manualshive.com logo in svg

SMC Networks 6152L2, Management Manual

Share
Download
SMC Networks 6152L2 Management Manual Download Page 407

A

CCESS

 C

ONTROL

 L

IST

 C

OMMANDS

4-117

uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The 
bitmask is bitwise ANDed with the specified source IP address, and 
then compared with the address for each IP packet entering the port(s) 
to which this ACL has been assigned.

Example 

This example configures one permit rule for the specific address 10.1.1.21 
and another rule for the address range 168.92.16.x – 168.92.31.x using a 
bitmask.

Related Commands

access-list ip (4-115)

permit

,

 deny 

(Extended ACL)

 

This command adds a rule to an Extended IP ACL. The rule sets a 
filter condition for packets with specific source or destination IP 
addresses, protocol types, source or destination protocol ports, or TCP 
control codes. Use the 

no

 form to remove a rule.

Syntax

[

no

] {

permit

 | 

deny

} [

protocol

-

number | 

udp

{

any

 | 

source address-bitmask | 

host

 

source

{

any

 | 

destination address-bitmask | 

host 

destination

}

[

source-port

 

sport 

[

end

]] [

destination-port

 

dport 

[

end

]]

[

no

] {

permit

 | 

deny

tcp

 

{

any

 | 

source address-bitmask | 

host

 

source

{

any

 | 

destination address-bitmask | 

host

 

destination

}

[

source-port

 

sport 

[

end

]] [

destination-port

 

dport 

[

end

]]

protocol-number

 – A specific protocol number. (Range: 0-255)

source

 – Source IP address.

destination

 – Destination IP address.

address-bitmask

 – Decimal number representing the address bits to 

match.

host 

– Keyword followed by a specific IP address.

Console(config-std-acl)#permit host 10.1.1.21
Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#

Summary of Contents for 6152L2

Page 1: ...h 4SFP transceiver slots Non blocking switching architecture Spanning Tree Protocol and Rapid STP Up to 6 LACP or static trunks CoS support through four priority queues Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Management Guide SMC6152L2 ...

Page 2: ......

Page 3: ...20 Mason Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions February 2007 Pub 149100032900A ...

Page 4: ...ed by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2007 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...Saving Configuration Settings 2 11 Managing System Files 2 12 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 Basic Configuration 3 13 Displaying System Information 3 13 Displaying Switch Hardware Software Versions 3 15 Displaying Bridge Extension Capabilities 3 17 Setting the ...

Page 8: ...ess Control Lists 3 97 Configuring Access Control Lists 3 97 Binding a Port to an Access Control List 3 105 Filtering Management Access 3 106 Port Configuration 3 108 Displaying Connection Status 3 108 Configuring Interface Connections 3 111 Creating Trunk Groups 3 113 Setting Broadcast Storm Thresholds 3 129 Configuring Port Mirroring 3 131 Configuring Rate Limits 3 132 Showing Port Statistics 3 ...

Page 9: ... Values 3 192 Selecting IP DSCP Priority 3 193 Mapping DSCP Priority 3 193 Quality of Service 3 195 Configuring Quality of Service Parameters 3 196 Configuring a Class Map 3 197 Creating QoS Policies 3 200 Attaching a Policy Map to Ingress Queues 3 204 Multicast Filtering 3 206 Layer 2 IGMP Snooping and Query 3 207 Multicast VLAN Registration 3 218 Configuring Global MVR Settings 3 220 Displaying ...

Page 10: ... Line Interface 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 2 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4 4 Command Completion 4 4 Getting Help on Commands 4 4 Partial Keyword Lookup 4 6 Negating the Effect of Commands 4 6 Using Command History 4 6 Understanding Command Modes 4 7 Exec Commands 4 7 Configuration Commands 4 8 Command Line Processi...

Page 11: ... User Access Commands 4 34 IP Filter Commands 4 37 Web Server Commands 4 39 Telnet Server Commands 4 44 Secure Shell Commands 4 45 Event Logging Commands 4 57 SMTP Alert Commands 4 65 Time Commands 4 70 System Status Commands 4 76 Frame Size Commands 4 82 Flash File Commands 4 84 copy 4 84 delete 4 87 dir 4 88 whichboot 4 89 boot system 4 90 Authentication Commands 4 91 Authentication Sequence 4 9...

Page 12: ...4 154 show interfaces switchport 4 156 Broadcast Commands 4 158 broadcast packet rate 4 158 switchport broadcast 4 159 Mirror Port Commands 4 160 port monitor 4 160 show port monitor 4 161 Rate Limit Commands 4 162 rate limit 4 162 Link Aggregation Commands 4 164 channel group 4 166 lacp 4 166 lacp system priority 4 169 lacp admin key Ethernet Interface 4 170 lacp admin key Port Channel 4 171 lacp...

Page 13: ...ing tree edge port 4 192 spanning tree portfast 4 193 spanning tree link type 4 194 spanning tree protocol migration 4 195 show spanning tree 4 196 VLAN Commands 4 198 Editing VLAN Groups 4 198 Configuring VLAN Interfaces 4 200 Displaying VLAN Information 4 208 Configuring Private VLANs 4 209 GVRP and Bridge Extension Commands 4 216 bridge ext gvrp 4 216 show bridge ext 4 217 switchport gvrp 4 218...

Page 14: ...urce Guard Commands 4 250 DHCP Snooping Commands 4 255 Switch Cluster Commands 4 264 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 Management Information Bases A 3 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 15: ...ity 3 194 Table 4 1 Command Modes 4 7 Table 4 2 Configuration Commands 4 9 Table 4 3 Keystroke Commands 4 10 Table 4 4 Command Group Index 4 11 Table 4 5 Line Command Syntax 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Management Commands 4 32 Table 4 8 Device Designation Commands 4 33 Table 4 9 User Access Commands 4 34 Table 4 10 Default Login Settings 4 35 Table 4 11 IP Filter Commands...

Page 16: ... id display description 4 136 Table 4 39 show snmp view display description 4 138 Table 4 40 show snmp group display description 4 140 Table 4 41 show snmp user display description 4 143 Table 4 42 Interface Commands 4 145 Table 4 43 show interfaces switchport display description 4 157 Table 4 44 Broadcast Commands 4 158 Table 4 45 Mirror Port Commands 4 160 Table 4 46 Rate Limit Commands 4 162 Ta...

Page 17: ...ands Layer 3 and 4 4 229 Table 4 64 Mapping IP DSCP to CoS Values 4 230 Table 4 65 Multicast Filtering Commands 4 232 Table 4 66 IGMP Snooping Commands 4 233 Table 4 67 IGMP Query Commands Layer 2 4 238 Table 4 68 Static Multicast Routing Commands 4 242 Table 4 69 IP Interface Commands 4 244 Table 4 70 IP Source Guard Commands 4 250 Table 4 71 DHCP Snooping Commands 4 255 Table 4 72 Switch Cluster...

Page 18: ...TABLES xiv ...

