manualshive.com logo in svg

Planet WGSD-1022, User Manual

Looking for a User Manual for Planet WGSD-1022? Look no further! Download the comprehensive manual for free from our website and unleash the full potential of this exceptional product. Your go-to resource for all the information and instructions you need. Get it now, exclusively at manualshive.com.

Share
Download
background image

User’s Manual of WGSD-1022/WGSD-8000 

 

 

- 162 – 

 

ƒ

 

method1 

[

method2

...]—Specify at least one from the following table: 

Keyword 

Source or destination 

Enable 

Uses the enable password for authentication. 

Line 

Uses the line password for authentication 

None 

Uses no authentication 

Radius 

Uses the list of all radius servers for authentication. Uses username “$enabx$.” Where x 

is the privilege level 

Tacacs 

Uses the list of all  servers for authentication. Uses username “$enabx$.” 

Where x is the privilege level.   

 

Default Configuration 

If the 

default 

list is not set, only the enable password is checked. This has the same effect as the command 

aaa authentication 

enable default enable

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same 

effect as using the command 

aaa authentication enable default enable none

Command Mode 

Global Configuration mode 

User Guidelines 

The default and optional list names created with the 

aaa authentication enable 

command are used with the 

enable 

authentication 

command. 

Create a list by entering the 

aaa authentication enable list-name method 

command where 

list-name 

is any character string 

used to name this list. The 

method 

argument identifies the list of methods that the authentication algorithm tries, in the given 

sequence. 

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the 

authentication succeeds even if all methods return an error, specify 

none 

as the final method in the command line. 

All 

aaa authentication enable default 

requests sent by the router to a RADIUS server include the username 

"$enabx$.", where x is the requested privilege level. 

Example 

The following example sets authentication when accessing higher privilege levels. 

console (config) # 

aaa authentication enable default enable

 

 

 

Summary of Contents for WGSD-1022

Page 1: ...r s Manual of WGSD 1022 WGSD 8000 1 User s Manual WGSD 1022 8 Port 10 100Mbps 2 Port Gigabit TP SFP Combo Managed Ethernet Switch WGSD 8000 8 Port 10 100 1000Mbps with 2 Shared SFP Managed Ethernet Switch ...

Page 2: ... we would appreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequ...

Page 3: ... the SFP transceiver 22 3 CONFIGURATION 24 3 1 Management Access Overview 24 3 1 1 Administration Console 25 3 1 2 Direct Access 25 3 2 Web Management 26 3 3 SNMP Based Network Management 26 3 4 Protocols 26 3 4 1 Virtual Terminal Protocols 26 3 4 2 SNMP Protocol 26 3 4 3 Management Architecture 27 4 Web Configuration 28 4 1 Main Screen 30 4 2 Setup 31 4 2 1 Summary 31 4 2 2 Network Settings 32 4 ...

Page 4: ...ure Sample 71 4 7 Security 75 4 7 1 ACL Binding 75 4 7 2 Radius 76 4 7 3 TACACS 78 4 7 4 802 1x settings 80 4 7 5 Port Security 84 4 7 6 Multiple Hosts 87 4 7 7 Storm control 88 4 8 QoS 89 4 8 1 CoS Settings 89 4 8 2 Queue Setting 90 4 8 3 DSCP Settings 91 4 8 4 Bandwidth 92 4 8 5 Basic Mode 94 4 8 6 Advanced Mode 94 4 9 Spanning Tree 100 4 9 1 STP Status 106 4 9 2 The Global STP 108 4 9 3 STP Por...

Page 5: ...le Test 143 4 12 7 Save Configuration 144 4 12 8 Firmware Upgrade 146 4 12 9 Reboot 147 4 12 10 Factory Defaults 148 4 12 11 Server Logs 149 4 12 12 Memory Logs 150 4 12 13 Flash Logs 151 5 COMMAND STRUCTURE 153 5 1 Connect to PC s RS 232 serial port 153 5 2 Using the CLI 153 5 2 1 CLI Command Modes 153 5 2 2 Starting the CLI 156 5 2 3 Editing Features 157 5 3 AAA Commands 160 5 3 1 aaa authentica...

Page 6: ...ddress table 178 5 4 14 show bridge address table static 179 5 4 15 show bridge address table count 179 5 4 16 show bridge multicast address table 180 5 4 17 show bridge multicast filtering 181 5 4 18 show ports security 182 5 5 Clock Commands 183 5 5 1 clock set 183 5 5 2 clock source 183 5 5 3 clock timezone 184 5 5 4 clock summer time 185 5 5 5 sntp authentication key 186 5 5 6 sntp authenticat...

Page 7: ...tion 212 5 7 17 show interfaces counters 212 5 7 18 show ports jumbo frame 215 5 7 20 port storm control broadcast enable 216 5 7 21 port storm control broadcast rate 216 5 7 22 show ports storm control 217 5 8 GVRP Commands 218 5 8 1 gvrp enable global 218 5 8 2 gvrp enable interface 218 5 8 3 garp timer 219 5 8 4 gvrp vlan creation forbid 220 5 8 5 gvrp registration forbid 221 5 8 7 clear gvrp s...

Page 8: ...imeout 237 5 11 4 show lacp ethernet 238 5 11 5 show lacp port channel 239 5 12 Line Commands 240 5 12 1 line 240 5 12 2 speed 240 5 12 3 exec timeout 241 5 12 4 show line 241 5 13 Management ACL Commands 242 5 13 1 management access list 242 5 13 2 permit management 244 5 13 3 deny management 244 5 13 4 management access class 245 5 13 5 show management access list 246 User Guidelines 246 5 13 6 ...

Page 9: ...qos cos override 266 5 17 12 show qos map 267 5 18 Radius Commands 268 5 18 1 radius server host 268 5 18 2 radius server key 270 5 18 3 radius server retransmit 270 5 18 4 radius server source ip 271 5 18 5 radius server timeout 271 5 18 6 radius server deadtime 272 5 18 7 show radius servers 273 5 19 RMON Commands 274 5 19 1 show rmon statistics 274 5 19 2 rmon collection history 276 5 19 3 show...

Page 10: ...anning tree cost 299 5 21 9 spanning tree port priority 300 5 21 10 spanning tree portfast 300 5 21 11 spanning tree link type 301 5 21 13 spanning tree bpdu 302 5 21 14 clear spanning tree detected protocols 303 5 21 15 show spanning tree 303 5 22 SSH and SLOGIN Commands 305 5 22 1 ip ssh port 305 5 22 2 ip ssh server 306 5 22 3 crypto key generate dsa 307 5 22 4 crypto key generate rsa 307 5 22 ...

Page 11: ...24 10 show logging file 331 5 24 11 show syslog servers 332 5 25 TACACS Commands 333 5 25 1 tacacs server host 333 5 25 2 tacacs server key 334 5 25 3 tacacs server timeout 334 5 25 4 tacacs server source ip 335 5 25 5 show tacacs 336 5 26 User Interface Commands 337 5 26 1 enable 337 5 26 2 disable 338 5 26 3 configure 338 5 26 4 login 339 5 26 5 exit configuration 339 5 26 6 exit EXEC 340 5 26 7...

Page 12: ...internal usage vlan 355 5 27 19 show vlan 356 5 27 20 show vlan internal usage 357 5 27 22 show interfaces switchport 357 5 28 Web Server Commands 359 5 28 1 ip http server 359 5 28 2 ip http port 359 5 28 3 ip https server 360 5 28 4 ip https port 361 5 28 5 crypto certificate generate 361 5 28 6 show ip http 362 5 28 7 show ip https 362 5 29 802 1x Commands 363 5 29 1 aaa authentication dot1x 36...

Page 13: ...4 5 29 15 dot1x auth not req 375 5 29 17 dot1x multiple hosts 376 5 29 18 dot1x single host violation 376 5 29 19 show dot1x advanced 377 TROUBLE SHOOTING 379 APPENDEX A 380 A 1 Switch s RJ 45 Pin Assignments 380 A 2 RJ 45 cable pin assignment 380 A 3 Available Modules 382 ...

Page 14: ... adapter x1 RS 232 console cable x 1 Rubber feet x 4 How to Use This Manual This User Manual is structured as follows Section 2 Installation The section explains the functions of the Switch and how to physically install the Switch Section 3 Configuration The section contains the information about the software function of the Switch Section 4 Web Configuration The section explains how to manage the...

Page 15: ...t CRC filtering eliminates erroneous packets to optimize the network bandwidth 8K MAC address table automatic source address learning and ageing 1Mbit embedded memory for packet buffers Supports IEEE 802 1Q Tagged based VLAN GVRP protocol for VLAN Management Support up to 4 Trunk groups each trunk for up to maximum 4 port with 800Mbps bandwidth Duplex Mode IEEE802 1d IEEE802 1w classic Spanning Tr...

Page 16: ...rdware Specification 10 100Base TX Ports 8 RJ 45 Auto MDI MDI X ports 10 100 1000Base T Ports 2 RJ 45 Auto MDI MDI X ports 8 RJ 45 Auto MDI MDI X ports SFP mini GBIC Slots 2 SFP interfaces Shared with Port 9 and Port 10 2 SFP interfaces Shared with Port 7 and Port 8 Switch Architecture Store and forward Switch Fabric 5 6Gbps Non Blocking 16Gbps Non Blocking Switch Throughput 4 17Mpps Wire Speed 11...

Page 17: ...Bridge MIB RFC 2674 Extended Bridge MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB Standards Conformance Regulation Compliance FCC Part 15 Class A CE Standards Compliance IEEE802 3 10BASE T IEEE802 3u 100BASE TX 100BASE FX IEEE802 3z Gigabit SX LX IEE802 3ab Gigabit 1000T IEEE802 3x Flow Control and Back pressure IEEE802 3ad Port trunk with LACP IEEE802 1d S...

Page 18: ...llocate more bandwidth to key traffics such as voice transmission empowering the enterprise to take full advantages of the limited network resources and guarantee the best performance PLANET WGSD Switch offers comprehensive Access Control List ACL for enforcing security to the edge Its protection mechanisms comprised of port based 802 1x user and device authentication The administrators can now co...

Page 19: ... actively sending or receiving data over that port 100 Orange Lights to indicate the port is running in 100Mbps speed Off indicate that the port is operating at 10Mbps Per 10 100 1000Base T port SFP interfaces LED Color Function LNK ACT Green Lights to indicate the link through that port is successfully established Blink indicate that the switch is actively sending or receiving data over that port...

Page 20: ...ch the rubber feet to the recessed areas on the bottom of the switch Step2 Place the switch on the desktop or the shelf near an AC power source Step3 Keep enough ventilation space between the switch and the surrounding objects Note When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Switch to network devic...

Page 21: ... package Figure 2 5 shows how to attach brackets to one side of the switch Figure 2 5 Attach brackets to the switch Caution You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step3 Secure the brackets tightly Step4 Follow the same steps to attach the second bracket to the opposite side Step5 After the brack...

Page 22: ...owing list of approved PLANET SFP transceivers is correct at the time of publication MGB SX SFP 1000BASE SX SFP transceiver MGB LX SFP 1000BASE LX SFP transceiver Note It recommends using PLANET SFPs on the Switch If you insert a SFP transceiver that is not supported the Switch will not recognize it Before connect the other switches workstation or Media Converter 1 Make sure both side of the SFP t...

Page 23: ... or Media Converters set the Link mode to 1000 Force is needed Remove the transceiver module 1 Make sure there is no network activity by consult or check with the network administrator Or through the management interface of the switch converter if available to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Turn the handle of the MGB MFB module to horizontal 4 Pull out the modu...

Page 24: ...anagement application The administration console and Web browser interface support are embedded in the switch software and are available for immediate use Each of these management methods has their own advantages Table 3 1 compares the three management methods Method Advantages Disadvantages Console No IP address or subnet needed Text based Telnet functionality and HyperTerminal built into Windows...

Page 25: ...3 1 2 Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the switch console serial port When using this management method a null modem cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the follo...

Page 26: ... knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the switch are public 3 4 Protocols The switch supports the following protocols Virtual terminal protocols such as Telnet Simple Network Management Protocol SNMP 3 4 1 Virtual Terminal Protocols A virtual terminal ...

Page 27: ...h a single MAPI configuration parameters set using one method console port for example are immediately displayable by the other management methods for example SNMP agent of Web browser The management architecture of the switch adheres to the IEEE open standard This compliance assures customers that the switch is compatible with and will interoperate with other solutions that adhere to the same ope...

Page 28: ...en 1 and 253 with subnet mask 255 255 255 0 Or you can use the factory default IP address 192 168 1 254 to do the relative configuration on manager PC The sceen in Figure 4 1 appears Figure 4 1 Web Management via ethernet 1 Logging on the switch 1 Use Internet Explorer 5 0 or above Web browser Enter the factory default IP address to access the Web interface The factory default IP Address as follow...

Page 29: ...sername and password the main screen appears as Figure 4 3 Figure 4 3 Web Main Screen of WGSD Switch Now you can use the Web management interface to continue the switch management or manage the switch by console interface Note It is recommended to use Internet Explore 6 0 or above to access WGSD Switch ...

Page 30: ... use the switch s Web browser interface to con figure and manage the switch Figure 4 1 Via the Web Management the administrator can setup the WGSD Switch by select the functions those listed in the Main Function The screen in Figure 4 2 appears Figure 4 2 WGSD Switch Main Funcrions Menu The following functions can be configured here Setup Port Config VLAN Config Statistics ACL Main Functions Menu ...

