manualshive.com logo in svg

SMC Networks 100BASE-TX, Management Manual

Introducing the KTI Networks 100BASE-TX! Unlock its full potential with our comprehensive and easy-to-follow User Manual. Download this essential manual for free from our website and discover everything you need to know about operating and optimizing your KTI Networks 100BASE-TX. Get the most out of your product today!

Share
Download
background image

Configuring the Switch

3-132

3

Web

 – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL 

from the scroll-down list, then click Apply.

Figure 3-81.  ACL CoS Priority

CLI

 – This example assigns a CoS value of zero to packets matching rules within 

the specified ACL on port 24.

Multicast Filtering 

Multicasting is used to support real-time 
applications such as videoconferencing or 
streaming audio. A multicast server does not have 
to establish a separate connection with each 
client. It merely broadcasts its service to the 
network, and any hosts that want to receive the 
multicast register with their local multicast switch/
router. Although this approach reduces the 
network overhead required by a multicast server, 
the broadcast traffic must be carefully pruned at 
every multicast switch/router it passes through to 
ensure that traffic is only passed on to the hosts 
which subscribed to this service.

This switch uses IGMP (Internet Group 
Management Protocol) to query for any attached 
hosts that want to receive a specific multicast 
service. It identifies the ports containing hosts 
requesting to join the service and sends data out 

Console(config)#interface ethernet 1/24

4-104

Console(config-if)#map access-list ip bill cos 0

4-91

Console(config-if)#

Unicast
Flow

Multicast
Flow

Summary of Contents for 100BASE-TX

Page 1: ...gate bandwidth Non blocking switching architecture Spanning Tree Protocol Up to four port trunks RADIUS and TACACS authentication Rate limiting for bandwidth management QoS support for four level priority Full support for VLANs with GVRP IP Multicasting with IGMP Snooping Manageable via console Web SNMP RMON Management Guide SMC6716AL2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Installation Guide From SMC s Tiger line of feature rich workgroup LAN solutions July 2004 Pub 150000013500H ...

Page 4: ... granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are tradem...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...IRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS...

Page 7: ...Receivers 2 7 Saving Configuration Settings 2 7 Managing System Files 2 8 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 2 Home Page 3 2 Configuration Options 3 3 Panel Display 3 3 Main Menu 3 4 Basic Configuration 3 8 Displaying System Information 3 8 Displaying Switch Hardware Software Versions 3 9 Displaying Bridge Extension Capabilities ...

Page 8: ...ring Port Security 3 44 Configuring 802 1x Port Authentication 3 46 Displaying 802 1x Global Settings 3 47 Configuring 802 1x Global Settings 3 48 Configuring Port Settings for 802 1x 3 48 Displaying 802 1x Statistics 3 51 Access Control Lists 3 53 Configuring Access Control Lists 3 53 Setting the ACL Name and Type 3 54 Configuring a Standard IP ACL 3 55 Configuring an Extended IP ACL 3 56 Configu...

Page 9: ...ic Members to VLANs VLAN Index 3 108 Adding Static Members to VLANs Port Index 3 110 Configuring VLAN Behavior for Interfaces 3 111 Private VLANs 3 113 Displaying Current Private VLANs 3 114 Configuring Private VLANs 3 115 Associating Community VLANs 3 116 Displaying Private VLAN Interface Information 3 117 Configuring Private VLAN Interfaces 3 118 Class of Service Configuration 3 120 Layer 2 Queu...

Page 10: ... 3 Keywords and Arguments 4 3 Minimum Abbreviation 4 3 Command Completion 4 3 Getting Help on Commands 4 3 Showing Commands 4 4 Partial Keyword Lookup 4 5 Negating the Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 6 Configuration Commands 4 6 Command Line Processing 4 8 Command Groups 4 9 Line Commands 4 10 line 4 10 login 4 11 password 4 12 timeo...

Page 11: ... 32 Telnet Server Commands 4 33 ip telnet port 4 33 ip telnet server 4 33 Secure Shell Commands 4 34 ip ssh server 4 36 ip ssh timeout 4 37 ip ssh authentication retries 4 37 ip ssh server key size 4 38 delete public key 4 38 ip ssh crypto host key generate 4 39 ip ssh crypto zeroize 4 39 ip ssh save host key 4 40 show ip ssh 4 40 show ssh 4 41 show public key 4 42 Event Logging Commands 4 43 logg...

Page 12: ...Authentication Commands 4 67 Authentication Sequence 4 67 authentication login 4 67 authentication enable 4 68 RADIUS Client 4 69 radius server host 4 69 radius server port 4 70 radius server key 4 71 radius server retransmit 4 71 radius server timeout 4 72 show radius server 4 72 TACACS Client 4 73 tacacs server host 4 73 tacacs server port 4 73 tacacs server key 4 74 show tacacs server 4 74 Port...

Page 13: ...access list mac 4 93 permit deny MAC ACL 4 94 show mac access list 4 95 mac access group 4 95 show mac access group 4 96 map access list mac 4 96 show map access list mac 4 97 ACL Information 4 98 show access list 4 98 show access group 4 98 SNMP Commands 4 99 snmp server community 4 99 snmp server contact 4 100 snmp server location 4 100 snmp server host 4 101 snmp server enable traps 4 102 show ...

Page 14: ... dynamic 4 131 show mac address table 4 131 mac address table aging time 4 132 show mac address table aging time 4 132 Spanning Tree Commands 4 133 spanning tree 4 133 spanning tree mode 4 134 spanning tree forward time 4 135 spanning tree hello time 4 135 spanning tree max age 4 136 spanning tree priority 4 137 spanning tree pathcost method 4 137 spanning tree transmission limit 4 138 spanning tr...

Page 15: ...160 show gvrp configuration 4 161 garp timer 4 161 show garp timer 4 162 Priority Commands 4 163 Priority Commands Layer 2 4 163 queue mode 4 164 queue bandwidth 4 164 switchport priority default 4 165 queue cos map 4 166 show queue mode 4 167 show queue bandwidth 4 167 show queue cos map 4 168 Priority Commands Layer 3 and 4 4 169 map ip port Global Configuration 4 169 map ip port Interface Confi...

Page 16: ...pire time 4 182 Static Multicast Routing Commands 4 183 ip igmp snooping vlan mrouter 4 183 show ip igmp snooping mrouter 4 184 IP Interface Commands 4 185 ip address 4 185 ip dhcp restart 4 186 ip default gateway 4 187 show ip interface 4 187 show ip redirects 4 188 ping 4 188 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information...

Page 17: ...ine Processing 4 8 Table 4 4 Command Groups 4 9 Table 4 5 Line Commands 4 10 Table 4 6 General Commands 4 19 Table 4 7 System Management Commands 4 24 Table 4 8 Device Designation Commands 4 24 Table 4 9 User Access Commands 4 25 Table 4 10 Default Login Settings 4 26 Table 4 11 IP Filter Commands 4 28 Table 4 12 Web Server Commands 4 30 Table 4 13 HTTPS System Support 4 31 Table 4 14 Telnet Serve...