Page 19: ...isplaying Logs 3 35 Figure 3 17 System Logs 3 37 Figure 3 18 Remote Logs 3 38 Figure 3 19 Enabling and Configuring SMTP 3 40 Figure 3 20 Resetting the System 3 41 Figure 3 21 SNTP Configuration 3 43 Figure 3 22 Setting the Time Zone 3 44 Figure 3 23 Enabling the SNMP Agent 3 47 Figure 3 24 Configuring SNMP Community Strings 3 48 Figure 3 25 Configuring SNMP Trap Managers 3 51 Figure 3 26 Setting a...

Page 20: ... Information 3 123 Figure 3 55 Displaying LACP Port Information 3 126 Figure 3 56 Displaying Remote LACP Port Information 3 128 Figure 3 57 Enabling Port Broadcast Control 3 130 Figure 3 58 Configuring a Mirror Port 3 132 Figure 3 59 Configuring Input Port Rate Limiting 3 133 Figure 3 60 Displaying Port Statistics 3 138 Figure 3 61 Displaying Etherlike and RMON Statistics 3 139 Figure 3 62 Mapping...

Page 21: ...vice Policy Settings 3 205 Figure 3 92 Configuring Internet Group Management Protocol 3 209 Figure 3 93 Enabling IGMP Filter 3 210 Figure 3 94 IGMP Immediate Leave 3 211 Figure 3 95 Mapping Multicast Switch Ports to VLANs 3 212 Figure 3 96 Static Multicast Router Port Configuration 3 213 Figure 3 97 Displaying Port Members of Multicast Services 3 214 Figure 3 98 Specifying Multicast Port Membershi...

Page 22: ...IP Source Guard Binding Configuration 3 237 Figure 3 113 Dynamic IP Source Guard Binding Information 3 238 Figure 3 114 Cluster Configuration 3 240 Figure 3 115 Cluster Member Configuration 3 241 Figure 3 116 Cluster Member Information 3 242 Figure 3 117 Cluster Candidate Information 3 243 ...

Page 23: ...e switch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP v1 v2c v3 Community strings Port IEEE 802 1x MAC address filtering Access Control Lists Supports up to 32 IP DHCP Client Supported Po...

Page 24: ...ications Some of the management features are briefly described below Port Trunking Supports up to 6 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eli...

Page 25: ...ent access over a Telnet equivalent connection SNMP Version 3 IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol TCP UDP port number or TCP control code or any frames based on MAC address or Ethernet type ACLs can by used to improve performance by blocking un...

Page 26: ...hould fail The switch supports up to 6 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricted If broadcast traffic rises above a pre defined threshold it will be throttled until the level falls back beneath the threshold Static Addresses A static addre...

Page 27: ...ance by allowing two or more redundant connections to be created between a pair of LAN segments When there are multiple physical paths between segments this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alterna...

Page 28: ...rity by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using eight priority q...

Page 29: ...em Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3 27 The following table lists some of the basic system defaults Table 1 2 System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Co...

Page 30: ...ol Disabled Rate Limiting Input limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptab...

Page 31: ...Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 32: ...INTRODUCTION 1 10 ...

Page 33: ...P Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial console ...

Page 34: ...t filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 6 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS 232 serial po...

Page 35: ...p bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www microsoft com f...

Page 36: ...ed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must u...

Page 37: ...Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the de...

Page 38: ...You may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Note The IP address for this switch is obtained via DHCP by default Before you can assign an IP address to the switch y...

Page 39: ...you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip dhcp restart client command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the bo...

Page 40: ... broadcasting service requests Press Enter 5 Wait a few minutes and then check the IP configuration settings by typing the show ip interface command Press Enter 6 Then save your configuration changes by typing copy running config startup config Enter the startup file name and press Enter Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart...

Page 41: ...ents you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assign new views to version 1 or 2c community strings that suit your specific securi...

Page 42: ...he default community strings If there are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community strin...

Page 43: ...password einstien for encryption For a more detailed explanation on how to configure the switch for access from SNMP v3 clients refer to Simple Network Management Protocol on page 3 44 or refer to the specific CLI commands for SNMP starting on page 4 124 Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To ...

Page 44: ...ation settings are saved Saved configuration files can be selected as a system start up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restoring Configuration Settings on page 3 27 for more information Operation Code System software that is executed after bo...

Page 45: ...of each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the setti...

Page 46: ...INITIAL CONFIGURATION 2 14 ...

Page 47: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and password...

Page 48: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 49: ...rs and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and...

Page 50: ...Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e wit...

Page 51: ... and power status 3 15 Bridge Extension Configuration Shows the bridge extension parameters 3 17 IP Configuration Sets the IP address for management access 3 19 Jumbo Frames Enables or disables jumbo frames 3 23 File Management 3 25 Copy Operation Allows the transfer and copying files 3 25 Delete Allows deletion of files from the flash memory 3 27 Set Start Up Sets the start up file 3 25 Line 3 29...

Page 52: ...ne ID Adds a Remote Engine ID and IP Host 3 53 Users Creates or deletes user accounts 3 54 Remote Users Creates or deletes remote user accounts 3 57 Groups Creates or deletes SNMPv3 Groups 3 60 Views Creates or deletes SNMPv3 Views 3 65 Security 3 67 User Accounts Assigns a new password for the current user 3 68 Authentication Settings Configures authentication sequence RADIUS and TACACS 3 69 HTTP...

Page 53: ...L 3 105 IP Filter Sets IP addresses of clients allowed management access 3 106 Port 3 106 Port Information Displays port connection status 3 108 Trunk Information Displays trunk connection status 3 108 Port Configuration Configures port connection settings 3 111 Trunk Configuration Configures trunk connection settings 3 111 Trunk Membership Specifies ports to group into static trunks 3 115 LACP 3 ...

Page 54: ...output rate limit for each ports 3 132 Output Trunk Configuration Sets the output rate limit for each trunks 3 132 Port Statistics Lists Ethernet and RMON port statistics 3 134 Address Table 3 140 Static Addresses Displays entries for interface address or VLAN 3 140 Dynamic Addresses Displays or edits static entries in the Address Table 3 142 Address Aging Sets timeout for dynamically learned entr...

Page 55: ...pe for interfaces including tagged untagged or forbidden 3 172 Port Configuration Specifies default PVID and VLAN attributes 3 173 Trunk Configuration Specifies default trunk VID and VLAN attributes 3 173 Private VLAN 3 176 Information Displays Private VLAN feature information 3 177 Configuration This page is used to create remove primary or community VLANs 3 179 Association Each community VLANmus...

Page 56: ...ic Classes Status Enables disables traffic class priorities 3 190 Queue Mode Sets queue mode to strict priority or Weighted Round Robin 3 190 Queue Scheduling Configures Weighted Round Robin queueing 3 191 IP DSCP Priority Status Globally selects IP DSCP Priority or disables it 3 193 IP DSCP Priority Sets IP Differentiated Services Code Point priority mapping a DSCP tag to a class of service value...

Page 57: ...ith the selected VLAN 3 215 IGMP Filter Profile Configuration Configures IGMP profile group 3 216 IGMP Filter Throttling Port Configuration Configures IGMP port filter and throttling 3 217 IGMP Filter Throttling Trunk Configuration Configures IGMP trunk filter and throttling 3 217 MVR 3 218 Configuration Globally enables MVR sets the MVR VLAN adds multicast stream addresses 3 220 Port Information ...

