QinQ Tunnel mode address monitoring is automatically disabled on this port and all static internal management VLAN address entries are deleted...

Page 895: ...Specifies the MTU size for the specified port Range 1500 9216 bytes Default Setting 1522 bytes Command Mode Interface Configuration Ethernet Port Channel Command Usage The switchport mtu command take...

Page 896: ...7 18 3 on page 893 5 Configure a Gigabit Ethernet port to L2MPLS uplink mode mpls l2 section 7 18 1 on page 891 6 Specify the tunnel label virtual channel VC and next hop used by the L2MPLS uplink por...

Page 897: ...n the L2MPLS uplink port This label is used by switches within the MPLS core network to establish a path from the entry point to the exit point Range 0 1048574 vc label Sets the MPLS port based virtua...

Page 898: ...t yet been used to set an interface as an MPLS uplink port However the MPLS header will be constructed and inserted into each frame only after a port has been configured as an L2MPLS uplink port Examp...

Page 899: ...ls static binding This command associates input and output MPLS labels with a VLAN Use the no form to reset a VLAN and disassociate the labels Syntax mpls static binding vlan vlan id input input_label...

Page 900: ...tic binding command Example Related Commands mpls l2 section 7 18 2 on page 893 7 18 4 show mpls l2transport This command displays the L2MPLS link information Command Mode Privileged Exec Command Usag...

Page 901: ...A 0 0 0 0 00 00 22 22 33 33 port 27 100 100 192 168 1 35 00 00 00 00 00 00 Console Field Description MPLS VLAN Information Client Intf A VLAN configured to operate as an L2MPLS tunnel This VLAN is con...

Page 902: ...within the MPLS core network to establish a path from the entry point to the exit point VC Label The Virtual Channel identifier that is used to map traffic to a specific customer port on the edge swi...

Page 903: ...switch s priority queues Table 99 Priority Commands Priority Commands Layer 2 This section describes commands used to configure Layer 2 traffic priority on the ECN330 switch Table 100 Priority Command...

Page 904: ...es before servicing lower priority queues This ensures that the highest priority packets are always serviced first ahead of all other traffic queue min bandwidth Assigns fair queueing minimum bandwidt...

Page 905: ...cified queue up to the highest priority queue Range 0 7 Default Setting Strict priority Command Mode Global Configuration Command Usage The ECN330 switch can be set to service the port queues based on...

Page 906: ...dwidth section 7 19 3 on page 902 queue min bandwidth section 7 19 4 on page 903 show queue mode section 7 19 6 on page 906 7 19 2 switchport priority default This command sets a priority for incoming...

Page 907: ...ort It can be configured to use strict priority queuing or Weighted Round Robin using the queue mode command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress...

Page 908: ...sed by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR cont...

Page 909: ...Fast Ethernet ports 1 100000000 kbps for Gigabit Ethernet ports Granularity 64 kbps Default Setting Queue bandwidth kbps 1754 3508 7017 10526 14035 17534 21052 24561are assigned to queues 0 7 respect...

Page 910: ...id The ID of the priority queue Range is 0 to 7 where 7 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is...

Page 911: ...es Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map section 7 19 9 on page 908 Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4...

Page 912: ...urrent queue servicing mode Default Setting None Command Mode Privileged Exec Example 7 19 7 show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the priori...

Page 913: ...when using Weighted Fair Queueing WFQ Syntax show queue min bandwidth interface interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel chan...

Page 914: ...x show queue cos map interface interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link R...

Page 915: ...5 6 7 Console Command Function Mode Page map ip port Enables TCP or UDP class of service mapping GC 910 map ip port Maps TCP or UDP socket to a class of service IC 911 map ip precedence Enables IP pre...

Page 916: ...r UDP sockets Use the no form to disable IP port mapping Syntax no map ip port Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port I...

Page 917: ...P or UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority...

Page 918: ...edence Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence an...

Page 919: ...g The list in Table 103 shows the default priority mapping Table 103 Mapping IP Precedence to CoS Values Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for pri...

Page 920: ...dscp Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and...

Page 921: ...os value no map ip dscp dscp value 8 bit DSCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the...

Page 922: ...re priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 7 19 16 show map ip port This command shows t...

Page 923: ...port Interface Configuration section 7 19 11 on page 911 7 19 17 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet uni...

Page 924: ...p ip precedence Global Configuration section 7 19 12 on page 912 map ip precedence Interface Configuration section 7 19 13 on page 913 Console show map ip precedence ethernet 1 5 Precedence mapping st...

Page 925: ...nd shows the IP DSCP priority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The as...

Page 926: ...dscp Global Configuration section 7 19 14 on page 914 map ip dscp Interface Configuration section 7 19 15 on page 915 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS E...

Page 927: ...M 924 policy map Creates a policy map for multiple interfaces GC 926 class Defines a traffic classification for the policy to act on PM 927 set Classifies IP traffic by setting a CoS DSCP or IP preced...

Page 928: ...cific manner in which ingress traffic will be handled and enter the Policy Map configuration mode 5 Use the class command to identify the class map and enter Policy Map Class configuration mode A poli...

Page 929: ...iguration mode Then use the match command page 924 to specify the criteria for ingress traffic that will be classified under this class map Only one match command is permitted per class map so the mat...

Page 930: ...h access list acl name ip dscp dscp ip precedence ip precedence vlan vlan acl name Name of the access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs...

Page 931: ...AC ACL on page 713 for information on configuring an appropriate ACL mask Example This example creates a class map called rd_class 1 and sets it to match packets marked for DSCP service value 3 This e...

Page 932: ...p Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage Use the policy map command to specify the name of the policy map and then use the class command to configur...

Page 933: ...t rate to 1522 bytes and configure the response to drop any violating packets 7 20 4 class This command defines a traffic classification upon which a policy can act and enters Policy Map Class configu...

Page 934: ...policy violation Currently only one rule may be configured per Class Map one or more classes may be assigned to a policy map Example This example creates a policy called rd_policy uses the class comma...

Page 935: ...recedence New IP Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example This example creates a policy called rd_policy uses the class command to specify th...

Page 936: ...tes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of profile packets Command Mode Policy Map Class Configur...

Page 937: ...icy This command applies a policy map defined by the policy map command to the ingress queue of a particular interface Use the no form to remove the policy map from this interface Syntax no service po...

Page 938: ...licy map to the required interface Example This example applies a service policy to an ingress interface 7 20 8 show class map This command displays the QoS class maps which define matching criteria u...

Page 939: ...Syntax show policy map policy map name class class map name policy map name Name of the policy map Range 1 16 characters class map name Name of the class map Range 1 16 characters Default Setting Dis...

Page 940: ...t unit This is device 1 port Physical port number on the ECN330 Range 1 28 port channel channel id The assigned number of an aggregated link Range 1 13 Command Mode Privileged Exec Example Console sho...

Page 941: ...st service Note that IGMP query can be enabled globally at Layer 2 or enabled for specific VLAN interfaces at Layer 3 Layer 2 query is disabled if Layer 3 query is enabled Table 106 Multicast Filterin...