Page 18: ...description 4 127 Table 4 46 show lacp neighbors display description 4 128 Table 4 48 Address Table Commands 4 129 Table 4 47 show lacp sysid display description 4 129 Table 4 49 Spanning Tree Commands 4 133 Table 4 50 VLANs 4 145 Table 4 51 Editing VLAN Groups 4 145 Table 4 52 Configuring VLAN Interfaces 4 147 Table 4 53 Show VLAN Commands 4 153 Table 4 54 Private VLAN Commands 4 154 Table 4 55 G...

Page 19: ...etting the System 3 27 Figure 3 19 Configuring SNTP 3 28 Figure 3 20 Setting the System Clock 3 29 Figure 3 21 Configuring SNMP 3 30 Figure 3 22 Configuring IP Trap Managers 3 31 Figure 3 23 Access Levels 3 33 Figure 3 24 Authentication Settings 3 36 Figure 3 25 HTTPS Settings 3 38 Figure 3 26 SSH Host Key Settings 3 42 Figure 3 27 SSH Server Settings 3 43 Figure 3 28 Configuring Port Security 3 4...

Page 20: ...106 Figure 3 63 Configuring a VLAN Static List 3 108 Figure 3 64 Configuring a VLAN Static Table 3 109 Figure 3 65 VLAN Static Membership by Port 3 110 Figure 3 66 Configuring VLANs per Port 3 112 Figure 3 67 Private VLAN Information 3 114 Figure 3 68 Configuring Private VLANs 3 116 Figure 3 69 Private VLAN Association 3 117 Figure 3 70 Displaying Private VLAN Port Information 3 118 Figure 3 71 Pr...

Page 21: ...IP or MAC ACLs DHCP Client Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One port mirrored to a single analysis port Port Trunking Supports up to 4 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridg...

Page 22: ...ight to access the network via an authentication server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol...

Page 23: ...ates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 8K addresses Store and Forward Switching The switch copies each frame into its memory before forwarding them to another port This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check CRC Th...

Page 24: ...ame VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using four priority queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used ...

Page 25: ...none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1x Port Authentication Disabled HTTPS Enabled SSH Disabled Port Security Disabled IP Filtering Disabled Web Management H...

Page 26: ... control disabled Symmetric flow control disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 32 000 octets per second Spanning Tree Protocol Status Enabled Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table Aging Time 300 secon...

Page 27: ...riority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 6 SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 28: ...Introduction 1 8 1 ...

Page 29: ...onsole port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView The switch s Web interface CLI configuration program and SNMP agent allow you to perform the following m...

Page 30: ... end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to 9600 bps Set the data format to 8 data bits 1 stop bit and no parity Set flow control to none Set the emulation mode to VT100 When using HyperTerminal select Terminal keys not Windows keys Notes 1 Wh...

Page 31: ...ss to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privileged access level Privileged Exec The commands available at the Normal Exec level are a limited subset of those available a...

Page 32: ...s information for the switch to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP a...

Page 33: ... therefore need to use the ip dhcp restart command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it ...

Page 34: ...o control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified users or user groups and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized manage...

Page 35: ...ddress for the trap receiver and community string is the string associated with that host Press Enter 2 In order to configure the switch to send SNMP notifications you must enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running...

Page 36: ...code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 15 for more information Diagnostic Code Software that is run during system boot up also known as POST Power On Self Test Due to the size limit of the flash memory the switch supports only two operation code files However you can have as many diagnostic code files and configuration fil...

Page 37: ... 2 Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on page 2 4 3 After you enter a user name and password you will have access to the system configuration program Notes 1 You are allowed three attempts to enter the correct password on the third f...

Page 38: ...statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statis...

Page 39: ...isit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or wi...

Page 40: ...deletion of files from the flash memory 3 16 Set Startup Sets the startup file 3 16 Line 3 19 Console Sets console port connection parameters 3 20 Telnet Sets Telnet connection parameters 3 22 Log 3 25 Logs Stores and displays error messages 3 23 System Logs Sends error messages to a logging process 3 23 Remote Logs Configures the logging of messages to a remote logging process 3 25 Reset Restarts...

Page 41: ...s 3 62 Trunk Information Displays trunk connection status 3 62 Port Configuration Configures port connection settings 3 64 Trunk Configuration Configures trunk connection settings 3 64 Trunk Membership Specifies ports to group into static trunks 3 67 LACP 3 66 Configuration Allows ports to dynamically join trunks 3 68 Aggregation Port Configures parameters for link aggregation group members 3 70 P...

Page 42: ...ndividual port settings for STA 3 99 Trunk Configuration Configures individual trunk settings for STA 3 99 VLAN 3 101 802 1Q VLAN GVRP Status Enables GVRP VLAN registration protocol 3 104 Basic Information Displays information on the VLAN type supported by this switch 3 104 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3 105 Static List...

Page 43: ... Precedence Priority Sets IP Type of Service priority mapping the precedence tag to a class of service value 3 127 IP DSCP Priority Sets IP Differentiated Services Code Point priority mapping a DSCP tag to a class of service value 3 128 IP Port Priority Status Globally enables or disables IP Port Priority 3 127 IP Port Priority Sets TCP UDP port priority defining the socket number and associated c...

Page 44: ... Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telnet server port Shows the TCP port used by the Telnet interface Jumbo F...

Page 45: ...n number of runtime code Role Shows that this switch is operating as Master i e operating stand alone Expansion Slot Expansion Slot 1 2 Indicates any installed module type Console config hostname R D 5 4 25 Console config snmp server location WC 9 4 100 Console config snmp server contact Ted 4 100 Console config exit Console show system 4 58 System description TigerSwitch 10 100 6716AL2 System OID...

Page 46: ...Figure 3 4 Displaying Switch Information CLI Use the following command to display version information Console show version 4 59 Unit 1 Serial number A305051234 Service tag Hardware version R0C Model A type 1000BaseT Model B type 1000BaseT Number of ports 18 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 2 2 1 1 Boot ROM version 2 2 1 2 Operation code ...

Page 47: ...filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 86 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Refer to VLAN Configuration ...

Page 48: ...s been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP address s...

Page 49: ...to Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 104 Console config if ip address 10 1 0 254 255 255 255 0 4 185 Console config if exit Console config ip default gateway 192 168 1 254 4 187 Console config ...

Page 50: ...e connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart command Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose management acce...

Page 51: ...py operation includes these options file to file Copies a file within the switch directory assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Addr...

Page 52: ...f the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation code reboot the system via the System Reset menu Figure 3 8 Operation Code Image File Transfer If you download to a new desti...

Page 53: ...ile Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch to a TFTP server running config to file Co...

Page 54: ...nfiguration files is limited only by available flash memory space Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or you can specify the current startup configuration file as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but...

Page 55: ...luding a password timeouts and basic communication settings These parameters can be configured via the Web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 0 300 seconds Default 0 Exec Timeout Sets the interval tha...

Page 56: ...it Communication protocols provided by some terminals can require a specific parity bit setting Specify Even Odd or None Default None Speed Sets the terminal line s baud rate for transmit to terminal and receive from terminal Set the speed to match the baud rate of the device connected to the serial port Default 9600 bps Stop Bits Sets the number of the stop bits transmitted per byte Range 1 2 Def...

Page 57: ...out interval the connection is terminated for the session Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Console config line console 4 10 Console config line login local 4 11 Console config l...

Page 58: ...cifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific us...

