manualshive.com logo in svg

NETGEAR 7200 Series, User Manual

The Cisco 7200 Series is a high-performance network router that offers excellent scalability and flexibility for enterprise networks. Ensure compliance and safety with the comprehensive Regulatory Compliance and Safety Information Manual, available for free download from manualshive.com. Discover how to optimize your network securely and efficiently with this essential manual.

Share
Download
background image

User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4

Security Commands

9-25

202-10102-01, May 2005

no ip http secure-port

This command is used to reset the sslt port to the default value.

Format  

no ip http secure-port 

Mode  

Privileged EXEC

ip http secure-protocol

This command is used to set protocol levels (versions). The protocol level can be set to TLS1, 
SSL3 or to both TLS1 and SSL3.

Default   

SSL3 and TLS1

Format  

ip http secure-protocol [SSL3] [TLS1]

Mode  

Privileged EXEC

ip http secure-server

This command is used to enable the secure socket layer for secure HTTP. 

Default   

disabled

Format  

ip http secure-server

Mode  

Privileged EXEC

no ip http secure-server

This command is used to disable the secure socket layer for secure HTTP. 

Format  

ip http secure-server

Mode  

Privileged EXEC

ip http server

This command enables access to the switch through the Web interface. When access is enabled, 
the user can login to the switch from the Web interface. When access is disabled, the user cannot 
login to the switch's Web server. 

Disabling the Web interface takes effect immediately. All interfaces are effected.

Summary of Contents for 7200 Series

Page 1: ...202 10102 01 May 2005 202 10102 01 May 2005 NETGEAR Inc 4500 Great America Parkway Santa Clara CA User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4 ...

Page 2: ...ormation card for the correct telephone number for your country Trademarks NETGEAR is a registered trademark of NETGEAR INC Windows is a registered trademark of Microsoft Corporation Other brand and product names are trademarks or registered trademarks of their respective holders Information is subject to change without notice All rights reserved Statement of Conditions In the interest of improvin...

Page 3: ... harmful interference 2 This device must accept any interference received including interference that may cause undesired operation EN 55 022 Declaration of Conformance This is to certify that the NETGEAR 7200 Series Layer 2 Managed Switch is shielded against the generation of radio interference in accordance with the application of Council Directive 89 336 EEC Article 4a Conformity is declared by...

Page 4: ...202 10102 01 May 2005 iv ...

Page 5: ...3 Administration Console Interface Set Up Your Switch Using Direct Console Access 3 1 Chapter 4 Web Based Management Interface Web Based Management Overview 4 2 How to Log In to the Managed Switch 4 2 Web Based Management Utility Features 4 4 Interactive Switch Image 4 5 Menus 4 5 Main Menus 4 5 Secondary Menus 4 6 Management 4 6 Switch 4 6 Traffic Management 4 7 System Wide Popup Menus 4 7 Port S...

Page 6: ... Out of Band PC Only XMODEM 6 5 Quick Start up Downloading from Out of Band PC to Switch Only XMODEM 6 5 Quick Start up Downloading from TFTP Server 6 6 Quick Start up Factory Defaults 6 6 Chapter 7 Mode based CLI Mode based Topology 7 3 Mode based Command Hierarchy 7 4 Flow of Operation 7 6 No Form of a Command 7 7 Support for No Form 7 7 Behavior of Command Help 7 7 Chapter 8 Switching Commands ...

Page 7: ...t 8 16 session timeout 8 16 no session timeout 8 16 bridge aging time 8 17 no bridge aging time 8 17 mtu 8 17 no mtu 8 18 network javamode 8 18 no network javamode 8 18 network mac address 8 18 network mac type 8 19 no network mac type 8 19 network parms 8 19 network protocol 8 19 telnetcon maxsessions 8 20 no telnetcon maxsessions 8 20 telnetcon timeout 8 20 no telnetcon timeout 8 20 serial baudr...

Page 8: ...sk 8 29 no snmp server community ipmask 8 29 snmp server community mode 8 29 no snmp server community mode 8 29 snmp server community ro 8 30 snmp server community rw 8 30 snmp server enable traps 8 30 no snmp server enable traps 8 30 snmp server enable traps bcaststorm 8 30 no snmp server enable traps bcaststorm 8 31 snmp server enable traps linkmode 8 31 no snmp server enable traps linkmode 8 31...

Page 9: ...negotiate 8 36 no auto negotiate 8 36 auto negotiate all 8 36 no auto negotiate all 8 37 deleteport Interface Config 8 37 deleteport Global Config 8 37 macfilter 8 37 no macfilter 8 38 macfilter adddest 8 38 no macfilter adddest 8 38 macfilter adddest all 8 38 no macfilter adddest all 8 39 macfilter addsrc 8 39 no macfilter addsrc 8 39 macfilter addsrc all 8 39 no macfilter addsrc all 8 40 monitor...

Page 10: ...tic 8 46 show mac address table staticfiltering 8 46 show monitor 8 47 show port 8 48 show port protocol 8 48 show storm control 8 49 Virtual LAN VLAN Commands 8 49 vlan 8 49 no vlan 8 49 vlan acceptframe 8 50 no vlan acceptframe 8 50 vlan ingressfilter 8 50 no vlan ingressfilter 8 50 vlan makestatic 8 51 vlan name 8 51 no vlan name 8 51 vlan participation 8 51 vlan participation all 8 52 vlan por...

Page 11: ...vlan group 8 56 no protocol vlan group 8 56 protocol vlan group all 8 56 no protocol vlan group all 8 56 vlan pvid 8 57 no vlan pvid 8 57 vlan tagging 8 57 no vlan tagging 8 57 show vlan 8 58 show vlan brief 8 59 show vlan port 8 59 System Utility Commands 8 60 traceroute 8 60 clear config 8 60 clear counters 8 61 clear igmpsnooping 8 61 clear pass 8 61 enable passwd 8 61 clear port channel 8 61 c...

Page 12: ...67 logging buffered wrap 8 68 no logging wrap 8 68 logging console 8 68 no logging console 8 68 logging persistent 8 68 no logging persistent 8 69 logging host 8 69 logging host remove 8 69 logging port 8 69 no logging port 8 70 logging syslog 8 70 no logging syslog 8 70 show logging 8 70 show logging persistent 8 71 show logging buffered 8 71 show logging hosts 8 72 Simple Network Time Protocol S...

Page 13: ...rver 8 75 no sntp server 8 75 show sntp 8 76 show sntp client 8 76 show sntp server 8 76 User Account Commands 8 77 disconnect 8 77 show loginsession 8 78 show users 8 78 users name 8 79 no users name 8 79 users passwd 8 79 no users passwd 8 80 users snmpv3 accessmode 8 80 no users snmpv3 accessmode 8 80 users snmpv3 authentication 8 80 no users snmpv3 authentication 8 81 users snmpv3 encryption 8...

Page 14: ... pool 8 86 lease 8 86 no lease 8 86 network 8 86 no network 8 87 service dhcp 8 87 no service dhcp 8 87 bootfile 8 87 no bootfile 8 87 domain name 8 88 no domain name 8 88 ip dhcp bootp automatic 8 88 no ip dhcp bootp automatic 8 88 ip dhcp conflict logging 8 88 no ip dhcp conflict logging 8 89 netbios name server 8 89 no netbios name server 8 89 netbios node type 8 89 no netbios node type 8 90 ne...

Page 15: ...96 no mode dot1q tunnel 8 96 mode dvlan tunnel 8 96 no mode dvlan tunnel 8 96 show dot1q tunnel 8 96 show dot1q tunnel interface 8 97 show dvlan tunnel 8 97 show dvlan tunnel interface 8 97 Provisioning IEEE 802 1p Commands 8 98 classofservice dot1pmapping 8 98 show classofservice dot1pmapping 8 98 vlan port priority all 8 99 vlan priority 8 99 GARP Commands 8 99 set garp timer join 8 100 no set g...

Page 16: ...mode 8 106 no set gmrp adminmode 8 106 set gmrp interfacemode 8 106 no set gmrp interfacemode 8 106 set gmrp interfacemode all 8 107 no set gmrp interfacemode all 8 107 show gmrp configuration 8 107 show mac address table gmrp 8 108 IGMP Snooping Commands 8 108 set igmp 8 109 no set igmp 8 109 set igmp interfacemode all 8 110 no set igmp interfacemode all 8 110 set igmp fast leave 8 110 no set igm...

Page 17: ... 8 118 spanning tree 8 119 no spanning tree 8 119 spanning tree bpdumigrationcheck 8 119 no spanning tree bpdumigrationcheck 8 120 spanning tree configuration name 8 120 no spanning tree configuration name 8 120 spanning tree configuration revision 8 120 no spanning tree configuration revision 8 120 spanning tree edgeport 8 121 no spanning tree edgeport 8 121 spanning tree forceversion 8 121 no sp...

Page 18: ...spanning tree 8 127 show spanning tree summary 8 129 show spanning tree interface 8 129 show spanning tree mst port detailed 8 130 show spanning tree mst port summary 8 132 show spanning tree mst summary 8 132 show spanning tree vlan 8 133 Chapter 9 Security Commands Port Security Commands 9 1 port security 9 1 no port security 9 1 port security max dynamic 9 2 no port security max dynamic 9 2 por...

Page 19: ...ogin 9 7 dot1x max req 9 7 no dot1x max req 9 7 dot1x port control 9 8 no dot1x port control 9 8 dot1x port control All 9 8 no dot1x port control All 9 9 dot1x re authenticate 9 9 dot1x re authentication 9 9 no dot1x re authentication 9 9 dot1x system auth control 9 9 no dot1x system auth control 9 10 dot1x timeout 9 10 no dot1x timeout 9 11 dot1x user 9 11 no dot1x user 9 11 show radius accountin...

Page 20: ...server timeout 9 20 show radius 9 20 show radius statistics 9 21 Secure Shell SSH Commands 9 22 ip ssh 9 22 no ip ssh 9 22 ip ssh protocol 9 23 sshcon maxsessions 9 23 no sshcon maxsessions 9 23 sshcon timeout 9 23 no sshcon timeout 9 24 show ip ssh 9 24 Hypertext Transfer Protocol HTTP Commands 9 24 ip http secure port 9 24 no ip http secure port 9 25 ip http secure protocol 9 25 ip http secure s...

Page 21: ...ss group 10 7 show ip access lists 10 8 show access lists 10 8 Differentiated Services DiffServ Commands 10 9 diffserv 10 10 no diffserv 10 10 Class Commands 10 10 class map 10 11 no class map 10 11 class map rename 10 11 match ethertype 10 12 match secondary cos 10 12 match secondary vlan 10 12 match any 10 12 match class map 10 13 no match class map 10 13 match cos 10 14 match destination addres...

Page 22: ...map 10 22 no policy map 10 22 policy map rename 10 22 Service Commands 10 22 service policy 10 23 no service policy 10 23 Show Commands 10 24 show class map 10 24 show diffserv 10 25 show policy map 10 25 show diffserv service 10 27 show diffserv service brief 10 28 show policy map interface 10 28 show service policy 10 29 Class of Service CoS Commands 10 29 classofservice dot1p mapping 10 29 clas...