Page 58: ...ption policy 3 232 Binding Information Displays the DHCP Snooping binding information 3 233 IP Source Guard 3 234 Port Configuration Enables IP source guard and selects filter type per port 3 234 Static Configuration Adds a static addresses to the source guard binding table 3 236 Dynamic Information Displays the source guard binding table for a selected interface 3 237 Cluster 3 239 Configuration ...

Page 59: ... the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS inter...

Page 60: ...stem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet Figure 3 3 System Information ...

Page 61: ...nsole config hostname R D 5 4 34 Console config snmp server location WC 9 4 129 Console config snmp server contact Geoff 4 128 Console config exit Console show system 4 80 System Description SMC Networks SMC6152L2 System OID String 1 3 6 1 4 1 202 20 66 System Information System Up Time 0 days 0 hours 7 minutes and 22 65 seconds System Name R D System Location WC 9 System Contact Geoff MAC Address...

Page 62: ...number of the Electronically Programmable Logic Device code Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Displays the switch as a master or slave unit Web Click System Switch Information Figure 3 4 Switch Information ...

Page 63: ...on Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Displaying Private VLAN Interface Information on page 3 181 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 140 VLAN Learning This switch uses Independent VLAN Learning IVL where each port m...

Page 64: ...able This switch supports multiple local bridges i e multiple spanning trees Refer to VLAN Configuration on page 3 161 GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Conf...

Page 65: ...c IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4093 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management s...

Page 66: ...e IP address subnet mask and default gateway IP Address Address of the VLAN interface that is allowed management access Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 0 0 0 0 Subnet Mask This mask identifies the host address bits used for routing to specific subnets Default 255 255 255 0 Gateway IP Address IP address of the gateway router between this device and m...

Page 67: ...tatic enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 146 Console config if ip address 10 1 0 254 255 255 255 0 4 245 Console config if exit Console config ip default gateway 192 168 1 254 4 247 Console config ...

Page 68: ...management station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to ...

Page 69: ...ctioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Enabling Jumbo Frames You can enable jumbo frames to support data packets up to 9000 bytes in size Command Attributes Jumbo Packet Status Check the box to enable jumbo f...

Page 70: ...can discover switches on local or other networks After discovering the switches Batch Upgrade can then be set to automatically upgrade the runtime code on all discovered switches Batch Upgrade is provided in the Batch Upgrade folder in the CD provided with this switch For details see the Batch Upgrade document in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy o...

Page 71: ...is file cannot be deleted Downloading System Software from a Server When downloading runtime code you can specify the destination file name to replace the current image or first download the file using a different name from the current runtime code file and then set the new file as the startup file Web Click System File Management Copy Operation Select tftp to file as the file transfer method ente...

Page 72: ...Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 11 Deleting Files CLI Enter the IP address of the TFTP server select config or opcode file type then enter the source and destination file names set the new file to start up the system and then restart the switch Console copy tftp file 4 84 TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcod...

Page 73: ...s a file from the switch to a TFTP server running config to file Copies the running configuration to a file running config to startup config Copies the running config to the startup config running config to tftp Copies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config...

Page 74: ...t it as the startup file or you can specify the current startup configuration file as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Management Copy Operation Select tftp to startup config or tftp to file and enter the IP address of the TFTP server S...

Page 75: ...h Console Port Settings You can access the onboard configuration program by attaching a VT100 compatible device to the switch s serial console port Management access through the console port is controlled by various parameters including a password timeouts and basic communication settings These parameters can be configured via the web or CLI interface Console copy tftp startup config 4 84 TFTP ser...

Page 76: ...ing the next logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no ...

Page 77: ... the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Console Specify the console port connection parameters as required then click Apply Figure 3 14 Conso...

Page 78: ...ult Enabled Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 0 4 18 Console config line exec timeout 0 4 19 Console config line password thresh 3 4 20 Console config line silent time 60 4 21 Console config line da...

Page 79: ...gon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Available in CLI only Password Specifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the corr...

Page 80: ...d system and event messages The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Console config line vty 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 300 4 18 Console config line exec timeout 600 4 19 Cons...

Page 81: ...ms Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM Console show log ram ...

Page 82: ...xample if level 7 is specified all messages from level 0 to level 7 will be logged to RAM Range 0 7 Default 7 Note The Flash Level must be equal to or less than the RAM Level Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g ret...

Page 83: ...servers or other management stations You can also limit the error messages sent to only those messages below a specified level Command Attributes Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Enabled Logging Facility Sets the facility type for remote logging of syslog messages There are eight facility types specified by values of 16...

Page 84: ... all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be sent to the remote server Range 0 7 Default 7 Host IP List Displays the list of remote server IP addresses that receive the syslog messages The maximum number of host IP addresses allowed is five Host IP Address Specifies a new server IP address to add to the Host IP List Web Clic...

Page 85: ...e notification only Level 6 Notifice Sends notification of a normal but significant condition such as a cold start Level 5 Warning Sends notification of a warning condition such as return false or unexpected return Level 4 Error Sends notification that an error conditions has occurred such as invalid input or default used Level 3 Console config logging host 192 168 1 15 4 59 Console config logging...

Page 86: ...list of recipient SMTP servers SMTP Server Specifies a new SMTP server address to add to the SMTP Server List Email Destination Address List Specifies a list of recipient Email Destination Address Email Destination Address This command specifies SMTP servers that may receive alert messages Web Click System Log SMTP To add an IP address to the Server IP List type the new IP address in the Server IP...

Page 87: ... want reset the switch Figure 3 20 Resetting the System CLI Use the reload command to restart the switch When prompted confirm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 19 Console config logging sendmail level 3 Console config logging sendmail source email bill this company com Console ...

Page 88: ...pdate to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one time server to be spec...

Page 89: ...s longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Console config sntp client 4 71 Console config sntp poll 604 72 Console config sntp server 10 1 0 19 137 82 140 80 128 ...

Page 90: ...d specifically for managing devices on a network Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is refe...

Page 91: ...ubmit a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are three security ...

Page 92: ...er defined user defined user defined Community string only v2c noAuth NoPriv public read only defaultview none none Community string only v2c noAuth NoPriv private read write defaultview defaultview none Community string only v2c noAuth NoPriv user defined user defined user defined user defined Community string only v3 noAuth NoPriv user defined user defined user defined user defined A user name m...

Page 93: ...community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configured Com...

Page 94: ...gement stations are able to both retrieve and modify MIB objects Web Click SNMP Configuration Add new community strings as required select the access rights from the Access Mode drop down list then click Add Figure 3 24 Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Console config snmp server community spiderman rw 4 128 Console config...

Page 95: ...on noAuth option an SNMP user account will be automatically generated and the switch will authorize SNMP access for the host Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefore not as reliable as inform messages which include a request for acknowledgement of receipt Informs can be used to ensu...

Page 96: ...onding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Version Indicates if the user is running SNMP v1 v2c or v3 Default v1 Trap Security Level When trap version 3 is selected you must specify one of the following security levels Default noAuthNoPriv noAuthNoPriv There is no aut...

Page 97: ...nt station that will receive trap messages specify the UDP port trap version trap security level for v3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 25 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps ...

Page 98: ...ne ID An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engin...