Page 59: ...tem Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent fl...

Page 60: ...lash memory Use the show logging command to display the current settings Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critica...

Page 61: ...on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be sen...

Page 62: ...permanent flash memory Web Click System Log Logs Figure 3 17 Displaying System Logs Console config logging host 192 168 1 15 4 45 Console config logging facility 23 4 45 Console config logging trap 4 4 46 Console config end Console show logging trap 4 46 Syslog logging Enabled REMOTELOG status Enabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip a...

Page 63: ... switch enables the system log to record meaningful dates and times for event entries You can also manually set the clock using the CLI See calendar set on page 4 53 If the clock is not set the switch will only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can...

Page 64: ... switch attempts to update the time from the first server if this fails it attempts an update from the next server in the sequence Web Select SNTP Configuration Modify any of the required parameters and click Apply Figure 3 19 Configuring SNTP CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp server 10 1 ...

Page 65: ...tting the System Clock CLI This example shows how to set the time zone for the system clock Simple Network Management Protocol Simple Network Management Protocol SNMP is a communication protocol designed specifically for managing devices on a network Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operat...

Page 66: ...ive community strings Community String A community string that acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Read Only Specifies read only access Authorized management stations are only able to retrieve MIB objects Read Write Specifies read write access Authorized manag...

Page 67: ...unity string sent with the notification operation Range 1 32 characters case sensitive Trap Version Specifies whether to send notifications as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Enable Link up and Link down Traps Issues a trap ...

Page 68: ...or most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest with the password guest The default administrator name is admin with the password admin Command Attributes Account List Displays the curren...

Page 69: ...w user account and add it to the Account List To change the password for a specific user enter the user name and new password confirm the password by entering it again then click Apply Figure 3 23 Access Levels CLI Assign a user name to access level 15 i e administrator then specify the password Console config username bob access level 15 4 26 Console config username bob password 0 smith Console c...

Page 70: ...he packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet ...

Page 71: ...on server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds th...

Page 72: ...uthentication login radius 4 67 Console config radius server port 181 4 70 Console config radius server key green 4 71 Console config radius server retransmit 5 4 71 Console config radius server timeout 10 4 72 Console config radius server 1 host 192 168 1 25 4 69 Console config end Console show radius server 4 72 Remote RADIUS server configuration Global settings Communication key with RADIUS ser...

Page 73: ... bar for Internet Explorer 5 x or above and Netscape Navigator 4 x or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 38 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies ...

Page 74: ...t obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and use th...

Page 75: ...authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings page page 3 34 If public key authentication is specified by the client then you must configure authentication keys on both the client and the switch as described in the following section Note that rega...

Page 76: ...able the SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to contact the switch the SSH server uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The following exchanges take place during this process a The client sends its public key to...

Page 77: ...d used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select ei...

Page 78: ...8320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 60325919683697053439336438445223335188287173896894511729290510813919642025 190932104328579045764891 DSA ssh dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE Re6hlasfEthIwmj hLY4O0jqJZpcEQUgCfYlum0Y2uoLka Py9ieGWQ8f2gobUZKIICuKg6vjO9XTs7XKc05xfzkBi KviDa 2Or...

Page 79: ...ge 1 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies the SSH server key size Range 512 896 bits The server key is a private key that is never shared outside the switch The hos...

Page 80: ...or frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table page 3 86 When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing...

Page 81: ... Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Trunk Trunk number if port is a member page 3 67 and 3 68 Web Click Security Port Security Mark the checkbox in the Status column to enable security for a port set the maximum number of MAC addresses allowed on a port and click Apply Figure 3 28 Configuring Port Security CLI This example selects the targe...

Page 82: ...ket from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The authentication method must be MD5 The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server...

Page 83: ... System Authentication Control The global setting for 802 1x Web Click Security 802 1X Information Figure 3 29 802 1X Information CLI This example shows the default global setting for 802 1x Console show dot1x 4 82 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single ...

Page 84: ...abled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Options Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto R...

Page 85: ...ich a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant In...

Page 86: ...02 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant ti...

Page 87: ...he number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in ...

Page 88: ...laying 802 1x Port Statistics CLI This example displays the 802 1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 82 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 89: ...he packet is dropped and if no rules match for a list of all deny rules the packet is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is 88 However due to resource restrictions the average number of rules bound to the ports should not exceed 20 This switch supports ACLs for ingress filtering only However you can only bind ...

Page 90: ...as protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP control code MAC MAC ACL mode that filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 Web Click Security ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add t...

Page 91: ... indicate match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the address for each IP packet entering the port s to which this ACL has been assigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an a...

Page 92: ...e protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bitmask Decimal number represe...

Page 93: ...ackets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP 3 Permit all TCP packets from class C addresses 192 168 1 0 with the TCP co...

Page 94: ...r source or destination MAC address VID VLAN ID Range 1 4094 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 0 65535 A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Web Specify the action i e Permit or Deny Specify the source and or destination addresses Select the addre...

Page 95: ...enable for a port MAC Specifies the MAC Access List to enable globally Web Click Security ACL Port Binding Mark the Enabled field for the port you want to bind to an ACL select the required ACL from the drop down list then click Apply Figure 3 37 Binding a Port to an ACL CLI This example assigns an IP and MAC access list to port 1 and an IP access list to port 3 Console config mac acl permit any h...

Page 96: ...r individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an addr...

Page 97: ...reating a Web IP Filter List CLI This example allows SNMP access for a specific client Console config management snmp client 10 1 2 3 4 28 Console config end Console show management all client Management IP Filter HTTP Client Start IP address End IP address 1 10 1 2 1 10 1 2 254 SNMP Client Start IP address End IP address 1 10 1 2 3 10 1 2 3 TELNET Client Start IP address End IP address Console ...

Page 98: ... enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member1 Shows if port is a trunk member Creation2 Shows if a trunk is man...

Page 99: ...l duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 64 95232000 octets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled o...

Page 100: ...t Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps...

Page 101: ...ll 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Trunk Indicates if a port is a member of a trunk To create trunks and select port members see Creating Trunk Groups on page 3 66 Note Auto negotiation must be disabled before you can configure or force the interface to use the Speed Duplex Mode or Flow Control options Web Click Port Port Configuration o...

Page 102: ...laced in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk...

Page 103: ...ating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Web Click Port Trunk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports...

Page 104: ...e of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Console config interface port channel 2 4 104 Console config if exit Console config interface ethernet 1 1 4 104 Console config if channel group 2 4 120 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console...

Page 105: ... Console config if lacp 4 121 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 111 Information of Trunk 2 Basic information Port type 100TX Mac address 22 22 22 22 22 2d Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Flow control status Disabled Po...

Page 106: ... Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG ...

Page 107: ... can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 43 LACP Port Configuration ...

Page 108: ...actor port priority 128 4 125 Console config if exit Console config interface ethernet 1 4 Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 125 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 3...

Page 109: ...ber of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts N...

Page 110: ...mation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not ...

Page 111: ...e LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 125 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long t...

Page 112: ...ssigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation ...

Page 113: ...Control is enabled by default The default threshold is 32000 octets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Threshold Threshold as percentage of port bandwidth Range 64 95232000 Default 32000 octets per second Protect Status Shows whether or not broadcast storm control has been enabled Default E...