Page 23: ...t 10 33 show interfaces cos queue 10 33 Appendix A Cabling Guidelines Fast Ethernet Cable Guidelines A 1 Category 5 Cable A 2 Category 5 Cable Specifications A 2 Twisted Pair Cables A 3 Patch Panels and Cables A 4 Using 1000BASE T Gigabit Ethernet over Category 5 Cable A 5 Cabling A 5 Near End Cross Talk NEXT A 6 Patch Cables A 6 RJ 45 Plug and RJ 45 Connectors A 6 Conclusion A 8 Appendix B Glossa...

Page 24: ...202 10102 01 May 2005 xxiv Contents M B 12 N B 14 O B 14 P B 15 Q B 16 R B 17 S B 18 T B 19 U B 20 V B 20 W B 21 X B 22 ...

Page 25: ...rators configuring and operating a system using Series 7200 L2 Switch software It is intended to provide an understanding of the configuration options of Series 7200 L2 Switch software It is assumed that the reader has an understanding of the relevant switch platforms It is also assumed that the reader has a basic knowledge of Ethernet and networking concepts How to Use This Document This document...

Page 26: ...ing formats to highlight special messages This manual is written for the Series 7200 L2 Switch according to these specifications Table 1 Typographical conventions italics Emphasis bold User input Enter Named keys in text are shown enclosed in square brackets The notation Enter is used for the Enter key and the Return key Ctrl C Two or more keys that must be pressed simultaneously are shown in text...

Page 27: ...hernet FEN and Gigabit Ethernet GEN switching continues to evolve from high end backbone applications to desktop switching applications The price of the technology continues to decline while performance and feature sets continue to improve Devices that are capable of switching Layers 2 3 and 4 are increasingly in demand The NETGEAR 7200 Series Layer 2 Managed Switch provides a flexible solution to...

Page 28: ... full functionality HyperTerminal is built into Microsoft Windows 95 98 NT 2000 XP operating systems Secure make sure the switch is installed in a secure area Must be near switch or use dial up connection Not convenient for remote users Not graphical Web browser or Telnet Can be accessed from any location via the switch s IP address Ideal for configuring the switch remotely Compatible with Interne...

Page 29: ...Administration Console Management Method Set Up Your Switch Using Direct Console Access The direct access management method is required when you initially set up your switch Thereafter the convenience and additional features of the Web management access method make it the best method to manage the switch See Web Based Management Overview on page 4 2 for more information Direct access to the switch...

Page 30: ...ther systems follow similar steps 1 Click the Windows Start button Select Accessories and then Communications HyperTerminal should be one of the options listed in this menu Select HyperTerminal 2 The following screen will appear Enter a name for this connection In the example below the name of the connection is FSM726 Click OK Figure 3 2 Connection Description 3 The following screen will appear In...

Page 31: ...arity None Stop Bits 1 Flow Control None Figure 3 4 Connection Settings 5 Click OK The HyperTerminal window will open and you should be connected to the switch If you do not get a welcome screen or a system menu press the return key When attached to the User Interface via a console connection the following must be set in order to use the arrow keys Under the terminal pull down menu choose Properti...

Page 32: ...User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4 3 4 Administration Console Interface 202 10102 01 May 2005 ...

Page 33: ...the switch and it s web interface When you configure the switch for the first time from the console you can assign an IP address and subnet mask to the switch Thereafter you can access the switch s Web interface directly using your Web browser by entering the switch s IP address into the address bar In this way you can use your Web browser to manage the switch from a central location just as if yo...

Page 34: ...ations Describes Web browser requirements and common commands Product Overview Describes supported SNMP and Web management features Summary of Features Feature List How to Log In to the Managed Switch The NETGEAR 7200 Series Layer 2 Managed Switch can be configured remotely from Microsoft Internet Explorer browser version 5 0 or above or Netscape Navigator web browser version 4 78 or above 1 Deter...

Page 35: ...creen for the Managed Switch Click the Login link A user name and password dialog box opens like this one Figure 4 4 User name password dialog box 4 Type the default user name of admin and default of no password or whatever password you have set up Once you have entered your user name and password your Web browser should automatically retrieve and display the home page as shown below ...

Page 36: ...Web Based Management Interface 202 10102 01 May 2005 Web Based Management Utility Features Figure 4 5 System Information page This welcome page displays system information such as System Description System Name System Location System Contact IP Address System Object ID OID System Up Time ...

Page 37: ...connectivity and traffic indication for each port In addition using the popup menus described below you can directly access a wealth of information by right clicking on a port and selecting a menu item from the popup menu that displays Menus The Web based interface enables navigation through several menus The main navigation menu is on the left of every page and contains the screens that let you a...

Page 38: ...m see System Information and Statistics Commands on page 8 1 Utilities see System Utility Commands on page 8 60 Access see the following sections Administration Console Interface on page 3 1 System Management Commands on page 8 14 Security see Chapter 9 Security Commands and User Account Commands on page 8 77 Port Access Control Port Based Network Access Control IEEE 802 1X Commands on page 9 5 RA...

Page 39: ...rv see Differentiated Services DiffServ Commands on page 10 9 Traffic Control see System Management Commands on page 8 14 System Wide Popup Menus The Series 7200 L2 Switch also provides several popup menus Figure 4 8 Switch popup menus You can also access the main navigation menu by right clicking on the image of the switch and browsing to the menu you want to use ...

Page 40: ...ent Interface 202 10102 01 May 2005 Port Specific Popup Menus The Series 7200 L2 Switch also provides several popup menus for each port Figure 4 9 Switch popup menus You can access a port specific popup menu by right clicking on the port in the image of the switch and browsing to the menu you want to use ...

Page 41: ... structure outlined below CLI Command Format Commands are followed by values parameters or both Example 1 network parms ipaddr netmask gateway network parms is the command name ipaddr netmask are the required values for the command gateway is the optional value for the command Example 2 snmp server location loc snmp server location is the command name loc is the required parameter for the command ...

Page 42: ... ipaddr This parameter is a valid IP address made up of four decimal bytes ranging from 0 to 255 The default for all IP parameters consists of zeros that is 0 0 0 1 The interface IP address of 0 0 0 0 is invalid In some cases the IP address can also be entered as a 32 bit number macaddr The MAC address format is six hexadecimal numbers separated by colons for example 00 06 29 32 81 40 areaid Area ...

Page 43: ...e operator wishes to use spaces as part of a name parameter then it must be enclosed in double quotation marks Empty strings are not valid user defined strings Command completion finishes spelling the command when enough letters of a command are typed to uniquely identify the command word The command may be executed by typing enter command abbreviation or the command word may be completed by typin...

Page 44: ...r flags the beginning of a comment The comment flag character can begin a word anywhere on the command line and all input following this character is ignored Any command line that begins with the character is recognized as a comment line and ignored by the parser Some examples are provided below Script file for displaying the ip interface Display information about interfaces show ip interface 0 1 ...

Page 45: ... Turn the Power ON 3 Allow the device to load the software until the login prompt appears The device initial state is called the default mode 4 When the prompt asks for operator login execute the following steps Type the word admin in the login area Since a number of the Quick Setup commands require administrator account rights NETGEAR suggests logging into an administrator account Enter the passw...

Page 46: ...ce provides For example Machine Model FSM7328S 24 24 10 100 ports 04 4 Uplink ports on front of switch Table 6 2 Quick Start up Physical Port Data Command Details show port all in Privileged EXEC Displays the Ports slot port Type Indicates if the port is a special type of port Admin Mode Selects the Port Control Administration State Physical Mode Selects the desired port speed and duplex mode Phys...

Page 47: ...ead Only users show loginsession in User EXEC Displays all of the login session information users passwd username in Global Config Allows the user to set passwords or change passwords needed to login A prompt will appear after the command is entered requesting the users old password In the absence of an old password leave the area blank The operator must press enter to execute the command The syst...

Page 48: ...t Mask for the interface Default is 0 0 0 0 Default Gateway The default Gateway for this interface Default value is 0 0 0 0 Burned in MAC Address The Burned in MAC Address used for in band connectivity Locally Administered MAC Address Can be configured to allow a locally administered MAC address MAC Address Type Specifies which MAC address should be used for in band connectivity Network Configurat...

Page 49: ...RL must be specified as xmodem filepath fileName This starts the upload and also displays the mode of uploading and the type of upload it is and confirms the upload is taking place For example If the user is using HyperTerminal the user must specify where the file is going to be received by the PC Table 6 6 Quick Start up Downloading from Out of Band PC to Switch Only XMODEM Command Details copy u...

Page 50: ...URL must be specified as tftp ipAddr filepath fileName The nvram startup config option downloads the config file using tftp and system image option downloads the code file Table 6 8 Quick Start up Factory Defaults Command Details clear config Enter yes when the prompt pops up to clear all the configurations made to the switch copy system running config nvram startup config Enter yes when the promp...

Page 51: ...l Config Mode Vlan Mode Interface Config Mode Line Config Mode Policy Map Mode Policy Class Mode Class Map Mode Router Config RIP Mode DHCP Pool Configuration Mode The Command Mode table captures the command modes the prompts visible in that mode and the exit method from that mode Table 7 1 Command Mode Command Mode Access Method Prompt Exit or Access Next Mode User Exec Mode This is the first lev...

Page 52: ... to User Exec mode enter ctrl Z Policy Map Mode From the Global Configuration mode enter the policy map command Switch Config policy map To exit to the Global Config mode enter exit To return to user EXEC mode enter ctrl Z Policy Class Mode From the Policy Map mode enter the class command Switch Config policy classmap To exit to Policy Map mode enter exit To return to User Exec mode enter ctrl Z C...

Page 53: ...re the commands are available according to the interface Some of the modes are depicted in the mode based CLI Figure 1 FIGURE 1 Mode based CLI User Exec ROOT Enable Passwd Correct Yes No Return to Exec prompt Global Config VLAN Privileged User Exec commands are also accessible in Privileged Exec mode Bwp Policy Map Interface Class Map Line Config Router Config Circuit Config IP Config ...

Page 54: ...s level is Command Prompt Exec Privileged Exec Mode To have access to the full suite of commands the operator must enter the Privileged Exec mode The Privileged Exec mode requires password authentication From Privileged Exec mode the operator can issue any Exec command or enter the Global Configuration mode The command prompt shown at this level is Command Prompt Exec Global Config Mode This mode ...

Page 55: ...se the policy map command to access the QoS policy map con figuration mode to configure the QoS policy map Config policy map Command Prompt Config policy map Policy Class Mode Use the class command to access the QoS policy classmap mode to configure the QoS policy map Config policy map class Command Prompt Config policy classmap Class Map Mode This mode consists of class creation deletion and matc...

Page 56: ... detected The layout of the output is depicted below FIGURE 2 Syntax Error Message After all the mandatory parameters are entered any additional parameters entered are treated as optional parameters If any of the parameters are not recognized a syntax error message will be displayed 2 After the command is successfully parsed and validated the control of execution goes to the corresponding CLI call...

Page 57: ...alue back to the default For example the no shutdown interface configuration command reverses the shutdown of an interface Use the command without the keyword no to re enable a disabled feature or to enable a feature that is disabled by default Behavior of Command Help The no form is treated as a specific form of an existing command and does not represent a new or distinct command This implies tha...