Page 99: ...are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types on page 3 49 and Configuring Remote SNMPv3 Users on page 3 57 The engine ID can be specified by entering 1 to 26 hex...

Page 100: ...1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not en...

Page 101: ...he method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required Actions Enables the user to be assigned to another SNMPv3 group ...

Page 102: ...nd assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 28 Configuring SNMPv3 Users ...

Page 103: ...rst specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types on page 3 49 and Specifying a Remote Engine ID on page 3 53 Console config snmp server user chris group r d v3 auth md5 gre...

Page 104: ...SNMP v1 v2c or v3 Default v1 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only availabl...

Page 105: ...ck New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 3 29 Configuring Remote SNMPv3 Users ...

Page 106: ...ication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configured view for write acc...

Page 107: ...the new root e g upon expiration of the Topology Change Timer immediately subsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Discarding state The trap is not sent if a newRoot trap is sent for the same transition SNMPv2...

Page 108: ...is about to enter the down state from some other state but not from the notPresent state This other state is indicated by the included value of ifOperStatus linkUpa 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state but not in...

Page 109: ... and generates an event that is configured for sending SNMP traps fallingAlarm 1 3 6 1 2 1 16 0 2 The SNMP trap that is generated when an alarm entry crosses its falling threshold and generates an event that is configured for sending SNMP traps Private Traps swPowerStatus ChangeTrap 1 3 6 1 4 1 202 20 66 2 1 0 1 This trap is sent when the power state changes swIpFilterRejectTrap 1 3 6 1 4 1 202 20...

Page 110: ... group In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 3 30 Configuring SNMPv3 Groups ...

Page 111: ... configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp server grou...

Page 112: ...B to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 3 31 Configuring SNMPv3 Views ...

Page 113: ...cure web connection SSH Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1x Use IEEE 802 1x port authentication to control access to specific ports Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 136 Console config exit Console show snmp view 4 137 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 ...

Page 114: ...possible and store it in a safe place The default guest name is guest with the password guest The default administrator name is admin with the password admin Command Attributes Account List Displays the current list of user accounts and associated access levels Default admin and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 char...

Page 115: ...ntering it again then click Apply Figure 3 32 Access Levels CLI Assign a user name to access level 15 i e administrator then specify the password Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authenticat...

Page 116: ...RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the rem...

Page 117: ...d on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes Authentication Select the authentication or authentication sequence required Local User authentication is performed only locally by the switch Radius User authentication is performed using ...

Page 118: ...racters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Ne...

Page 119: ...4 95 Console config radius server port 181 4 96 Console config radius server key green 4 96 Console config radius server retransmit 5 4 97 Console config radius server timeout 10 4 98 Console show radius server 4 98 Server IP address 192 168 1 25 Communication key with radius server Server port number 181 Retransmit times 5 Request timeout 10 Console config authentication login tacacs 4 92 Console...

Page 120: ...ing the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web ...

Page 121: ...erver where the authorized certificate will be saved Source Certificate File Name File name for the certificate Source Private File Name Private key file name Private Password Password for the private key Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply To replace the default secure site certificate enter the TFTP Server IP Address the Source Certificate ...

Page 122: ...from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and use the following command at the switch s command line interface to...

Page 123: ...sing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered Notes 1 You need to install an SSH client on the management station to access the switch for management via the SSH protocol 2 The switch supports both SSH Version 1 5 and 2 0 Command Usage The SSH server on this switch supports both password and public key authenti...

Page 124: ...port Client s Public Key to the Switch Use the copy tftp public key command page 4 84 to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch via the User Accounts page as described on page 3 68 The clients are subsequently authenticated using these keys The current firmware only acce...

Page 125: ...the bytes and sends the decrypted bytes back to the switch e The switch compares the decrypted bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is authenticated Notes 1 To use SSH with only password authentication the host public key must still be given to the client either during initial conne...

Page 126: ...n attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Sett...

Page 127: ...A The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string is the encoded modulus DSA The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Console config ip ssh server 4 48 Console config ip ssh timeout 100 4 49 Console c...

Page 128: ...ry Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page Clear This button clears the host key from both volatile memory RAM and non volatile me...

Page 129: ...Console ip ssh save host key 4 48 Console show public key host 4 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 72929051081391964202519093210432857904576489...

Page 130: ...ublic and private keys Range RSA DSA Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption TFTP Server IP Address The TFTP server IP address location for the public key pair Source File Name The file name used for the public k...

Page 131: ...ck Security SSH SSH User Key Settings Select the user type and public key type from the drop down box enter the TFTP server IP address input the source file name and then click Copy Public Key Figure 3 37 SSH User Public Key Settings ...

Page 132: ...frames received on a port for an initial training period and then enable port security to stop address Console ip ssh crypto host key generate 4 48 Console ip ssh save host key 4 48 Console show public key host 4 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 63140338692579310510576521224305...

Page 133: ...i VLAN port It cannot be used as a member of a static or dynamic trunk It should not be connected to a network interconnection device If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 111 Command Attributes Port Port number Name Descriptive text page 4 146 Action Indicates the action to be taken when a port secur...

Page 134: ...entication Network switches can provide open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data The IEEE 802 1X dot1x standard defines a port based access control procedure that prevents unauthorized acc...

Page 135: ...US server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The current version of the firmware supports only the MD5 authentication method The client responds to the appropriate method with its credentials such as a password or cert...

Page 136: ...ver and 802 1x client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authetication type Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1x Glo...

Page 137: ...bled Web Select Security 802 1x Configuration Enable dot1x globally for the switch and click Apply Figure 3 40 802 1x Global Configuration CLI This enables 802 1x globally for the switch Console show dot1x 4 110 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Hos...

Page 138: ...ons Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized...

Page 139: ... 3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is ...

Page 140: ... Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Opera...

Page 141: ...The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticato...

Page 142: ... the statistics Figure 3 42 Displaying 802 1x Port Statistics Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Table 3 7 802 1x Statistics Continued Parameter Descripton ...

Page 143: ...tions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the ...

Page 144: ...rmit any any in the ingress IP ACL for ingress ports 3 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum length 16 characters Type There are three filtering modes Standard IP ACL mode that filters packets based on the source IP addres...

Page 145: ...he source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits...

Page 146: ... 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Src Dst Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field ...

Page 147: ...l number 0 255 Options TCP UDP Others Default TCP Src Dst Port Source destination port number for the specified protocol type Range 0 65535 Src Dst Bit Mask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code ...

Page 148: ... select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add Figure 3 45 Configuring Extended IP ACLs CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i ...

Page 149: ... destination MAC address VID VLAN ID Range 1 4095 VID Bit Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bitmask Range 600 fff hex Packet Format Th...

Page 150: ...fic address e g 11 22 33 44 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 46 Configuring MAC ACLs CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl...

Page 151: ...d one IP or MAC ACL to any port for ingress filtering In other words only one ACL can be bound to an interface Ingress IP or MAC ACL Command Attributes Port Fixed port or SFP module Range 1 52 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the por...

Page 152: ... IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ...

Page 153: ... single IP address or the starting address of a range End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list Web Click Security IP Filter Enter the addresses that are allowed management access to an interface and click Add IP Filtering Entry Figure 3 48 Filtering Management Access CLI This example restricts management access for Telnet clients...