Page 114: ...itchport broadcast 4 110 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast octet rate 600 4 110 Console config if end Console show interfaces switchport ethernet 1 2 4 113 Information of Eth 1 2 Broadcast threshold Enabled 600 octets second Lacp status Enabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN membership mo...

Page 115: ...ror sessions Source Unit The unit whose port traffic will be monitored Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive or Tx transmit Target Unit The unit whose port will duplicate or mirror the traffic on the source port Target Port The port that will mirror the traffic on the source port Web Click Port Mirror Po...

Page 116: ...ling the network manager greater control over traffic on the network The rate limit granularity is multiplied by the rate limit level page 3 81 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces Command Usage For Fast Ethernet interfaces the rate limit granularity is 512 Kbps 1 Mbps or 3 3 Mbps For Gigabit Ethe...

Page 117: ... rate limit level Range 1 30 Default 30 Note Actual rate limit Rate Limit Level Granularity Web Click Port Rate Limit Input Output Port Trunk Configuration Enable the Rate Limit Status for the required interfaces set the Rate Limit Level and click Apply Figure 3 50 Output Rate Limit Port Configuration CLI This example sets the rate limit level for input and output traffic passing through port 3 Co...

Page 118: ... at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for dis...

Page 119: ...ticular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR mes...

Page 120: ...mber of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitte...

Page 121: ...onfiguration 3 85 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 51 Port Statistics ...

Page 122: ...ddress of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Web Only Console show interfaces counters ethernet 1 13 4 112 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cas...

Page 123: ...for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC a...

Page 124: ... method of sorting the displayed addresses and then click Query Figure 3 53 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 131 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Delete on reset Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 125: ...ch automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on eac...

Page 126: ...he tree structure can easily isolate some of the group members Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the brid...

Page 127: ...otocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Root Hello Time Interval in seconds at which this device transmits a ...

Page 128: ...t Note The current root port and current root cost display as zero when this device is not connected to the network Console show spanning tree 4 143 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designa...

Page 129: ...the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Command Attributes Basic Configuration of Global Settings Spanning Tree State Enables disables STA on this switch Default Enabled Spanning Tree Type Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D i e when this option is selected the switch wil...

Page 130: ...e changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Default 15 Minimum The higher of 4 or Max Message A...

Page 131: ...d then configures the STA and RSTP parameters Console config spanning tree 4 133 Console config spanning tree mode rst 4 134 Console config spanning tree priority 45056 4 137 Console config spanning tree hello time 5 4 135 Console config spanning tree max age 38 4 136 Console config spanning tree forward time 20 4 135 Console config spanning tree pathcost method long 4 137 Console config spanning ...

Page 132: ...tate to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the cost Designated Bridge The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree Designated Port The port priority and number of the port on the ...

Page 133: ...e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Designated root The priority and MAC address of the device in the Spanning Tree that t...

Page 134: ...ts connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media Web Click Spanning Tree STA Port Information or STA Trunk Information Figure 3 58 Displaying Sp...

Page 135: ... Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a ...

Page 136: ...initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Default Disabled Migration If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced...

Page 137: ...ANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multip...

Page 138: ...separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby...

Page 139: ... If you want to create a small port based VLAN for devices attached directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing t...

Page 140: ...LAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 60 Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number The VLAN version used by this switch as specified in the IEEE 802 1Q standard Maximum VLAN ...

Page 141: ...N ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Console show bridge ext 4 160 Max support vlan numbers 255 Max support vla...

Page 142: ... configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel groups Shows the VLAN interface members ...

Page 143: ...the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group t...

Page 144: ... the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 110 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on pag...

Page 145: ...untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 102 None Interface is not a member of the VLAN Packets associated with this VLAN will not be tra...

Page 146: ...erface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 65 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Console config interface ethernet 1 1 4 104 Console config if switchport allowed v...

Page 147: ...he interface to accept all frame types including tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Options All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Default Disabled Ingress filtering only affects tagged...

Page 148: ...000 Mode Indicates VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN inter...

Page 149: ...promiscuous ports Multiple primary VLANs can be configured on this switch and multiple community VLANs can be configured within each primary VLAN To configure private VLANs follow these steps 1 Use the Private VLAN Configuration menu page 3 115 to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the community groups 2 Use the Private VLAN Association ...

Page 150: ... the switch including primary and community VLANs and their associated interfaces Command Attributes VLAN ID ID of configured VLAN 1 4094 no leading zeroes Primary VLAN The primary VLAN with which the selected VLAN is associated Note that this displays as VLAN 0 if the selected VLAN is itself a primary VLAN Ports List The list of ports and assigned type in the selected private VLAN Web Click VLAN ...

Page 151: ...mand Attributes VLAN ID ID of configured VLAN 1 4094 no leading zeroes Type There are three types of VLANs within a private VLAN Primary VLANs Conveys traffic between promiscuous ports and to community ports within secondary VLANs Community VLANs Conveys traffic between community ports and to their associated promiscuous ports Isolated VLANs Conveys traffic only between the VLAN s isolated ports a...

Page 152: ...s example configures VLAN 5 as a primary VLAN and VLAN 6 and 7 as community VLANs Associating Community VLANs Each community VLAN must be associated with a primary VLAN Command Attributes Primary VLAN ID ID of primary VLAN 1 4094 no leading zeroes Association Community VLANs associated with the selected primary VLAN Non Association Community VLANs not associated with the selected primary VLAN Cons...

Page 153: ...rmal The port is not configured in a private VLAN Host The port is a community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within ...

Page 154: ...h a private VLAN Command Attributes Port Trunk The switch interface PVLAN Port Type Sets the private VLAN port types Normal The port is not configured into a private VLAN Host The port is a community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Promiscuous A promiscuous port can communicate with all interfaces within a private ...

Page 155: ...ample shows the switch configured with primary VLAN 5 and secondary VLAN 6 Port 3 has been configured as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console config interface ethernet 1 3 Console config if switchport mode private vlan promiscuous 4 15...

Page 156: ...ority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q V...

Page 157: ...itchport priority default 5 4 165 Console config if end Console show interfaces switchport ethernet 1 3 4 113 Information of Eth 1 3 Broadcast threshold Disabled LACP status Disabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Enabled Acceptable frame type Tagged frames only Native VLAN 1 Priority for untagged traffic 5 GVRP statu...

Page 158: ...e following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 3 where 3 is the highest CoS priority queue CLI shows Queue ID Table 3 10 Egress Queue Priority Mapping Queue 0 1 2 3 Priori...

Page 159: ...service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next ...

Page 160: ...quency at which it services each priority queue As described in Mapping CoS Values to Egress Queues on page 3 122 the traffic classes are mapped to one of the four egress queues provided for each port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affe...

Page 161: ...tput queue enter a weight then click Apply Figure 3 75 Configuring Interfaces for Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 6 9 12 4 164 Console config exit Console show queue bandwidth 4 167 Queue ID Weight 0 1 1 6 2 9 3 12 Console ...

Page 162: ...ut queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be enabled Enabling one of these priority types will automatically disable the other Selecting IP Precedence DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority Sele...

Page 163: ...ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Web Click Priority IP Precedence Priority Select the required interface select an entry from the IP Precedence Priority Table enter...