Page 31: ...ork Settings Time 4 2 1 Summary The summary screen provides Device and System Information about the Switch Figure 4 3 System Summary screen The page contains the following informations Device Information System Name Display your system name IP Address Display the current IP address of the device Subnet Mask Display the subnet mask setting of the device ...

Page 32: ...aintenance number of the hardware Boot Version The version of boot system currently running on the switch Firmware Version The operating system currently running on the switch System Location Display where the Switch is located System Contact Display the administrative contact person System Up Time The time in days hours and minutes since the last switch reboot Current Time Specifies the time and ...

Page 33: ...the system object identifier is in this field Base MAC Address The MAC address of the Switch displays here IP Configuration Management VLAN Where you can select the Management VLAN The default Managemanet VLAN is VLAN 1 IP Address Mode Where select Static or Dynamic IP address configuration The Default Mode is Static Host Name In this field you can enter the DHCP Host Name IP Address Enter the IP ...

Page 34: ...domain names into IP addresses 4 2 3 Time In the Basic Setup Table you can see the Time Setup see figure 4 5 by which you can configure the time settings for the Switch You can select SNTP Servers Server1 for the primary SNTP server and Server2 for the secondary SNTP server Figure 4 5 Time screen The Time page includes the following fields Set Time Use System Time Specifies that the system time is...

Page 35: ...urope in the format DayMonthYear in one field and time in another For example DST begins on the 25th October 2007 5 00 am the two fields will be 25Oct07 and 5 00 The possible field values are Date The date at which DST begins The possible field range is 1 31 Month The month of the year in which DST begins The possible field range is Jan Dec Year The year in which the configured DST begins Time The...

Page 36: ...5 30 SNTP Server Server1 Enter a user defined SNTP server IP addresses or hostname Up to twot SNTP servers can be defined The primary server provides SNTP information Server2 The backup server provides SNTP information Poll Interval 60 86400 sec Defines the interval in seconds at which the SNTP server is polled for Unicast information The factory default value is 1024 Note The device supports the ...

Page 37: ...button there is no active connection or the port has been taken offline by an Admiinistrator when you choose the Down button Speed Shows the connection speed of the port and the speed can be configured only when auto negotiation is disabled on that port Duplex The port duplex mode Full transmission occurs in both directions simultaneously or Half transmission occurs in only one direction at a time...

Page 38: ... traffic to an uplink when a port is a Private VLAN Edge PVE port Uplinks can be ports or LAGs Detail It will open the port configuration detail screen Click the Detail button for more detail port configuration Port Configuration Detail screen see figure 4 7 Figure 4 7 Per Port Configuration detail screen The Port Configuration screen contains the following fields Port Indicates the number of the ...

Page 39: ...ertised by the port Multiple options may be selected or Max Capability can be selected to cover all of the options The available options are Max Capability which indicates that the port speeds and duplex mode settings can be accepted 10 Half indicates that the port is advertising a 10Mbps half duplex mode setting 10 Full indicates that the port is advertising a 10Mbps full duplex mode setting 100 ...

Page 40: ...t bypasses the Forwarding Database and forwards all unicast multicast and broadcast traffic to an uplink Uplinks can be ports or LAGs Click the Save Settings button to save your changes 4 3 2 Link Aggregation When you enter the Link Aggregation you can see these parts see figure 4 8 such as LAG shows whether the port is part of a LAG Figure 4 8 Link Aggregation screen The Link Aggregation page con...

Page 41: ...de Full transmission occurs in both directions simultaneously or Half transmission occurs in only one direction at a time This mode can be configured only when auto negotiation is disabled and port speed is set to 10Mbps or 100Mbps Flow control Shows the flow control status of the port It is active when the port uses Full Duplex Mode LAG Mode Shows the current mode of the LAG interface Click the D...

Page 42: ...y established on the relevant links by enabling Link Aggregation Control Protocol LACP Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed set to full duplex operation The LACP screen contains fields for configuring LACP LAG s see figure 4 9 ...

Page 43: ...A channel will only be formed between ports having the same admin key in other words this only applies to ports located on the same switch 4 4 VLAN Configuration A Virtual LAN VLAN is a logical network grouping that limits the broadcast domain It allows you to isolate network traffic so only members of the VLAN receive traffic from the same VLAN members Basically creating a VLAN from a switch is l...

Page 44: ... recognize VLAN tags in packet headers The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in pack...

Page 45: ...e VLAN Range Indicates a range of VLANs configured To add the defined range of VLAN ID numbers press the Add Range button VLAN Table The VLAN Table displays a list of all configured VLANs include the VLAN ID VLAN Name Status To remove a VLAN click the Remove button 4 4 2 Port setting In this port setting screen refer to figure 4 11 the parameters managing ports that are part of a VLAN will be prov...

Page 46: ... 4094 VLAN 4095 is defined as per standard and industry practice as the discard VLAN Packets classified to the Discard VLAN are dropped Ingress Filtering Enables or disables Ingress filtering on the port Ingress filtering discards packets which do not include an ingress port LAG Indicates the LAG to which the VLAN is defined Port Mode VLAN Membership Frame Leave Access Belongs to a single untagged...

Page 47: ...ne port that can be untagged General Which indicates the port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Tagged Defines the interface as a tagged member of a VLAN All packets forwarded by the interface are tagged The packets contain VLAN information Untagged Packets forwarded by the interface are untagged Forbidden Forbidden ports are not included in the ...

Page 48: ...ccess mode the packet types which are accepted on the port cannot be designated Ingress filtering cannot be enabled disabled on an access port Trunk Which indicates these ports belong to VLANs in which all ports are tagged except for one port that can be untagged Join VLAN Defines the VLANs to which the interface is joined VLANs Displays the PVID tag LAG Indicates whether the port is a member of a...

Page 49: ...ows VLAN aware bridges to automatically learn VLANs to bridge ports mapping without having to individually configure each bridge and register VLAN membership The Global System LAG information displays the same field information as the ports but represent the LAG GVRP information The GVRP screen refer to 4 15 is divided into two areas GVRP and GVRP Table The field definitions for both areas are the...

Page 50: ...which GVRP is enabled LAG indicates the LAG number on which GVRP is enabled GVRP State When the checkbox is checked GVRP is enabled on the interface Dynamic VLAN Creation When the checkbox is checked Dynamic VLAN creation is enabled on the interface GVRP Registration When the checkbox is checked VLAN registration through GVRP is enabled on the device Update The Update button adds the configured GV...

Page 51: ...stics are displayed The possible field values are Port defines the specific port for which RMON statistics are displayed LAG defines the specific LAG for which RMON statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are No Refresh indicates that the RMON statistics are not refreshed 15 Sec which indic...

Page 52: ...ed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed Fragments Indicates the number of fragments packets with less than 64 octets excluding framing bits but including FCS ...

Page 53: ...rface Displays the interface from which the history samples were taken The possible field values are Port specifies the port from which the RMON information was taken LAG specifies the port from which the RMON information was taken Sampling Interval Indicates in seconds the time that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Sampli...

Page 54: ...Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets received on the interface since the device was last refreshed including bad packets Multicast and Broadcast packets Broadcast Packets Displays the number of good Br...

Page 55: ...ince the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms 4 5 3 ...

Page 56: ...icates there is not a saving mechanism for either the device or in the management system If the device is not reset the entry remains in the Log Table TRAP indicates that an SNMP trap is generated and sent via the Trap mechanism The Trap can also be saved using the Trap mechanism Both indicates that both the Log and Trap mechanism are used to report alarms Falling Threshold Displays the falling co...

Page 57: ...ual of WGSD 1022 WGSD 8000 57 Interval Defines the alarm interval time in seconds Owner Dhere displays the device or user that defined the alarm Use the Add to List button when you add the RMON Alarms Table entry ...

Page 58: ... the user defined event description Type Describes the event type Possible values are None where indicates that no event occurred Log indicates that the event is a log entry Trap indicates that the event is a trap Log and Trap indicates that the event is both a log entry and a trap Owner Where displays the device or user that defined the event Use the Add to List button when you add the configured...

Page 59: ...re displays the time that the event occurred Press the RMON Event Log button to display the log store in the flash Only the Event type is Log or Log and Trap then the entries appear The screen in Figure 4 21 appears Figure 4 21 RMON Event Log Screen ...

Page 60: ...network traffic Figure 4 22 Port Utilization screen The page includes the following fields Refresh Rate Indicates the amount of time that passes before the port utilization statistics are refreshed The possible field values are No Refresh indicates that the statistics are not refreshed 15 Sec indicates that the statistics are refreshed every 15 seconds 30 Sec indicates that the statistics are refr...

Page 61: ... passes before the EAP statistics are refreshed The possible field values are No Refresh indicates that the EAP statistics are not refreshed 15 Sec which indicates that the EAP statistics are refreshed every 15 seconds 30 Sec which indicates that the EAP statistics are refreshed every 30 seconds 60 Sec which indicates that the EAP statistics are refreshed every 60 seconds Name Displays the measure...

Page 62: ... displayed LAG indicates LAG statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are No Refresh indicates that the GVRP statistics are not refreshed 15 Sec which indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec which indicates that the GVRP statistics are refreshed every 30 seconds...

Page 63: ...r Statistics Table contains the following fields Invalid Protocol ID Where displays the device GVRP Invalid Protocol ID statistics Invalid Attribute Type Where displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length where displays the device GVRP Invalid Attribute Length statistics Invalid...

Page 64: ...tbound traffic Rules for the ACL are specified created using the ACL Rule Configuration menu 4 6 1 IP Based ACL The IP Based ACL Access Control List screen see figure 4 25 contains information for defining IP Based ACLs Figure 4 25 IP Base ACL screen The Page contains the following fields ACL Name Displays the user defined IP based ACLs New ACL Name Defines a new user defined IP based ACL Delete A...

Page 65: ...nagement Protocol IGMP is used to classify network flows TCP which indicates that the Transmission Control Protocol is used to classify network flows OSPF by which matches the packet to the Open Shortest Path First OSPF protocol UDP which indicates that the User Datagram Protocol is used to classify network flows Protocol ID to Match adds user defined protocols to which packets are matched to the ...

Page 66: ...36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard Mask Defines the destination IP address wildcard mask Match DSCP Matches the packet DSCP value to the ACE Either the DSCP value or the IP Precedence v...

Page 67: ...e IP Address Any Destination IP Address Class C 172 16 0 0 255 255 255 0 Applied Interface Interface g1 Device Connection and Configuration Stream Target ID Source Address Destination Address Protocol Any 3 Any 172 16 0 0 255 255 255 0 Any The procedure as following Create Deny ACL and add to list 1 DENY Rule Choose New ACL Name then key in Deny IP Destination A Choose Action Deny The ACL Name can...

Page 68: ... show at the table Create Permit ACL and add to list 5 Permit Rule Within the same ACL Deny IP Destination A choose Action Permit 6 Permit Rule Keep the Source IP Address and Wild Card Mask be blanked 7 Permit Rule Keep the Destination IP Address and Wild Card Mask be blanked 8 After click Add to List button the entry would be show at the table 9 Rember to click the Save Config button ...

Page 69: ...L to specify interface 10 Select Security ACL Binding in the Menu bar 11 Choose Port g1 at the Interface 12 Choose IP Based ACL select ACL name with Deny Source A that we had been created at step 1 Click Add to List button the entry would be show at the table ...

Page 70: ...0 70 4 6 3 MAC Based ACL The MAC Based ACL screen see figure 4 27 allows a MAC based ACL to be defined ACLs can be added only if the ACL is not bound to an interface Figure 4 26 MAC Base ACL screen The Page contains the following fields ...

Page 71: ... 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example if the source IP address 149 36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Dest MAC Address Where matches the destination MAC address to which packets are addressed to the ACE Wildca...

Page 72: ... 4F 1D 9F DE Applied Interface Interface g2 Device Connection and Configuration Setting procedure from WGSD Switch Web interface Create Deny MAC ACL and add to list 1 Please enter into Web interface and choose ACL function 2 Then choose MAC based ACL function 3 Please input a new ACL name for example Deny MAC A 4 To defined Permit Deny or Shutdown from Action item 5 Deny Rule Input Source MAC Addr...

Page 73: ...ts be forwarded 9 Permit Rule Within the same ACL Deny MAC A choose Action Permit 10 Permit Rule Keep the Source MAC Address and Wild Card Mask be blanked 11 Permit Rule Keep the Destination MAC Address and Wild Card Mask be blanked 12 After click Add to List button the entry would be show at the table ...

Page 74: ...ecurity ACL Binding in the Menu bar 15 Choose Port g2 from Interface item 16 Choose MAC Based ACL select ACL name with Deny MAC A that we had been created at step 1 Click Add to List button the entry would be show at the table 17 Please press Save Config to save current setting Note If action shutdown is selected the port will be force disabled ...

Page 75: ...es that have been defined are applied to the selected interface Whenever an ACL is assigned on a port LAG or VLAN flows from that ingress interface that do not match the ACL are matched to the default rule which is Drop unmatched packets You can refer to figure 4 27 Figure 4 27 ACL Binding screen The Page contains the following fields Interface Indicates the interface to which the ACL is bound The...

Page 76: ...ty Displays the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port default is 1812 Number of Retries Defines the number of transmitted requests sent t...