Page 58: ...User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4 7 8 Mode based CLI 202 10102 01 May 2005 ...

Page 59: ... all of the settings to factory defaults This chapter includes the following configuration types System information and statistics commands System Management commands Device configuration commands User account management commands Security commands System utilities System Information and Statistics Commands This chapter provides a detailed explanation of the software platform commands The commands ...

Page 60: ...dress The IP address assigned to each interface slot port Valid slot and port number separated by forward slashes show eventlog This command displays the event log which contains error messages from the system The event log is not cleared on a system reset Format show eventlog Mode Privileged EXEC File The file in which the event originated Line The line number of the event Task Id The task ID of ...

Page 61: ...to this system such as BGP 4 or Multicast show interface This command displays a summary of statistics for a specific port or a count of all CPU traffic based upon the argument Format show interface slot port switchport Mode Privileged EXEC The display parameters when the argument is slot port is as follows Packets Received Without Error The total number of packets including broadcast packets and ...

Page 62: ... requested to be transmitted to the Broadcast address including those that were discarded or not sent Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The total number of Forwarding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The numbe...

Page 63: ...he total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The t...

Page 64: ... that were less than 64 octets in length excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length exclud...

Page 65: ... Total Bytes The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and ether StatsOctets objects should be sampled before and after a common inter val Packets Transmitted 64 Octets The total n...

Page 66: ...level protocols requested be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent Transmit Errors Total Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total...

Page 67: ...rotocol Data Units transmitted from the spanning tree layer 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE opera tion This counter does not increment when the interface is operating in half duplex mode GVRP PDU s Received The count of GVRP PDU s received in the GARP layer GVRP PDU s Transmitted The count of GVRP PDU s trans...

Page 68: ...r of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include mult...

Page 69: ...ies Ever Used The largest number of VLANs that have been active on this switch since the last reboot Static VLAN Entries The number of presently active VLAN entries on this switch that have been created statically Dynamic VLAN Entries The number of presently active VLAN entries on this switch that have been created by GVRP registration VLAN Deletes The number of VLANs on this switch that have been...

Page 70: ...y colons for example 01 23 45 67 89 AB In an IVL system the MAC address will be displayed as 8 bytes Slot Port The port which this address was learned if Index This object indicates the ifIndex of the interface table entry associated with this port Status The status of this entry The meanings of the values are Static The value of the corresponding instance was added by the system or a user when a ...

Page 71: ...values that differ from the default value The output is displayed in script format which can be used to configure another switch with the same configuration When a script name is provided the output is redirected to a configuration script The option all will also enable the display capture of all commands with settings configurations that include values that are same as the default values If the o...

Page 72: ... to 31 alphanumeric characters Default none Format snmp server sysname name location loc contact con Mode Global Config System Management Commands These commands manage the switch and show current management settings The commands are divided into two functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the...

Page 73: ...ig no transport input telnet This command disables telnet sessions If sessions are disabled no new telnet sessions are established Format no transport input telnet Mode Line Config transport output telnet This command regulates new outbound telnet connections If enabled new outbound telnet sessions can be established until it reaches the maximum number of simultaneous outbound telnet sessions allo...

Page 74: ...session limit This command sets the maximum number of simultaneous outbound telnet sessions to the default value Format no session limit Mode Line Config session timeout This command sets the outbound telnet session timeout value The timeout value unit of time is minutes A value of 0 indicates that a session remains active indefinitely Default 0 Format session timeout 0 160 Mode Line Config no ses...

Page 75: ... database address aging timeout to 300 seconds In an IVL system the fdbid all parameter is required Format no bridge aging time fdbid all Mode Global Config Forwarding Database ID Fdbid Forwarding database ID indicates which forwarding database s aging timeout is being configured All is used to configure all forward ing database s agetime mtu This command sets the maximum transmission unit MTU siz...

Page 76: ...t network javamode Mode Privileged EXEC no network javamode This command disallows access to the Java applet in the header frame of the Web interface When access is disabled the user cannot view the Java applet Format no network javamode Mode Privileged EXEC network mac address This command sets locally administered MAC addresses The following rules apply Bit 6 of byte 0 called the U L bit indicat...

Page 77: ...ed EXEC network parms This command sets the IP Address subnet mask and gateway of the router The IP Address and the gateway must be on the same subnet Format network parms ipaddr netmask gateway Mode Privileged EXEC network protocol This command specifies the network configuration protocol to be used If you modify this value change is effective immediately The parameter bootp indicates that the sw...

Page 78: ...Mode Privileged EXEC telnetcon timeout This command sets the telnet connection session timeout value in minutes A session is active as long as the session has not been idle for the value set The time is a decimal value from 1 to 160 Note Changing the timeout value for active sessions does not become effective until the session is reaccessed Also any keystroke activates the new timeout duration Def...

Page 79: ...ation rate of the terminal interface Format no serial baudrate Mode Line Config serial timeout This command specifies the maximum connect time in minutes without console activity A value of 0 indicates that a console can be connected indefinitely The time range is 0 to 160 Default 5 Format serial timeout 0 160 Mode Line Config no serial timeout This command sets the maximum connect time in minutes...

Page 80: ...splays the current outbound telnet settings Format show telnet Modes Privileged EXEC User EXEC Outbound Telnet Login Timeout in minutes Indicates the number of minutes an out bound telnet session is allowed to remain inactive before being logged off A value of 0 which is the default results in no timeout Maximum Number of Outbound Telnet Sessions Indicates the number of simultaneous outbound telne...

Page 81: ...e factory default value is 0 0 0 0 Subnet Mask The IP subnet mask for this interface The factory default value is 0 0 0 0 Default Gateway The default gateway for this IP interface The factory default value is 0 0 0 0 Burned In MAC Address The burned in MAC address used for in band connectivity Locally Administered MAC Address If desired a locally administered MAC address can be configured for in b...

Page 82: ...as a number from 0 to 160 The factory default is 5 Maximum Number of Remote Connection Sessions This object indicates the number of simultaneous remote connection sessions allowed The factory default is 5 Allow New Telnet Sessions Indicates that new telnet sessions will not be allowed when set to no The factory default value is yes show serial This command displays serial communication settings fo...

Page 83: ... The factory default value is 0 0 0 0 Default Gateway The default gateway for this IP interface The factory default value is 0 0 0 0 ServPort Configuration Protocol Current Indicates what network protocol was used on the last or current power up cycle if any Burned in MAC Address The burned in MAC address used for in band connectivity SNMP Community Commands show snmpcommunity This command display...

Page 84: ...tches with IP Address then the address is an authenticated IP address For example if the IP Address 9 47 128 0 and the corresponding Subnet Mask 255 255 255 0 a range of incoming IP addresses would match i e the incoming IP Address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 Access Mode The access level for this community string Status The status of this community access entry...

Page 85: ...e same user ID is logged into the switch more than once at the same time either via telnet or serial port Spanning Tree Flag May be enabled or disabled The factory default is enabled Indicates whether spanning tree traps will be sent Broadcast Storm Flag May be enabled or disabled The factory default is enabled Indicates whether broadcast storm traps will be sent DVMRP Traps May be enabled or disa...

Page 86: ...erver community ipaddr This command sets a client IP address for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 0 0 0 0 allows access from any IP address Otherwise this value is ANDed with the mask to...

Page 87: ...o 0 0 0 0 The name is the applicable community name The community name may be up to 16 alphanumeric characters Format no snmp server community ipmask name Mode Global Config snmp server community mode This command activates an SNMP community If a community is enabled an SNMP manager associated with this community manages the switch according to its access right If the community is disabled no SNMP...

Page 88: ...cts access to switch information The access mode is read write also called private Format snmp server community rw name Mode Global Config snmp server enable traps This command enables the Authentication Flag Default enabled Format snmp server enable traps Mode Global Config no snmp server enable traps This command disables the Authentication Flag Format no snmp server enable traps Mode Global Con...

Page 89: ...Link Up Down traps for the entire switch When enabled link traps are sent only if the Link Trap flag setting associated with the port is enabled see snmp trap link status command Default enabled Format snmp server enable traps linkmode Mode Global Config no snmp server enable traps linkmode This command disables Link Up Down traps for the entire switch Format no snmp server enable traps linkmode M...

Page 90: ...enabled Format snmp server enable traps stpmode Mode Global Config no snmp server enable traps stpmode This command disables the sending of new root traps and topology change notification traps Format no snmp server enable traps stpmode Mode Global Config snmptrap This command adds an SNMP trap name The maximum length of name is 16 case sensitive alphanumeric characters Default The default name fo...

Page 91: ...l Config snmptrap mode This command activates or deactivates an SNMP trap Enabled trap receivers are active able to receive traps Disabled trap receivers are inactive not able to receive traps Format snmptrap mode name ipaddr Mode Global Config no snmptrap mode This command deactivates an SNMP trap Disabled trap receivers are inactive not able to receive traps Format no snmptrap mode name ipaddr M...

Page 92: ...mand is valid only when the Link Up Down Flag is enabled see snmp server enable traps linkmode Format snmp trap link status all Mode Global Config no snmp trap link status all This command disables link status traps for all interfaces Note This command is valid only when the Link Up Down Flag is enabled see snmp server enable traps linkmode Format no snmp trap link status all Mode Global Config Ma...

Page 93: ...advanced This command enables a particular feature This command also enables the corresponding show commands for a feature Note If the feature is enabled the feature is visible in show running config The key parameter specifies the hexadecimal key for the feature Default none Format license advanced key Mode Privileged Exec no license advanced This command disables a particular feature This comman...

Page 94: ...onfig cablestatus This command tests the status of the cable attached to an interface Format cablestatus slot port Mode Privileged EXEC auto negotiate This command enables automatic negotiation on a port The default value is enable Format auto negotiate Mode Interface Config no auto negotiate This command disables automatic negotiation on a port Note Automatic sensing is disabled when automatic ne...

Page 95: ...is command deletes all configured ports from the port channel LAG The interface is a logical unit slot and port slot and port number of a configured port channel Format deleteport logical slot port all Mode Global Config macfilter This command adds a static MAC filter entry for the MAC address macaddr on the VLAN vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the ...

Page 96: ... hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN Format macfilter adddest macaddr vlanid Mode Interface Config no macfilter adddest This command removes a port from the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2...

Page 97: ...macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN Format macfilter addsrc macaddr vlanid Mode Interface Config no macfilter addsrc This command removes a port from the source filter set for the MAC filter with the MAC address of macaddr and VLAN of vlanid The macaddr parameter must be specified as a...

Page 98: ...tored ports must be configured before monitor session port monitoring can be enabled If enabled the probe port will monitor all traffic received and transmitted on the physical monitored port It is not necessary to disable port monitoring before modifying the probe and monitored ports A session is operationally active if and only if both a destination port and at least one source port is configure...

Page 99: ...meter is an integer value used to identify the session In the current version of the software the session id parameter is always 1 Format no monitor session session id source interface slot port Mode Global config no monitor This command removes all the source ports and a destination port and restores the default value for mirroring session mode for all the configured sessions Note This is a stand...