Page 942: ...disable it Syntax no ip igmp snooping Default Setting Enabled Command Function Mode Page ip igmp snooping Enables IGMP snooping globally GC 936 ip igmp snooping Enables IGMP snooping per VLAN interfa...

Page 943: ...the no form to disable it Syntax no ip igmp snooping Default Setting Enabled Command Mode Interface Configuration VLAN Command Usage When IGMP snooping is enabled globally the per VLAN interface setti...

Page 944: ...ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Physical port...

Page 945: ...ng version 1 IGMP Version 1 2 IGMP Version 2 3 IGMP Version 3 Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If...

Page 946: ...not be enabled when using IGMPv3 snooping Example The following configures the ECN330 switch to use IGMP Version 1 7 21 5 show ip igmp snooping This command shows the IGMP snooping configuration Defau...

Page 947: ...n id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Comman...

Page 948: ...AN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Command Function Mode Page ip igmp snooping querier Allows the ECN330 switch to act as the querier for IGMP snooping GC 943 ip igmp...

Page 949: ...lt Setting Enabled Command Mode Global Configuration Command Usage IGMP snooping querier is not supported for IGMPv3 snooping see ip igmp snooping version section 7 21 4 on page 939 If enabled under I...

Page 950: ...t Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a...

Page 951: ...val Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the ECN330 switch sends IGMP host query mess...

Page 952: ...1 255 Default Setting 10 seconds Command Mode Global Configuration Command Usage The ECN330 switch must be using IGMPv2 or v3 snooping for this command to take effect This command defines the time af...

Page 953: ...GMP report messages sent to multicast devices Use the no form of this command to disable report suppression and forward all IGMP reports Syntax no ip igmp snooping report suppression Default Setting E...

Page 954: ...ip igmp snooping router port expire time seconds no ip igmp snooping router port expire time seconds The time the ECN330 switch waits after the previous querier stops before it considers the router p...

Page 955: ...e 939 Static Multicast Routing Commands This section describes commands used to configure static multicast routing on the ECN330 switch Table 109 Static Multicast Routing Commands Console config ip ig...

Page 956: ...rt number on the ECN330 switch Range 1 27 port channel channel id The assigned number of an aggregated link Range 1 13 Default Setting No static multicast router ports are configured Command Mode Glob...

Page 957: ...formation on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast rout...

Page 958: ...12 Dynamic Console Command Function Mode Page ip igmp Enables IGMP for the specified interface IC 953 ip igmp robustval Configures the expected packet loss IC 954 ip igmp query interval Configures fre...

Page 959: ...d Command Mode Interface Configuration VLAN Command Usage IGMP query can be enabled globally at Layer 2 through the ip igmp snooping command or enabled for specific VLAN interfaces at Layer 3 through...

Page 960: ...nd to restore the default value Syntax ip igmp robustval robust value no ip igmp robustval robust value The robustness of this interface Range 1 255 Default Setting 2 Command Mode Interface Configurat...

Page 961: ...frequency at which host query messages are sent Use the no form to restore the default Syntax ip igmp query interval seconds no ip igmp query interval seconds The frequency at which the ECN330 switch...

Page 962: ...shows how to configure the query interval to 100 seconds 7 21 18 ip igmp max resp interval This command configures the maximum response time advertised in IGMP queries Use the no form of this command...

Page 963: ...by the maximum response interval must be less than the Query Interval page 955 Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp version se...

Page 964: ...roup is deleted This value may be tuned to modify the leave latency of the network A reduced value results in reduced time to detect the loss of the last member of a group Example The following shows...

Page 965: ...set to version 2 to enable the ip igmp max resp interval page 956 Example The following configures the ECN330 switch to use IGMP Version 1 on the selected interface 7 21 21 show ip igmp interface Thi...

Page 966: ...an id VLAN ID Range 1 4094 Default Setting Deletes all entries in the cache if no options are selected Command Mode Privileged Exec Command Usage Enter the address for a multicast group to delete all...

Page 967: ...ult Setting Displays information for all known groups Command Mode Normal Exec Privileged Exec Command Usage This command displays information for multicast groups learned through IGMP not static grou...

Page 968: ...h InterfaceVlan The interface on the ECN330 switch that has received traffic directed to the multicast group address Lastreporter The IP address of the source of the last membership report received fo...

Page 969: ...Commands Command Function Mode Page ip host Creates a static host name to address mapping GC 964 clear host Deletes entries from the host name to address table PE 965 ip domain name Defines a default...

Page 970: ...Range 1 64 characters address1 Corresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Command Usage Server...

Page 971: ...clear host name name Name of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table Cons...

Page 972: ...domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Example...

Page 973: ...that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a tim...

Page 974: ...on Use the no form to remove a name server from this list Syntax no ip name server server address1 server address2 server address6 server address1 IP address of domain name server server address2 serv...

Page 975: ...then displays the list Related Commands ip domain name section 7 22 3 on page 966 ip domain lookup section 7 22 6 on page 969 7 22 6 ip domain lookup This command enables DNS host name to address tra...

Page 976: ...eleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Related Commands ip domain name section 7 22 3 on page 966 ip name server section 7 22 5...

Page 977: ...mmand Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry 7 22 8 show dns This command displays the...

Page 978: ...er List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten com tw 2 4 CNAME 66 218 71 84 298...

Page 979: ...g is always 4 indicating a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain nam...

Page 980: ...P service directly to any client Table 114 DHCP Commands DHCP Client Use the commands in this section to allow ECN330 switch VLAN interfaces to dynamically acquire IP address information Table 115 DHC...

Page 981: ...xt A text string Range 1 15 characters hex The hexadecimal value Default Setting None Command Mode Interface Configuration VLAN Command Usage This command is used to include a client identifier in all...

Page 982: ...he client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Exampl...

Page 983: ...ocal hosts to a remote DHCP server Table 116 DHCP Relay Commands 7 23 3 ip dhcp restart relay This command enables DHCP relay for the specified VLAN Use the no form to disable it Syntax no ip dhcp rel...

Page 984: ...it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent that is the ECN330 switch The ECN330 swit...

Page 985: ...address of DHCP server Range 1 3 addresses Default Setting None Command Mode Interface Configuration VLAN Command Usage The IP address for at least one DHCP server must be specified Otherwise the ECN...

Page 986: ...subnet number and mask for a DHCP address pool DC 984 default router Specifies the default router list for a DHCP client DC 985 domain name Specifies the domain name for a DHCP client DC 986 dns serv...

Page 987: ...plement any configuration changes host Specifies the IP address and network mask to manually bind to a DHCP client DC 992 client identifier Specifies a client identifier for a DHCP client DC 993 hardw...

Page 988: ...d IP addresses Syntax no ip dhcp excluded address low address high address low address An excluded IP address or the first IP address in an excluded address range high address The last IP address in a...

Page 989: ...Configuration mode identified by the config dhcp prompt From this mode first configure address pools for the network interfaces using the network command An address can also be manually bound to a spe...

Page 990: ...quest was forwarded by a relay server If there is no gateway in the client request that is the request was not forwarded by a relay server the ECN330 switch searches for a network pool matching the in...

Page 991: ...ary router address2 Specifies the IP address of an alternate router Default Setting None Command Mode DHCP Pool Configuration Command Usage The IP address of the router should be on the same subnet as...