Page 77: ...he RADIUS encryption Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login indicates that the RADIUS server is used for authenticating user name and passwords 802 1X indicates that the RADIUS server is used for 802 1X authentication ...

Page 78: ...ing fields Host IP Address Indicates the TACACS Server IP address Priority Displays the order in which the TACACS servers are used The default is 0 Source IP Address By which displays the device source IP address used for the TACACS session between the device and the TACACS server Key String This defines the authentication and encryption key for TACACS server The key must match the encryption key ...

Page 79: ...ce and the TACACS server Not Connected there is not currently a connection between the device and the TACACS server Single Connection Maintains a single open connection between the device and the TACACS server when selected the Add to List button to add the TACACS configuration to the TACACS table at the bottom of the screen ...

Page 80: ... the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification z Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is author...

Page 81: ...est its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which ...

Page 82: ...ent initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authori...

Page 83: ...age contains the following fields Enable 802 1x Place a checkmark in the check box to enable 802 1x authentication Port Indicates the port name Status Port Control This specifies the port authorization state The possible field values are as follows Force Authorized the controlled port state is set to Force Authorized forward traffic Force Unauthorized the controlled port state is set to Force Unau...

Page 84: ...are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Which specifies the number of seconds that lapses before the switch resends a request to the authentication server Range 1 65535 The field default is 30 seconds 4 7 5 Port Security Work security screen see figure 4 32 can be increased by limiting access on a specific port only to users with specific MAC addre...

Page 85: ...the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field The possible field values are Classic Lock by which locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock which locks the port by deleting the current dynamic MAC addresses...

Page 86: ...hout learning the MAC address Discard Disable which discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset Enable Trap This enables traps when a packet is received on a locked port Trap Frequency Which the amount of time in seconds between traps The default value is 10 seconds Note In order to change the Learning...

Page 87: ...use port lock security on the selected port Action on Violation This defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Discard which discards the packets This is the default value Forward by which forwards the packet Discard Disable discards the packets and shuts down the port The p...

Page 88: ...ling and configuring Storm Control The screen in Figure 4 34 appears Figure 4 34 Storm Control screen The Page contains the following fields Port Displays the port number for which storm control is enabled Broadcast Control This indicates whether broadcast packet types are forwarded on the specific interface Mode By which specifies the Broadcast mode currently enabled on the device The possible fi...

Page 89: ...in the following CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 802 1p service that classifies flows according to their Layer 2 priority as set in the VLAN header QoS refers to Layer 2 traffic and above QoS handles per flow settings even within a...

Page 90: ...s mapped Four traffic priority queues are supported The Restore Defaults button restores the device factory defaults for mapping CoS values to a forwarding queue CoS Default The Table contains the following fields Interface Interface to which the CoS configuration applies Default CoS Determines the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values...

Page 91: ... for the selected queue is based strictly on the WRR Queue Shows the queue for which the queue settings are displayed The possible field range is 1 4 WRR Weight Which displays the WRR weights to queues Default Rate 1 2 4 8 of WRR Bandwidth Displays the amount of bandwidth assigned to the queue These values are fixed and are not user defined 6 67 13 33 26 67 53 33 4 8 3 DSCP Settings The DSCP Setti...

Page 92: ...alue in the incoming packet Queue Maps the DSCP value to the selected queue 4 8 4 Bandwidth The Bandwidth screen refer to figure 4 38 allows network managers to define the bandwidth settings for a specified egress interface Modifying queue scheduling affects the queue settings globally The Bandwidth screen is not used with the Service mode as bandwidth settings are based on services ...

Page 93: ...formation is displayed The possible field values are Port indicates the port for which the bandwidth settings are displayed LAG indicates the LAG for which the bandwidth settings are displayed Ingress Rate Limit Status which indicates if rate limiting is defined on the interface Rate Limit 62 1000000 Kbps Defines the amount of bandwidth assigned to the interface The possible field values are 62 10...

Page 94: ...t Mode determines the queue to which the packet is assigned Possible values are CoS which sets trust mode to CoS on the device and the CoS mapping determined the packet queue DSCP sets trust mode to the DSCP on the device The DSCP mapping determines the packet queue 4 8 6 Advanced Mode Advanced QoS mode see figure 4 40 provides rules for specifying flow classification and assigning rule actions th...

Page 95: ...can be attached to a port In advanced QoS mode ACLs can be applied directly to an interface in the Security ACL Binding However a policy and ACL cannot be simultaneously applied to an interface After assigning packets to a specific queue services such as configuring output queues for the scheduling scheme or configuring output shaping for burst size CIR or CBS per interface or per queue can be app...

Page 96: ...contains the following fields DSCP In This displays the DSCP In value The value is form 0 63 DSCP Out This displays the current DSCP out value A new value can be selected from the pull down menu The Policy Settings button opens the Policy Name screen see figure 4 42 Figure 4 42 Policy Settings screen ...

Page 97: ...g fields Policy Name defines a new Policy name Add to List this button will add the policy to the Policy Name table Select Policy which selects an existing Policy by name New Policy Name which defines a new Policy name Class Map where selects an existing Class Map by name ...

Page 98: ... values are IP Based ACLs matches packets to IP based ACLs first then matches packets to MAC based ACLs MAC Based ACLs matches packets to MAC based ACLs first then matches packets to IP based ACLs IP ACL Matches packets to IP based ACLs first and then matches packets to MAC based ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are...

Page 99: ... Information Rate CIR This defines the CIR in bits per second This field is only relevant when the Police value is Single Ingress Committed Burst Size CBS This defines the CBS in bytes per second This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values ...

Page 100: ... a single switch in user specified groups Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used The unique switch identifier The path cost to the root associated w...

Page 101: ...g to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Eac...

Page 102: ...tch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels Note On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and t...

Page 103: ...evaluate paths STP calculates path costs and selects the path with the minimum cost as the active path 19 100Mbps Fast Ethernet ports 4 1000Mbps Gigabit Ethernet ports Default Spanning Tree Configuration Feature Default Value Enable state STP enabled for all ports Port priority 128 Port cost 19 Bridge Priority 32 768 User Changeable STA Parameters The Switch s factory default setting should cover ...

Page 104: ... will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in Figure 5 7 In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast...

Page 105: ...2 LAN 3 Designated Port Root Port Root Port Designated Port Blocked After Applying the STA Rules The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 4 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link bet...

Page 106: ...forwarding loops Multiple STP which provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition Multiple STP transmits packets assigned to different VLANs through different MST regions MST regions act as a single bridge 4 9 1 STP Status The STP Status screen see figure 4 45 describes the STP status on the device Figure 4 45 STP Status screen The page ...

Page 107: ...figuration messages The default is 2 seconds The range is 1 to 10 seconds Root Forward delay sec This indicates the device forward delay time The Forward Delay Time indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The default is 15 seconds The range is 4 to 30 seconds Topology Changes Counts which indicates the total amount of STP...

Page 108: ...ere enables Multiple STP on the device BPDU Handling This determines how BPDU packets are managed when STP is disabled on the port device BPDUs are used to transmit spanning tree information The possible field values are Filtering where filters BPDU packets when spanning tree is disabled on an interface This is the default value Flooding where floods BPDU packets when spanning tree is disabled on ...

Page 109: ... is 1 to 10 seconds Max Age Where specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds a bridge waits before sending configuration messages The default max age is 20 seconds The range is 6 to 40 seconds Forward Delay This specifies the device forward delay time The Forward Delay Time indicates the amount of time in seconds a bridge remains in a listeni...

Page 110: ...mode The port cannot forward traffic however it can learn new MAC addresses Forwarding the port that can forward traffic and learn new MAC addresses Speed Indicates the speed at which the port is operating Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Value Rage 1 200000...

Page 111: ...reen 4 9 4 RSTP Port settings While the classic spanning tree prevents Layer 2 forwarding loops in a general network topology convergence can take between 30 60 seconds This time may delay detecting possible loops and propagating status topology changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops refer ...

Page 112: ...a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled which indicates the port is not participating in the Spanning Tree Mode Where indicates the current Spanning Tree mode The Spanning Tree mode is selected in the Global STP screen The possible field values are Classic STP which indicates that Classic STP is enabled o...

Page 113: ...inating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link or until some external event occurs This is the actua...

Page 114: ...e Master instance The IST Master is the specified instance roo 4 9 6 MSTP Instance Settings MSTP opreation maps VLANs into STP instances see figure 4 51 Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Trees Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted In configuring MST the MST region ...

Page 115: ...N Where maps the selected VLAN to the selected instance Each VLAN belongs to one instance Instance Settings Bridge Priority Specifies the selected spanning tree instance device priority The field range is 0 61440 Designated Root Bridge ID which indicates the ID of the bridge with the lowest path cost to the instance ID Root Port Where indicates the selected instance s root port Root Path Cost Indi...

Page 116: ...ndicates whether the port is enabled for the specific instance Type indicates if the port is a point to point port or a port connected to a hub The possible field values are Boundary Port attaches MST bridges to LAN in an outlying region If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port where provides connec...

Page 117: ... The range should always be 1200 000 000 Designated Bridge ID Where indicates that the bridge ID number that connects the link or shared LAN to the root Designated Port ID By which indicates that the Port ID number on the designated bridge that connects the link or the shared LAN to the root Designated Cost Indicates that the default path cost is assigned according to the method selected on the Sp...

Page 118: ... join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes...

Page 119: ...To turn on the IGMP Snooping select Enable of the IGMP Snooping Status field and click on the OK button to save 4 3 3 1 IGMP Configuration The switch support IP multicast you can enable IGMP protocol on web management s switch setting advanced page then display the IGMP snooping information in this page you can view difference multicast group VID and member port in here IP multicast addresses rang...

Page 120: ...arded to the CPU The CPU analyzes the incoming packets and determines which ports want to join which Multicast groups which ports have Multicast routers generating IGMP queries which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation...

Page 121: ...GMP group and not receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an immediate leave value The default timeout is 10 seconds Note IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled 4 10 2 Bridge Multicast The Bridge Mul...

Page 122: ...lays Interface that can be added to a Multicast service The configuration options are as follows Static indicates the port is user defined Dynamic indicates the port is configured dynamically Forbidden forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group None displays the port is not configured for Multicast service LAG Displays L...

Page 123: ...s fields 2 Check and click a port to Static to join the port to the selected Multicast group 3 Click Add to List button 4 Click the Save Config to apply the sttings 5 Select the VLAN ID to check if the entries be added The port is assigned to the Multicast group and the device is updated Assigning LAGs to Receive Multicast Service 1 Define the VLAN ID and the Bridge Multicast Address fields 2 Chec...

Page 124: ...s are displayed This identifies a VLAN to be configured to a Multicast service Interface Displays Interface that can be added to a Multicast service The configuration options are as follows Static indicates the port is user defined Dynamic indicates the port is configured dynamically Forbidden forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a ...

Page 125: ...r defining SNMP notification parameters Figure 4 59 SNMP Global Parameter The Global Parameter Screen contains the following fields SNMPV3 Local Engine ID Indicates the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings consists of two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined before SNM...

Page 126: ...tates that SNMP Group A has Read Only R O access to Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID refer to figure 4 60 Figure 4 60 SNMP View screen The page contains the following fields View Name Indicates the user defined views The options are as follows Default which displays the default SNMP view fo...

Page 127: ...ded Insert Enables a Subtree not included in the Select from List field to be entered View Type This indicates if the defined OID branch will be included or excluded in the selected SNMP view Use the button when you want to add the Views configuration to the Views Table at the bottom of the screen ...

Page 128: ...the SNMP version attached to the group The possible field values are SNMPv1 defined for the group SNMPv2 defined for the group SNMPv3 defined for the group Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are No Authentication which indicates that neither the Authentication nor the Privacy security levels are assigned to...

Page 129: ...which provides a user defined local user list Engine ID Indicates either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database Local Indicates that the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive ...

Page 130: ...AC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined If both privacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon Privacy Key Defines the Priva...

Page 131: ... management station IP addresses Community String Defines the password used to authenticate the management station to the device Basic which enables SNMP Basic mode for a selected community and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only which indicates management access is restricted to read only and changes cannot b...

Page 132: ... screen The page contains the following fields Management Station Displays the management station IP address for which the basic SNMP community is defined Community String Displays the password used to authenticate the management station to the device Access Mode Where displays the access rights of the community View Name Displays the user defined SNMP view Advanced Table Management Station Displa...

Page 133: ...ter screen The page contains the following fields Filter Name This contains a list of user defined notification filters New Filter Name Add a new user defined notification filter name New Object Identifier Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from...

Page 134: ...ps are sent to specific users and the trap type sent Figure 4 66 Notification Recipient The page contains the following fields Recipient IP Which indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Traps indicates traps are sent Informs indicates informs are sent SNMP v1 2 Enables SNMP v1 2 as the Notification Recipient ...

Page 135: ...No Authentication Indicates the packet is neither authenticated nor encrypted Authentication which indicates the packet is authenticated Privacy which indicates the packet is both authenticated and encrypted UDP Port Displays the UDP port used to send notifications The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the am...

Page 136: ...User s Manual of WGSD 1022 WGSD 8000 136 ...

Page 137: ...atic Address Dynamic Address Logging Port Mirroting Cable Test Storm Control Save Configuration Firmware Uograde Server Logs Memory Logs Flash Logs 4 12 1 User Authentication The User Authentication screen see figure 4 68 is used to modify user passwords Figure 4 68 User Authentication screen The page contains the following fields Authentication Type Defines the user authentication methods Also yo...