Page 100: ...ession id Mode Privileged EXEC The following is the explanation of the output parameters for this command Session ID It is an integer value used to identify the session Its value can be anything between 1 and L7_MIRRORING_MAX_SESSIONS Monitor Session Mode It indicates whether the Port Mirroring feature is enabled or disabled for the session identified with session id The possible values are Enable...

Page 101: ...ed Format shutdown all Mode Global Config no shutdown all This command enables all ports Format no shutdown all Mode Global Config speed This command sets the speed and duplex setting for the interface Format speed 100 10 half duplex full duplex Mode Interface Config Acceptable values are 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex speed ...

Page 102: ...olds table of the link speed the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less The full implementation is depicted in the Broadcast Storm Recovery Thresholds table Format storm control broadcast Mode Global Config no storm control broadcast This command disables broadcast storm recovery mode The threshold implementation follows a...

Page 103: ...led Format storm control flowcontrol Mode Global Config no storm control flowcontrol This command disables 802 3x flow control for the switch Note This command only applies to full duplex mode ports Format no storm control flowcontrol Mode Global Config show mac address table multicast This command displays the Multicast Forwarding Database MFDB information If the command is entered with no parame...

Page 104: ...rding Fwd and filtering Flt Forwarding Interfaces The resultant forwarding list is derived from combining all the component s for warding interfaces and removing the interfaces that are listed as the static filter ing interfaces show mac address table static This command displays the Static MAC Filtering information for all Static MAC Filters If all is selected all the Static MAC Filters in the sy...

Page 105: ...e MFDB statistics Format show mac address table stats Mode Privileged EXEC Total Entries This displays the total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Ever Used This displays the largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB high water mark Current Entrie...

Page 106: ... is enabled Physical Mode Selects the desired port speed and duplex mode If auto negotiation sup port is selected then the duplex mode and speed will be set from the auto negotiation process Note that the port s maximum capability full duplex 100M will be advertised Otherwise this object will determine the port s duplex mode and transmission rate The factory default is Auto Physical Status Indicat...

Page 107: ...splays switch configuration information Format show storm control Mode Privileged EXEC Broadcast Storm Recovery Mode May be enabled or disabled The factory default is dis abled 802 3x Flow Control Mode May be enabled or disabled The factory default is disabled Virtual LAN VLAN Commands vlan This command creates a new VLAN and assigns it an ID The ID is a valid VLAN identification number ID 1 is re...

Page 108: ...it All mode untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN Specification Format vlan acceptframe vlanonly all Mode Interface Config vlan ingressfilter This command enables ingress filtering If ingress filtering is disa...

Page 109: ...ion number ID range is 1 4094 Default The name for VLAN ID 1 is always Default The name for other VLANs is defaulted to a blank string Format vlan name 2 4094 name Mode VLAN database no vlan name This command sets the name of a VLAN to a blank string The VLAN ID is a valid VLAN identification number ID range is 1 4094 Format no vlan name 2 4094 Mode VLAN database vlan participation This command co...

Page 110: ... is always a member of this VLAN This is equivalent to registration fixed exclude The interface is never a member of this VLAN This is equivalent to registration forbidden auto The interface is dynamically registered in this VLAN by GVRP The interface will not participate in this VLAN unless a join request is received on this interface This is equivalent to registration normal vlan port acceptfram...

Page 111: ...r all ports If ingress filtering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Default disabled Format vlan port ingressfilter all Mode Global Config no vlan port ingressfilter all This command disables ingress filtering for all ports If ingress filtering is disabled frame...

Page 112: ...ber Format no vlan port tagging all Mode Global Config vlan protocol group This command adds protocol based VLAN group to the system The groupName is a character string of 1 to 16 characters When it is created the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands Format vlan protocol group groupname Mode Global Config vlan protocol group...

Page 113: ...d VLAN group that is identified by this groupid Format vlan protocol group remove groupid Mode Global Config protocol group This command attaches a vlanid to the protocol based VLAN identified by groupid A group may only be associated with one VLAN at a time however the VLAN association can be changed The referenced VLAN should be created prior to the creation of the protocol based VLAN except whe...

Page 114: ...ommand removes the interface from this protocol based VLAN group that is identified by this groupid If all is selected all ports will be removed from this protocol group Format no protocol vlan group groupid Mode Interface Config protocol vlan group all This command adds all physical interfaces to the protocol based VLAN identified by groupid A group may have more than one interface associated wit...

Page 115: ...Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled If tagging is enabled traffic is transmitted as tagged frames If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number Format vlan tagging 1 4094 Mode Interface Config no vlan tagging This command configures the tagging behavior for a s...

Page 116: ...of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equiva lent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect Specifies to allow the port to be dynamically registered in this VLAN via GVRP The port will n...

Page 117: ...defined or a Dynamic one that is cre ated by GVRP registration show vlan port This command displays VLAN port information Format show vlan port slot port all Modes Privileged EXEC User EXEC Slot Port Valid slot and port number separated by forward slashes It is possible to set the parameters for all ports by using the selectors on the top line Port VLAN ID The VLAN ID that this port will assign to...

Page 118: ...groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting traceroute This command is used to discover the routes that packets actually take when traveling to their destination through the network on a hop by hop basi...

Page 119: ...GMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database Format clear igmpsnooping Mode Privileged EXEC clear pass This command resets all user passwords to the factory defaults without powering off the switch You are prompted to confirm that the password reset should proceed Format clear pass Mode Privileged EXEC enable passwd This command changes the ...

Page 120: ...ection Note Save configuration changes before logging out Format logout Mode Privileged EXEC ping This command checks if another computer is on the network and listens for connections To use this command configure the switch for network in band connection The source and target devices must have the ping utility enabled and running on top of TCP IP The switch can be pinged from any IP workstation w...

Page 121: ...name The command can also be used to download the startup configuration code image or configuration script by specifying the source as a URL and destination as nvram startup config system image or nvram configscript respectively The scriptname is the name of the script file to be uploaded During download of a configuration script the copy command will validate the script being downloaded In case o...

Page 122: ...ver copy tftp ip address filename nvram sslpem dhweak copy tftp ip address filename nvram sslpem dhstrong copy tftp ip address filename nvram sshkey rsa1 copy tftp ip address filename nvram sshkey rsa2 copy tftp ip address filename nvram sshkey dsa copy tftp ip address filename nvram cliban ner Mode Privileged EXEC Pre login Banner Command This section provides a detailed explanation of the Pre lo...

Page 123: ...no logging cli command Mode Global Config Configuration Scripting Commands Configuration Scripting allows the user to generate text formatted script files representing the current configuration These configuration script files can be uploaded to a PC and edited downloaded to the system and applied to the system Configuration scripts can be applied to one or more switches with no minor modification...

Page 124: ...igscript delete This command deletes a specified script where the scriptname parameter is the name of the script to be deleted The all option deletes all the scripts present on the switch Format configscript delete scriptname all Mode Global Config configscript list This command lists all scripts present on the switch as well as the total number of files present Format configscript list Mode Globa...

Page 125: ...tional groups Show commands display spanning tree settings statistics and other information Configuration Commands configure features and options of the device For every configuration command there is a show command that displays the configuration setting logging buffered This command enables logging to an in memory log where up to 128 logs are kept The severitylevel value is specified as either a...

Page 126: ...ommand enables logging to the console The severitylevel value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 informational 6 debug 7 Default disabled critical Format logging console severitylevel Mode Global Config no logging console This command disables logging to the console Format no ...

Page 127: ...ng to a host where up to eight hosts can be configured AddressType can be ipv4 or dns port can be of a value from Default Port 514 Level Critical Format logging host ipaddress addresstype port port level severitylevel Mode Global Config logging host remove This command disables logging to host See show logging hosts on page 72 for a list of host indices Format logging host remove hostindex Mode Gl...

Page 128: ...vileged EXEC Client Local Port The port on the collector relay to which syslog messages are sent Console Logging Administrative Mode The mode for console logging Console Logging Severity Filter The minimum severity to log to the console log Messages with an equal or lower numerical severity are logged Buffered Logging Administrative Mode The mode for buffered logging Buffered Logging Severity Filt...

Page 129: ...og Mes sages with an equal or lower numerical severity are logged Persistent Log Count The number of messages received by the log process This includes messages that are dropped or ignored Log Messages The log messages appear here show logging buffered This command displays buffered logging system startup and system operation logs Format show logging buffered Mode Privileged EXEC Admin Status The ...

Page 130: ...igured syslog hosts If the status is disable no logging occurs Log Messages The log messages appear here Simple Network Time Protocol SNTP Commands This section provides a detailed explanation of the SNTP commands The commands are divided into two functional groups Show commands display spanning tree settings statistics and other information Configuration Commands configure features and options of...

Page 131: ...SNTP client mode and optionally setting the mode to either broadcast multicast or unicast Default Disabled Format sntp client mode broadcast multicast unicast Mode Global Config sntp client mode This command will disable Simple Network Time Protocol SNTP client mode Format no sntp client mode Mode Global Config sntp client port This command will set the SNTP client port id to a value from 1 65535 ...

Page 132: ...t clients to its default value Format no sntp unicast client poll interval Mode Global Config sntp unicast client poll timeout This command will set the poll timeout for SNTP unicast clients in seconds to a value from 1 30 Default 5 Format sntp unicast client poll timeout poll timeout Mode Global Config no sntp unicast client poll timeout This command will reset the poll timeout for SNTP unicast c...

Page 133: ...terval Mode Global Config no sntp multicast client poll interval This command will reset the poll interval for SNTP multicast clients to its default value Format no sntp multicast client poll interval Mode Global Config sntp server This command configures an SNTP server with a maximum of three where the server address can be an ip address or a domain name and the address type either ipv4 or dns Th...

Page 134: ... reboot Multicast Count Current number of unsolicited multicast messages that have been received and processed by the SNTP client since last reboot show sntp client This command is used to display SNTP client settings Format show sntp client Mode Privileged Exec Client Supported Modes Supported SNTP Modes Broadcast Unicast or Multicast SNTP Version The highest SNTP version the client supports Port...

Page 135: ...erver Priority IP priority type of the configured server Version SNTP Version number of the server The protocol version used to query the server in unicast mode Port Server Port Number Last Attempt Time Last server attempt time for the specified server Last Attempt Status Last server attempt status for the server Total Unicast Requests Number of requests to the server Failed Unicast Requests Numbe...

Page 136: ...ow users This command displays the configured user names and their settings This command is only available for users with Read Write privileges The SNMPv3 fields will only be displayed if SNMP is available on the system Format show users Mode Privileged EXEC User Name The name the user will use to login using the serial port Telnet or Web A new user may be added to the switch by entering a name in...

Page 137: ...characters in length The name may be comprised of alphanumeric characters as well as the dash and underscore _ The username is not case sensitive Six user names can be defined Format users name username Mode Global Config no users name This command removes an operator Format no users name username Mode Global Config Note The admin user account cannot be deleted users passwd This command is used to...

Page 138: ...y Format users snmpv3 accessmode username readonly read write Mode Global Config no users snmpv3 accessmode This command sets the snmpv3 access privileges for the specified login user as readwrite for the admin user readonly for all other users The username is the login user name for which the specified access mode will apply Format no users snmpv3 accessmode username Mode Global Config users snmp...