Page 992: ...e 1 32 characters Default Setting None Command Mode DHCP Pool Configuration Example 7 23 11 dns server This command specifies the Domain Name System DNS IP servers available to a DHCP client Use the n...

Page 993: ...with address1 as the most preferred server Example 7 23 12 next server This command configures the next server in the boot process of a DHCP client Use the no form to remove the boot server list Synta...

Page 994: ...ld placed on the Trivial File Transfer Protocol TFTP server specified with the next server command Use the no form to delete the boot image name Syntax bootfile filename no bootfile filename Name of t...

Page 995: ...remove the NetBIOS name server list Syntax netbios name server address1 address2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP address...

Page 996: ...icrosoft DHCP clients Use the no form to remove the NetBIOS node type Syntax netbios node type type no netbios node type type Specifies the NetBIOS node type broadcast hybrid recommended mixed peer to...

Page 997: ...he lease A days value must be supplied before hours can be configured Range 0 23 minutes Specifies the number of minutes in the lease A days and hours value must be supplied before minutes can be conf...

Page 998: ...ss pool matching the gateway where the request originated that is if the request was forwarded by a relay server If there is no gateway in the client request that is the request was not forwarded by a...

Page 999: ...the IP address currently in use by the host Example Related Commands client identifier section 7 23 18 on page 993 hardware address section 7 23 19 on page 994 7 23 18 client identifier This command s...

Page 1000: ...ess to a BOOTP client a hardware address must be associated with the host entry Example Related Commands host section 7 23 17 on page 992 7 23 19 hardware address This command specifies the hardware a...

Page 1001: ...ransmit a client identifier To bind an address to a BOOTP client a hardware address must be associated with the host entry Example Related Commands host section 7 23 17 on page 992 7 23 20 clear ip dh...

Page 1002: ...te a manual binding This command is normally used after modifying the address pool or after moving DHCP service to another device Example Related Commands show ip dhcp binding section 7 23 21 on page...

Page 1003: ...ace 997 1553 KDU 137 365 Uen D 2006 06 16 Command Mode Normal Exec Privileged Exec Example Console show ip dhcp binding IP MAC Lease Time Start dd hh mm ss 192 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08...

Page 1004: ...red to take over the workload if the master router fails or can also be configured to share the traffic load The primary goal of router redundancy is to allow a host device which has been configured w...

Page 1005: ...rrp ip Enables VRRP and sets the IP address of the virtual router IC 1001 vrrp authentication Configures a key used to authenticate VRRP packets received from other routers IC 1002 vrrp priority Sets...

Page 1006: ...Range 1 255 Default Setting No virtual router groups are configured Command Mode Interface VLAN Example This example creates VRRP group 1 on VLAN 1 show vrrp interface counters Displays VRRP statisti...

Page 1007: ...mand Usage The interfaces of all routers participating in a virtual router group must be within the same IP subnet The IP address assigned to the virtual router must already be configured on the route...

Page 1008: ...cation group Identifies the virtual router group Range 1 255 key Authentication string Range 1 8 alphanumeric characters Default Setting No key is defined Command Mode Interface VLAN Command Usage All...

Page 1009: ...p group priority group Identifies the VRRP group Range 1 255 level Priority of this router in the VRRP group Range 1 254 Default Setting 100 Command Mode Interface VLAN Command Usage A router that has...

Page 1010: ...he original master that is the owner of the VRRP IP address comes back on line it will always resume control as the master Example Related Commands vrrp preempt section 7 24 6 on page 1005 7 24 5 vrrp...

Page 1011: ...ertisements backup routers will bid to become the master router based on priority The dead interval before attempting to take over as the master is three times the hello interval plus half a second Ex...

Page 1012: ...he owner of the VRRP IP address comes back on line it will always resume control as the master The delay can give additional time to receive an advertisement message from the current master before tak...

Page 1013: ...p Identifies a VRRP group Range 1 255 Defaults None Command Mode Privileged Exec Command Usage Use this command without any keywords to display the full listing of status information for all VRRP grou...

Page 1014: ...92 168 1 6 Master priority 255 Master Advertisement interval 5 sec Master down interval 15 Console Field Description State VRRP role of this interface master or backup Virtual IP address Virtual addre...

Page 1015: ...riority The priority of the router currently acting as the VRRP group master Master Advertisement interval The advertisement interval configured on the VRRP master Master down interval The down interv...

Page 1016: ...interface vlan Displays all VRRP status information for the specified VLAN interface vlan id Identifier of configured VLAN interface Range 1 4094 Defaults None Command Mode Privileged Exec Int Interva...

Page 1017: ...configured VLAN interface Range 1 4094 brief Displays summary information for all VRRP groups on this router Defaults None Command Mode Privileged Exec Console show vrrp all Vlan 1 Group 1 state Maste...

Page 1018: ...with an unknown or unsupported version number Console show vrrp interface vlan 1 Vlan 1 Group 1 state Master Virtual IP address 192 168 1 6 Virtual MAC address 00 00 5E 00 01 01 Advertisement interval...

Page 1019: ...nsole show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER 6 Total Number of Received Advertisements Packets 0 Total Number of Received Error Advertisement Interval Packe...

Page 1020: ...erface counters This command clears VRRP system statistics for the specified group and interface Syntax clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interfac...

Page 1021: ...ocol ARP and Proxy ARP These commands are used to connect subnetworks to the enterprise network Table 122 IP Interface Commands Basic IP Configuration This section describes commands used to configure...

Page 1022: ...netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP...

Page 1023: ...o gain management access over the network or to connect the ECN330 switch to existing IP subnets A specific IP address can be manually configured or the ECN330 switch can be directed to obtain an addr...

Page 1024: ...ip default gateway gateway no ip default gateway gateway IP address of the default gateway Default Setting No default gateway is established Command Mode Global Configuration Command Usage The gateway...

Page 1025: ...command displays the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Example Console config ip default gateway 10 1 0 254 Console config Console show ip interf...

Page 1026: ...7 25 4 on page 1020 7 25 4 show ip redirects This command shows the default gateway configured for the ECN330 switch Default Setting None Command Mode Privileged Exec Example Related Commands ip defa...

Page 1027: ...rmation Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to verify connectivity between the ECN330 switch and anothe...

Page 1028: ...SC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics f...

Page 1029: ...ess hardware address no arp ip address ip address IP address to map to a specified hardware address hardware address Hardware address to map to a specified IP address The format for this address is xx...

Page 1030: ...e if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Example Rela...

Page 1031: ...ARP cache timeout for 15 minutes that is 900 seconds 7 25 8 clear arp cache This command deletes all dynamic entries from the Address Resolution Protocol ARP cache Command Mode Privileged Exec Exampl...

Page 1032: ...ntry including the corresponding IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router Example This example displays...

Page 1033: ...RP Use the no form to disable proxy ARP Syntax no ip proxy arp Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage Proxy ARP allows a non routing device to determine the M...

Page 1034: ...routers on the network to automatically determine the best path to any subnetwork This section includes commands for both static and dynamic routing These commands are used to connect between differe...