Page 138: ...firm Password This confirms the new password The password entered into this field must be exactly the same as the password entered in the Password field Use the button when you want to add the user configuration to the Local User s Table 4 12 2 Static Address A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and cannot be m...

Page 139: ...he MAC address for which the table is queried VLAN ID which specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by VLAN Address Interface Use the button to apply the static MAC address settings 4 12 3 Dynamic Address The Dynamic Address Table contains the MAC addresses learn...

Page 140: ... Dynamic MAC Address table before it times out if no traffic from the source is detected The default value is 300 seconds Clear Table If checked clears the MAC address table Query Port Specifies the interface for which the table is queried There are two interface types from which to select Port displays the specific port number LAG displays the specific LAG number MAC Address Specifies the MAC add...

Page 141: ...clude a message mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event logging The page contains the following fields Logging Indicates if device global logs for Cache File and Server Logs are enabled Console logs are ...

Page 142: ...User s Manual of WGSD 1022 WGSD 8000 142 Informational Provides device information Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support ...

Page 143: ...oring screen The page contains the following fields Source Port Defines the port to which traffic is mirrored Type Indicates the port mode configuration for port mirroring The possible field values are RxOnly defines the port mirroring on receiving ports This is the default value TxOnly defines the port mirroring on transmitting ports Both which defines the port mirroring on both receiving and tra...

Page 144: ...connected on only one side Short Cable indicates that a short has occurred in the cable Cable Fault Distance This is the distance from the port at which the cable error occurred Last Update This is the last time the port was tested Cable Length This is the approximate length of the cable The Cable Length test can be performed only when the port is up and operating at 1Gbps 4 12 7 Save Configuratio...

Page 145: ...s that contains the source file to upgrade from Source File Specifies the name of the upgrade file on the TFTP Server Destination File Where specifies the name of the configuration file The default is StartupCfg Via HTTP This HTTP Firmware Upgrade screen is used for saving configuration information using your Web browser See figure 4 75 Figure 4 75 Save Configuration via HTTP Upgrade Select this o...

Page 146: ... the following fields See figure 4 76 Figure 4 76 Firmware Upgrade via TFTP The page contains the following fields Via TFTP Via TFTP Defines the upgrade through a TFTP Server File Type Select file type to be upgraded through a TFTP Server The possible field values are Software Image Boot Code TFTP Server The TFTP Server IP Address that contains the source file to upgrade from Source File Specifies...

Page 147: ...loaded Use the Proceed button to upgrade the firmware via TFTP or HHTP that be selected 4 12 9 Reboot The Reboot screen see figure 4 78 resets the device whose configuration is automatically saved before the device is rebooted Figure 4 78 Reboot screen Note There is a known issue Sometimes after the Reboot button be pressed it costs lot time to stop the curent tasks So it might be rebooted after m...

Page 148: ... reset the device to the factory defaults settings but if you restore factory defaults results in erasing the configuration file Although restoring the factory defaults will erase your configuration you can save a backup of your current configuration settings from the Admin Save Configuration screen Figure 4 79 Factory Default screen ...

Page 149: ...ch event logging device The following table contains the Log Severity Levels Severity Type Severity Level Description Example Emergency 0 The system is not functioning Memories overflow Alert 1 The system needs immediate attention Main system memory pool overflow Critical 2 The system is in a critical state Cannot bind to SNMP Error 3 A system error has occurred Failed to delete entry Warning 4 A ...

Page 150: ...utilize the same facility on a server The possible field values are Local 0 Local 7 The field default is Local 7 Description Where provides a user defined server description Minimum Severity Indicates the Minimum severity from which logs are sent to the server For example if Notice is selected all logs from a Notice severity and higher are sent to the remote server If you want to add the Server Lo...

Page 151: ...owing fields Log Index The log number in the Log File Table Log Time Specifies the time at which the log was entered in the Log File Table Severity Specifies the log severity Description The log message text 4 12 13 Flash Logs The Flash Log screen see figure 4 82 contains information about log entries saved to the Log File in FLASH the time that the log generated the log severity and description o...

Page 152: ...User s Manual of WGSD 1022 WGSD 8000 152 Figure 4 82 Flash Logs screen ...

Page 153: ...s When you are ready to configure the smart functions of the Switch make sure you had connected the supplied RS 232 serial cable to the RS 232 port at the front panel of your WGSW 24010 Switch and your PC 5 1 Connect to PC s RS 232 serial port Hyper Terminal In Windows 98 2000 XP launch HyperTerminal create a new connection and adjust settings as below Baud per second 38400 Data bits 8 Parity None...

Page 154: ...e Configuration mode The Global Configuration mode manages the device configuration on a global level For specific interface configurations enter the next level the Interface Configuration Mode The Interface Configuration mode configures specific interfaces in the device User EXEC Mode After logging into the device the user is automatically in user EXEC command mode unless the user is defined as a...

Page 155: ...mands apply to features that affect the system as a whole rather than just a specific interface The Privileged EXEC mode command configure is used to enter the Global Configuration mode The Global Configuration mode commands perform the following At the Privileged EXEC mode prompt enter the command configure and press Enter The Global Configuration mode prompt is displayed The Global Configuration...

Page 156: ...hernet interface mode and are used to manage the member ports as a single entity The Global Configuration mode command interface port channel is used to enter the port channel Interface Configuration mode SSH Public Key chain Contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key chain...

Page 157: ...tering commands the Giga ports are referred to with a prefix g and the 10 100 Mbps ports are referred to with a prefix e The ports are preceded by the unit number The unit number for a standalone device is 1 To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter console config username admin passwo...

Page 158: ...tored in the buffer The standard number of 10 commands can be increased to 256 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for configuring the command history buffer see history size To display the history buffer see show history Negating the Effect of Commands For many configuration commands the prefix keyword no can ente...

Page 159: ...equence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to the Privileged EXEC mode from all modes Backspace key Moves the cursor back one space CLI Command Conventions When entering commands there are certain command entry standards which apply to all commands ...

Page 160: ...automatically defaults to all 5 3 AAA Commands 5 3 1 aaa authentication login The aaa authentication login global configuration command defines login authentication To return to the default configuration use the no form of this command Syntax aaa authentication login default list name method1 method2 no aaa authentication login default list name Default Uses the listed authentication methods that ...

Page 161: ...e list of methods that the authentication algorithm tries in the given sequence The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures authentication login console config ...

Page 162: ...ation enable default enable none Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command Create a list by entering the aaa authentication enable list name method command where list name is any character string used to name this list The method argument identifies th...

Page 163: ...gin authentication from default to another value may disconnect the telnet session Example The following example specifies the default authentication method for a remote Telnet or console console config line cnsole console config line login authentication default 5 3 4 enable authentication The enable authentication line configuration command specifies the authentication method list when accessing...

Page 164: ...ication method1 method2 no ip http authentication method1 method2 Specify at least one from the following table Keyword Source or destination local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is...

Page 165: ... local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is checked This has the same effect as the command ip https authentication local Command Mode Global Configuration mode User Guidelines The additional methods...

Page 166: ...displays the authentication configuration console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Line Login Method List Enable Method List Console Console_Login Console_Enable Telnet Default Default SSH Default Default HTTP Radius local HTTPS Radius l...

Page 167: ...ol access to normal and privilege levels To remove the password requirement use the no form of this command Syntax enable password level level password encrypted no enable password level level password Password for this level from 1 to 159 characters in length level level Level for which the password applies If not specified the level is 15 Range 1 15 encrypted Encrypted password entered copied fr...

Page 168: ... copied from another device configuration Default Configuration The default privilege level is 1 Command Mode Global Configuration mode User Guidelines Up to 30 users can be defined on the device Example The following example configures user bob with the password lee and user level 15 to the system console config username bob password lee level 15 5 3 11 show users accounts The show users accounts...

Page 169: ...ddress mac address ethernet interface port channel port channel number permanent delete onreset delete on timeout secure no bridge address mac address mac address A valid MAC address Interface A valid Ethernet port port channel number A valid port channel number permanent The address can only deleted by the no bridge address command delete on reset The address is deleted after reset delete on time...

Page 170: ...ulticast filtering Default Configuration Disabled All multicast addresses are flooded to all ports of the relevant VLAN Command Mode Global Configuration mode User Guidelines If multicast routers exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all multicast packets to the multicast routers Example In this example bridg...

Page 171: ...ration No multicast addresses are defined Command Mode Interface configuration VLAN mode User Guidelines If the command is executed without add or remove the command only registers the group in the bridge database Static multicast addresses can only be defined on static VLANs Examples The following example registers the MAC address console config interface vlan 8 console config if bridge multicast...

Page 172: ...on port g9 within VLAN 8 console config interface vlan 8 console config if bridge multicast address 0100 5e02 0203 console config if bridge multicast forbidden address 0100 5e02 0203 add ethernet e9 3 4 5 bridge multicast forward unregistered The bridge multicast forward unregistered interface configuration command enables forwarding unregistered multicast addresses Use the no form of this command...

Page 173: ...cast addresses port Use the no form of this command to return to default Syntax bridge multicast forbidden forward unregistered add remove ethernet interface list port channel portchannel number list no bridge multicast forbidden forward unregistered add Forbid forwarding unregistered multicast packets remove Don t forbid forwarding unregistered multicast packets interface list Separate nonconsecu...

Page 174: ...rom the group interface list Separate non consecutive valid Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate non consecutive valid port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration Disable forward all on all ports Command Mode Interface Configuration VLAN mo...

Page 175: ...or example forwarding to the port is not forbidden Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers multicast router ports When a multicast router port is discovered all the multicast packets are forwarded to it unconditionally This command prevents a port to be a multicast router port Example In this example forwarding all multicast packets to e6 ...

Page 176: ...s command has no keywords or arguments Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the bridge tables are cleared console clear bridge 5 4 11 port security The port security interface configuration command locks the port By locking the port new addresses are no...

Page 177: ...very 100 seconds on port e18 console config interface ethernet e18 console config if port security forward trap 100 5 4 12 port security routed secure address The port security routed secure address interface configuration command adds MAC layer secure addresses to a routed port Use the no form of this command to delete the MAC addresses Syntax port security routed secure address mac address no po...

Page 178: ...le vlan vlan ethernet interface port channel port channel number vlan Specific valid VLAN such as VLAN 1 Interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the b...

Page 179: ...command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all static entries in the bridge forwarding database are displayed console show bridge address table static Aging time is 300 sec vlan mac address port type 1 0060 704C 73FF e8 permanent 1 0060 708C 73FF e8 delete on timeout 200 0010 0D48 37FF...

Page 180: ...address table The show bridge multicast address table privileged EXEC command displays multicast MAC address table information Syntax show bridge multicast address table vlan vlan id address mac multicast address ip multicast address format ip mac vlan_id A VLAN ID value mac multicast address A MAC multicast address ip multicast address An IP multicast address format Multicast address format Can b...

Page 181: ...4 239 130 2 2 8 static e1 8 19 224 239 130 2 2 8 dynamic e9 11 Forbidden ports for multicast addresses Vlan IP Address Ports 1 224 239 130 2 2 3 e8 19 224 239 130 2 2 8 e8 5 4 17 show bridge multicast filtering The show bridge multicast filtering privileged EXEC command displays the multicast filtering configuration Syntax show bridge multicast filtering vlan id vlan_id A valid VLAN ID value Defau...

Page 182: ...hernet interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the port lock status are displayed console show ports securi...

Page 183: ...conds 0 23 mm 0 59 ss 0 59 day Current day by date in the month 1 31 month Current month using the first three letters by name Jan Dec year Current year 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th Mar...

Page 184: ...splay purposes To set the time to Coordinated Universal Time UTC use the no form of this command Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone hours offse t Hours difference from UTC Range 12 13 minutes minutes offse t Minutes difference from UTC Range 0 59 zone acronym The acronym of the time zone Range Up to 4 characters Default Configuration UTC Comman...

Page 185: ...e in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules week Week of the month Range 1 4 first last day Day of the week Range first three letters by name like sun date Date of the month Range 1 31 month Month Range first three letters by name year year no abbreviation Range 2000 2097 hh mm Time in military format in hours and min...

Page 186: ...finishing on the last Sunday in October at 2 am Console config clock summer time recurring first sun apr 2 00 last sun oct 2 00 5 5 5 sntp authentication key The sntp authentication key global configuration command defines an authentication key for Simple Network Time Protocol SNTP To remove the authentication key for SNTP use the no form of this command Syntax sntp authentication key number md5 v...

Page 187: ...Global Configuration mode User Guidelines The command is relevant for both unicast and broadcast Examples The following example defines the authentication key for SNTP and grants authentication cnsole config sntp authentication key 8 md5 ClkKey console config sntp trusted key 8 console config sntp authenticate 5 5 7 sntp trusted key The sntp trusted key global configuration command authenticates t...

Page 188: ...er The sntp client poll timer global configuration command sets the polling time for the Simple Network Time Protocol SNTP client To return to default use the no form of this command Syntax sntp client poll timer seconds no sntp client poll timer seconds Polling interval in seconds Range 60 1024 Default Configuration 1024 Command Mode Global configuration mode User Guidelines There are no user gui...