Page 154: ...s Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type1 Indicates the type of media used for por...

Page 155: ...he port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE FX MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 19 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice ...

Page 156: ...enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 240 1488100 packets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the...

Page 157: ...y also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to Console show interfaces status ethernet 1 5 4 153 Information of Eth 1 5 Basic informati...

Page 158: ...m end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Def...

Page 159: ... bandwidth for network segments where bottlenecks exist as well as providing a fault tolerant link between two devices You can create up to six trunks at a time Console config interface ethernet 1 13 4 146 Console config if description RD SW 13 4 146 Console config if shutdown 4 151 Console config if no shutdown Console config if no negotiation 4 148 Console config if speed duplex 100half 4 147 Co...

Page 160: ...cing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding n...

Page 161: ...hannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Ran...

Page 162: ...Port Trunk Membership Enter a trunk ID in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 51 Static Trunk Configuration ...

Page 163: ...Console config interface ethernet 1 1 4 146 Console config if channel group 1 4 166 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 4 153 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Capabilit...

Page 164: ...f one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Command Attributes Member List Current Shows configured trunks Port New Includes entry fields for creating new trunks Port Port identifier Range 1 52 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you ha...

Page 165: ...he port channel admin key lacp admin key page 4 171 is Console config interface ethernet 1 1 4 146 Console config if lacp 4 166 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 153 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port adm...

Page 166: ... system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a link goes down LACP port priority...

Page 167: ...ptionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 53 LACP Aggregation Port Configuration ...

Page 168: ...ole config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 173 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show...

Page 169: ...Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype T...

Page 170: ...LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 9 LACP Settings Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Interval Number of seconds before invalidating received LACPDU information LACP Sy...

Page 171: ...on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggrega...

Page 172: ...ACP configuration settings and operational state for the local side of port channel 1 Console show 1 lacp internal 4 173 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long time...

Page 173: ...trative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key ...

Page 174: ...ote side of port channel 1 Console show 1 lacp neighbors 4 173 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper...

Page 175: ...raffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic The specified threshold applies to each individual port on the switch Command Attributes Port Port number Type Indicates the port type 100BASE TX 1000BASE T or SFP Protect Status Shows wh...

Page 176: ... switchport broadcast 4 159 Console config if exit Console config broadcast packet rate 500 4 158 Console config exit Console show interfaces switchport ethernet 1 2 4 156 Information of Eth 1 2 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule...

Page 177: ...ffic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 52 Type Allows you to select which traffic to mirror to the ta...

Page 178: ...aximum rate for traffic received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming into the switch Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformit...

Page 179: ...led Input Output Rate Limit Level Sets the rate limit level Web Click Port Rate Limit Input Output Port Trunk Configuration Enable the Rate Limit Status for the required interfaces set the Rate Limit Level and click Apply Figure 3 59 Configuring Input Port Rate Limiting CLI This example sets the rate limit for input traffic passing through port 3 Console config interface ethernet 1 3 4 146 Console...

Page 180: ... the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default Note RMON groups 2 3 and 9 can only be accessed using SNMP management software such as SMC EliteView or HP OpenView Statistical Values Table 3 11 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including fram...

Page 181: ...sted be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level proto...

Page 182: ... frames for which transmission is inhibited by exactly one collision Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the ...

Page 183: ...of collisions on this Ethernet segment Received Frames The total number of frames bad broadcast and multicast received Broadcast Frames The total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors The n...

Page 184: ...had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and transmitt...

Page 185: ...PORT CONFIGURATION 3 139 Figure 3 61 Displaying Etherlike and RMON Statistics ...

Page 186: ...stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE T...

Page 187: ... of a device mapped to this interface VLAN ID of configured VLAN 1 4093 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 62 Mapping Ports to Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table static 00 ...

Page 188: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4093 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 189: ... method of sorting the displayed addresses and then click Query Figure 3 63 Displaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 180 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 190: ...me CLI This example sets the aging time to 300 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exist...

Page 191: ... packet from that LAN to the root device It then selects a port on the designated bridging device to communicate with each attached LAN or host device as a designated port After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any pos...

Page 192: ... entire switch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the switch system Max Age The maximum time in seconds a device can wait without receiving a configuration message...

Page 193: ...anning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanning tree mode Specifies the type of spanning tree used on this switch STP Spanni...

Page 194: ...warding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the transmission of consecutive RSTP BPDUs Path Cost M...

Page 195: ...ath between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting Console show spanning tree 4 196 Spanning tree information Spanning tree mode RSTP Spanning tree enabled disabled enabled Priori...

Page 196: ...bles STA on this switch Default Enabled Spanning Tree Type Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default Priority Bridge priority is used in selecting the root device root port and designated port Th...

Page 197: ...ched LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discardi...

Page 198: ... can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Web Click Spanning Tree STA Configrat...

Page 199: ...thout receiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device att...

Page 200: ...igned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 3 157 Oper Edge Port...

Page 201: ...r this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port wi...

Page 202: ...nce for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connecte...

Page 203: ...point connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 5 4 196 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5 Designated root 61440 0 0000E9313131 Designated bridge ...

Page 204: ... forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with t...

Page 205: ...ly one other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwardi...

Page 206: ...eb Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply Figure 3 68 Configuring Spanning Tree Algorithm per Port CLI This example sets STA attributes for port 7 Console config interface ethernet 1 7 4 146 Console config if no no spanning tree spanning disabled 4 190 Console config if spanning tree port priority 0 4 191 Console config if ...

Page 207: ...ut having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets V...

Page 208: ...rticipate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not su...

Page 209: ... switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving port in the specified VLANs and then forward t...

Page 210: ...ached directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged VLANs but are only allowed one untagged VLAN Each port on the switch is capable of passing tagged or untagged frames When forwarding a fr...

Page 211: ...formation The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number The VLAN version used by this switch as specified in the IEEE 802 1Q standard Maximum VLAN ID Maximum VLAN ID recognized by this switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Only Web Click VL...

Page 212: ...ID ID of configured VLAN 1 4093 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Engress Ports Shows the engress VLAN port members Untagged Ports Shows the untagged VLAN port members Console show bridge ext 4 217 Max support VLAN numbers 256 Max support ...

Page 213: ...AN ID of configured VLAN 1 4093 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel groups Shows the VLAN interface members ...

Page 214: ...is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is sus...

Page 215: ...lick Add Figure 3 71 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 198 Console config vlan vlan 2 name R D media ethernet state active 4 199 Console config vlan end Console show vlan 4 208 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Eth1 13 Et...

Page 216: ...d ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 173 Command Attributes VLAN ID of configured VLAN 1 4093 no leading zeroes Name Name of the VLAN 1 to 32 characters Status Enables or disables the spe...

Page 217: ...g the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 163 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Static Table Select a VLAN ...

Page 218: ...LAN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Console config interface ethernet 1 1 4 146 Console config if switchport a...

Page 219: ...tering Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs the PVID must be defined first then the status of the VLAN can be configured as a tagged or untagged member Console config i...

Page 220: ...hese frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Mode Indicates VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify t...