Page 1035: ...ble IP routing Syntax no ip routing Default Setting Enabled Command Mode Global Configuration Command Function Mode Page ip routing Enables static and dynamic IP routing GC 1029 ip route Configures st...

Page 1036: ...on MAC addresses Example 7 26 2 ip route This command configures static routes Use the no form to remove static routes Syntax ip route destination ip netmask default gateway metric metric no ip route...

Page 1037: ...Example This example forwards all traffic for subnet 192 168 1 0 to the router 192 168 5 254 using the default metric of 1 7 26 3 clear ip route This command removes dynamically learned entries from...

Page 1038: ...yntax show ip route config address netmask config Displays all static routing entries address IP address of the destination network subnetwork or host for which routing information is to be displayed...

Page 1039: ...255 252 0 10 2 48 16 local 0 1 10 2 5 6 255 255 255 0 10 2 8 12 RIP 1 2 10 3 9 1 255 255 255 0 10 2 9 254 OSPF intra 2 3 Total entry 5 Console Field Description Ip Address IP address of the destinati...

Page 1040: ...isplaying Statistics for IP Protocols on page 413 Console show ip host route Total count 0 IP address Mac address VLAN Port 192 168 1 250 00 00 30 01 01 01 3 1 1 10 2 48 2 00 00 30 01 01 02 1 1 1 10 2...

Page 1041: ...generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable...

Page 1042: ...eceive version to use on a network interface IC 1043 ip rip send version Sets the RIP send version to use on a network interface IC 1044 ip split horizon Enables split horizon or poison reverse loop p...

Page 1043: ...ined management IP interface Use the no form to disable it Syntax no router rip Command Mode Global Configuration Default Setting Disabled Command Usage RIP is used to specify how routers exchange rou...

Page 1044: ...ction 120 seconds Command Usage The update timer sets the rate at which updates are sent This is the fundamental timer used to control all basic RIP processes The timeout timer is the time after which...

Page 1045: ...to 160 seconds 7 26 9 network This command specifies the network interfaces that will be included in the RIP routing process Use the no form to remove an entry Syntax no network subnet address subnet...

Page 1046: ...the network address are used 192 223 is class C and the first three fields in the network address are used Example This example includes network interface 10 1 0 0 in the RIP routing process Related...

Page 1047: ...information rather than relying on broadcast messages generated by the RIP protocol Example 7 26 11 version This command specifies a RIP version used globally by the router Use the no form to restore...

Page 1048: ...messages RIP Version 2 configures the unset interfaces to use RIPv2 for both sending and receiving protocol messages When the no form of this command is used to restore the default value any VLAN int...

Page 1049: ...IPv2 packets Command Mode Interface Configuration VLAN Default Setting The default depends on the setting specified with the version command Global RIPv1 RIPv1 or RIPv2 packets Global RIPv2 RIPv2 pack...

Page 1050: ...1041 7 26 13 ip rip send version This command specifies a RIP version to send on an interface Use the no form to restore the default value Syntax ip rip send version none 1 2 v2 broadcast no ip rip se...

Page 1051: ...work Use 1 or 2 if all routers in the local network are based on RIPv1 or RIPv2 respectively Use v2 broadcast to propagate route information by broadcasting to other routers on the network using RIPv2...

Page 1052: ...mmand Mode Interface Configuration VLAN Default Setting split horizon Command Usage Split horizon never propagates routes back to an interface from which they have been acquired Poison reverse propaga...

Page 1053: ...tive Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage This command can be used to restrict the interfaces that can exchange RIPv2 routing information Note that...

Page 1054: ...no ip rip authentication mode text Indicates that a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for...

Page 1055: ...mmand Mode Privileged Exec Example Table 130 show rip globals Display Description Console config interface vlan 1 Console config if ip rip authentication mode text Console config if Console show rip g...

Page 1056: ...s Shows the status of routing messages on each interface peer Shows information on neighboring routers along with information about the last time a route update was received the RIP version used by th...

Page 1057: ...10 1 1 253 0 0 13 Console show ip rip peer Peer UpdateTime Version RcvBadPackets RcvBadRoutes 10 1 0 254 1625 2 0 0 10 1 1 254 1625 2 0 0 Console Field Description show ip rip configuration Interface...

Page 1058: ...ates Number of route changes show ip rip peer Peer IP address of a neighboring RIP router UpdateTime Last time a route update was received from this peer Version Whether RIPv1 or RIPv2 packets were re...

Page 1059: ...ulates summary route costs using RFC 1583 OSPFv1 RC 1057 default information originate Generates a default external route into an autonomous system RC 1058 timers spf Configures the hold time between...

Page 1060: ...75 ip ospf message digest key Enables MD5 authentication and sets the key for an interface IC 1076 ip ospf cost Specifies the cost of sending a packet on an interface IC 1077 ip ospf dead interval Set...

Page 1061: ...show ip ospf border routers Displays routing table entries for Area Border Routers ABR and Autonomous System Boundary Routers ASBR PE 1084 show ip ospf database Shows information about different LSAs...

Page 1062: ...le Related Commands network area section 7 26 28 on page 1066 7 26 20 router id This command assigns a unique router ID for this device within the autonomous system Use the no form to use the default...

Page 1063: ...be used when the router is rebooted or manually restarted by entering the no router ospf followed by the router ospf command If the priority values of the routers bidding to be the designated router...

Page 1064: ...this feature Syntax default information originate always metric interface metric metric type metric type no default information originate always Always advertise a default route to the local AS regard...

Page 1065: ...ist To define a default route use the ip route command If the always keyword is not used the router can only advertise a default external route into the AS if the redistribute command is used to impor...

Page 1066: ...spf holdtime no timers spf spf holdtime Minimum time between two consecutive SPF calculations Range 0 65535 seconds Command Mode Router Configuration Default Setting 10 seconds Command Usage Setting t...

Page 1067: ...IP address ip address Base address for the routes to summarize netmask Network mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the...

Page 1068: ...lt cost Syntax area area id default cost cost no area area id default cost area id Identifier for a stub or NSSA in the form of an IP address cost Cost for the default summary route sent to a stub or...

Page 1069: ...ry address netmask summary address Summary address covering a range of addresses netmask Network mask for the summary route Command Mode Router Configuration Default Setting Disabled Command Usage An...

Page 1070: ...no redistribute rip static metric metric value metric type type value rip External routes will be imported from the Routing Information Protocol into this Autonomous System static Static routes will...

Page 1071: ...pecified in this command supersedes the metric specified in the default information originate command Metric type specifies the way to advertise routes to destinations outside the AS through External...

Page 1072: ...Default Setting Disabled Command Usage An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous system Each router must be connected to the...

Page 1073: ...ea 10 2 9 0 covering the class C addresses 10 2 9 x 7 26 29 area stub This command defines a stub area To remove a stub use the no form without the optional keyword To remove the summary attribute use...

Page 1074: ...outer supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 2 0 0 and assigns all interfaces with class B addresses 10 2 x x to the stub...

Page 1075: ...t Setting No NSSA is configured Command Usage All routers in a NSSA must be configured with the same area ID An NSSA is similar to a stub because when the router is an ABR it can send a default route...