Page 189: ...e interface configuration command enables the device to receive broadcast transmissions globally and on ALL interfaces Use the sntp client enable interface configuration command to enable sntp client on specific interface Examples The following example enables the SNTP broadcast clients Console config sntp broadcast client enable 5 5 10 sntp anycast client enable The sntp anycast client enable glo...

Page 190: ...t enable This command has no arguments or keywords Default Configuration Disabled Command Mode Interface configuration Ethernet Port Channel VLAN mode User Guidelines Use the sntp client enable global configuration command to enable broadcast clients globally Use the sntp anycast client enable global configuration command to enable anycast clients globally Examples The following example enables th...

Page 191: ...rk Time Protocol NTP traffic from servers console config sntp unicast client enable 5 5 13 sntp unicast client poll The sntp unicast client poll global configuration command enables polling for the Simple Network Time Protocol SNTP predefined unicast clients To disable the polling for SNTP client use the no form of this command Syntax sntp unicast client poll no sntp unicast client poll This comma...

Page 192: ...name Hostname of the server Range 1 160 characters poll Enable polling key keyed Authentication key to use when sending packets to this peer Range 1 4294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User Guidelines Up to 8 sntp servers can be defined Use the sntp unicast client enables global configuration command to enable predefined unicast clients gl...

Page 193: ...mmand Example The following example displays the time and date from the system clock Console show clock 15 29 03 Jun 17 2005 5 5 16 show sntp configuration The show sntp configuration Privileged EXEC command shows the configuration of the Simple Network Time Protocol SNTP use Syntax show sntp configuration This command has no keywords or arguments Default Configuration This command has no default ...

Page 194: ...ast Clients Enabled Broadcast Clients Poll Enabled Broadcast Interfaces 1 1 1 3 OOB SNTP servers Server Polling Encryption Key 10 1 1 91 Enabled 9 Broadcast Clients Enabled Broadcast Clients Poll Enabled Broadcast Interfaces 1 1 1 3 5 5 17 show sntp status The show sntp status Privileged EXEC command shows the status of the Simple Network Time Protocol SNTP Syntax show sntp status This command has...

Page 195: ... 1 8 179 Secondary Unknown AFE21789 643287C9 8 98 189 19 Broadcast Interface IP address Last response 176 1 1 8 Primary AFE252C1 6DBDDFF2 176 1 8 179 Secondary AFE21789 643287C9 5 6 Configuration and Image Files 5 6 1 copy The copy privileged EXEC command copies files from a source to a destination Syntax copy source url destination url snmp source url The source file location URL or reserved keyw...

Page 196: ...e boot code prompts the user to initiate the Xmodem transfer of a valid image through the serial connection The image file name is in the format 6024_abcd dos where abcd represents the release number boot Boot file The name of the image is in the format 6024_boot_abcd rfb where abcd represents the release number tftp Source or destination URL for a TFTP network server The syntax for this alias is ...

Page 197: ... copying and will ignore the command Note that this behavior occurs only at the session which initiated the copy command response to activity on other management sessions will result in a delay but will not be ignored Understanding Invalid Combinations of Source and Destination Some invalid combinations of source and destination exist Specifically the following cannot be copied If the source file ...

Page 198: ...Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration Backup the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running config file command to backup the running configuration to a backup configuration file Use the copy startup config file command to backu...

Page 199: ... default configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the contents of the startup config file Console show startup config software version 1 1 hostname device interface ethernet 1 1 ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet 1 2 ip addres...

Page 200: ...User s Manual of WGSD 1022 WGSD 8000 200 ...

Page 201: ...guidelines for this command Example The following example enables ports g1 for configuration Console config interface ethernet g1 Console config if 5 7 2 interface range ethernet The interface range ethernet global configuration command enters the interface configuration mode to configure multiple Ethernet type interfaces Syntax interface range ethernet port range all port range List of valid port...

Page 202: ... ethernet e1 e4 g1 g2 Console config if 5 7 3 shutdown The shutdown interface configuration command disables interfaces To restart a disabled interface use the no form of this command Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet port channel out of band Ethernet mode User Guidelines There are no user guidelines for this co...

Page 203: ...ser Guidelines There are no user guidelines for this command Example The following example adds a description to the Ethernet e5 Console config interface ethernet e5 Console config if description RD_SW 3 5 7 5 speed The speed interface configuration command configures the speed of a given Ethernet interface when not using auto negotiation To restore the default use the no form of this command Synt...

Page 204: ...peration of a given Ethernet interface when not using auto negotiation To restore the default use the no form of this command Syntax duplex half full no duplex half Force half duplex operation full Force full duplex operation Default Configuration The interface is set to full duplex Command Mode Interface Configuration Ethernet out of band Ethernet mode User Guidelines Before attempting to force a...

Page 205: ...ational If the other side has auto negotiation turned on it may re synchronize all members of the aggregated link to half duplex operation and may as per the standards set them all inactive Example The following example enables autonegotiation on Ethernet e5 Console config interface ethernet e5 Console config if negotiation 5 7 8 flowcontrol The flowcontrol interface configuration command configur...

Page 206: ...fig interface ethernet e5 Console config if flowcontrol on 5 7 9 mdix The mdix interface configuration command enables automatic crossover on a given interface To disable automatic crossover use the no form of this command Syntax mdix on auto no mdix on Manual mdix auto Auto mdi mdix Default Configuration Automatic crossover is enabled Command Mode Interface Configuration Ethernet mode User Guidel...

Page 207: ... pressure no back pressure Default Configuration Back Pressure is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines Back Pressure will operate only if duplex mode is set to half Example In the following example Back Pressure is enabled on e5 Console config interface ethernet e5 Console config if back pressure 5 7 11 port jumbo frame The port jumbo frame globa...

Page 208: ...on an interface Syntax clear counters ethernet interface port channel port channel number Interface Valid Ethernet port port channel number Valid port channel trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example In the following example the counters for interface g1 are cleared ...

Page 209: ...ernet e5 5 7 14 show interfaces configuration The show interfaces configuration Privilege EXEC mode command displays the configuration for all configured interfaces Syntax show interfaces configuration ethernet interface port channel port channel number Interface Valid Ethernet port port channel number Valid port channel trunk index oob interface Out of band Ethernet port number Default Configurat...

Page 210: ...nabled Off Up ch4 Enabled Off Up ch5 Enabled Off Up ch6 Enabled Off Up ch7 Enabled Off Up ch8 Enabled Off Up The displayed port configuration information includes the following Port The port number Port Type The port designated IEEE shorthand identifier For example 1000Base T refers to 1000 Mbps baseband signaling inluding both Tx and Rx transmissions Duplex Displays the port Duplex status Speed R...

Page 211: ...ull 100 Off Off Down Disable Off e2 100 Full 100 Off Off Up Disable On Ch Type Duplex Speed Neg Flow Back Link Control Pressure State 1 1000 Full 1000 Off Off Disable Up The displayed port status information includes the following Port The port number Description If the port has a description the description is displayed Port Type The port designated IEEE shorthand identifier For example 1000Base ...

Page 212: ...annel trunk index oob interface Out of band Ethernet port number Default Configuration This command has no default configuration Command Modes Privilege EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the description for the interface g1 Console show interfaces description ethernet g1 Port Description e1 Management_port e2 R D_port e3 ...

Page 213: ...ser Guidelines There are no user guidelines for this command Examples The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts e1 183892 1289 987 8 e2 0 0 0 0 e3 123899 1788 373 19 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts e4 9188 9 8 0 e5 0 0 0 0 e6 8789 27 8 0 Ch InOctets InUcastPkts InMca...

Page 214: ...issions 0 Late Collisions 0 Excessive Collisions 0 Internal MAC Tx Errors 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 The following table describes the fields shown in the display Field Description InOctets Counted received octets InUcastPkts Counted received unicast packets InMcastPkts Counted received multicast packets I...

Page 215: ... Oversize Packets Counted frames received that exceed the maximum permitted frame size Internal MAC Rx Errors Counted frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames Counted MAC Control frames received with an opcode indicating the PAUSE operation Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode in...

Page 216: ...onfiguration command to set the maximum allowable broadcast rate Multicast can be counted as part of the storm frames if the port storm control include multicast global configuration command is already executed Example The following example enables broadcast storm control on port e5 Console config interface ethernet e5 Console config if port storm control broadcast enable 5 7 21 port storm control...

Page 217: ...ple configures the maximum broadcast rate 100 kilobytes per second console config interface ethernet g2 console config if port storm control broadcast rate 100 5 7 22 show ports storm control The show ports storm control privileged EXEC command displays the storm control configuration Syntax show ports storm control ethernet interface ethernet interface A valid Ethernet port Default Configuration ...

Page 218: ...ly The gvrp enable global configuration command enables GVRP globally To disable GVRP globally on the switch use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example globally enables GVRP on the device Console co...

Page 219: ... values use the no form of this command Syntax garp timer join leave leaveall timer_value no garp timer join Indicates the time in milliseconds that PDUs are transmitted Range 10 2147483640 leave Indicates the amount of time in milliseconds that the device waits before leaving its GARP state The Leave Time is activated by a Leave All Time message sent received and cancelled by the Join message Ran...

Page 220: ...lliseconds Console config interface ethernet e8 Console config if garp timer leave 900 5 8 4 gvrp vlan creation forbid The gvrp vlan creation forbid interface configuration command enables or disables dynamic VLAN creation To disable dynamic VLAN creation use the no form of this command Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Default Configuration By default dynamic VLAN crea...

Page 221: ...tion Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port e8 Console config interface ethernet e8 Console config if gvrp registration forbid 5 8 7 clear gvrp statistics The clear gvrp statistics privileged EXEC command clears all the GVRP stat...

Page 222: ...rp configuration ethernet interface port channel port channel number interface A valid Ethernet interface port channel number A valid port channel trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to display GVRP configuration information Conso...

Page 223: ...o user guidelines for this command Example The following example shows GVRP statistics information Console show gvrp statistics GVRP statistics rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port r...

Page 224: ...lt Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays GVRP statistics information Console show gvrp error statistics GVRP error statistics Legend INVPROT Invalid Protocol Id INVPLEN Invalid PDU Length INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length I...

Page 225: ...s disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables IGMP snooping Console config ip igmp snooping 5 9 2 ip igmp snooping Interface The ip igmp snooping interface configuration command enables Internet Group Management Protocol IGMP snooping on a specific VLAN To disable IGMP snooping on a VLAN interfa...

Page 226: ...ooping mrouter learn pim dvmrp Default Configuration Automatic learning of mrouter ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast router ports can be configured statically by the bridge multicast forward all command Example The following example enables automatic learning of multicast router ports on VLANs Console config interface vlan 2 Console config if...

Page 227: ...p igmp snooping mrouter time out The ip igmp snooping mrouter time out interface configuration command configures the mrouter time out The mrouter time out command is used for setting the aging out time after multicast router ports are automatically learned To configure the default mrouter time out use the no form of this command Syntax ip igmp snooping mrouter time out time out no ip igmp snoopin...

Page 228: ...in seconds Range 0 2147483647 immediate leave Specifies that the port should be immediately removed from the members list after receivingIGMP Leave Default Configuration The default leave time out configuration is 10 seconds Command Mode Interface Configuration VLAN mode User Guidelines The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGMP Query...

Page 229: ...oping mrouter VLAN Ports 2 e1 5 9 8 show ip igmp snooping interface The show ip igmp snooping interface User EXEC command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id vlan_id VLAN ID value Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The exampl...

Page 230: ...roups learned by IGMP snooping Syntax show ip igmp snooping groups vlan vlan id address ip multicast address vlan_id VLAN ID value ip multicast address IP multicast address Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines To see the full multicast address table including static addresses use the show bridge address table command Example Th...

Page 231: ... port channel out of band Ethernet User Guidelines An IP address cannot be configured for a range of interfaces range context Example The following example configures VLAN 1 with the IP address 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 5 10 2 ip address dhcp The ip address dhcp interface configuration command ...

Page 232: ... name When the device is reset the DHCP command is saved in the configuration file but the IP address is not It is recommended not to define a DHCP address on an inband port or LAG If a DHCP IP address is configured this address is dynamically retrieved and the ip address dhcp command is saved in the configuration file In the event of a master failure the backup will again attempt to retrieve a DH...

Page 233: ...sole config ip default gateway 192 168 1 1 5 10 4 show ip interface The show ip interface user EXEC command displays the usability status of interfaces configured for IP Syntax show ip interface ethernet interface number vlan vlan id port channel number ethernet interface number Ethernet port number vlan vlan id VLAN number port channel number Port channel number Default Configuration This command...

Page 234: ...ault Configuration By default ARP is disabled Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bit hardware addresses Because most hosts support dynamic resolution static ARP cache entries do not need to be specified Example The following example adds the IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc ...

Page 235: ...The following example configures ARP timeout to 12000 seconds Console config arp timeout 12000 5 10 7 clear arp cache The clear arp cache privileged EXEC command deletes all dynamic entries from the ARP cache Syntax clear arp cache Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example ...

Page 236: ...w arp ARP timeout 60000 Seconds Interface IP address HW address status e1 10 7 1 102 00 10 B5 04 DB 4B Dynamic g2 10 7 1 135 00 50 22 00 2A A4 Static 5 11 LACP Commands 5 11 1 lacp system priority The lacp system priority global configuration command configures the system priority To reset to default use the no form of this command Syntax lacp system priority value no lacp system priority value Va...