Page 139: ...e prompted for the key When using the des protocol the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length If none is specified a key must not be provided The username is the login user name associated with the specified encryption Default no encryption Format users snmpv3 encryption username none des key Mode Global Config n...

Page 140: ...ion of the media type and the MAC address For example the Microsoft client identifier for Ethernet address c819 2488 f177 is 01c8 1924 88f1 77 where 01 represents the Ethernet media type Refer to the Address Resolution Protocol Parameters section of RFC 1700 Assigned Numbers for a list of media type codes Default None Format client identifier uniqueidentifier Mode DHCP Pool Config no client identi...

Page 141: ...moves the default router list Format no default router Mode DHCP Pool Config dns server This command specifies the IP servers available to a DHCP client Address parameters are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid Default none Format dns server address1 address2 address8 Mode DHCP Pool Config no dns server This command removes the...

Page 142: ...address and network mask for a manual binding to a DHCP client Address and Mask are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid The prefix length is an integer from 0 to 32 Default none Format host address mask prefix length Mode DHCP Pool Config no host This command removes the IP address of the DHCP client Format no host Mode DHCP Poo...

Page 143: ...in a range from 2 10 of packets a DHCP server sends to a pool address as part of a ping operation By default the number of packets sent to a pool address is 2 the smallest allowed number when sending packets Setting the number of packets to 0 disables this command Note The no form of this command sets the number of packets sent to a pool address to 0 and therefore prevents the server from pinging ...

Page 144: ... infinite is specified lease is set for 60 days Days is an integer from 0 to 59 Hours is an integer from 0 to 1439 Minutes is an integer from 0 to 86399 Default 1 day Format lease days hours minutes infinite Mode DHCP Pool Config no lease This command restores the default value of the lease time for DHCP Server Format no lease Mode DHCP Pool Config network This command is used to configure the sub...

Page 145: ...r and relay agent features on the router Default disabled Format service dhcp Mode Global Config no service dhcp This command disables the DHCP server and relay agent features Format no service dhcp Mode Global Config bootfile The command specifies the name of the default boot image for a DHCP client The filename specifies the boot image file Default none Format bootfile filename Mode DHCP Pool Co...

Page 146: ...no domain name Mode DHCP Pool Config ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client The addresses are from the automatic address pool Default disable Format ip dhcp bootp automatic Mode Global Config no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client The address are from the automatic address pool F...

Page 147: ...red although one can specify up to eight addresses in one command line Servers are listed in order of preference address1 is the most preferred server address2 is the next most preferred server and so on Default none Format netbios name server address address2 address8 Mode DHCP Pool Config no netbios name server This command removes the NetBIOS name server list Format no netbios name server Mode ...

Page 148: ...File Transfer Protocol TFTP server Default If the next server command is not used to configure a boot server list the DHCP Server uses inbound interface helper addresses as boot servers Format next server address Mode DHCP Pool Config no next server This command removes the boot server list Format no next server Mode DHCP Pool Config option The command configures DHCP Server options Code specifies...

Page 149: ...ddress is specified the bindings corresponding to all the addresses are displayed Format show ip dhcp binding address Modes Privileged EXEC User EXEC IP address The IP address of the client Hardware Address The MAC Address or the client identifier Lease expiration The lease expiration time of the IP Address assigned to the client Type The manner in which IP Address was assigned to the client show ...

Page 150: ... Lease Time The lease expiration time of the IP Address assigned to the client DNS Servers The list of DNS servers available to the DHCP client Default Routers The list of the default routers available to the DHCP client Following additional field is displayed for Dynamic pool type Network The network number and the mask for the DHCP address pool Following additional fields are displayed for Manua...

Page 151: ... the server DHCPDECLINE The number of DHCPDECLINE messages that were received by the server DHCPRELEASE The number of DHCPRELEASE messages that were received by the server DHCPINFORM The number of DHCPINFORM messages that were received by the server Message Sent DHCPOFFER The number of DHCPOFFER messages that were sent by the server DHCPACK The number of DHCPPACK messages that were sent by the ser...

Page 152: ... counters Format clear ip dhcp server statistics Mode Privileged EXEC clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database The server detects conflicts using a ping DHCP server clears all conflicts If the asterisk character is used as the address parameter Default none Format clear ip dhcp conflict address Mode Privileged EXEC Double VLAN Commands T...

Page 153: ...r identification for the Double VLAN tunnel on the specified interface to its default value Format no dvlan tunnel customer id Mode Interface Config dvlan tunnel etherType This command configures the ether type for the specified interface The ether type may have the values of 802 1Q vMAN or custom If the ether type has a value of custom the optional value of the custom ether type must be set to a ...

Page 154: ...efault Double VLAN Tunneling is disabled Format no mode dot1q tunnel Mode Interface Config mode dvlan tunnel This command is used to enable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled Default disabled Format mode dvlan tunnel Mode Interface Config no mode dvlan tunnel This command is used to disable Double VLAN Tunneling on the specified interface ...

Page 155: ... range for a customer ID is 0 to 4095 EtherType This field represents a 2 byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel There are three different EtherType tags The first is 802 1Q which represents the commonly used value of 0x8100 The second is vMAN which represents the commonly used value of 0x88A8 If EtherType is not one of these two values then it is a custom tunnel va...

Page 156: ...tion of the Provisioning commands The commands are divided into two functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting classofservice dot1pmapping This command maps an 802 1p priority to an internal...

Page 157: ...he range for the priority is 0 7 Any subsequent per port configuration will override this configuration setting Format vlan port priority all priority Mode Global Config vlan priority This command configures the default 802 1p port priority assigned for untagged packets for a specific interface The range for the priority is 0 7 Default 0 Format vlan priority priority Mode Interface Config GARP Com...

Page 158: ...n time per port and per GARP to 20 centiseconds 0 2 seconds This command has an effect only when GVRP is enabled Format no set garp timer join Mode Interface Config set garp timer join all This command sets the GVRP join time for all ports and per GARP Join time is the interval between the transmission of GARP Protocol Data Units PDUs registering or re registering membership for a VLAN or multicas...

Page 159: ...g no set garp timer leave This command sets the GVRP leave time per port to 60 centiseconds 0 6 seconds Note This command has an effect only when GVRP is enabled Format no set garp timer leave Mode Interface Config set garp timer leave all This command sets the GVRP leave time for all ports Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before ...

Page 160: ...hen GVRP is enabled Default 1000 Format set garp timer leaveall 200 6000 Mode Interface Config no set garp timer leaveall This command sets how frequently Leave All PDUs are generated per port to 1000 centiseconds 10 seconds Note This command has an effect only when GVRP is enabled Format no set garp timer leaveall Mode Interface Config set garp timer leaveall all This command sets how frequently ...

Page 161: ...RP Admin Mode This displays the administrative mode of GARP Multicast Registration Protocol GMRP for the system GVRP Admin Mode This displays the administrative mode of GARP VLAN Registration Protocol GVRP for the system GARP VLAN Registration Protocol GVRP Commands This chapter provides a detailed explanation of the GVRP commands The commands are divided into two functional groups Show commands d...

Page 162: ...cemode This command disables GVRP GARP VLAN Registration Protocol for a specific port If GVRP is disabled Join Time Leave Time and Leave All Time have no effect Format no set gvrp interfacemode Mode Interface Config set gvrp interfacemode all This command enables GVRP GARP VLAN Registration Protocol for all ports Default disabled Format set gvrp interfacemode all Mode Global Config no set gvrp int...

Page 163: ...to maintain uninterrupted service There is an instance of this timer on a per Port per GARP participant basis Per missible values are 20 to 600 centiseconds 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds The finest granularity of specification is 1 centisecond 0 01 seconds LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU i...

Page 164: ...n a selected interface If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality will be disabled on that interface GARP functionality will subsequently be re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled Default disabled Format set gmrp interfacemode Mode Int...

Page 165: ...all Mode Privileged EXEC and User EXEC Interface This displays the slot port of the interface that this row in the table describes Join Timer Specifies the interval between the transmission of GARP PDUs registering or re registering membership for an attribute Current attributes are a VLAN or multicast group There is an instance of this timer on a per Port per GARP par ticipant basis Permissible v...

Page 166: ...isplays the GARP Multicast Registration Protocol GMRP entries in the Multicast Forwarding Database MFDB table Format show mac address table gmrp Mode Privileged EXEC Mac Address A unicast MAC address for which the switch has forwarding and or filtering information The format is 6 or 8 two digit hexadecimal numbers that are sepa rated by colons for example 01 23 45 67 89 AB In an IVL system the MAC...

Page 167: ... a member of a port channel LAG IGMP Snooping functionality will be disabled on that interface IGMP Snooping functionality will subsequently be re enabled if routing is disabled or port channel LAG membership is removed from an interface that has IGMP Snooping enabled Note The IGMP application supports the following Validation of the IP header checksum as well as the IGMP header checksum and disca...

Page 168: ...ode all Mode Global Config set igmp fast leave This command enables or disables IGMP Snooping fast leave admin mode on a selected interface or VLAN Enabling fast leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the interface Fas...

Page 169: ...Snooping This is the list of VLANS on which IGMP Snooping is enabled Additional display parameters when the argument is slot port are as follows Interface Admin Mode This indicates whether or not IGMP Snooping is active on the interface Query Interval Time This displays the IGMP Query Interval Time This is the amount of time a switch will wait for a report for a particular group on a particular in...

Page 170: ...t port Mode Privileged EXEC Fast Leave Admin Mode This indicates whether or not IGMP Snooping Fast leave is active on the inter face show igmpsnooping mrouter interface This command displays information about statically configured ports Format show igmpsnooping mrouter interface slot port Mode Privileged EXEC Slot Port The port on which multicast router information is being displayed Multicast Rou...

Page 171: ...n the source and destination MAC address If an ARP entry is learned on the LAG then the LAG is converted to load balance based upon source destination IP address The commands are divided into two functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For every configuration command there is a show...

Page 172: ... command enables Link Aggregation Control Protocol LACP on a port Default enabled Format port lacpmode Mode Interface Config no port lacpmode This command disables Link Aggregation Control Protocol LACP on a port Format no port lacpmode Mode Interface Config port lacpmode all This command enables Link Aggregation Control Protocol LACP on all ports Format port lacpmode all Mode Global Config no por...

Page 173: ...t all Mode Global Config port channel adminmode all This command enables a port channel LAG The interface is a logical slot port for a configured port channel The option all sets every configured port channel with the same administrative mode setting Format port channel adminmode all Mode Global Config no port channel adminmode This command disables a port channel LAG The interface is a logical sl...

Page 174: ...al slot port for a configured port channel and name is an alphanumeric string up to 15 characters This command is used to modify the name that was associated with the port channel when it was created Format port channel name logical slot port all name Mode Global Config show port channel brief This command displays the static capability of all port channels LAGs on the device as well as a summary ...

Page 175: ...a trap when link status changes The factory default is enabled STP Mode The Spanning Tree Protocol Administrative Mode associated with the port or port channel LAG The possible values are Disable Spanning tree is disabled for this port Enable Spanning tree is enabled for this port Mbr Ports A listing of the ports that are members of this port channel LAG in slot port notation There can be a maximu...