Page 1076: ...use the no form with no optional keywords To restore the default value for an attribute use the no form with the required keyword Syntax no area area id virtual link router id authentication message...

Page 1077: ...ifies the interval at which the ABR retransmits link state advertisements LSA over the virtual link The retransmit interval should be set to a conservative value that provides an adequate flow of rout...

Page 1078: ...k then it must be enabled on all routers within an autonomous system and the key identifier and key must also be the same for all routers Command Mode Router Configuration Default Setting area id None...

Page 1079: ...any optional parameters to specify plain text or simple password authentication Use the no form to restore the default of no authentication Syntax ip ospf authentication message digest null no ip osp...

Page 1080: ...rface configure the message digest key id and key with the ip ospf message digest key command The plain text authentication key or the MD5 key id and key must be used consistently throughout the auton...

Page 1081: ...pecifying plain text password authentication for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the messa...

Page 1082: ...print Range 1 16 characters Command Mode Interface Configuration VLAN Default Setting MD5 authentication is disabled Command Usage Normally only one key is used per interface to generate authenticatio...

Page 1083: ...ation section 7 26 32 on page 1073 7 26 35 ip ospf cost This command explicitly sets the cost of sending a packet on an interface Use the no form to restore the default value Syntax ip ospf cost cost...

Page 1084: ...n before neighbors declare the router down Use the no form to restore the default value Syntax ip ospf dead interval seconds no ip ospf dead interval seconds The maximum time that neighbor routers can...

Page 1085: ...val seconds Interval at which hello packets are sent from an interface This interval must be set to the same value for all routers on the network Range 1 65535 Command Mode Interface Configuration VLA...

Page 1086: ...Usage Set the priority to zero to prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority will become the DR and the router with th...

Page 1087: ...ange 1 65535 Command Mode Interface Configuration VLAN Default Setting 5 seconds Command Usage A router will resend an LSA to a neighbor if it receives no acknowledgment The retransmit interval should...

Page 1088: ...te update Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmission When estimating the transmit...

Page 1089: ...ary router Redistributing External Routes from rip with metric mapped to 10 Number of area in this router is 2 Area 0 0 0 0 BACKBONE Number of interfaces in this area is 1 SPF algorithm executed 19 ti...

Page 1090: ...outer The number of configured areas Area identifier The area address and area type if backbone NSSA or stub Number of interfaces The number of interfaces attached to this area SPF algorithm executed...

Page 1091: ...adv router ip address show ip ospf area id database asbr summary link state id self originate link state id show ip ospf area id database database summary show ip ospf area id database external link s...

Page 1092: ...tabase nssa external link state id adv router ip address show ip ospf area id database nssa external link state id self originate link state id show ip ospf area id database router link state id show...

Page 1093: ...umber for Type 3 Summary and External LSAs A Router ID for Router Network and Type 4 AS Summary LSAs Also note that when an Type 5 ASBR External LSA is describing a default route its link state id is...

Page 1094: ...Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 1...

Page 1095: ...1 AS Boundary Router s Router ID Advertising Router 192 168 1 5 LS Sequence Number 80000002 LS Checksum 0x51E2 Length 32 Network Mask 255 255 255 0 Metric 1 Console Field Description OSPF Router id Ro...

Page 1096: ...Console show ip ospf database database summary Area ID 10 1 0 0 Router Network Sum Net Sum ASBR External AS External Nssa 2 1 1 0 0 0 Total LSA Counts 4 Console Field Description Area ID Area identif...

Page 1097: ...ternal Network Number Advertising Router 10 1 2 254 LS Sequence Number 80000002 LS Checksum 0x51E2 Length 32 Network Mask 255 255 0 0 Metric Type 2 Larger than any link state path Metric 1 Forward Add...

Page 1098: ...work Metric Type Type 1 or Type 2 external metric see redistribute on page 1064 Metrics Cost of the link Forward Address Forwarding address for data to be passed to the advertised destination If set t...

Page 1099: ...y LS Type Network Links Link State ID 10 1 1 252 IP interface address of the Designated Router Advertising Router 10 1 1 252 LS Sequence Number 80000002 LS Checksum 0x51E2 Length 32 Network Mask 255 2...

Page 1100: ...ncluding the designated router itself Console show ip ospf database router OSPF Router with id 10 1 1 253 Displaying Router Link States Area 10 1 0 0 Link State Data Router Type 1 LS age 233 Options S...

Page 1101: ...LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Router Role Description of...

Page 1102: ...3 Displaying Summary Net Link States Area 10 1 0 0 Link State Data Summary Type 3 LS age 686 Options Support External routing capability LS Type Summary Links Network Link State ID 10 2 6 0 The destin...

Page 1103: ...Range 1 4094 Command Mode Privileged Exec Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA used to dete...

Page 1104: ...outer id 10 1 1 252 Interface address 10 1 1 252 Backup Designated router id 10 1 1 253 Interface addr 10 1 1 253 Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Field Description Vla...

Page 1105: ...rface but interface is down Loopback This is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiacces...

Page 1106: ...g States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirecti...

Page 1107: ...rivileged Exec Example This example shows a summary address and associated network mask Related Commands summary address section 7 26 26 on page 1063 7 26 47 show ip ospf virtual links This command di...

Page 1108: ...nk to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit Delay is 1 sec Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Field Description Virtual Link to router OSPF neighbor and...

Page 1109: ...icast packets across different subnetworks This router supports both the Distance Vector Multicast Routing Protocol DVMRP and Protocol Independent Multicasting PIM Note that IGMP should be enabled for...

Page 1110: ...d Command Mode Global Configuration Command Usage This command is used to enable multicast routing globally for the router A specific multicast routing protocol also needs to be globally enabled using...

Page 1111: ...f the multicast delivery tree This subnetwork contains a known multicast source summary Displays summary information for each entry in the IP multicast routing table Command Mode Privileged Exec Comma...

Page 1112: ...Upstream Interface vlan1 Upstream Router 148 122 34 9 Downstream vlan2 P vlan3 F Console Field Description Source and netmask Subnetwork containing the IP multicast source Group address IP multicast...

Page 1113: ...1 1 1 10 1 0 0 255 255 0 0 vlan1 DVMRP P 224 2 2 2 10 1 0 0 255 255 0 0 vlan1 DVMRP Console Command Function Mode Page router dvmrp Enables DVMRP and enters router configuration mode GC 1108 probe int...

Page 1114: ...p Enables DVMRP on the specified interface IC 1115 ip dvmrp metric Sets the metric used when establishing reverse paths to some networks on directly attached interfaces IC 1116 clear ip dvmrp route Cl...

Page 1115: ...ces that will support DVMRP multicast routing using the ip dvmrp command and set the metric for each interface Example Related Commands ip dvmrp section 7 27 10 on page 1115 show router dvmrp section...

Page 1116: ...x probe interval seconds no probe interval seconds Interval between sending neighbor probe messages Range 1 65535 Default Setting 10 seconds Command Mode Router Configuration Command Usage Probe messa...

Page 1117: ...Use the no form to restore the default value Syntax nbr timeout seconds no nbr timeout seconds Interval before declaring a neighbor dead Range 1 65535 Default Setting 35 seconds Command Mode Router Co...