Page 237: ...rm of this command Syntax lacp port priority value no lacp port priority value Port priority value Range 1 65535 Default Configuration The default port priority value is 1 Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures the priority value for port e8 to 247 Console config interface ethernet e8...

Page 238: ...for port e8 to a long timeout value Console config interface ethernet e8 Console config if lacp timeout long 5 11 4 show lacp ethernet The show lacp ethernet privilege EXEC command displays LACP information for Ethernet ports Syntax show lacp ethernet interface parameters statistics protocol state Interface Ethernet interface Default Configuration This command has no default configuration Command ...

Page 239: ...annel_number The port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to display LACP port channel information Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority 1 MAC Address 000285 0E1C00 ...

Page 240: ... Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example configures the device as a virtual terminal for remote console access Console config line telnet Console config line 5 12 2 speed The speed line configuration command sets the line baud rate Syntax speed...

Page 241: ... this command Syntax exec timeout minutes seconds no exec timeout minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 command Examples The following example configures...

Page 242: ... for this command Examples The following example displays the line configuration Console show line Console configuration Interactive timeout 20 History 10 Baudrate 38400 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 5 13 Management ACL Commands 5 13 1 management acce...

Page 243: ...t the end of the access list Use the management access class command to select the active access list The active management list cannot be updated or removed Examples The following example shows how to create an access list called mlist configure two management interfaces ethernet g1 and ethernet g9 and make the access list the active list Console config management access list mlist Console config...

Page 244: ... bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https or snmp out of band eth oob interface Out of band ethernet port number Default Configuration This command has no default configuration Command Mode Management Access list Configuration mode User Gu...

Page 245: ...This command has no default configuration Command Mode Management Access list Configuration mode User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 256 management access rules Example The following example shows how all ports are denied in the access list called mlist Console config ...

Page 246: ... list privileged EXEC command displays management access lists Syntax show management access list name name Name of the access list If unspecified defaults to an empty access list Range Valid name Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the ...

Page 247: ...nagement access class Management access class is enabled using access list mlist 5 14 PHY Diagnostics Commands 5 14 1 test copper port tdr The test copper port tdr privileged EXEC command diagnoses with TDR Time Domain Reflectometry technology the quality and characteristics of a copper cable attached to a port Syntax test copper port tdr interface interface A valid Ethernet port Default Configura...

Page 248: ...The show copper ports tdr privileged EXEC command display the last TDR Time Domain Reflectometry tests on specified ports Syntax show copper ports tdr interface interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the last...

Page 249: ...Privileged EXEC mode User Guidelines This feature works only on 1 Gbps ports Example The following example displays the estimated copper cable length attached to all ports Console show copper ports cable length Port Length meters e1 50 e2 Giga link not active e3 110 140 e4 Fiber 5 14 4 show fiber ports optical transceiver The show fiber ports optical transceiver privileged EXEC command displays th...

Page 250: ...OK OK OK g2 OK OK OK OK OK OK e3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal Data ready Indicates transceiver has achieved power up and data is ready N A Not Available N S Not Supported W W...

Page 251: ...annel The interface port channel global configuration command enters the interface configuration mode of a specific port channel Syntax interface port channel port channel number port channel number A valid port channel trunk index Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Seven supported aggregated links are defined and ...

Page 252: ...s no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces it stops the execution of the command on subsequent interfaces Example The following example shows how port channels 1 2 and 8 are grouped to receive the same c...

Page 253: ...irst port to join the LAG is one which cannot be configured according to the administrative settings of the LAG the port will nonetheless be added to the LAG using its port default settings An error message is generated however it is important to note that since it is then the ONLY port of the LAG the whole LAG at that point operates at the port s settings instead of the LAG administrative setting...

Page 254: ...rface src interface Valid Ethernet port or port channel number rx Monitors received packets only If no option specified monitors both rx and tx tx Monitors transmitted packets only If no option specified monitors both rx and tx Default Configuration This command has no default configuration Command Mode Interface Configuration mode User Guidelines This command enables traffic on one port to be cop...

Page 255: ...nd Note The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports Therefore multicast and broadcast frames in these VLANs are seen more than once Actually N where N is the number of mirroring source ports When both transmit Tx and receive Rx directions of more than one port are monitored the capacity may exceed the bandwidth of the target port In this case the di...

Page 256: ...s how the port copy status is displayed Console show ports monitor Source Port Destination Port Type Status VLAN Tagging 1 1 1 8 RX TX Active No 1 2 1 8 RX TX Active No 1 18 1 8 Rx Active No 5 17 QoS Commands 5 17 1 qos The qos global configuration command enables quality of service QoS on the device and enters QoS basic or advanced mode ...

Page 257: ...guidelines for this command However switching to Basic qos mode sets the trust mode to cos Example The following example shows how QoS is enabled on the device in basic mode Console config qos 5 17 2 show qos The show qos user EXEC command displays the QoS status Syntax show qos Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no...

Page 258: ...value 2 select queue 2 CoS value 0 select queue 3 CoS value 3 select queue 4 CoS value 4 select queue 5 CoS value 5 select queue 6 CoS value 6 select queue 7 CoS value 7 select queue 8 Command Mode Global Configuration mode User Guidelines You can use this command to distribute traffic into different queues where each queue is configured with different weighted round robin WRR and Weighted Random ...

Page 259: ...igure a queue as WRR or Strict Priority Use this command to set a weight per interface The ratio will be like this The ratio for each queue is defined by the queue weight divided by the sum of all queue weights i e the normalized weight This actually sets the bandwidth allocation of each queue A weight of 0 means no bandwidth is allocated for the same queue and the share bandwidth is divided among...

Page 260: ...The expedite queues would be the queues with higher indexes The range is 1 8 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines When configuring the priority queue out num of queues command the weighted round robin WRR weight ratios are affected because there are fewer queues participating in WRR Example The following example sets queue 7 8 ...

Page 261: ...face their setting and the number of policers currently unused Default Configuration For VLAN interface only the policers option is relevant If no keyword is specified with the show qos interface command the port QoS mode default CoS value DSCPto DSCP mutation map if any attached to the port and policy map if any attached to the interface are displayed If a specific interface is not specified the ...

Page 262: ...erface Ethernet g1 queuing Ethernet g1 wrr bandwidth weights and EF priority qid weights Ef Priority 1 125 dis N A 2 125 dis N A 3 125 dis N A 4 125 dis N A 5 N A ena 5 6 125 dis N A 7 125 dis N A 8 N A ena 8 Cos queue map cos qid 0 3 1 1 2 2 3 4 4 5 5 6 6 7 7 8 The following example displays output from the show qos interface g1 shapers command Console show qos interface g1 shapers Ethernet g1 Po...

Page 263: ...mitted burst N A Exceed action N A 5 17 7 qos map dscp queue The qos map dscp queue global configuration command modifies the DSCP to queue map To return to the default map use the no form of this command Syntax qos map dscp queue dscp list to queue id no qos map dscp queue dscp list Specify up to 8 DSCP values separate each DSCP with a space Range 0 63 queue id Enter the queue number to which the...

Page 264: ...s with the packet destination port values Default Configuration If the system is in basic mode then CoS is the default trust mode Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets entering a quality of service QoS domain are classified at the edge of the QoS domain When the packets are classified at the edge the switch port within the Qo...

Page 265: ... form of this command Syntax qos trust no qos trust Default Configuration Each port is enabled while the system is in basic mode Command Mode Interface Configuration Ethernet port channel mode User Guidelines Use no qos trust to disable the trust mode on each port Use qos trust to enable trust mode on each port Example The following example configures port e5 in basic mode to default trust state C...

Page 266: ...mmand Example The following example configures port e5 default CoS value to 3 Console config interface ethernet e5 Console config if qos cos 3 5 17 11 qos cos override The qos cos override interface configuration command overrides the CoS of incoming packets To disable the override use the no form of this command Syntax qos cos override no qos cos override This command has no arguments or keywords...

Page 267: ...tation Displays the DSCP DSCP mutation table Default Configuration This command has no default configuration Command Mode User EXEC command User Guidelines There are no user guidelines for this command Example The following example displays the DSCP port queue map console show qos map Dscp queue map d1 d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 02 02 1 02 02 02 02 02 02 03 03 03 03 2 03 03 0...

Page 268: ... 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 5 18 Radius Commands 5 18 1 radius server host The radius server host global configuration command specifies a RADIUS server host To delete the specified RADIUS host use the no form of this com...

Page 269: ... as request to use the IP address of the outgoing IP interface An out of band IP address can be specified as described in the usage guidelines priority Determines the order in which the servers are used where 0 is the highest priority Range 0 65535 priority Determines the order in which the servers are used where 0 is the highest priority Range 0 65535 Default Configuration By default no RADIUS ho...

Page 270: ...racters long Default Configuration The default is an empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to abc server Console config radius server key abc server 5 18 3 radius server retransmit...

Page 271: ...ip source no radius server ip source Specifies the source IP address Default Configuration The default IP address is the outgoing IP interface Command Mode Global Configuration mode User Guidelines To define an out of band IP address use the out of band IP address format oob ip address Example The following example configures the source IP address used for communication with RADIUS servers to 10 1...

Page 272: ...uration command improves RADIUS response times when servers are unavailable The command is used to cause the unavailable servers to be skipped To reset the default value use the no form of this command Syntax radius server deadtime deadtime no radius server deadtime deadtime Length of time in minutes for which a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configurati...

Page 273: ...e are no user guidelines for this command Examples The following example displays the RADIUS server settings Console show radius servers Port IP address Auth Acct TimeOut Retransmit Deadtime Source IP Priority Usage 172 16 1 1 1645 1646 Global Global Global Global 1 All 172 16 1 2 1645 1646 11 8 Global Global 2 All OOB RADIUS servers Port IP address Auth Acct TimeOut Retransmit Deadtime Source IP ...

Page 274: ... for this command Example The following example displays RMON Ethernet Statistics for port g1 Console show rmon statistics ethernet g1 Port g1 Dropped 8 Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 98 65 to 127 Octets 0 128 to 255 Octets 0 256 to 511 Octets 0 512 to 1023 Octets 491 1024 to 1518 Oc...

Page 275: ...nd either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Jabbers The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of oct...

Page 276: ...o 50 Range 1 65535 interval seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command cannot be executed on multiple ports using the interface range ethernet command Example The following example enables ...

Page 277: ...ld Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Samples The requested number of samples to be saved Granted Samples The granted number of samples to be saved Owner The entity that configured this entry 5 19 4 show rmon history The show rmon history user EXEC command displays RMON Et...

Page 278: ...t Sample Set 1 Owner CLI Interface g1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Octets Packets Broadcast Multicast Jan 18 2002 21 57 00 303595962 357568 3289 7287 19 98 Jan 18 2002 21 57 30 287696304 275686 2789 2789 20 17 The following example displays RMON Ethernet Statistics history for errors on index number 5 Console show rmon history 5 errors Sample Se...

Page 279: ...ampling interval that were directed to a multicast address This number does not include packets addressed to the broadcast address Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent CRC Align The number of packets received during this sampling interval that had a length excluding framing bits but i...

Page 280: ...segment during this sampling interval 5 19 5 rmon alarm The rmon alarm global configuration command configures alarm conditions To remove an alarm use the no form of this command Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent type type startup direction owner name no rmon alarm index index The alarm index Range 1 65535 variable The object identifier of the particular...

Page 281: ...figuration The following parameters have the following default values type type If unspecified the type is absolute startup direction If unspecified the startup direction is rising falling Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the following alarm conditions Alarm index 1000 Variable identifier a...

Page 282: ... 9 CLI The following table describes the significant fields shown in the display Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Owner The entity that configured this entry 5 19 7 show rmon alarm The show rmon alarm user EXEC command displays alarm configuration Syntax show rmon alarm number number Alarm index Range 1 65535 Default Configuration This ...

Page 283: ...dex Owner The entity that configured this entry Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the value of the variable is compared directly with the thresholds at the end of the sampling interval If...

Page 284: ...vent use the no form of this command Syntax rmon event index type community text description text owner name no rmon event index index The event index Range 1 65535 type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent ...

Page 285: ...ines There are no user guidelines for this command Example The following example displays the RMON event table Console show rmon events Index Description Type Community Owner Last time sent 1 Errors Log CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap router Manager Jan 18 2002 23 59 48 The following table describes the significant fields shown in the display Field Description Index An index tha...

Page 286: ...rated any events this value is zero 5 19 10 show rmon log The show rmon log user EXEC command displays the RMON logging table Syntax show rmon log event event Event index Range 0 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON logging table...

Page 287: ...e maximum RMON tables sizes To return to the default configuration use the no form of this command Syntax rmon table size history entries log entries no rmon table size history log history entries Maximum number of history table entries Range 20 32767 log entries Maximum number of log table entries Range 20 32767 Default Configuration History table size is 270 Log table size is 100 Command Mode Gl...

Page 288: ...s an internal security name Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name Maps the internal group name for SNMPv1 and SNMPv2 security models to view name read view and notify view always and for rw for write view also The group name command can be used to restrict the access rights of a community string Specifying a group name parameter does the fo...

Page 289: ...ite access to SNMP protocol using the out of band port for 192 175 1 10 Console config snmp server community public rw 192 175 1 10 type oob 5 20 2 snmp server contact The snmp server contact global configuration command sets up a system contact To remove the system contact information use the no form of the command Syntax snmp server contact text no snmp server contact text Character string up to...