Page 221: ... accept only tagged frames assigns PVID 3 as the native VLAN ID and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 146 Console config if switchport acceptable frame types tagged 4 202 Console config if switchport ingress filtering 4 204 Console config if switchport native vlan 3 4 205 Console config if switchport gvrp 4 218 Console config if switchport mode hybrid ...

Page 222: ...al users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN Note that private VLANs and normal VLANs can exist simultaneously within the same switch To configure primary secondary associated groups follow these steps 1 Use the Private VLAN Configuration menu to designate one or more community VLANs and the primary VLAN that...

Page 223: ... primary and community VLANs and their assigned interfaces Command Attributes VLAN ID ID of configured VLAN 1 4093 and VLAN type Primary VLAN The VLAN with which the selected VLAN ID is associated A primary VLAN displays its own ID and a community VLAN displays the associated primary VLAN Ports List The list of ports and assigned port type in the selected private VLAN ...

Page 224: ... configured with primary VLAN 5 and secondary VLAN 6 Port 3 has been configured as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console show vlan private vlan 4 153 Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 ...

Page 225: ...associated primary VLAN Current Displays a list of the currently configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then click Remove Note that all member ports must be removed from the VLAN before it can be deleted Figure 3 76 Pri...

Page 226: ...ociation Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 77 Private VLAN Association CLI This example associates community VLANs 6 and 7 with primary VLAN 5 Console config vlan ...

Page 227: ...t The port is a community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A commu...

Page 228: ...iated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to set the private VLAN interface type and assign the interfaces to a private VLAN Command Attributes Port Trunk The switch interface PVLAN Port Type Sets private VLAN port types Normal The por...

Page 229: ... Promiscuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set PVLAN Port Type to Host and then specify the associated Community VLAN Trunk The trunk identifier Port Information only Web Click VLAN Private VLAN Port Configuration or Trunk Configuration Set the PVLAN Por...

Page 230: ...e the Protocol VLAN Configuration menu to create or remove protocol VLANs Command Attributes Protocol Group IP Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 Frame Type Ethernet frame type Protocol Type The options for Ethernet frame type includes IP ARP or RARP Console config interface ethernet 1 3 Console config if switchport mode private vlan promiscuous 4 202 Console ...

Page 231: ... VLAN System Configuration menu to set the protocol VLAN settings for the switch Command Attributes Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Web Click VLAN Protocol VLAN System Configuration Figure 3 81 Protocol VLAN Port Configuration ...

Page 232: ...en sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged ...

Page 233: ...strict or Weighted Round Robin WRR Up to eight separate traffic Console config interface ethernet 1 3 4 146 Console config if switchport priority default 5 4 222 Console config if end Console show interfaces switchport ethernet 1 3 4 156 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit enable K bits per second 25 VLAN membership mode Hyb...

Page 234: ...its application traffic for your own network Command Attributes Interface Select port or trunk identifier Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 3 where 3 is the highest CoS priority queue CLI shows Queue ID Table 3 12 Egress Queue Priority Mapping Queue 0 1 2 3 Priority 1 2 0 3 4 5 6 7 Table 3 13 CoS Priority Levels Priority Level Tr...

Page 235: ...Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 146 Console config if queue cos map 0 0 4 226 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console config exit Console show queue cos map ethernet 1 1 ...

Page 236: ... Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the e...

Page 237: ...ess Queues on page 3 187 the traffic classes are mapped to one of the four egress queues provided for each port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Comman...

Page 238: ... Traffic priorities can be specified in the IP header of a frame using the number of the TCP port When these service is enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following ma...

Page 239: ...lick Priority IP DSCP Priority Status Select IP DSCP then click Apply Figure 3 87 IP DSCP Priority Status Mapping DSCP Priority The DSCP is six bits wide allowing coding for up to 64 different forwarding behaviors The DSCP retains backward compatibility with the three precedence bits so that non DSCP compliant will not conflict with the DSCP mapping Based on network policies different kinds of tra...

Page 240: ... and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 88 Mapping IP DSCP Priority to Class of Service Values Table 3 14 Mapping DSCP Priority IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 4 38 40 4...

Page 241: ...ed for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis Each packet is classified upon entry into the network based on access lists IP Precedence DSCP values or VLAN lists Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on configured network policies different kinds of tr...

Page 242: ...a consistent end to end QoS solution Notes 1 You can configure up to 16 rules per Class Map You can also include multiple classes in a Policy Map 2 You should create a Class Map before creating a Policy Map Otherwise you will not be able to select a Class Map from the Policy Rule Settings screen Configuring Quality of Service Parameters To create a service policy for a specific category or ingress...

Page 243: ...iteria You can specify up to 16 items to match when assigning ingress traffic to a class map The class map is used with a policy map to create a service policy for a specific interface that defines packet classification service tagging and bandwidth policing Note that one or more class maps can be assigned to a policy map Command Attributes Class Map Modify Name and Description Configures the name...

Page 244: ...revious page without making any changes Match Class Settings Class Name List of the class maps ACL List Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 VLAN A VLAN Range 1 4094 Add Adds specified criteria to the class Up to 16 item...

Page 245: ...9 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd_class match any Console config cmap match ip dscp 3 Console config cmap ...

Page 246: ... finally click Add to register the new policy A policy map can contain multiple class statements that can be applied to the same interface with the Service Policy Settings page 3 153 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL This limitation a...

Page 247: ...n this page Remove Policy Deletes a specified policy Policy Configuration Policy Name Name of the policy map Range 1 16 characters Description A brief description of a policy map Range 1 64 characters Add Adds the specified policy Back Returns to previous page without making any changes Policy Rule Settings Class Settings Class Name Name of class map Action Shows the service provided to ingress tr...

Page 248: ...rom a policy violation Rate kbps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower Burst byte Burst in bytes Range 64 1522 Exceed Specifies whether the traffic that exceeds the specified rate or burst will be dropped or the DSCP service level will be reduced Set Decreases DSCP priority for out of conformance traffic Range 0 63 Drop Drops out of conformance tr...

Page 249: ...QUALITY OF SERVICE 3 203 Figure 3 90 Configuring Policy Maps ...

Page 250: ...u can only bind one policy map to an interface The current firmware does not allow you to bind a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from the scroll down box Web Click QoS DiffServ Service Policy Check Enabled a...

Page 251: ...CE 3 205 Figure 3 91 Service Policy Settings CLI This example applies a service policy to an ingress interface Console config interface ethernet 1 5 Console config if service policy input rd_policy 3 Console config if ...

Page 252: ...assed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure ...

Page 253: ...appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 215 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch...

Page 254: ...is is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10...

Page 255: ...his example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 233 Console config ip igmp snooping querier 4 238 Console config ip igmp snooping query count 10 4 239 Console config ip igmp snooping query interval 100 4 240 Console config ip igmp snooping query max response time 20 4 240 Console config ip igmp snooping query time out...

Page 256: ...67295 Web Click IGMP Snooping IGMP Filter Configuration Figure 3 93 Enabling IGMP Filter Enabling IGMP Immediate Leave The IGMP snooping immediate leave feature enables a Layer 2 LAN interface to be removed from the multicast forwarding table without first sending an IGMP group specific query to the interface Upon receiving a group specific IGMPv2 leave message the switch immediately removes the i...