Page 164: ...S enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence 4 169 Console config interface ethernet 1 1 4 104 Console config if ma...

Page 165: ... 78 Mapping IP DSCP Priority Values CLI The following example globally enables DSCP Priority service on the switch maps DSCP value 0 to CoS value 1 on port 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 4 172 Console conf...

Page 166: ...ows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Priority IP Port Priority Status Set IP Port Priority Status to Enabled Figure 3 79 Enabling IP Port Priority Status Web Click Priority ...

Page 167: ... that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 122 Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 For information on configuring ACLs see ...

Page 168: ... and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on to the hosts which subscribed to this service This switch uses IGMP Internet G...

Page 169: ...nterface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 138 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch forwards traffic only to the ports that request multicast ...

Page 170: ... Default 125 IGMP Report Delay Sets the time between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list Range 5 25 seconds Default 10 IGMP Query Timeout The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query ...

Page 171: ...ast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping Multicast Router Port Information Select the required VLAN ID from the scroll down list to display the associated multicast routers Figure 3 83 Displaying Multicast Router Port Information Console config ip igmp snooping 4 177 Console config ip igmp snoopin...

Page 172: ...rt or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configuration Specify the interfaces attached to a multicast router indicate the VLAN which will forward all the corresponding multicast traffic an...

Page 173: ...vice Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service Figure 3 85 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corre...

Page 174: ...ed to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attach...

Page 175: ... all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 4 177 Console config exit Console show mac address table multicast vlan 1 4 179 VLAN M cast IP addr Member ports Type 1 224 1 1 12 Eth1 12 USER 1 224 1 2 3 Eth1 12 IGMP Console ...

Page 176: ...Configuring the Switch 3 140 3 ...

Page 177: ... Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the quit or exit command After connecting to the system through the console port the login screen displays Telnet Connection Telnet operates over th...

Page 178: ...dress of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty n for the guest to show that you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands ...

Page 179: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is am...

Page 180: ...line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Configuration of the address table management Management IP filter map Maps priority port Port Characteristics public key Public Key information queue Priority queue information radius server RADIUS server information rate limit Configures rate limits running config Information on...

Page 181: ...ed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain sw...

Page 182: ...ommands modify the running configuration only and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server communit...

Page 183: ...can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console configure Console config Table 4 2 Configuration Modes Mode Command Prompt Page Line line console vty Console config line 4 10 Access Control List access list ip standard access list ip extended access list mac Console config std acl Console config ext acl Console config mac acl 4 8...

Page 184: ... line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Ente...

Page 185: ...ity access strings and trap managers also configures IP address filtering 4 99 Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 4 104 Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 115 Rate Limiting Controls the maximum rate for traffic transmitted or receive...

Page 186: ...sword Specifies a password on a line LC 4 12 timeout login response Sets the interval that the system waits for a user to log into the CLI LC 4 13 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 13 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 14 silent time Sets the amount of time the...

Page 187: ...re are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this ...

Page 188: ... system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility with legacy password settings i e plain text or encrypte...

Page 189: ... for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command Related Commands silent time 4 15 exec timeout 4 14 exec timeout This command sets the interval that the system waits until user input...

Page 190: ...mpts Use the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allo...

Page 191: ...response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands Related Commands 4 14 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax d...

Page 192: ...ds parity 4 16 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Examp...

Page 193: ... device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop ...

Page 194: ...ifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 41 show users 4 58 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Sho...

Page 195: ...sabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Cshoonsole Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 19 disable Returns to normal mode from privileged mode PE 4 20 configure Activates global configuration...

Page 196: ...4 20 enable password 4 27 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 5 Default Setting None Command Mode Privileged Exec Command Usage The character is a...

Page 197: ... Default Setting None Command Mode Privileged Exec Example Related Commands end 4 22 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the c...

Page 198: ...guration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration...

Page 199: ...on mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console config exit Console exit Press ENTER to start session User Access Verification Username Console quit Press E...

Page 200: ... basic user names and passwords for management access 4 25 IP Filter Configures IP addresses that are allowed management access 4 28 Web Server Enables management access via a web browser 4 30 Telnet Server Enables management access via Telnet 4 33 Secure Shell Provides secure replacement for Telnet 4 34 Event Logging Controls logging of error messages 4 43 Time System Clock Sets the system clock ...

Page 201: ...ment access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 10 user authentication via a remote authentication server page 4 67 and host access authentication for specific ports page 4 77 Console config prompt RD2 RD2 config Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Funct...

Page 202: ...password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The factory defaults for the user names and passwords are Command Mode Global Configuration Command Usage The encrypted password is required for compatibility with legacy password settings i e plain text or en...

Page 203: ...l Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 4 19 The encrypted password is required for compatibilit...

Page 204: ...ddress the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch wi...

Page 205: ...mp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Global Configuration Example Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console config Console show management all client Management IP Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 ...

Page 206: ...his command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 30 ip http server Allows the switch to be monitored or configured...

Page 207: ... The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x and Netscape Navigator 4...

Page 208: ...secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip...

Page 209: ...ted Commands ip telnet server 4 33 ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuration Example Table 4 14 Telnet Server Commands Command Function Mode Page ip telnet port Specifies the port to be used by the Telnet interface GC 4 30 ip...

Page 210: ...that you also need to install a SSH client on the management station when using this protocol to configure the switch Note The switch supports both SSH Version 1 5 and 2 0 Table 4 15 SSH Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4 36 ip ssh timeout Specifies the authentication timeout for the SSH server GC 4 37 ip ssh authentication retries Specifies...

Page 211: ...23329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to ...

Page 212: ...still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax ip ssh server no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH s...

Page 213: ...H negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 13 show ip ssh 4 40 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentic...

Page 214: ...nd Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both th...

Page 215: ...ent programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 4 39 ip ssh save host key 4 40 ip...

Page 216: ...save host key 4 40 no ip ssh server 4 36 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 39 show ip ssh This command displays the connection settings used when authentic...

Page 217: ...uthentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfi...

Page 218: ...ng is the encoded modulus Example Console show public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA ss...

Page 219: ...4 44 clear logging 4 46 Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 43 logging history Limits syslog messages saved to switch memory based on severity GC 4 44 logging host Adds a syslog server host IP address that will receive logging messages GC 4 45 logging facility Sets the facility type for remote logging of syslog messages GC...

Page 220: ...Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions ...

Page 221: ...sets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog ...

Page 222: ...g Enabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enables remote logging but restores the minimum severity level to the default Example clear logging This command clears messages from the log buffer Syntax clear logging...

Page 223: ...ing the time stamp message level page 4 44 program module function and event number Example The following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 4 00 01 00 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change not...

Page 224: ...age level for flash memory is errors i e default level 3 0 the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if s...

Page 225: ...ield Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for syslog messages sent to a remote server ...

Page 226: ...ecords the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp server 4 51 sntp poll 4 51 show sntp 4 52 Console config sntp server 10 1 0 19 Conso...

Page 227: ...time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp client 4 50 sntp poll 4 51 show sntp 4 52 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP cl...

Page 228: ...xample clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 1 12 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC afte...

Page 229: ...etwork or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Settin...