Page 290: ...onfiguration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string Example The following example sets the device location as New_York Console config snmp server location New_York 5 20 4 snmp server enable traps The snmp server enable traps global configuration command enables the switch to send SNMP traps To disabl...

Page 291: ...figuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example displays the command to enable authentication failed SNMP traps Console config snmp server trap authentication Console config snmp server host 10 1 1 1 management 2 5 20 6 snmp server host The snmp server host global configuration command specifies the reci...

Page 292: ... be used if it is important that the SNMP manager receives every notification If traffic on the network or memory in the switch is a concern and notification is not required traps should be used To define an SNMP recipient on the out of band port use the out of band IP address format oob ip address Use only unicast IP addresses Example The following example enables SNMP traps for host 10 1 1 1 wit...

Page 293: ...erver set sysName sysname abc The following example sets the entry MIB rndCommunityTable with keys 0 0 0 0 and public The field rndCommunityAccess gets the value super and the rest of the fields get their default values Console config snmp server set rndCommunityTable rndCommunityMngStationAddr 0 0 0 0 rndCommunityString public rndCommunityAccess super 5 20 8 show snmp The show snmp privileged EXE...

Page 294: ...172 17 1 1 OOB management stations Community String Community Access IP address private read write 176 16 8 9 Traps are enabled Authentication trap is enabled Trap Rec Address Trap Rec Community Version 192 122 173 42 public 2 OOB trap receivers Trap Rec Address Trap Rec Community Version 176 16 8 9 public 2 System Contact Robert System Location Marketing ...

Page 295: ...ration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality Console config spanning tree 5 21 2 spanning tree mode The spanning tree mode global configuration command configures the spanning tree protocol To return to the default configuration use the no form of this command Syntax spanning tree mode stp rstp no spanni...

Page 296: ... this command Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for IEEE Spanning tree Protocol STP is 15 seconds Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures spanning tree bridge forward time to...

Page 297: ...e to 5 seconds Console config spanning tree hello time 5 5 21 5 spanning tree max age The spanning tree max age global configuration command configures the spanning tree bridge maximum age To reset the default maximum age use the no form of this command Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 Default Configuration The default max age for IEE...

Page 298: ...priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The default bridge priority for IEEE STP is 32768 Command Modes Global Configuration mode User Guidelines The lower the priority the more likely the bridge is to be the Root Bridge Example The following example configures spanning tree priority to 12288 Console config spanning tree priority 12288 5 21 7 spanning t...

Page 299: ... interface configuration command configures the spanning tree path cost for a port To reset the default port path cost use the no form of this command Syntax spanning tree cost cost no spanning tree cost cost The port path cost Range 1 200 000 000 Default Configuration The default costs are as follows Port Channel 20 000 1000 mbps giga 20 000 100 mbps 200 000 10 mbps 2 000 000 Command Modes Interf...

Page 300: ...lt port priority for IEEE STP is 128 Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the spanning priority on e5 to 96 Console config interface ethernet e5 Console config if spanning tree port priority 96 5 21 10 spanning tree portfast The spanning tree portfast interface configu...

Page 301: ...mmand overrides the default link type setting To reset the default use the no form of this command Syntax spanning tree link type point to point shared no spanning tree spanning tree link type point to point Specifies the port link type as point to point shared Specifies that the port link type is shared Default Configuration The switch derives the link type of a port from the duplex mode A full d...

Page 302: ...r Guidelines This command applies to all the spanning tree instances on the switch The priority value must be a multiple of 4096 The cost is set using the spanning tree cost command Example The following example sets the default path cost method to long Console spanning tree pathcost method long 5 21 13 spanning tree bpdu The spanning tree bpdu global configuration command defines BPDU handling wh...

Page 303: ...switches on all interfaces or on the specified interface Syntax clear spanning tree detected protocols ethernet interface number port channel port channel number interface A valid Ethernet port port channel number A port channel index Default Configuration If no interface is specified the action is applied to all interfaces Command Modes Privileged EXEC mode User Guidelines This feature should be ...

Page 304: ...cked ports only Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays spanning tree information Console show spanning tree Spanning tree enabled mode RSTP Default port cost method short Root ID Priority 32768 Address 0001 4297 e000 Cost 57 Port g 1 Hell...

Page 305: ...hernet g1 Interface Port ID Cost Set Designated Port ID Name Prio Nbr Cost Bridge ID Prio Nbr g1 128 1 19 FWD 38 32768 0030 9441 62c1 128 25 Spanning tree enabled Type point to point configured auto Port Fast no configured no Number of transitions to forwarding state 1 BPDU sent 2 received 120638 5 22 SSH and SLOGIN Commands 5 22 1 ip ssh port The ip ssh port global configuration command specifies...

Page 306: ...ommand enables the device to be configured from a SSH server To disable this function use the no form of this command Syntax ip ssh server no ip ssh server Default Configuration This default is SSH is disabled Command Mode Global Configuration mode User Guidelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the comm...

Page 307: ...he maximum supported size for the DSA key is 1 024 This command is not saved in the startup configuration however the keys generated by this command are saved in the running configuration which is never displayed to the user or backed up to another device This command may take a considerable period of time to execute DSA key size is 2048 bits Example The following example generates DSA key pairs C...

Page 308: ...enerates RSA key pairs Console config crypto key generate rsa 5 22 5 ip ssh pubkey auth The ip ssh pubkey auth global configuration command enables public key authentication for incoming SSH sessions To disable this function use the no form of this command Syntax ip ssh pubkey auth no ip ssh pubkey auth Default Configuration The function is disabled Command Mode Global Configuration mode User Guid...

Page 309: ...and specifies which SSH public key is manually configured and enters the SSH public key string configuration command To remove a SSH public key use the no form of this command Syntax user key username rsa dsa no user key username username Specifies the remote SSH client username which can be up to 48 characters long rsa RSA key dsa DSA key Default Configuration By default there are no keys Command...

Page 310: ...r Guidelines Use the key string row command to specify the SSH public key row by row Each row must begin with the keystring row command This command is useful for configuration files UU encoded DER format is the same format in authorized_keys file used by OpenSSH Example The following example enters public key strings for SSH public key clients called bob Console config crypto key pubkey chain ssh...

Page 311: ...elines There are no user guidelines for this command Example The following example displays the SSH server configuration Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SH1 The following table describe...

Page 312: ...plays the SSH public keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yter...

Page 313: ...le show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 john 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 The following example displays the SSH public called bob Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 5 23 System Management 5 23 1 ping The ping user EXEC command sends ICMP echo request packet...

Page 314: ... the host does not respond a no answer from host message appears in 10 seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The switch found no corresponding entry in the route table To ping an out of band IP address use the out of band IP address format oob ip address Examples The following example displays a pi...

Page 315: ...efault is 40 bytes ttl max ttl The default is 30 count packet_count The default count is 3 timeout time_out The default is 3 seconds Command Mode User EXEC mode User Guidelines The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time to live TTL value The traceroute command starts by sending probe datagrams with a TTL value of one...

Page 316: ... 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 msec 58 msec 11 umaxp1 physics lsa umich edu 141 211 101 64 62 msec 63 msec 63 msec The following table describes the significant fields shown in the display Field Description 1 Indicates the sequence number of the router in the path to the host i2 gateway stanford edu Host name of this router 1...

Page 317: ...and Mode User EXEC mode User Guidelines The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To issue a special Telnet command enter Esc and then a command character If you want to login to host on the out of band port use the out of band IP address format oob ip address Special Telne...

Page 318: ... out of band port use the out of band IP address format oob ip address Keywords Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interface Specifies the source interface stream Turns on stream processing which enables a raw TCP stream with no Telnet control sequences A stream connection does not process Telnet options and ca...

Page 319: ...Transport Protocol 119 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 pim auto rp PIM Auto RP 496 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Example Console telnet 176 213 10 ...

Page 320: ...ther open Telnet session Console resume 176 213 10 50 5 23 5 reload The reload privileged EXEC command reloads the operating system Syntax reload Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device to ensure that no other activity is being performed In particular the user should veri...

Page 321: ...command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the device host name Console config hostname abc 5 23 7 show users The show users user EXEC command displays information about the active users Syntax show users Default Configuration This command has no default configurat...

Page 322: ...ns This command has no arguments or keywords Default Configuration There is no default configuration for this command Command Mode EXEC mode User Guidelines There are no user guidelines for this command Examples The following table describes the significant fields shown in the display Console show sessions Connection Host Address Port Byte 1 Remote router 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2 2...

Page 323: ...re no user guidelines for this command Example The following example displays the system information console show system System Description System Up Time days hour min sec 01 02 48 20 System Contact System Name System Location System MAC Address 00 03 6d 30 57 00 System Object ID 1 3 6 1 4 1 89 1 1 Temperature Indicates the temperature at which the device is currently running The device temperatu...

Page 324: ...xample displays a system version this version number is only for demonstration purposes Console show version SW version x x x xx date xx xxx xxxx time 17 34 19 Boot version x x x xx date xx xxx xxxx time 11 48 21 HW version x x x 5 24 Syslog Commands 5 24 1 logging on The logging on global configuration command controls error messages logging This command sends debug or error messages to a logging...

Page 325: ...syslog server To delete the syslog server with the specified address from the list of syslogs use the no form of this command Syntax logging ip address port port severity level facility facility description text no logging ip address ip address IP address of the host to be used as a syslog server An out of band IP address can be specified as described in the usage guidelines port Port number for s...

Page 326: ...fig logging 10 1 1 1 severity critical 5 24 3 logging console The logging console global configuration command limits messages logged to the console based on severity To disable logging to the console terminal use the no form of this command Syntax logging console level no logging console level Limits the logging of messages displayed on the console to a specified level emergencies alerts critical...

Page 327: ...yslog messages are logged to the internal buffer This command limits the commands displayed to the user Example The following example limits syslog messages displayed from an internal buffer based on the severity level debugging Console config logging buffered debugging 5 24 5 logging buffered size The logging buffered size global configuration command changes the number of syslog messages stored ...

Page 328: ...ssages from the internal logging buffer Syntax clear logging Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears messages from the internal syslog message logging buffer Console clear logging Clear logging buffer y n y 5 24 7 logging file The logging file...

Page 329: ...or this command Example The following example limits syslog messages sent to the logging file based on the severity level alerts Console config logging file alerts 5 24 8 clear logging file The clear logging file privileged EXEC command clears messages from the logging file Syntax clear logging file Default Configuration This command has no default configuration Command Mode Privileged EXEC mode U...

Page 330: ...ssages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity OOB Syslog server 176 16 8 9 logging errors Messages 6 Dropped severity 2 messages were not logged resources Buffer log 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface FastEthernet g0 changed state to up 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernet g0 changed state to up 11 Aug 2002 15 41 43 LINK ...

Page 331: ...e syslog messages stored in the logging file Console show logging file Logging is enabled Console logging level debugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors...

Page 332: ...protocol on Interface Ethernet g2 changed state to down 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet e3 changed state to down 5 24 11 show syslog servers The show syslog servers privileged EXEC command displays the syslog servers settings Syntax show syslog servers Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User ...

Page 333: ...unspecified the port number defaults to 49 Range 0 65535 timeout Specifies the timeout value in seconds If no timeout value is specified the global value is used Range 1 1000 key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon If no key string value is specifie...

Page 334: ...he authentication and encryption key for all TACAS communications between the router and the TACACS server This key must match the encryption used on the TACACS daemon Range Up to 160 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example sets the authentication encryption key...

Page 335: ...r the communication with TACACS servers To return to default use the no form of this command Syntax tacacs server source ip source no tacacs server ip source Specifies the source IP address An out of band IP address can be specified as described in the usage guidelines Range Valid IP Address Default Configuration The IP address would be of the outgoing IP interface User Guidelines To define an out...

Page 336: ...t configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays configuration and statistic for a TACACS server Console show tacacs IP address Status Port Single TimeOut Source IP Priority Connection 172 16 1 1 Connected 49 No Global Global 1 Global values TimeOut 3 Source IP 172 16 8 1 OOB Source IP 176 16 8 1...

Page 337: ...e enable user EXEC command enters the privileged EXEC mode Syntax enable privilege level privilege level Privilege level to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged mode Console enable enter password Console...

Page 338: ...nes for this command Example The following example shows how to return to normal mode Console disable Console 5 26 3 configure The configure privileged EXEC command enters the global configuration mode Syntax configure There are no parameters for this command Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelin...

Page 339: ... no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged EXEC mode and login Console login User Name admin Password Console 5 26 5 exit configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Default Configuration ...

Page 340: ... EXEC command closes an active terminal session by logging off the device Syntax exit Default Configuration This command has no default configuration Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session Console exit 5 26 7 end The end global configuration command ends the current configurat...

Page 341: ...help The help command displays a brief description of the help system Syntax help Default Configuration This command has no default configuration Command Mode All Command modes User Guidelines There are no user guidelines for this command 5 26 9 history The history line configuration command enables the command history function To disable the command history feature use the no form of this command...

Page 342: ...story buffer size to the default use the no form of this command Syntax history size number of commands no history size number of commands Number of commands that the system records in its history buffer Range 10 216 Default Configuration The default history buffer size is 10 Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following ex...

Page 343: ...le The following example displays all the commands entered while in the current privileged EXEC mode Console show history show version show clock show history 5 26 13 show privilege The show privilege user EXEC command displays the current privilege level Syntax show privilege Default Configuration This command has no default configuration Command Mode User EXEC command mode User Guidelines There ...