Page 176: ...ing Note The software platform STP default mode is IEEE 802 1s but the legacy IEEE 802 1D mode is available To change to the legacy IEEE 802 1D mode set the STP operational mode to disabled then enable the IEEE 802 1D mode from the source code Recompile the software to operationally enable the IEEE 802 1D mode With the IEEE 802 1D mode operationally enabled the rapid configuration and multiple ins...

Page 177: ... port all off 802 1d fast Mode Global Config spanning tree This command sets the spanning tree operational mode to enabled Default disabled Format spanning tree Mode Global Config no spanning tree This command sets the spanning tree operational mode to disabled While disabled the spanning tree configuration is retained and can be changed but is not activated Format no spanning tree Mode Global Con...

Page 178: ...decimal notation as specified in IEEE 802 standard Format spanning tree configuration name name Mode Global Config no spanning tree configuration name This command resets the Configuration Identifier Name to its default Format no spanning tree configuration name Mode Global Config spanning tree configuration revision This command sets the Configuration Identifier Revision Level for use in identify...

Page 179: ...he common and internal spanning tree Format no spanning tree edgeport Mode Interface Config spanning tree forceversion This command sets the Force Protocol Version parameter to a new value The Force Protocol Version can be one of the following 802 1d ST BPDUs are transmitted rather than MST BPDUs IEEE 802 1d functionality supported 802 1w RST BPDUs are transmitted rather than MST BPDUs IEEE 802 1w...

Page 180: ...time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value i e 15 Format no spanning tree forward time Mode Global Config spanning tree hello time This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree The hellotime value is in whole seconds within a range of 1 to 10 with the value bein...

Page 181: ...ode Global Config no spanning tree max age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value i e 20 Format no spanning tree max age Mode Global Config spanning tree max hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree The max hops value is a range from 1 to 127 Default 20 Format s...

Page 182: ...he external path cost for MST instance 0 i e CIST instance The external pathcost can be specified as a number in the range of 1 to 200000000 or auto If auto is specified the external pathcost value will be set based on Link Speed If the port priority token is specified this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning...

Page 183: ... cost external cost port priority Mode Interface Config spanning tree mst instance This command adds a multiple spanning tree instance to the switch The instance mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added The maximum number of multiple instances supported by is 4 Format spanning tree mst instance mstid Mode Global Config no spanning tree mst i...

Page 184: ... instance If 0 defined as the default CIST ID is passed as the mstid then this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value i e 32768 Format spanning tree mst priority mstid Mode Global Config spanning tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN The VLAN will no longer be associated...

Page 185: ...ode Mode Interface Config spanning tree port mode all This command sets the Administrative Switch Port State for all ports to enabled Default disabled Format spanning tree port mode all Mode Global Config no spanning tree port mode all This command sets the Administrative Switch Port State for all ports to disabled Format no spanning tree port mode all Mode Global Config show spanning tree This co...

Page 186: ...ning tree Root Port Identifier Identifier of the port to access the Designated Root for the CST Root Port Max Age Derived value Root Port Bridge Forward Delay Derived value Hello Time Configured value of the parameter for the CST Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs Bridge Max Hops Bridge max hops count for the device CST Regional Roo...

Page 187: ...1 currently supported IEEE 802 1s IEEE 802 1w or IEEE 802 1d based upon the Force Protocol Version parameter Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used to identify the configuration currently being used Configuration Digest Key Identifier used to identify the configuration currently being used MST Instances Lis...

Page 188: ...ar multiple spanning tree instance The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance The slot port is the desired switch port Format show spanning tree mst port detailed mstid slot port Mode Privileged EXEC User EXEC MST Instance ID The ID of the existing MST instance Port Identifier The port identifier for the specified port within the selecte...

Page 189: ...ort Priority The priority of the port within the CST Port Forwarding State The forwarding state of the port within the CST Port Role The role of the specified interface within the CST Port Path Cost The configured path cost for the specified interface Designated Root Identifier of the designated root for this port within the CST Designated Port Cost Path Cost offered to the LAN by the Designated P...

Page 190: ...sociated with this port Slot Port Valid slot and port number separated by forward slashes Type Currently not used STP State The forwarding state of the port in the specified spanning tree instance Port Role The role of the specified port within the spanning tree Link Status The operational status of the link Possible values are Up or Down Link Trap The link trap configuration for the specified int...

Page 191: ...tion between a VLAN and a multiple spanning tree instance The vlanid corresponds to an existing VLAN ID Format show spanning tree vlan vlanid Modes Privileged EXEC User EXEC VLAN Identifier The VLANs associated with the selected MST instance Associated Instance Identifier for the associated multiple spanning tree instance or CST if associated with the common and internal spanning tree ...

Page 192: ...User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4 8 134 Switching Commands 202 10102 01 May 2005 ...

Page 193: ...information Port Security Commands This section provides a detailed explanation of the Port Security commands The commands are divided into the following groups Configuration commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting Show commands are used to display switch settings statistic...

Page 194: ...security max dynamic This command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value Format no port security max dynamic Mode Interface Config port security max static This command sets the maximum number of statically locked MAC addresses allowed on a specific port Default 20 Format port security max static maxvalue Mode Interface Config no port...

Page 195: ...security mac address vid mac address Mode Interface Config port security mac address move This command converts dynamically locked MAC addresses to statically locked addresses Format port security mac address move Mode Interface Config snmp server enable traps violation This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a ...

Page 196: ...ll Mode Privileged EXEC Interface Admin Mode Port Locking mode for the Interface Dynamic Limit Maximum dynamically allocated MAC Addresses Static Limit Maximum statically allocated MAC Addresses Violation Trap Mode Whether violation traps are enabled show port security dynamic This command displays the dynamically locked MAC addresses for port Format show port security dynamic interface Mode Privi...

Page 197: ...r string and is not case sensitive Up to 10 authentication login lists can be configured on the switch When a list is created the authentication method local is set as the first method When the optional parameters Option1 Option2 and or Option3 are used an ordered list of methods are set in the authentication login list If the authentication login list does not exist a new authentication login lis...

Page 198: ...with the default configuration and was not created using authentication login The default login list cannot be deleted Format no authentication login listname Mode Global Config clear dot1x statistics This command resets the 802 1x statistics for the specified port or for all ports Format clear dot1x statistics slot port all Mode Privileged EXEC clear radius statistics This command is used to clea...

Page 199: ...e specified user for 802 1x port security The user parameter must be a configured user and the listname parameter must be a configured authentication login list Format dot1x login user listname Mode Global Config dot1x max req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant...

Page 200: ...ult auto Format dot1x port control force unauthorized force authorized auto Mode Interface Config no dot1x port control This command sets the authentication mode to be used on the specified port to auto Format no dot1x port control Mode Interface Config dot1x port control All This command sets the authentication mode to be used on all ports The control mode may be one of the following force unauth...

Page 201: ...not auto an error will be returned Format dot1x re authenticate slot port Mode Privileged EXEC dot1x re authentication This command enables re authentication of the supplicant for the specified port Default disabled Format dot1x re authentication Mode Interface Config no dot1x re authentication This command disables re authentication of the supplicant for the specified port Format no dot1x re auth...

Page 202: ...e in the range 1 65535 quiet period Sets the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period must be a value in the range 0 65535 tx period Sets the value in seconds of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EA...

Page 203: ... Interface Config dot1x user This command adds the specified user to the list of users with access to the specified port or all ports The user parameter must be a configured user Format dot1x user user slot port all Mode Global Config no dot1x user This command removes the user from the list of users with access to the specified port or all ports Format no dot1x user user slot port all Mode Global...

Page 204: ...g Request packets sent to this accounting server This number does not include retransmissions Retransmission The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Responses The number of RADIUS packets received on the accounting port from this server Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server Mal...

Page 205: ...gin list If the login is assigned to non configured users the user default will appear in the user column Format show authentication users listname Mode Privileged EXEC User This field displays the user assigned to the specified authentication login list Component This field displays the component User or 802 1x for which the authentication login list is assigned show dot1x This command is used to...

Page 206: ... State Current state of the authenticator PAE state machine Possible values are Ini tialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized and ForceUnauthorized Backend Authentication State Current state of the backend authentication state machine Possible values are Request Response Success Fail Timeout Idle and Initialize Quiet Period The timer used by the aut...

Page 207: ...nsmitted by this authenticator EAPOL Start Frames Received The number of EAPOL start frames that have been received by this authenticator EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame Last EAPOL Frame Source The source MAC address car...

Page 208: ...the user for system login 802 1x Port Security This field displays the authentication login list assigned to the user for 802 1x port security users defaultlogin This command assigns the authentication login list to use for non configured users when attempting to log in to the system This setting is overridden by the authentication login list assigned to a specific user if the user is configured l...

Page 209: ...ds are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting Show commands are used to display switch settings statistics and other information radius accounting mode This command is used to enable the RADIUS accounting function Default disabled Format radius accounting mode Mode Global Config no rad...

Page 210: ...UDP port to use to connect to the RADIUS accounting server The IP address specified must match that of a previously configured accounting server If a port is already configured for the accounting server then the new port will replace the previously configured value The port must be a value in the range 1 65535 with 1813 being the default value Format radius server host auth acct ipaddr port Mode G...

Page 211: ...y server cannot be reached A maximum of three servers can be configured on each client Only one of these servers can be configured as the primary If a primary server is already configured prior to this command being executed the server specified by the IP address specified used in this command will become the new primary server The IP address must match that of a previously configured RADIUS authe...

Page 212: ...ius This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers If the optional token servers is not included the following RADIUS configuration items will be displayed Format show radius servers Mode Privileged EXEC Primary Server IP Address Indicates the configured server currently in use for authentication Number of configured s...

Page 213: ...onse packets received from unknown addresses Server IP Address IP Address of the Server Round Trip Time The time interval in hundredths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissi...

Page 214: ...unknown types which were received from this server on the authentication port Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason Secure Shell SSH Commands This section provides a detailed explanation of the SSH commands The commands are divided into the following groups Configuration commands are used to configure fea...

Page 215: ...tion can be established The range is 0 to 5 Default 5 Format telnetcon maxsessions 0 5 Mode Privileged EXEC no sshcon maxsessions This command sets the maximum number of allowed SSH connection sessions to the default value Format no telnetcon maxsessions Mode Privileged EXEC sshcon timeout This command sets the SSH connection session timeout value in minutes A session is active as long as the sess...

Page 216: ...of SSH is enabled or disabled Protocol Level The protocol level may have the values of version 1 version 2 or both versions 1 and version 2 Connections This field specifies the current SSH connections Hypertext Transfer Protocol HTTP Commands This section provides a detailed explanation of the HTTP commands The commands are divided into the following groups Configuration commands are used to confi...

Page 217: ...tocol SSL3 TLS1 Mode Privileged EXEC ip http secure server This command is used to enable the secure socket layer for secure HTTP Default disabled Format ip http secure server Mode Privileged EXEC no ip http secure server This command is used to disable the secure socket layer for secure HTTP Format ip http secure server Mode Privileged EXEC ip http server This command enables access to the switch...