Page 230: ...ash for about 15 seconds Example Console show calendar 15 12 34 April 1 2004 Console Table 4 22 System Status Commands Command Function Mode Page light unit Displays the unit ID of a switch using its front panel LED indicators NE PE 4 54 show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 55 show running config Display...

Page 231: ...plays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address configured for VLANs Spanning tree settings Any configured settings for the console port and Telnet Example Console show startup config building startup config please wait username admin access level 15 username admin pa...

Page 232: ...ttings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP community strings Users names access levels and encrypted passwords Event log settings VLAN database VLAN ID name and state VLAN configuration se...

Page 233: ... password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca logging history ram 6 logging history flash 3 vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interfa...

Page 234: ...nd IP address of Telnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System description TigerSwitch 10 100 6716AL2 System OID string 1 3 6 1 4 1 202 20 40 System information System Up time 0 days 0 hours 21 minutes and 7 32 seconds System Name NONE System Location NONE System Contact NONE MAC address 12 34 12 34 12 34 Web server enabled Web server port 8...

Page 235: ...ged Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 9 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 16...

Page 236: ...th the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Console show version Unit 1 Serial number Servic...

Page 237: ...fig tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https ce...

Page 238: ...ace the startup configuration you must use startup config as the destination Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must follow the instructions in the release notes for new firmware or contact y...

Page 239: ...ile name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS cert...

Page 240: ... Example This example shows how to delete the test2 cfg configuration file from flash memory for unit 1 Related Commands dir 4 64 delete public key 4 38 dir This command displays a list of files in flash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time ope...

Page 241: ... system powered up Syntax whichboot unit unit Specifies the unit number Default Setting None Command Mode Privileged Exec Table 4 25 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name ...

Page 242: ...un time operation code The colon is required filename Name of the configuration file or image name unit Specifies the unit number Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file A colon is required after the specified unit number Example Related Commands dir 4 6...

Page 243: ...ffers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet Table 4 26 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 67 RADIUS Client Configu...

Page 244: ...uthentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command see page 4 19 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server password only tacacs Use TACACS server password Default Setting Local Command Mode...

Page 245: ...server host This command specifies primary and backup RADIUS servers and authentication parameters that apply to each server Use the no form to restore the default values Syntax no radius server index host host_ip_address host_alias auth port auth_port timeout timeout retransmit retransmit key key index Allows you to specify up to five servers These servers are queried in sequence until a server r...

Page 246: ...t Setting auth port 1812 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example radius server port This command sets the RADIUS server network port Use the no form to restore the default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuratio...

Page 247: ...efault Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Co...

Page 248: ...ult Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransm...

Page 249: ... tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Se...

Page 250: ...k spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console config tacacs server port 181 Console config Console config tacacs server key green Console config Console show tacacs server Remote TA...

Page 251: ...e the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is violate...

Page 252: ...set the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled usin...

Page 253: ...dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 78 dot1x port control Sets dot1x mode for a port interface IC 4 79 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 79 dot1x re authenticate Forces re authentication on specific ports PE 4 80 dot1x re a...

Page 254: ... of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Default 2 Command Mode Interface Configuration Example Console config dot1x default Console config Console config interface eth 1 2 Con...

Page 255: ...ace Configuration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to single host Use the no form with the multi host max count keywords to restore the default maximum count Syntax dot1x operation mode single host multi host max count count no dot1x operation mode multi ...

Page 256: ...c Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Global Configuration Example Console config interface eth 1 2 Console config if dot1x operation mode multi host max count 10 Console config if Console dot1x re authenticate Console Console config interfa...

Page 257: ... 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console ...

Page 258: ...dot1x statistics interface interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Command Usage This command displays the following information Global 802 1X Parameters Shows whether or not 802 1x port authentication is globally enabled on the switch 802 1X Port Summary Displays the port access control parameters for each interface including the ...

Page 259: ...802 1X authorized port Max Count The maximum number of hosts allowed to access this port page 4 79 Port control Shows the dot1x mode on a port as auto force authorized or force unauthorized page 4 79 Supplicant MAC address of authorized client Current Identifier The integer 0 255 used by the Authenticator to identify the current authentication session Mode Dot1x port control mode page 4 79 Authori...

Page 260: ...s disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 e8 49 5e dc Current Identifier 3 Authenticator State Machine State Authenticated Reauth Count 0 Backend State Machine Stat...

Page 261: ...XT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP control code MAC ACL mode MAC ACL filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 The following restrictions apply to ACLs Each ACL can have up to 32 ...

Page 262: ...MAC ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4 93 ACL Information Displays ACLs and associated rules shows ACLs assigned to each port 4 98 Table 4 33 IP ACLs Command Function Mode Page access list ip Creates an IP ACL and enters configuration mode GC 4 86 permit deny Filters packets matching a specified source IP address STD ACL 4 87 permit deny Filters pack...

Page 263: ...ting from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks...

Page 264: ... host destination precedence precedence tos tos dscp dscp source port sport end destination port dport end control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precede...

Page 265: ...e equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and AC...

Page 266: ...Command Mode Privileged Exec Example Related Commands permit deny 4 87 ip access group 4 90 ip access group This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Cons...

Page 267: ...mands ip access group 4 90 map access list ip This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS va...

Page 268: ... mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list ip 4 91 Table 4 34 Egress Queue Priority Mapping Queue 0 1 2 3 Priority 1 2 0 3 4 5 6 7 Console con...

Page 269: ...nd followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Table 4 35 MAC ACLs Command Function Mode Page access list mac Creates a MAC ACL and enters configuration mode GC 4 93 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 94 show mac access list Displays the rules for configur...

Page 270: ...urce or destination address host A specific MAC address source Source MAC address destination Destination MAC address range with bitmask address bitmask Bitmask for MAC address in hexidecimal format For all bitmasks 1 means care and 0 means ignore vid VLAN ID Range 1 4094 vid end Upper bound of VID range Range 1 4095 protocol A specific Ethernet protocol number Range 0 65535 protocol end Upper bou...

Page 271: ...Mode Privileged Exec Example Related Commands permit deny 4 94 mac access group 4 95 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Console conf...

Page 272: ...ac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command...

Page 273: ... to a MAC ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list mac 4 96 Table 4 36 Egress Queue Priority Mapping Queue 0 1 2 3 Priority 1 2 0 3 4 5 6 7 Console config i...

Page 274: ...Show all ACLs and associated rules PE 4 98 show access group Shows the ACLs assigned to each port PE 4 98 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC...

Page 275: ...ions are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP SNMPv1 The no snmp s...

Page 276: ... Configuration Example Related Commands snmp server location 4 100 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp serv...

Page 277: ...Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to send SNMP notifications you must enter at least one snmp server host command In order to enable multiple hosts you must issue a separate snmp server host command for each host The snmp server host command is used in conjunction with the snmp server enable traps command Use th...

Page 278: ...ontrolled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command...

Page 279: ...tication enabled Link up down enabled SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP pa...

Page 280: ...ds a description to an interface configuration IC 4 105 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 105 negotiation Enables autonegotiation of a given interface IC 4 106 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 107 flowcontrol Enables flow control on a given interface IC 4 108...

Page 281: ...e following example adds a description to port 16 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex 1000full 100full 100half 10full 10half no speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps h...