Page 344: ... User Guidelines There are no user guidelines for this command Example The following example enters the VLAN database mode Console config vlan database Console config vlan 5 27 2 vlan Use the vlan interface configuration VLAN command to create a VLAN To delete a VLAN use the no form of this command Syntax vlan vlan range no vlan vlan range vlan range A list of valid VLAN IDs to be added List separ...

Page 345: ...lan vlan 1972 5 27 3 default vlan disable The default vlan disable VLAN configuration command disables the default VLAN functionality Use the no form of this command to enable the default VLAN functionality Syntax default vlan disable no default vlan disable This command has no keywords or arguments Default Configuration Enabled Command Modes Vlan configuration mode User Guidelines There are no us...

Page 346: ...example configures the VLAN 1 IP address of 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 5 27 5 interface range vlan The interface range vlan global configuration command enters the interface configuration mode to configure multiple VLANs Syntax interface range vlan vlan range all vlan range A list of valid VLAN ...

Page 347: ...uration command adds a name to a VLAN To remove the VLAN name use the no form of this command Syntax name string no name string Unique name up to 32 characters in length to be associated with this VLAN Default Configuration No name is defined Command Mode Interface Configuration VLAN mode User Guidelines The VLAN name should be unique Example The following example names VLAN number 19 with the nam...

Page 348: ...uration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures e8 as an untagged layer 2 VLAN interface Console config interface ethernet e8 Console config if switchport mode access 5 27 8 switchport access vlan The switchport access vlan interface configuration command configures the VLAN ID when the interface is in access...

Page 349: ... trunk allowed vlan add vlan list remove vlan list add vlan list List of VLAN IDs to add Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list List of VLAN IDs to remove Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designate a range of IDs Default Configuration This command has no default configuration Command Mode...

Page 350: ...traffic sent from a trunkmode port is all tagged The command adds the port as a member in the VLAN If the port is already a member in the VLAN not as a native it should be first removed from the VLAN Example The following example e8 in trunk mode is configured to use VLAN number 123 as the native VLAN Console config interface ethernet e8 Console config if switchport trunk native vlan 123 5 27 11 s...

Page 351: ...ed list Console config interface ethernet e8 Console config if switchport general allowed vlan add 2 5 6 tagged 5 27 12 switchport general pvid The switchport general pvid interface configuration command configures the PVID when the interface is in general mode To configure the default value use the no form of this command Syntax switchport general pvid vlan id no switchport general pvid vlan id P...

Page 352: ...ltering is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example shows how to enables port ingress filtering on e8 Console config interface ethernet e8 Console config if switchport general ingress filtering disable 5 27 14 switchport general acceptable frame type taggedonly The switchport ...

Page 353: ...automatically making these VLANs active on the selected ports To revert to allowing the addition of specific VLANs to the port use the remove parameter for this command Syntax switchport forbidden vlan add vlan list remove vlan list add vlan list List of VLAN IDs to add to the forbidden list Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan...

Page 354: ...p no map protocol protocol encapsulation protocol The protocol is a protocol number or one of the reserved names The format is Hex format encapsulation One of the following values ethernet rfc1042 llcOther If no option is indicated the default is ethernet group Group number of group of protocols associated together Range 1 2147483647 Default Configuration This command has no default configuration ...

Page 355: ...s command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets a protocol based classification rule of protocol group 1 to VLAN 8 Console config interface ethernet e8 Console config if switchport general map protocols group 1 vlan 8 5 27 18 ip internal usage vlan...

Page 356: ...r dynamic VLAN he should either remove the IP interface creates the VLAN and recreate the IP interface or use this command to define explicit internal usage VLAN Examples The following example reserves a VLAN as the internal usage VLAN of an interface Console config ip internal usage vlan 10 5 27 19 show vlan The show vlan privileged EXEC command displays VLAN information Syntax show vlan tag vlan...

Page 357: ... by the switch Syntax show vlan internal usage Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all VLAN information Console show vlan internal usage VLAN Usage IP Address Reserved 1007 g1 Active No 1008 g2 Inactive Yes 1009 e3 Active Yes 5 27 22 sho...

Page 358: ... mode User Guidelines There are no user guidelines for this command Example The following example displays switchport configuration individually for e1 Console show interface switchport ethernet e1 Port e1 Port mode General GVRP Status disabled Ingress Filtering true Acceptable Frame Type admitAll Ingress Untagged VLAN NATIVE 1 Port is member in Vlan Name Egress rule Type 1 default untagged System...

Page 359: ...ult configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables the device to be configured from a browser Console enable ip http server 5 28 2 ip http port The ip http port global configuration command specifies the TCP port for use by a web browser to configure the device To use the default TCP port use ...

Page 360: ...sole config ip http port 100 5 28 3 ip https server The ip https server global configuration command enables the device to be configured from a secured browser To disable this function use the no form of this command Syntax ip https server no ip https server Default Configuration The default for the device is disabled Command Mode Global Configuration mode User Guidelines You must use the crypto c...

Page 361: ...elines for this command Example The following example configures the https port number to 100 Console enable ip https port 100 5 28 5 crypto certificate generate The crypto certificate generate global configuration command generates a HTTPS certificate Syntax crypto certificate generate key generate length key generate Regenerate SSL RSA key length Specifies the SSL RSA key length If unspecified l...

Page 362: ...plays the HTTP server configuration Syntax show ip http Default Configuration This command has no default configuration Command Mode Privileged EXEC command User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip http HTTP server enable Port 80 5 28 7 show ip https The show ip http privileged EXEC command di...

Page 363: ...n to default Syntax aaa authentication dot1x default method1 method2 no aaa authentication dot1x default method1 method2 At least one from the following table Keyword Description Radius Uses the list of all RADIUS servers for authentication None Uses no authentication Default Configuration The default behavior of the aaa authenctication for dot1 x is failed to authenticate If the 8021 x calls the ...

Page 364: ...and Modes Global configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables 802 1x globally Console config dot1x system auto control 5 29 3 dot1x port control The dot1x port control interface configuration command enables manual control of the authorization state of the port Use the no form of this command to return to the default settin...

Page 365: ...onfiguration force authorized Command Mode Interface configuration Ethernet User Guidelines There are no user guidelines for this command Examples The following example enables 802 1X authentication on the interface Console config interface ethernet e8 Console config if dot1x port control auto 5 29 4 dot1x re authentication The dot1x re authentication interface configuration command enables period...

Page 366: ...re authperiod seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration 3600 Command Mode Interface configuration Ethernet mode User Guidelines There are no user guidelines for this command Examples The following example sets the number of seconds between re authentication attempts to 3600 Console config interface ethernet e8 Console config if dot1x ti...

Page 367: ...fault setting Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds Time in seconds that the switch remains in the quiet state following a failed authentication exchange with the client Range 0 65535 seconds Default Configuration 60 Command Mode Interface configuration Ethernet User Guidelines During the quiet period the switch does not accept or initiate any authenticati...

Page 368: ...tch should wait for a response to an EAP request identity frame from the client before resending the request Range 1 65535 seconds Default Configuration 30 Command Mode Interface configuration Ethernet Examples The following command sets the number of seconds that the switch waits for a response to an EAP request identity frame to 3600 seconds Console config interface ethernet e8 Console config if...

Page 369: ...x max req 6 5 29 10 dot1x timeout supp timeout The dot1x timeout supp timeout interface configuration command sets the time for the retransmission of an Extensible Authentication Protocol EAP request frame to the client Use the no form of this command to return to the default setting Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout seconds Time in seconds that the switch sho...

Page 370: ...lt setting Syntax dot1x timeout server timeout seconds no dot1x timeout server timeout seconds Time in seconds that the switch should wait for a response from the authentication server before resending the request Range 1 65535 seconds Default Configuration 30 Command Mode Interface configuration Ethernet mode User Guidelines There are no user guidelines for this command Examples The following exa...

Page 371: ...uthorized Disabled 3600 n a e2 Force Authorized Authorized Disabled 3600 n a e3 Force Authorized Authorized Disabled 3600 n a e4 Force Authorized Authorized Disabled 3600 n a e5 Force Authorized Authorized Disabled 3600 n a e6 Force Authorized Authorized Disabled 3600 n a e7 Force Authorized Authorized Disabled 3600 n a e8 Force Authorized Authorized Disabled 3600 n a g1 Force Authorized Authorize...

Page 372: ... current value of the Authenticator PAE state machine Quiet period The number of seconds that the switch remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the...

Page 373: ...name Session Time Last Auth Auth Method MAC Address Interface Bob 1d3h 58m Remote 0008 3b79 8787 1 1 John 8h19m 2m None 0008 3b89 3127 1 2 The following table describes the significant fields shown in the display Field Description Username The User Name representing the identity of the Supplicant Login Time How long the user is logged in Last Authentication Time since last authentication Authentic...

Page 374: ...ple displays 802 1X statistics for the specified interface Switch show dot1x statistics ethernet g1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0008 3b79 8787 The following table describes the...

Page 375: ...henticator in which the frame type is not recognized EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame ...

Page 376: ...bled port In this mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized all attached clients are denied access to the network If a port would join a port channel the state would be multiple host as long as the port is member in the port channel Examples The following command allows multiple hosts clients on a...

Page 377: ...bled and the user has been successfully authenticated Examples The following example uses the forward action to forward frames with source addresses console config if Config VLAN dot1x single host violation forward trap 100 5 29 19 show dot1x advanced The show dot1x advanced privileged EXEC command displays 802 1X advanced features for the switch or for the specified interface Syntax show dot1x ad...

Page 378: ...erface Multiple Hosts 1 1 Disabled 1 2 Enabled console show dot1x advanced ethernet 1 1 Guest VLAN 3978 Unauthenticated VLANs 91 92 Use user attributes from Authentication Server Enabled User VLAN not created Create Interface Multiple Hosts 1 1 Disabled 1 2 Enabled Single Host Violation Discard Trap Enabled Frequency 100 Status Authorized Locked Counter 9 ...

Page 379: ...thernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor 100Base TX port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Why the Switch do...

Page 380: ...ts 10 100Mbps 10 100Base TX RJ 45 Connector pin assignment Contact MDI Media Dependant Interface MDI X Media Dependant Interface Cross 1 Tx transmit Rx receive 2 Tx transmit Rx receive 3 Rx receive Tx transmit 4 5 Not used 6 Rx receive Tx transmit 7 8 Not used 1000Mbps 1000Base T RJ 45 Connector pin assignment Contact MDI MDI X 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD ...

Page 381: ...e 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Straight Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Strai...

Page 382: ...FP port 1000Base LX mini GBIC module 70KM MGB L120 SFP port 1000Base LX mini GBIC module 120KM MGB LA10 SFP port 1000Base LX WDM TX 1310nm mini GBIC module 10KM MGB LB10 SFP port 1000Base LX WDM TX 1550nm mini GBIC module 10KM MGB LA20 SFP port 1000Base LX WDM TX 1310nm mini GBIC module 20KM MGB LB20 SFP port 1000Base LX WDM TX 1550nm mini GBIC module 20KM MGB LA40 SFP port 1000Base LX WDM TX 1310...

Reviews:

No comments

Related manuals for WGSD-1022

AbleNet HouseMate Quick Start Manual preview
HouseMate
Brand: AbleNet Pages: 2
Dahua D-PFS4226-24ET-240 Web Operation Manual preview
D-PFS4226-24ET-240
Brand: Dahua Pages: 58
Valcom V-2972 User Manual preview
V-2972
Brand: Valcom Pages: 2
Field Controls 46112100 Manual preview
46112100
Brand: Field Controls Pages: 4
Kramer VP-727XL User Manual preview
VP-727XL
Brand: Kramer Pages: 61
Aruba 2930F Series Installation, Safety, And Regulatory Information preview
2930F Series
Brand: Aruba Pages: 6
Edge-Core AS7326-56X Quick Start Manual preview
AS7326-56X
Brand: Edge-Core Pages: 9
Eaton 9476-ET Instruction Manual preview
9476-ET
Brand: Eaton Pages: 43
NBase Communications NH2001M Installation And User Manual preview
NH2001M
Brand: NBase Communications Pages: 72
A-Neuvideo ANI-3AUTOHDMI Instruction Manual preview
ANI-3AUTOHDMI
Brand: A-Neuvideo Pages: 16
Black Box SW045A-FFF Manual preview
SW045A-FFF
Brand: Black Box Pages: 9
H3C LSW1GP16P0 User Manual preview
LSW1GP16P0
Brand: H3C Pages: 26
Radio Systems HUB16-DC Technical Manual preview
HUB16-DC
Brand: Radio Systems Pages: 19
3onedata IES2008 Quick Installation Manual preview
IES2008
Brand: 3onedata Pages: 2
Konig CMP-KVMSWIT50 Manual preview
CMP-KVMSWIT50
Brand: Konig Pages: 40
SOMFY COMMANDE MURALE RTS Manual preview
COMMANDE MURALE RTS
Brand: SOMFY Pages: 2
Extreme Networks ExtremeSwitching 3600 Series Installation Manual preview
ExtremeSwitching 3600 Series
Brand: Extreme Networks Pages: 51
Freestyle Libre Plugin User Manual preview
Libre Plugin
Brand: Freestyle Pages: 5

Brands by name

Popular brands

Load more brands