Page 218: ...tch s Web server Format no ip http server Mode Privileged EXEC show ip http This command displays the http settings for the switch Format show ip http Mode Privileged EXEC Secure Server Administrative Mode This field indicates whether the administrative mode of secure HTTP is enabled or disabled Secure Protocol Level The protocol level may have the values of SSL3 TSL1 or both SSL3 and TSL1 Secure ...

Page 219: ...le blocking off any unwarranted attempts to reach network resources The maximum number of ACLs of any type that can be created is 100 Only Ethernet II frame types are supported The maximum number of rules per MAC ACL translates into the number of hardware classifier entries used when an ACL is attached to an interface Increasing these values in the software increases the RAM and NVSTORE usage ACLs...

Page 220: ...ess list extended This command deletes a MAC ACL identified by name from the system Format no mac access list extended name Mode Global Config mac access list extended rename This command changes the name of a MAC Access Control List ACL The name parameter is the name of an existing MAC ACL The newname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying t...

Page 221: ...arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp Each of these translates into its equivalent Ethertype value s The vlan and cos parameters refer to the VLAN identifier and 802 1p user priority fields respectively of the VLAN tag For packets containing a double VLAN tag this is the first or outer tag The assign queue parameter allows specification of a particular hardware que...

Page 222: ...ion the specified mac access list replaces the currently attached mac access list using that sequence number If the sequence number is not specified for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used This command specified in Interface Config mode only affects a single interface whereas the Global Config...

Page 223: ...P Access Control List ACL Commands IP Access Control Lists ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources IP ACL configuration for IP packet fragments is not supported The maximum number of ACLs of any type that can be created is 100 The maximum number of rules per IP ACL translates into the number of ...

Page 224: ...dition for the IP ACL rule is specified by the port value parameter The range of values is from 0 to 65535 The portvalue parameter uses a single keyword notation and currently has the values of domain echo ftp ftpdata http smtp snmp telnet tftp and www Each of these values translates into its equivalent port number which is used as both the start and end of a port range The command specifies a des...

Page 225: ...l interfaces An optional sequence number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached IP access list using that sequence ...

Page 226: ...e destination IP Mask for this rule Destination Ports This field displays the destination port for this rule Service Type Field Match This field indicates whether an IP DSCP IP Precedence or IP TOS match condition is specified for this rule Service Type Field Value This field indicates the value specified for the Service Type Field Match IP DSCP IP Precedence or IP TOS show access lists This comma...

Page 227: ...existing class definition is to delete the class and re create it 2 Policy creating and deleting policies associating classes with a policy defining policy statements for a policy class combination 3 Service adding and removing a policy to from an inbound interface Packets are filtered and processed based on defined criteria The filtering criteria is defined by a class The processing is defined by...

Page 228: ... Web and SNMP user interfaces diffserv This command sets the DiffServ operational mode to active While disabled the DiffServ configuration is retained and can be changed but it is not activated When enabled Diffserv services are activated Format diffserv Mode Global Config no diffserv This command sets the DiffServ operational mode to inactive While disabled the DiffServ configuration is retained ...

Page 229: ...al match conditions must be true for a packet to be considered a member of the class Note The CLI mode is changed to Class Map Config when this command is successfully executed Format class map match all class map name Mode Global Config no class map This command eliminates an existing DiffServ class The class map name is the name of an existing DiffServ class The class name default is reserved an...

Page 230: ...Mode Class Map Config match secondary cos This command adds to the specified class definition a match condition for the secondary Class of Service value the inner 802 1Q tag of a double VLAN tagged packet The value may be from 0 to 7 Format match not secondary cos 0 7 Mode Class Map Config match secondary vlan This command adds to the specified class definition a match condition for the secondary ...

Page 231: ...ced by any class map name fails The combined match criteria of class map name and refclassname must be an allowed combination based on the class type Any subsequent changes to the refclassname class match criteria must maintain this validity or the change attempt fails The total number of class rules formed by the complete reference class chain including both predecessor and successor classes must...

Page 232: ...it hexadecimal numbers separated by colons e g 00 11 22 dd ee ff The macmask parameter is a layer 2 MAC address bit mask which need not be contiguous and is formatted as six two digit hexadecimal numbers separated by colons e g ff 07 23 ff fe dc Default none Format match destination address mac macaddr macmask Mode Class Map Config match dstip This command adds to the specified class definition a ...

Page 233: ... are not checked The dscpval value is specified as either an integer from 0 to 63 or symbolically through one of the following keywords af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 be cs0 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef Note The ip dscp ip precedence and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with...

Page 234: ... field in the IP header but with a slightly different user notation Note This free form version of the IP DSCP Precedence TOS match specification gives the user complete control when specifying which bits of the IP Service Type field are checked Default none Format match ip tos tosbits tosmask Mode Class Map Config match protocol This command adds to the specified class definition a match conditio...

Page 235: ...ource IP address of a packet The ipaddr parameter specifies an IP address The ipmask parameter specifies an IP address bit mask and must consist of a contiguous set of leading 1 bits Default none Format match srcip ipaddr ipmask Mode Class Map Config match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single key...

Page 236: ...when the policy is created The DiffServ CLI does not necessarily require that users associate only one traffic class to one policy In fact multiple traffic classes can be associated with a single policy each defining a particular treatment for packets that match the class definition When a packet satisfies the conditions of more than one class preference is based on the order in which the classes ...

Page 237: ...ifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface physical port Format redirect slot port Mode Policy Class Map Config Incompatibilities Drop conform color This command is used to enable color aware traffic policing and define the conform color class map Used in conjunction with the police command where the fields for the conform level ...

Page 238: ...s This command deletes the instance of a particular class and its defined treatment from the specified policy classname is the names of an existing DiffServ class Note This command removes the reference to the class definition for the specified policy Format no class classname Mode Policy Map Config mark cos This command marks all packets for the associated traffic stream with the specified class ...

Page 239: ...le data rate and burst size resulting in two outcomes conform and violate The conforming data rate is specified in kilobits per second Kbps and is an integer from 1 to 4294967295 The conforming burst size is specified in kilobytes KB and is an integer from 1 to 128 For each outcome the only possible actions are drop set cos transmit set dscp transmit set prec transmit or transmit In this simple fo...

Page 240: ...y definition 1 The CLI mode is changed to Policy Map Config when this command is successfully executed Format policy map policyname in Mode Global Config no policy map This command eliminates an existing DiffServ policy The policyname parameter is the name of an existing DiffServ policy This command may be issued at any time If the policy is currently referenced by one or more interface service at...

Page 241: ...Serv on an interface in the inbound direction There is no separate interface administrative mode command for DiffServ Note This command fails if any attributes within the policy definition exceed the capabilities of the interface Once a policy is successfully attached to an interface any attempt to change the policy definition that would result in a violation of the interface capabilities causes t...

Page 242: ...ds are displayed Class Name The name of this class Class Type A class type of all means every match criterion defined for the class is evaluated simultaneously and must all be true to indicate a class match Match Criteria The Match Criteria fields are only displayed if they have been config ured They are displayed in the order entered by the user The fields are evaluated in accordance with the cla...

Page 243: ...ss Table Max The maximum allowed entries rows for the Class Table Class Rule Table Size The current number of entries rows in the Class Rule Table Class Rule Table Max The maximum allowed entries rows for the Class Rule Table Policy Table Size The current number of entries rows in the Policy Table Policy Table Max The maximum allowed entries rows for the Policy Table Policy Instance Table Size The...

Page 244: ...layed if policing is not in use for the class under this policy Conform COS This field shows the CoS mark value if the conform action is set cos transmit Conform DSCP Value This field shows the DSCP mark value if the conform action is set dscp transmit Conform IP Precedence Value This field shows the IP Precedence mark value if the conform action is set prec transmit Drop Drop a packet upon arriva...

Page 245: ...this policy The order in which the policies are displayed is not necessarily the same order in which they were created Policy Type The policy type Only inbound is supported Class Members List of all class names associated with this policy show diffserv service This command displays policy service information for the specified interface and direction The slot port parameter specifies a valid slot p...

Page 246: ...this DiffServ service interface Policy Name The name of the policy attached to the interface in the indicated direc tion show policy map interface This command displays policy oriented statistics information for the specified interface and direction The slot port parameter specifies a valid interface for the system Note This command is only allowed while the DiffServ administrative mode is enabled...

Page 247: ...a detailed explanation of the software QoS CoS commands The following commands are available in the software QOS module The commands are divided into these different groups Configuration Commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting Show commands are used to display device settin...

Page 248: ...ust mode of an interface The mode can be set to trust one of the Dot1p 802 1p IP Precedence or IP DSCP packet markings Format classofservice trust dot1p ip precedence Mode Global Config Interface Config no classofservice trust This command sets the interface mode to untrusted Format no classofservice trust Modes Global Config Interface Config cos queue min bandwidth This command specifies the mini...

Page 249: ...ue id n Modes Global Config Interface Config no cos queue strict This command restores the default weighted scheduler mode for each specified queue Format no cos queue strict queue id 1 queue id 2 queue id n Modes Global Config Interface Config traffic shape This command specifies the maximum transmission bandwidth limit for the interface as a whole Also known as rate shaping this has the effect o...

Page 250: ...ation is repeated for each user priority User Priority The 802 1p user priority value Traffic Class The traffic class internal queue identifier to which the user priority value is mapped show classofservice ip precedence mapping This command displays the current IP Precedence mapping to internal traffic classes for a specific interface The slot port parameter is optional and is only valid on platf...

Page 251: ...rt independent per port class of service mappings If specified the class of service queue configuration of the interface is displayed If omitted the most recent global configuration settings are displayed Format show interfaces cos queue slot port Mode Privileged EXEC Interface This displays the slot port of the interface If displaying the global con figuration this output line is replaced with a ...

Page 252: ...User Manual for the NETGEAR 7200 Series Layer 2 Managed Switch Software Version 4 10 34 Quality of Service QoS Commands 202 10102 01 May 2005 ...

Page 253: ...Category 5 cable is certified up to 100 MHz bandwidth 100BASE TX operation uses one pair of wires for transmission and the other pair for receiving and for collision detection When installing Category 5 UTP cabling use the following guidelines to ensure that your cables perform to the following specifications Certification Make sure that your Category 5 UTP cable has completed the Underwriters Lab...

Page 254: ...6 m between the hub and the patch panel if used 295 ft 90 m from the wiring closet to the wall outlet 10 ft 3 m from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the requirements for 100 Mbps operation Category 5 Only 0 5 inch 1 5 cm of untwist in the wire pair is allowed at any termination point Category 5 Cable Specifications Ensure that the fiber...

Page 255: ...ent interface ports called MDI or uplink ports Most repeaters and switch ports are configured as media dependent interfaces with built in crossover ports called MDI X or normal ports Auto Uplink technology automatically senses which connection MDI or MDI X is needed and makes the right connection Figure 10 1 illustrates straight through twisted pair cable Figure 10 1 Straight Through Twisted Pair ...