Page 282: ...o negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 4 106 capabilities 4 107 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode...

Page 283: ...ull Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100B...

Page 284: ...d IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be ...

Page 285: ...mand Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 5 Console config if flowcontrol Console co...

Page 286: ...traffic exceeds the specified threshold octets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast storm control at 600 octets per second clear counters This command clears statistics on an interface Synta...

Page 287: ...xample clears statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface i...

Page 288: ... the items displayed by this command see Showing Port Statistics on page 3 82 Console show interfaces status ethernet 1 4 Information of Eth 1 4 Basic information Port type 100TX Mac address 12 34 12 34 12 38 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 32000 octets second Flow control Disabled LACP Disa...

Page 289: ...r input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac rec...

Page 290: ... Egress rate limit Shows if rate limiting is enabled and the current rate limit page 4 117 VLAN membership mode Indicates membership mode as Trunk or Hybrid page 4 148 Ingress rule Shows if ingress filtering is enabled or disabled page 4 149 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 148 Native VLAN Indicates the default Port VLAN ID page 4...

Page 291: ... from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner The destination port is set by specifying an Ethernet interface The mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor port You ...

Page 292: ...de Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX Example The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 rx Console config if Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 rx Con...

Page 293: ...limit page 4 117 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces rate limit Use this command to define the rate limit level for a specific interface Use this command without specifying a rate to restore the default rate limit level Use the no form to restore the default status of disabled Syntax rate limit i...

Page 294: ...only one granularity option is supported 33 3 Mbps Default Setting Fast Ethernet interface 3 3 Mbps Gigabit Ethernet interface 33 3 Mbps Command Mode Global Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example The following sets Fast Ethernet granularity to 1 Mbps and Gigabit Ethernet granularity to 33 3 Mbps show rate limit Use this command to d...

Page 295: ...rt an aggregate bandwidth of 4 Gbps when operating at full duplex Console show rate limit Fast ethernet granularity 3300 Gigabit ethernet granularity 33000 Console Table 4 43 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 4 104 channel group Adds a port to a trunk ...

Page 296: ... Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key is set then the port admin key must ...

Page 297: ...x either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and wi...

Page 298: ...ership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show...

Page 299: ...n key Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 Default Setting 0 Command Mode Interface Configuration Ethernet...

Page 300: ...during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is fo...

Page 301: ...with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner Example show lacp ...

Page 302: ...s Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC...

Page 303: ... state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection o...

Page 304: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Page 305: ...p configured on this switch System Prioritya LACP system priority for this channel group System MAC Addressa System MAC address a The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 48 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 130 clear mac address table dynamic Removes an...

Page 306: ...default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses will not be removed from the address table when a given interface link is down Static addresses ...

Page 307: ...nit This is device 1 port Port number port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Dele...

Page 308: ...onds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console show mac address table Interface Mac Address Vla...

Page 309: ... Configures the spanning tree bridge forward time GC 4 135 spanning tree hello time Configures the spanning tree bridge hello time GC 4 135 spanning tree max age Configures the spanning tree bridge maximum age GC 4 136 spanning tree priority Configures the spanning tree bridge priority GC 4 137 spanning tree path cost method Configures the path cost method for RSTP GC 4 137 spanning tree transmiss...

Page 310: ...anning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer...

Page 311: ...ning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello t...

Page 312: ...r of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in t...

Page 313: ...he root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost method This command configures the path cost method used for Rapid Spanning Tree Use the no form to restore the default Syntax spanning tree ...

Page 314: ...mission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree ...

Page 315: ... path cost is 65 535 Example spanning tree port priority This command configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority The priority for a port Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This comman...

Page 316: ...ng Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that...

Page 317: ...stations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future sof...

Page 318: ... is forbidden Example spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configurati...

Page 319: ... with no parameters to display the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface For a description of the items displayed under Spanning tree information see Configuring Global Settings on page 3 93 For a description of the items displayed for specific interface...

Page 320: ...urrent root port 1 Current root cost 50000 Number of topology changes 5 Last topology changes time sec 226 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding Path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwarding enabled Forwar...

Page 321: ...mmand Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Table 4 50 VLANs Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 145 Configuring VLAN...

Page 322: ...LAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on th...

Page 323: ...Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 4 147 switchport mode Configures VLAN membership mode for an interface IC 4 148 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 148 switchport ingress filtering Enables ingress filtering on an interface IC 4 149 switchport native vlan Configures the PVID native...

Page 324: ...ation of this command see switchport mode private vlan on page 4 156 Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then set the switchport mode to hybrid Related Commands switchport acceptable frame types 4 148 switchport acceptable frame...

Page 325: ...ed Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged fo...

Page 326: ...rface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames enter...

Page 327: ...switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress If none of the intermediate network devices nor the host at the other end of the connection support...

Page 328: ...to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set...

Page 329: ...Ns Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Table 4 53 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN information NE PE 4 153 show interfaces status vlan Displays status for the specified VLAN interface NE PE 4 111 show interfaces switchport Displays the administrative and operational status of an interfa...

Page 330: ...promiscuous i e having access to all ports in the primary VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through a promiscuous port 4 Use the switchport private vlan host association command to assign a port to a secondary VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan ...

Page 331: ...signed to an isolated VLAN can only communicate with promiscuous ports within their own VLAN Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same VLAN community and channel traffic passing outside the community through promiscuous ports that have been mapped to the associated primary VLAN Port membership for private ...

Page 332: ...ovides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default setting Syntax switchport mode private vlan host promiscuous...

Page 333: ...t private vlan host association secondary vlan id ID of secondary i e community VLAN Range 2 4094 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via a promiscuous port Example Console co...

Page 334: ...the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN configuration settings on this switch Syntax show vlan private vlan community isolated primary community Displays all community VLANs along with their associated primary VLAN and assigned host interfaces isolated Displays all isolated VLANs along w...

Page 335: ...in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Console show vlan private vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 0 8 isolated Console Table 4 55 GVRP and Bridge Extension Commands Command Function Mode Page bridge...

Page 336: ...VRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tag...

Page 337: ...mmand sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Ranges join 20 1000 centiseconds leave 60 3000 centiseconds leaveall 500 18000 centiseconds Default Setting join 20 centiseconds leave 6...

Page 338: ...l leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 162 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range...

Page 339: ...y for untagged frames sets queue weights and maps class of service tags to hardware queues 4 163 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4 169 Table 4 57 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 164 queue bandwidth Assigns round robin weights to...

Page 340: ...to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Examp...

Page 341: ...efault priority id The priority number for untagged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and ...

Page 342: ...gns class of service CoS values to the priority queues i e hardware output queues 0 3 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The ID of the priority queue Ranges are 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS valu...

Page 343: ...rrent queue mode Default Setting None Command Mode Privileged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 1 Console config if queue cos map 0 0 1 2 Console config if queue cos map 1 3 Console config if queue cos map 2 4 5 C...

Page 344: ...rface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 6 Console Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 0 0 1 2 2 3 3 Console ...

Page 345: ...C 4 170 map ip precedence Enables IP precedence class of service mapping GC 4 169 map ip precedence Maps IP precedence value to a class of service IC 4 171 map ip dscp Enables IP DSCP class of service mapping GC 4 172 map ip dscp Maps IP DSCP value to a class of service IC 4 172 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 91 map access...