Page 1118: ...the complete set of routing tables Range 1 65535 Default Setting 60 seconds Command Mode Router Configuration Example 7 27 7 flash update interval This command specifies how often to send trigger upd...

Page 1119: ...e Use the no form to restore the default value Syntax prune lifetime seconds no prune lifetime seconds Prune state lifetime Range 1 65535 Default Setting 7200 seconds Command Mode Router Configuration...

Page 1120: ...rtises the default route out through its other interfaces Neighboring routers on the other interfaces return Poison Reverse messages for the default route back to the router When the router receives t...

Page 1121: ...yntax no ip dvmrp Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage To fully enable DVMRP multicast routing needs to be enabled globally for the router with the ip multi...

Page 1122: ...etric no ip dvmrp metric interface metric Metric used to select the best reverse path Range 1 31 Default Setting 1 Command Mode Interface Configuration VLAN Command Usage The DVMRP interface metric is...

Page 1123: ...ute table except for the default route 7 27 13 show router dvmrp This command displays the global DVMRP configuration settings Command Mode Normal Exec Privileged Exec Console config interface vlan 1...

Page 1124: ...section 7 27 8 on page 1113 report interval section 7 27 6 on page 1112 default gateway section 7 27 9 on page 1114 ip dvmrp metric section 7 27 11 on page 1116 Example The default settings are shown...

Page 1125: ...ource IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Mask Subnet mask that is used for the source address This mask identifies...

Page 1126: ...cription Console show ip dvmrp neighbor Address Interface Uptime Expire Capabilities 10 1 0 254 vlan1 79315 32 6 Console Field Description Address The IP address of the network device immediately upst...

Page 1127: ...lities This is a hexadecimal value representing the set bits The neighboring router s capabilities may include Leaf bit 0 Neighbor has only one interface with neighbors Prune bit 1 Neighbor supports p...

Page 1128: ...sages from a neighboring PIM DM router before declaring it dead IC 1126 ip pim trigger hello interval Sets the maximum time before sending a triggered PIM DM Hello message IC 1127 ip pim join prune ho...

Page 1129: ...pim dense mode Default Setting Disabled Command Mode Global Configuration Command Usage This command enables PIM DM globally for the router PIM DM also needs to be enabled for each interface that will...

Page 1130: ...the ip multicast routing command page 1104 PIM DM enabled globally for the router with the router pim dense mode command page 1123 and also PIM DM enabled for each interface that will participate in...

Page 1131: ...ing PIM hello messages Range 1 65535 Default Setting 30 seconds Command Mode Interface Configuration VLAN Console config interface vlan 1 Console config if ip pim dense mode Console show ip pim interf...

Page 1132: ...nfigures the interval to wait for hello messages from a neighboring PIM router before declaring it dead Use the no form to restore the default value Syntax ip pim hello holdtime seconds no ip pim hell...

Page 1133: ...a triggered PIM DM Hello message Range 0 65535 Default Setting 5 seconds Command Mode Interface Configuration VLAN Command Usage When a router first starts or PIM DM is enabled on an interface the he...

Page 1134: ...tion VLAN Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM DM interfaces on the router If there are no reque...

Page 1135: ...The time before resending a Graft Range 0 65535 Default Setting 3 seconds Command Mode Interface Configuration VLAN Command Usage A graft message is sent by a router to cancel a prune state When a rou...

Page 1136: ...o restore the default value Syntax ip pim max graft retries retries no ip pim graft retry interval retries The maximum number of times to resend a Graft Range 0 65535 Default Setting 2 Command Mode In...

Page 1137: ...vlan id vlan id VLAN ID Range 1 4094 Command Mode Normal Exec Privileged Exec Command Usage This command displays the PIM settings for the specified interface as described in the preceding pages It a...

Page 1138: ...1 is up PIM is enabled mode is Dense Internet address is 10 1 0 253 Hello time interval is 30 sec trigger hello time interval is 5 sec Hello holdtime is 105 sec Join Prune holdtime is 210 sec Graft re...

Page 1139: ...r Address VLAN Interface Uptime Expire Mode 10 1 0 254 1 17 38 16 00 01 25 Dense Console Field Description Address IP address of the next hop router VLAN Interface Interface number that is attached to...

Page 1140: ...N330 switch as a Rendezvous Point RP candidate GC 1141 ip pim rp address Sets a static address for the Rendezvous Point GC 1144 ip pim register rate limit Configures the rate at which register message...

Page 1141: ...and sending hello messages IC 1158 clear ip pim bsr rp set Clears the RP entries learned through the BSR PE 1160 show ip pim Shows the global settings for PIM SM PE 1161 show ip pim bsr router Display...

Page 1142: ...mode Default Setting Disabled Command Mode Global Configuration Command Usage This command enables PIM SM globally for the router PIM SM also needs to be enabled for each interface that will support...

Page 1143: ...s who want to join or leave a multicast group Use the same join prune message interval on all the PIM SM routers in the same PIM SM domain otherwise the routing protocol s performance will be adversel...

Page 1144: ...uted on any BSR all groups with the same seed hash will be mapped to the same RP If the mask length is less than 32 then only the first portion of the hash is used and a single RP will be defined for...

Page 1145: ...ch neighbor receiving the bootstrap message compares the BSR address with the address from previous messages If the current address is the same or a higher address it accepts the bootstrap message and...

Page 1146: ...lated Commands show ip pim bsr router section 7 27 45 on page 1163 Console config ip pim bsr candidate vlan 1 hash mask length 20 priority 200 Console config exit Console show ip pim bsr router PIMv2...

Page 1147: ...rity Priority used by the candidate RP in the election process The RP candidate with the largest priority is preferred If the priority values are the same the candidate with the larger IP address is e...

Page 1148: ...e bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provides faster convergence and minimal disruption when an RP fails It also se...

Page 1149: ...date vlan 1 224 0 0 0 255 0 0 0 priority 200 Console config exit Console show ip pim bsr router PIMv2 BootStrap Information This system is the BootStrap Router BSR BSR address 192 168 1 250 BSR priori...

Page 1150: ...k Subnet mask that is used for the group address override If there is a conflict the static RP configured with this command prevails over a dynamically learned RP Default Setting None Command Mode Glo...

Page 1151: ...through the bootstrap router BSR If the override parameter is used a statistically configured RP address will take precedence over those learned through the BSR Example In the following example the ad...

Page 1152: ...ate limit rate no pim register rate limit rate The maximum number of register packets per second Range 1 65535 Default 0 which means no limit Default Setting no limit Command Mode Global Configuration...

Page 1153: ...d infinity group address mask group address An IP multicast group address If a group address is not specified the shared tree is used for all multicast groups mask Subnet mask that is used for the gro...

Page 1154: ...the source to the receiver instead of using the shared tree The ip pim spt threshold infinity command forces the router to use the shared tree for all multicast groups or just for the specified multi...

Page 1155: ...ssage It is also used to calculate the KeepaliveTimer by the RP Range 1 65535 seconds Default Setting 60 seconds Command Mode Global Configuration Command Usage When the DR receives a register stop me...