Page 257: ...Leave CLI This example enables IGMP immediate leave for VLAN 1 and then displays the current IGMP snooping status Console config interface vlan 1 Console config if ip igmp snooping immediate leave 4 236 Console config if end Console show ip igmp snooping 4 236 Service Status Enabled Querier Status Disabled Leave proxy status Enabled Query Count 2 Query Interval 125 sec Query Max Response Time 10 s...

Page 258: ...on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping M...

Page 259: ...ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configurat...

Page 260: ...up Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service Figure 3 97 Displaying Port Members of Mu...

Page 261: ...t add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down ...

Page 262: ...t address to VLAN 1 and then displays all the known multicast services supported on VLAN 1 Configuring IGMP Profile Group Define the access mode and multicast address range for the IGMP profile group Command Attributes Profile ID Selects the IGMP profile to configure Access Mode Select permit or deny access Current Multicast Address Range List List of the current multicast address ranges Console c...

Page 263: ... Filter and Throttling Configure the IGMP filter and throttling settings for each port or trunk Command Attributes Profile Select the IGMP profile to configure Max Multicast Groups 0 256 Enter the maximum number of multicast groups Current Multicast Groups Displays the current multicast group Throttling Action Mode Select deny or replace Throttling Status Displays the throttling status setting Tru...

Page 264: ...bscribers This protocol can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the user isolation and data security provided by VLAN segregation by pass...

Page 265: ...ing to a allow a subscriber to dynamically join or leave an MVR group see Configuring IGMP Snooping and Query Parameters on page 3 207 Note that only IGMP version 2 or 3 hosts can issue multicast join or leave messages 4 For multicast streams that will run for a long term and be associated with a stable set of hosts you can statically bind the multicast group to the participating interfaces see As...

Page 266: ...orts and to all receiver ports that have registered to receive data from that multicast group Default Disabled MVR Running Status Indicates whether or not all necessary conditions in the MVR environment are satisfied MVR VLAN Identifier of the VLAN that serves as the channel for streaming multicast services using MVR Range 1 4093 Default 1 MVR Group IP IP address for an MVR multicast group The IP ...

Page 267: ...a range of MVR group addresses Displaying MVR Interface Status You can display information about the interfaces attached to the MVR VLAN Field Attributes Type Shows the MVR port type Oper Status Shows the link status MVR Status Shows the MVR status MVR status for source ports is ACTIVE if MVR is globally enabled on the switch MVR status for receiver ports is ACTIVE only if there are subscribers re...

Page 268: ...Trunk Information Figure 3 102 MVR Port Information CLI This example shows information about interfaces attached to the MVR VLAN Displaying Port Members of Multicast Groups You can display the multicast groups assigned to the MVR VLAN either through IGMP snooping or static configuration Field Attributes Group IP Multicast groups assigned to the MVR VLAN Console show mvr interface 4 213 Port Type S...

Page 269: ...le following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN Console show mvr interface 4 213 MVR Group IP Status Members 225 0 0 1 ACTIVE eth1 1 d eth1 2 s 225 0 0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIVE None 225 0 0 8 INACTIVE None 225 0 0 9 INACTIVE None 22...

Page 270: ...ee Assigning Static Multicast Groups to Interfaces on page 3 226 Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if there ar...

Page 271: ...s not participate in the MVR VLAN This is the default type Immediate Leave Configures the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group Trunk Shows if port is a trunk member Port Configuration only Web Click MVR Port or Trunk Configuration Figure 3 104 MVR Port Configuration ...

Page 272: ... on page 3 220 The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Command Attributes Interface Indicates a port or trunk Member Shows the IP addresses for MVR multicast groups which have been statically assigned to the selected interface Non Member Shows the IP addresses fo...

Page 273: ...ue DHCP servers or other devices which send port related information to a DHCP server This information can be useful in tracking an IP address back to a physical port Network traffic may be disrupted when malicious DHCP messages are received from an outside source DHCP snooping is used to filter DHCP messages received on a non secure interface from outside the network or firewall When DHCP snoopin...

Page 274: ... the packet is dropped If the DHCP packet is from a client such as a DECLINE or RELEASE message the switch forwards the packet only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address verification is disabled However if MAC address verification is enabled the...

Page 275: ...ckets received from untrusted ports are dropped DHCP Snooping Configuration Command Attributes DHCP Snooping Status Enables or disables DHCP snooping globally DHCP Snooping MAC Address Verification Enables or disables MAC address verification DHCP packets will be dropped if the source MAC address in the Ethernet header of the packet is not same as the client s hardware address in the DHCP packet W...

Page 276: ...formed on any untrusted ports within the VLAN Web Click DHCP Snooping VLAN Configuration Figure 3 107 DHCP Snooping VLAN Configuration CLI This example first enables DHCP Snooping for VLAN 1 DHCP Snooping Information Option Configuration DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DHCP Option 82 it allows compatible DHCP...

Page 277: ... switch can discard the Option 82 information keep the existing information or replace it with the switch s relay information Note DHCP snooping must be enabled on the switch for the DHCP Option 82 information to be inserted into packets Command Attributes DHCP Snooping Information Option Status Enables or disables DHCP Option 82 information relay DHCP Snooping Information Option Policy Sets the D...

Page 278: ...onfigures switch ports as trusted or untrusted An untrusted interface is an interface that is configured to receive messages from outside the network or firewall A trusted interface is an interface that is configured to receive only messages from within the network Command Attributes Trust Status Enables or disables port as trusted Console config ip dhcp snooping information option 4 227 Console c...

Page 279: ...nformation Command Attributes No Entry number for DHCP snooping binding information Unit Stack unit Port Port number VLAN ID ID of a configured VLAN Range 1 4093 MAC Address A valid unicast MAC address IP Address A valid unicast IP address IP Address Type Indicates an IPv4 or IPv6 address type Lease Time Seconds The time after which an entry is removed from the table Console config interface ether...

Page 280: ... DHCP Snooping on page 3 227 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes commands used to configure IP Source Guard IP Source Guard Port Configuration IP Source Guard is used to filter traffic on an unsecure port which receives messages from outside the network or firewall and there...

Page 281: ...ry is found the packet is dropped Command Attributes Filter Type Configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Default None None Disables IP source guard filtering on the port SIP Enables traffic filtering based on IP addresses stored in the binding table SIP MAC Enables traffic filtering based on IP addresses and corresp...

Page 282: ...able Command Attributes Static Binding Table Counts The total number of static entries in the table Current Static Binding Table The list of current static entries in the table Port Switch port number Range 1 52 VLAN ID ID of a configured VLAN Range 1 4093 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Console config interface ethern...

Page 283: ... binding table for a selected interface Command Attributes Query by Select an interface to display the source guard binding Options Port VLAN MAC Address or IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Console config ip source guard binding 11 2...

Page 284: ... 3 113 Dynamic IP Source Guard Binding Information CLI This example shows how to configure a static source guard binding on port 5 Console show ip source guard binding 4 222 MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console ...

Page 285: ...witch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station Note Cluster Member switches can be managed through only using a Telnet connection to the Commander From the Commander CLI prompt use the rcommand ...