Page 346: ...ort priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration This command enables IP precedence mapping i e IP Type of Service Use the no form to disable IP precedence mapping Syntax no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage...

Page 347: ...n Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP Precedence for all i...

Page 348: ... switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally map ip dscp Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map i...

Page 349: ...he IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port Use this command to show the IP port priority map Syntax show map ip port interface interface ethernet unit port unit This is device 1 port Port number port ...

Page 350: ... 4 169 map ip port Interface Configuration 4 170 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 ...

Page 351: ...y map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Console ...

Page 352: ... 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 62 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 176 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4...

Page 353: ... Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast ...

Page 354: ...egacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mod...

Page 355: ...GMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for VLAN 1 Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query interval 125 sec Query max response time 10 sec Router port ex...

Page 356: ...ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Table 4 64 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 180 ip igmp sn...

Page 357: ... have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 182 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch ...

Page 358: ...sponded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 178 ip igmp snooping query max response time 4 182 ip igmp sno...

Page 359: ... port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 Default Setting No static multicast router ports are configured Command Mode Global Configuration Console config ip igmp snooping router port expire time 300 Con...

Page 360: ...p igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The...

Page 361: ...btains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Command Usage You must assign an IP address to this device to gain management access over the network You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 s...

Page 362: ...mple the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 4 186 ip dhcp restart This command submits a BOOTP or DHCP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the ...

Page 363: ...e Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 188 show ip interface This command displays the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Example Related Commands show...

Page 364: ...count Number of packets to send Range 1 16 default 5 Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not...

Page 365: ... 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 10 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 10 ms Maximum 20 ms Average 10 ms Console ...

Page 366: ...Command Line Interface 4 190 4 ...

Page 367: ...itical threshold Port Mirroring One source port one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Protocol Spanning Tree Protocol STP IEEE 802 1D Rapid Spanning Tree Protocol RSTP IEEE 802 1w VLAN Support Up to 255 groups port based protocol base...

Page 368: ...database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 1Q VLAN IEEE 802 3ad Link Aggregation Control Protocol IEEE 802 1D Spanning Tree Protocol and traffic priorit...

Page 369: ...IB RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1212 1213 Port Access Entity MIB IEEE 802 1x Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation TACACS Authentication Client MIB TCP ...

Page 370: ...Software Specifications A 4 A ...

Page 371: ...d the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Be sure the control parameters for the SSH server are properly configured on the switch and that the SSH clien...

Page 372: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 373: ...ices Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues Domain Name Service DNS A system used for translating host names for network nodes into IP addresse...

Page 374: ...ces or end stations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign endstations to different virtual LAN...

Page 375: ...irectly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The eight values are mapped one to o...

Page 376: ...n the target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from ...

Page 377: ...the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network Transmis...

Page 378: ...dless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected ...

Page 379: ... priorities 3 126 4 169 queue mapping 3 122 4 166 queue mode 3 123 4 164 traffic class weights 3 124 4 164 D default gateway configuration 3 12 4 187 default priority ingress port 3 120 4 165 default settings system 1 5 DHCP 3 14 4 185 client 3 12 dynamic configuration 2 5 Differentiated Code Point Service See DSCP downloading software 3 16 4 61 DSCP enabling 3 126 4 172 mapping priorities 3 128 3...

Page 380: ... 176 multicast groups 3 137 4 179 displaying 4 179 static 3 137 4 177 4 179 multicast services configuring 3 138 4 177 displaying 3 137 4 179 multicast static router port 3 136 4 183 P password line 4 12 4 13 passwords 2 4 administrator setting 3 32 4 26 path cost 3 91 3 97 method 3 94 4 137 STA 3 91 3 97 4 137 port authentication 3 46 4 77 port priority configuring 3 120 4 163 default ingress 3 1...

Page 381: ... 3 98 3 100 4 141 path cost 3 91 3 97 4 138 path cost method 3 94 4 137 port priority 3 97 4 139 protocol migration 3 100 4 142 transmission limit 3 94 4 138 standards IEEE A 2 startup files creating 3 18 4 61 displaying 3 16 4 55 setting 3 16 4 66 static addresses setting 3 86 4 130 statistics port 3 82 4 112 STP 3 93 4 134 STP Also see STA system clock setting 3 27 4 49 System Logs 3 23 system s...

Page 382: ...Index 4 Index W Web interface access requirements 3 1 configuration buttons 3 3 home page 3 2 menu list 3 4 panel display 3 3 ...

Page 383: ......

Page 384: ...01 France 33 0 41 38 32 32 Fax 33 0 41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 0126610232 Fax 27 11 314 9133 North West Africa 216 71236616 Fax 216 71751415 CIS 7 095 789 35 73 F...

Reviews:

No comments

Related manuals for 100BASE-TX

Panasonic KX-UDS124 Maintenance Tool Manual preview
KX-UDS124
Brand: Panasonic Pages: 24
Panasonic i-Pro WV-SP302 Speci?Cations preview
i-Pro WV-SP302
Brand: Panasonic Pages: 2
Panasonic BB-HCM381A - Network Camera Troubleshooting Manual preview
BB-HCM381A - Network Camera
Brand: Panasonic Pages: 28
Panasonic BB-HCM381A - Network Camera Installation Manual preview
BB-HCM381A - Network Camera
Brand: Panasonic Pages: 2
3Com IntelliJack NJ200 Datasheet preview
IntelliJack NJ200
Brand: 3Com Pages: 4
MA lighting grandMA2 Series Quick Manual preview
grandMA2 Series
Brand: MA lighting Pages: 36
National Instruments NI 9229 Operating Instructions Manual preview
NI 9229
Brand: National Instruments Pages: 34
QTech QSR-3920 Series Configuration Manual preview
QSR-3920 Series
Brand: QTech Pages: 120
Safety Vision ROADRECORDER 8000 User Manual preview
ROADRECORDER 8000
Brand: Safety Vision Pages: 40
D-Link DSR-500 User Manual preview
DSR-500
Brand: D-Link Pages: 213
F5 i5000 Series Platform Manual preview
i5000 Series
Brand: F5 Pages: 72
ADC HiGain HLU-231 List 8F Quick Installation preview
HiGain HLU-231 List 8F
Brand: ADC Pages: 7
Watchguard Firebox T20-W Quick Start Manual preview
Firebox T20-W
Brand: Watchguard Pages: 40
RAIDAGE DAGE312UTL-NAS User Manual preview
DAGE312UTL-NAS
Brand: RAIDAGE Pages: 60
B&B Electronics RS-232/422/485 Serial Card CE 3PXCC4A User Manual preview
RS-232/422/485 Serial Card CE 3PXCC4A
Brand: B&B Electronics Pages: 47
Allied Telesis AT-8550/SP Series Installation Manual preview
AT-8550/SP Series
Brand: Allied Telesis Pages: 114
Belkin AC 1600 DB User Manual preview
AC 1600 DB
Brand: Belkin Pages: 57
XYZ Machine Tools TRAK 2OP M11 Mill Safety, Installation, Maintenance, Service And Parts List preview
TRAK 2OP M11 Mill
Brand: XYZ Machine Tools Pages: 203

Brands by name

Popular brands

Load more brands