Page 1156: ...m to restore the default setting Syntax no ip pim ignore rp set priority Default Setting Disabled Console config ip pim register suppression 500 Console config exit Console show running config router...

Page 1157: ...orm to restore the default setting Syntax no ip pim crp prefix Console config ip pim ignore rp set priority Console config exit Console show running config router pim sparse mode ip pim register rate...

Page 1158: ...Cisco BSR Example This example makes the ECN330 switch an acceptable RP candidate for Cisco BSRs Related Commands show ip pim section 7 27 44 on page 1161 Console config ip pim crp prefix Console con...

Page 1159: ...Mode Global Configuration Example This example makes the ECN330 switch calculate the register checksum over the whole packet Related Commands show ip pim section 7 27 44 on page 1161 Console config ip...

Page 1160: ...section 7 21 15 on page 953 A PIM SM interface is used to forward multicast traffic only if a join message is received from a downstream router or if group members are directly connected to the inter...

Page 1161: ...im dr priority priority value no ip pim dr priority priority value Priority advertised by a router when bidding to become the DR Range 0 4294967294 Default Setting 1 Console config interface vlan 1 Co...

Page 1162: ...terface uses the same priority then the router with the highest IP address is elected to serve as the DR If a router does not advertise a priority in its hello messages it is assumed to have the highe...

Page 1163: ...nd Usage PIM SM routers send periodic hello messages to inform neighboring routers of their presence and to determine which router for each LAN segment will serve as the Designated Router DR When a ro...

Page 1164: ...tting Syntax ip pim hello holdtime holdtime value no ip pim hello holdtime holdtime value Holdtime for which to keep a neighbor state alive Range 1 65535 seconds Default Setting 3 5 times the hello in...

Page 1165: ...on 7 27 41 on page 1157 the hello holdtime is automatically updated However if the hello holdtime has been configured then it will not be updated when the hello interval changes Also note that if a va...

Page 1166: ...through the BSR Command Mode Privileged Exec Command Usage This command can be used to update the entries in the static multicast forwarding table immediately after making configuration changes to the...

Page 1167: ...Register Suppression 500 Register Rate Limit 500 Register CheckSum with Data Enabled Ignore RP Set Priority Enabled CRP Prefix Enabled SPT Threshold Enabled SPT Threshold Group 224 1 0 0 SPT Threshold...

Page 1168: ...ster checksum is calculated over the whole packet instead of just the packet header Ignore RP Set Priority Shows if the priority value for RP candidates is ignored and only the hashing mechanism is us...

Page 1169: ...0 BSR priority 0 BSR hash mask length 10 Uptime 0 0 0 Expires 0 0 5 Candidate BSR 192 168 1 250 Vlan1 Candidate BSR Priority 0 Candidate BSR hash mask length 10 Console Field Description PIMv2 BootStr...

Page 1170: ...of significant bits used in the multicast group comparison mask by this BSR candidate Candidate RP Candidate RP address The address of all candidate RPs attached to this interface Candidate RP Group...

Page 1171: ...ays the RP map Table 156 show ip pim rp mapping Display Description Console show ip pim rp mapping PIM Group to RP Mappings Group s 224 0 0 0 8 Static RP 10 1 1 1 Uptime 0 0 0 RP 192 168 1 19 Uptime 0...

Page 1172: ...ticast group address If a group address is not specified the RP is used for all multicast groups Command Mode Privileged Exec Example This example displays the RP used for the specified group and the...

Page 1173: ...PC directly to the serial Console port on the ECN330 s front panel and using VT100 terminal emulation software that supports the XModem protocol See section 5 2 2 on page 38 1 Connect a PC to the ECN3...

Page 1174: ...the ECN330 switch 9 Check that the ECN330 switch has sufficient flash memory space for the new code file before starting the download From the CLI use the dir command to see how much available flash m...

Page 1175: ...binary software file for the ECN330 switch 11 After the file has been downloaded there is a prompt Update Image File to specify the type of code file Press R for runtime code D for diagnostic code or...

Page 1176: ...the PC s terminal emulation software baud rate back to 9600 baud Press Enter to reset communications with the ECN330 switch 16 Press Q to quit the firmware download mode and boot the ECN330 switch Se...

Page 1177: ...see if the condition clears If the condition persists replace the unit DIAG LED is on red The ECN330 switch has detected a fault Power cycle the ECN330 to see if the condition is cleared If the condit...

Page 1178: ...in an alternate environment where all the other components are functioning properly A port status LED is off There is no valid link on the port Verify that the ECN330 and attached device are powered...

Page 1179: ...l user defined configuration files Press Q to boot the ECN330 switch Cannot connect using Telnet web browser or SNMP software Be sure the ECN330 is powered up Check network cabling between the managem...

Page 1180: ...server are properly configured on the ECN330 switch and that the SSH client software is properly configured on the management station Be sure a public key has been generated on the ECN330 switch and...

Page 1181: ...r better 1000BASE T RJ45 100 ohm UTP cable Category 5 5e or 6 Communication Speed 10 100 1000 Mbps Communication Mode Full and half duplex Power over Ethernet 23 1 W maximum per port 600 mA continuous...

Page 1182: ...m internally for ECN330 and externally for Power over Ethernet devices Heat Dissipation 40 9 BTU hr 12 W Maximum Current 1 1 A 40 5 VDC internally for ECN330 16 0 A 40 5 VDC internally for ECN330 and...

Page 1183: ...r or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading TFTP in band or XModem out of band SNMP Management access through MIB database Trap management to specified hosts RMO...

Page 1184: ...F MIB RFC 1850 PEA_EQUIPMENT PEM STANDARD PEM STANDARD TC PIM MIB RFC 2934 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power over Ethernet MIB RFC 3621 Private MIB Quality of S...

Page 1185: ...MIB RFC 2013 VRRP MIB RFC 2787 IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Full duplex flow control IEEE 802 1p Priority tags IEEE 802 3ac VLAN tagging IEEE 802 1D Bridgi...

Page 1186: ...VMRP HTTPS RFC 792 ICMP RFC 1112 IGMP RFC 2236 IGMPv2 RFC 3228 IPv4 IGMP draft martini l2circuit trans mpls 16 draft martini l2circuit encap mpls 09 L2MPLS RFC 2328 2178 1587 OSPF RFC 3973 PIM DM RFC...

Page 1187: ...pecifications 1181 1553 KDU 137 365 Uen D 2006 06 16 RFC 1157 SNMP RFC 1901 SNMPv2c RFC 3414 3410 2273 3411 3415 SNMPv3 RFC 2030 SNTP SSH Version 2 0 RFC 854 855 856 TELNET RFC 1350 TFTP RFC 3768 VRRP...

Page 1188: ...Specifications 1182 1553 KDU 137 365 Uen D 2006 06 16...

Page 1189: ...ress Resolution Protocol AS Autonomous System BDR Backup Designated Router BOOTP Boot Protocol BPDU Bridge Protocol Data Unit BSR Bootstrap Router CIS Common and Internal Spanning Tree CLI Command Lin...