Page 256: ...h Panels and Cables If you are using patch panels make sure that they meet the 100BASE TX requirements Use Category 5 UTP cable for all patch cables and work area cables to ensure that your UTP patch cable rating meets or exceeds the distribution cable rating To wire patch panels you need two Category 5 UTP cables with an RJ 45 plug at each end as shown here Figure 10 3 Category 5 UTP Cable with M...

Page 257: ...is designed to operate over Category 5 cabling To further enhance the operation the cabling standards have been amended The latest standard is Category 5e which defines a higher level of link performance than is available with Category 5 cable If installing new cable we recommend using Category 5e cable since it costs about the same as Category 5 cable If using the existing cable be sure to have t...

Page 258: ...ters Near End Cross Talk NEXT This is a measure of the signal coupling from one wire to another within a cable assembly or among cables within a bundle NEXT measures the amount of cross talk disturbance energy that is detected at the near end of the link the end where the transmitter is located NEXT measures the amount of energy that is returned to the sender end The factors that affect NEXT and c...

Page 259: ...Mbps RJ 45 plug and the RJ 45 connector Table 10 1 10 100 Mbps RJ 45 Plug and RJ 45 Connector Pin Assignments Table E 2 lists the pin assignments for the 100 1000 Mbps RJ 45 plug and the RJ 45 connector PIN NORMAL ASSIGNMENT ON PORTS 1 TO 8 UPLINK ASSIGNMENT ON PORT 8 1 Input Receive Data Output Transmit Data 2 Input Receive Data Output Transmit Data 3 Output Transmit Data Input Receive Data 6 Out...

Page 260: ...ify your cable installation and ensure it meets or exceeds ANSI EIA TIA 568 A 1995 or ISO IEC 11801 1995 Category 5 specifications Install Category 5e cable where possible including patch panel cables Minimize transition points jacket removal and untwist lengths Bundling of cables must be properly installed to meet the requirements in ANSI EIA TIA 568A 3 PIN CHANNEL DESCRIPTION 1 2 A Rx Tx Data Rx...

Page 261: ...standby path Without spanning tree in place it is possible that both connections may be simultaneously live which could result in an endless loop of traffic on the LAN 802 1P The IEEE protocol designator for Local Area Network LAN This Layer 2 network standard improves support of time critical traffic and limits the extent of high bandwidth multicast traffic within a bridged LAN To do this 802 1P ...

Page 262: ...Resolution Protocol An Internet Protocol that dynamically maps Internet addresses to physical hardware addresses on a LAN Advanced Network Device Layer Software Term for the Device Driver level Aging When an entry for a node is added to the lookup table of a switch it is given a timestamp Each time a packet is received from a node the timestamp is updated The switch has a user configurable timer t...

Page 263: ...linkTM technology also called MDI MDIX eliminates the need to worry about crossover vs straight through Ethernet cables Auto UplinkTM will accommodate either type of cable to make the right connection AVL tree Binary tree having the property that for any node in the tree the difference in height between the left and right subtrees of that node is no more than 1 B BPDU See Bridge Protocol Data Unit...

Page 264: ... a network Broadcast storm Multiple simultaneous broadcasts that typically absorb all the available network bandwidth and can cause a network to fail Broadcast storms can be due to faulty network devices or network loops C Cat 5 Category 5 unshielded twisted pair UTP cabling An Ethernet network operating at 10 Mbits second 10BASE T will often tolerate low quality cables but at 100 Mbits second 10B...

Page 265: ...cy decision point might be a network server controlled directly by the network administrator who enters policy statements about which kinds of traffic voice bulk data video teleconferencing and so forth should get the highest priority The policy enforcement points might be router or layer 3 switches that implement the policy choices as traffic moves through the network Currently COPS is designed f...

Page 266: ... translate to 198 105 232 4 The DNS system is in fact its own network If one DNS server doesn t know how to translate a particular domain name it asks another one and so on until the correct IP address is returned Domain Name A descriptive name for an address or group of addresses on the Internet Domain names are of the form of a registered entity name plus one of a number of predefined top level ...

Page 267: ...formation Filtering The process of screening a packet for certain characteristics such as source address destination address or protocol Filtering is used to determine whether traffic is to be forwarded and can also prevent unauthorized access to a network or network devices Flow Control The process of adjusting the flow of data from one network device to another to ensure that the receiving devic...

Page 268: ...s in the Bridged LAN that support Extended Filtering Services The operation of GMRP relies upon the services provided by the GARP GARP VLAN Registration Protocol GVRP allows workstations to request admission to a particular VLAN for multicast purposes Gateway A local device usually a router that connects hosts on a local network to other networks GE See Gigabit Ethernet on page 8 Generic Attribute...

Page 269: ...ers This American organization was founded in 1963 and sets standards for computers and communications IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area this group is responsible for the development of the SNMP protocol IGMP See Internet Group Management Protocol on page 10 IGMP Snooping A series ...

Page 270: ...l note or a Web page the message gets divided into little chunks called packets Each of these packets contains both the sender s Internet address and the receiver s address Any packet is sent first to a gateway computer that understands a small part of the Internet The gateway computer reads the destination address and forwards the packet to an adjacent gateway that in turn reads the destination a...

Page 271: ...cache of which MAC addresses are attached to each of its ports Link State In routing protocols the declared information about the available interfaces and available neighbors of a router or network The protocol s topological database is formed from the collected link state declarations Load balancing The ability to distribute traffic across various ports of a device such as a switch to provide eff...

Page 272: ...ent Information Base When SNMP devices send SNMP messages to the management console the device managing SNMP messages it stores information in the MIB Mbps Megabits per second MBONE See Multicast Backbone on page 13 MD5 MD5 creates digital signatures using a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest When using a...

Page 273: ...tion an IP Multicast packet is routed based both on the packet s source and its multicast destination commonly referred to as source destination routing As it is routed the multicast packet follows a shortest path to each multicast destination During packet forwarding any commonality of paths is exploited when multiple hosts belong to a single multicast group a multicast packet will be replicated ...

Page 274: ...can be shown as 255 255 255 192 or as 28 appended to the IP address Network Address Translation Sometimes referred to as Transparent Proxying IP Address Overloading or IP Masquerading Involves use of a device called a Network Address Translator which assigns a contrived or logical IP address and port number to each node on an organization s internal network and passes packets using these assigned ...

Page 275: ...tion a block of data and a checksum PDU See Protocol Data Unit on page 16 PHY The OSI Physical Layer The physical layer provides for transmission of cells over a physical medium connecting two ATM devices This physical layer is comprised of two sublayers the Physical Medium Dependent PMD sublayer and the Transmission Convergence TC sublayer PIM DM See Protocol Independent Multicast Dense Mode on p...

Page 276: ...ike an optical probe or an Ethernet repeater Port monitoring The ability to monitor the traffic passing through a port on a device to analyze network characteristics and perform troubleshooting Port speed The speed that a port on a device uses to communicate with another device or the network Port trunking The ability to combine multiple ports on a device to create a single high bandwidth connecti...

Page 277: ...by QoS RSVP is a chief component of a new type of Internet being developed known broadly as an integrated services Internet The general idea is to enhance the Internet to support transmission of real time data RIP See Routing Information Protocol on page 17 router A device that forwards data between networks An IP router forwards data based on IP source and destination addresses Routing Informatio...

Page 278: ...security from SNMPsec SNMPv2c experimental This version of the protocol is called community string based SNMPv2 It is an update of the protocol operations and data types of SNMPv2p and uses community based security from SNMPv1 SNMPv2u experimental This version of the protocol uses the protocol operations and data types of SNMPv2c and security based on users SNMPv2 experimental This version combine...

Page 279: ... on page 1 for more information stub area OSPF area that carries a default route intra area routes and interarea routes but does not carry external routes Virtual links cannot be configured across a stub area and they cannot contain an ASBR Compare with non stub area See also OSPF Cisco Systems Inc Subnet Mask Combined with the IP address the IP Subnet Mask allows a device to know which other addr...

Page 280: ...e device Traffic prioritization Giving time critical data traffic a higher quality of service over other non critical data traffic Trivial File Transfer Protocol TFTP is a simple form of the File Transfer Protocol FTP TFTP uses the User Datagram Protocol UDP a direct protocol used to communicate datagrams over a network with little error recovery and provides no security features It is often used ...

Page 281: ... as the default first hop router by end hosts The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end host VLAN See Virtual Local Area Network on page 20 VRRP See Virtual Router Redundancy Protocol on page 21 W WAN See Wide Area Network on page 21 Web Also known as World Wide Web WWW or...

Page 282: ...g errors It sends blocks of data together with a checksum and then waits for acknowledgment of the block s receipt The waiting slows down the rate of data transmission considerably but it ensures accurate transmission Xmodem can be implemented either in software or in hardware Many modems and almost all communications software packages support Xmodem However it is useful only at relatively slow da...

Reviews:

No comments

Related manuals for 7200 Series

Paradyne Jetstream CPX-1000 Installation Manual preview
Jetstream CPX-1000
Brand: Paradyne Pages: 93
Yamaha Add-On Effects Owner'S Manual preview
Add-On Effects
Brand: Yamaha Pages: 5
Waves Linear-Phase MultiBand Software Audio Processor User Manual preview
Linear-Phase MultiBand Software Audio Processor
Brand: Waves Pages: 27
Adobe 718659340025 - InDesign CS - PC Printing Manual preview
718659340025 - InDesign CS - PC
Brand: Adobe Pages: 122
Minolta DIMAGE VIEWER 2.1 Instruction Manual preview
DIMAGE VIEWER 2.1
Brand: Minolta Pages: 84
Broadcom Bluetooth for Microsoft Windows User Manual preview
Bluetooth for Microsoft Windows
Brand: Broadcom Pages: 30
Spectra Logic Spectra nTier500 User Manual preview
Spectra nTier500
Brand: Spectra Logic Pages: 112
EVGA PC-over-IP Administrative Interface User Manual preview
PC-over-IP Administrative Interface
Brand: EVGA Pages: 108
AirLive AIRTV-1000U User Manual preview
AIRTV-1000U
Brand: AirLive Pages: 19
Elecard Converter Studio User Manual preview
Converter Studio
Brand: Elecard Pages: 76
MACROMEDIA DREAMWEAVER MX 2004-EXTENDING DREAMWEAVER Manual preview
DREAMWEAVER MX 2004-EXTENDING DREAMWEAVER
Brand: MACROMEDIA Pages: 296
MACROMEDIA DREAMWEAVER MX 2004-DREAMWEAVER API Reference preview
DREAMWEAVER MX 2004-DREAMWEAVER API
Brand: MACROMEDIA Pages: 486
Qualcomm pdQ Handbook preview
pdQ
Brand: Qualcomm Pages: 192
Igo IGO - Quick Start Manual preview
IGO -
Brand: Igo Pages: 12
F-SECURE Mobile Security 2010 Manual preview
Mobile Security 2010
Brand: F-SECURE Pages: 20
HP Kayak XA 05xx Installation Manual preview
Kayak XA 05xx
Brand: HP Pages: 23
HP Insight Dynamics 6.2 Getting Started Manual preview
Insight Dynamics 6.2
Brand: HP Pages: 54
HP Kayak XA User Manual preview
Kayak XA
Brand: HP Pages: 148

Brands by name

Popular brands

Load more brands