Page 1190: ...SLAM Digital Subscriber Line Access Multiplexer DVMRP Distance Vector Multicast Routing Protocol EAN Ethernet Access Node EAP Extensible Authentication Protocol EAPOL Extensible Authentication Protoco...

Page 1191: ...ayer IMAP Internet Message Access Protocol IC Interface Configuration mode IPX Internetwork Packet Exchange IST Internal Spanning Tree Kbps Kilobits per second LACP Link Aggregation Control Protocol L...

Page 1192: ...k MD5 Message Digest Algorithm 5 MDI Media Dependent Interface MDI X Media Dependent Interface Crossover MIB Management Information Base MPLS Muliti Protocol Label Switching MST Multiple Spanning Tree...

Page 1193: ...PIM Protocol Independent Multicasting PoE Power over Ethernet POP Post Office Protocol POST Power on Self test PVID Port VLAN ID PVLAN Protected VLAN QinQ Queue in Queue Tunneling QoS Quality of Serv...

Page 1194: ...rd Computer SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SMTP Simple Mail Transfer Protocol SNTP Simple Network Time Protocol SFP Small Form Factor Pluggable SPF Shortest Path Fir...

Page 1195: ...col Identifier TTL Time To Live UDP User Datagram Protocol UTC Coordinated Universal Time UTP Unshielded Twisted Pair VC Virtual Channel VLAN Database Configuration mode VLAN Virtual Local Area Networ...

Page 1196: ...List of Abbreviations 1190 1553 KDU 137 365 Uen D 2006 06 16...

Page 1197: ...ble 1000BASE T IEEE 802 3ab specification for Gigabit Ethernet over four pairs of Category 5 5e or 6 100 ohm UTP cable 1000BASE X IEEE 802 3 shorthand term for any 1000 Mbps Gigabit Ethernet based on...

Page 1198: ...mmunication method employed by Ethernet and Fast Ethernet Differentiated Services DiffServ DiffServ provides quality of service on large networks by employing a well defined set of building blocks fro...

Page 1199: ...rnet rings used in many Metropolitan Area Networks MANs for fibre runs Extensible Authentication Protocol over LAN EAPOL EAPOL is a client authentication protocol used by this switch to verify the net...

Page 1200: ...ngineers IEEE 802 1D Specifies a general method for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information...

Page 1201: ...ps they wish to join or to which they already belong The elected querier will be the device with the lowest IP address in the subnetwork Internet Control Message Protocol ICMP A network layer protocol...

Page 1202: ...Port Trunk Link Aggregation Control Protocol LACP Allows ports to automatically negotiate a trunked link with LACP configured ports on another device Link Segment Length of twisted pair or fiber cabl...

Page 1203: ...er a larger network such as the Internet as opposed to distance vector routing protocols such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Len...

Page 1204: ...il Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the netwo...

Page 1205: ...device over TCP IP Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS co...

Page 1206: ...ources as though located on the same LAN Virtual Router Redundancy Protocol VRRP A protocol that uses a virtual IP address to support a primary router and multiple backup routers The backups can be co...

Page 1207: ...690 692 693 VLAN 157 174 182 690 719 732 ACL configuration mode defined 523 action VLAN ACL 723 address learning configuring for port 143 672 address monitor mode 292 301 887 Address Resolution Protoc...

Page 1208: ...423 1031 clear log 590 clear mac address table dynamic 788 clear vrrp interface counters 1014 clear vrrp router counters 1014 CLI interface abbreviations 518 arguments defined 518 customizing the prom...

Page 1209: ...public key 138 662 664 delete files 88 565 deny Extended ACL 161 694 MAC ACL 164 709 Standard ACL 160 693 description interface 187 738 DHCP 81 84 1016 address pool 380 983 basic setting 43 client 81...

Page 1210: ...E EAPOL 24 EAPS 258 271 configuration guidelines 260 824 Control VLAN 267 831 description 258 domain configuration 265 826 global configuration 264 835 master mode 266 268 827 primary port 267 Protec...

Page 1211: ...ion mode defined 523 Global Configuration defined 522 GVRP 276 842 global setting 276 843 interface configuration 291 844 H hardware features 7 hardware version displaying 75 550 hardware address DHCP...

Page 1212: ...ip dvmrp metric 479 1116 ip host 964 ip http port 650 ip http secure port 133 653 ip http secure server 133 651 ip http server 650 ip igmp 952 ip igmp last memb query interval 957 ip igmp max resp in...

Page 1213: ...enabling or disabling 401 1029 status 401 1029 unicast protocols 400 ip routing 1029 IP settings default 33 ip split horizon 1046 ip ssh authentication retries 660 ip ssh crypto host key generate 663...

Page 1214: ...n sequence 128 129 637 638 M mac access group 717 mac address for VLAN 864 mac address table aging time 791 mac address table static 787 mac learning 143 672 main menu 54 528 maintenance fuse replacem...

Page 1215: ...360 361 938 941 multicast routing 469 1103 description 469 DVMRP 473 1107 enabling 469 1104 general commands 1104 global settings 469 1104 PIM DM 484 1122 PIM SM 490 1134 routing table 470 1105 multic...

Page 1216: ...CL 160 PIM DM 484 1122 1123 configuring 484 1122 enable on interface 486 1124 global configuration 484 1123 graft retries 487 1130 graft retry interval 486 1129 hello holdtime 486 1126 hello interval...

Page 1217: ...5 8 displaying statistics 213 751 displaying status 749 753 duplex mode 187 739 flow control 188 743 forced selection on combo ports 189 745 speed 187 739 ports configuring 184 736 ports mirroring 209...

Page 1218: ...F external routing information 460 1064 reload 535 remote logging 98 589 remote management 39 rendezvous point 491 499 1141 1144 restarting the system 103 535 revision MSTP 241 808 RIP authentication...

Page 1219: ...interfaces counters 751 show interfaces protocol vlan protocol group 881 show interfaces status 749 show interfaces switchport 753 show ip access group 706 show ip access list 697 show ip dhcp bindin...

Page 1220: ...tp 604 show spanning tree 821 show spanning tree mst configuration 823 show ssh 666 show startup config 542 show system 548 show system mode 553 show system mtu 556 show tacacs server 648 show users 5...

Page 1221: ...nning tree global enable 239 796 specifications compliances 1176 environmental 1176 physical 1175 power 1176 speed console baud rate 580 speed duplex port configuration 739 SSH authentication retries...

Page 1222: ...slog servers configuring 98 587 system clock setting 104 600 system defaults 30 system files defined 35 managing 86 560 running config 36 40 system information displaying 69 548 system LEDs 11 system...

Page 1223: ...ration 290 855 864 MAC address configuration 294 864 private 303 868 protocol 311 877 VRRP 389 999 authentication 392 1002 configuration settings 389 999 group statistics 395 1007 1010 preemption 390...

Page 1224: ...Index 1218 1553 KDU 137 365 Uen D 2006 06 16...

Page 1225: ......

Page 1226: ...Created by EBCCW 00 06 Ericsson AB 2006 All Rights Reserved 1553 KDU 137 365 Uen D 2006 06 16 Ericsson AB www ericsson com...

Reviews:

No comments

Brands by name

Popular brands

Load more brands