Page 286: ...and 36 Note that you cannot change the cluster IP pool when the switch is currently in Commander mode Commandoer mode must first be disabled Number of Members The current number of Member switches in the cluster Number of Candidates The current number of Candidate switches discovered in the network that are available to become Members Web Click Cluster Configuration Figure 3 114 Cluster Configurat...

Page 287: ...AC Address Select a discoverd switch MAC address from the Candidate Table or enter a specific MAC address of a known switch Web Click Cluster Member Configuration Figure 3 115 Cluster Member Configuration CLI This example creates a new cluster Member by specifying the Candidate switch MAC address and setting a Member ID Console config cluster member mac address 00 12 34 56 78 9a id 5 4 232 Console...

Page 288: ...ster IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch Web Click Cluster Member Information Figure 3 116 Cluster Member Information CLI This example shows information about cluster Member switches Vty 0 sh cluster members 4 234 Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC A...

Page 289: ... of Candidate switches in the network MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 117 Cluster Candidate Information CLI This example shows information about cluster Candidate switches Vty 0 show cluster candidates 4 234 Cluster Candidates Role Mac Description ACTIVE MEMBER 00 ...

Page 290: ...CONFIGURING THE SWITCH 3 244 ...

Page 291: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 292: ... address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to which you are at...

Page 293: ...et command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status ethernet 1 5 show interfaces and ...

Page 294: ... CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the logging history example typing log foll...

Page 295: ... interfaces Interface information ip IP information lacp LACP statistics line TTY line information log Login records logging Login setting mac address table Configuration of the address table management Management IP filter map Maps priority port Port characteristics public key Public key information queue Priority queue information radius server RADIUS server information running config Informatio...

Page 296: ...mmand will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or ...

Page 297: ...Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new conso...

Page 298: ...ing config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed dupl...

Page 299: ... one of the following commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 14 Access Control List access list ip stand...

Page 300: ...ne Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters ...

Page 301: ...on access using local or remote authentication also configures port security and IEEE 802 1X port access control 4 91 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 113 SNMP Activates authentication failure traps configures community access strings and trap managers also...

Page 302: ...ngs and defines port membership for VLAN groups also enables or configures private VLANs 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 216 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for ...

Page 303: ...COMMAND GROUPS 4 13 VC VLAN Database Configuration ...

Page 304: ...eout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 20 silent time These commands only apply to the serial port Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set ...

Page 305: ...efault Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 25 show users 4 ...

Page 306: ...ified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respe...

Page 307: ...on is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility with...

Page 308: ... Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting...

Page 309: ...g CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set t...

Page 310: ...empts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections...

Page 311: ...nsole response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 20 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syn...

Page 312: ...fy 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 22 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Lin...

Page 313: ...d bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you se...

Page 314: ... stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Console config line speed 57600 Console config line Console c...

Page 315: ...nnect an SSH or Telnet connection Example Related Commands show ssh 4 54 show users 4 81 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Console disconnect 1 Console ...

Page 316: ...c Console Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 29 reload Restarts the system PE 4 30 end Returns to Privileged Exec mode any config mode 4 30 exit Returns to the previous con...

Page 317: ...0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 36 The character is appended to the end of the prompt to indicate that the system is in priv...

Page 318: ...and Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 27 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Config...

Page 319: ... Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 320: ...ad This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end T...

Page 321: ...mmand returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Console exit Press ENTER...

Page 322: ...able 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a web browser 4 39 Telnet Server Enables management ...

Page 323: ...ration System Status Displays system configuration active managers and version information 4 76 Frame Size Enables support for jumbo frames 4 82 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 128 snmp server lo...

Page 324: ...t access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 91 and host access authentication for specific ports page 4 104 Console config prompt RD2 RD2 config Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Functio...

Page 325: ...imum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The def...

Page 326: ...vileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensitive...

Page 327: ...arious protocols Use the no form to restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP ...

Page 328: ... the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both...

Page 329: ...how management all client Management Ip Filter Http Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Command Command Funct...

Page 330: ...ng 80 Command Mode Global Configuration Example Related Commands ip http server 4 40 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server ip http secure server Enables HTTPS SSL for encrypted communications GC 4 41 ip http secure port Specifies the UDP port number for HTTPS SSL GC 4 42 Console ...

Page 331: ... connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that yo...

Page 332: ...ng systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 76 Also refer to the copy command on page 4 84 Example Related Commands ip http secure port 4 42 copy tftp https certificate 4 84 ip http secure port This command specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form...

Page 333: ...Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure server 4 41 Console config ip http secure port 1000 Console config ...

Page 334: ...rt This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax no ip telnet port port number port number The TCP port to be used by the browser interface Range 1 65535 Table 4 14 Telnet Server Commands Command Function Mode Page ip telnet server Allows the switch to be monitored or configured from Telnet GC 4 44 ip telnet port Specifies th...

Page 335: ...er Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management sta...

Page 336: ...he SSH server GC 4 49 ip ssh authentication retries Specifies the number of retries allowed by a client GC 4 50 ip ssh server key size Sets the SSH server key size GC 4 51 copy tftp public key Copies the user s public key from a TFTP server to the switch PE 4 84 delete public key Deletes the public key for the specified user PE 4 51 ip ssh crypto host key generate Generates the host key PE 4 52 ip...

Page 337: ...6782 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945452408397 1752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch wit...

Page 338: ...itch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt the bytes and sends the decrypted bytes back to the switch e The switch compares the decrypted bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is auth...

Page 339: ...ES 56 bit or 3DES 168 bit for data encryption You must generate the host key before enabling the SSH server Example Related Commands ip ssh crypto host key generate 4 52 show ssh 4 54 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH ...

Page 340: ... ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Ex...

Page 341: ...ation Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Dele...

Page 342: ...AM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to ...

Page 343: ...rs the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 52 ip ssh save host key 4 53 no ip ssh server 4 48 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host...

Page 344: ...SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session ...

Page 345: ... 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three i...

Page 346: ... is the encoded modulus Example Console show public key host Host RSA 1024 65537 1568499540186766925933394677505461732531367489083654725415020245593 199868544358361651999923329781766065830958610825913212890233765468017262725714 134287629413011961955667825956641048695742788814620651941746772984865468615717 739390164779355942303577413098022737087794545240839717526463580581767167095748 04776117 DSA s...

Page 347: ...s that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 57 logging history Limits syslog messages saved to switch memory based on severity GC 4 58 logging host Adds a syslog server host IP address that will receive logging messages GC 4 59 logging facility Sets the facility type for remote logging of syslog messages GC 4 60 ...

Page 348: ...n power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g return...

Page 349: ... server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration 1 alerts Immediate action needed 0 emergencies System unusable Console config logging history ram 0 Console config Table 4 18 Logging Levels Continued...

Page 350: ... A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort me...

Page 351: ... logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 58 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also en...

Page 352: ...s show log 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on powe...

Page 353: ...RAM level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logg...

Page 354: ...w logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sysl...

Page 355: ...notification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4 66 logging sendmail level Sets the severity threshold used to trigger alert messages GC 4 67 logging sendmail source email Sets the email address used for From field of alert messages GC 4 67 loggi...

Page 356: ...and to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in t...

Page 357: ...icates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging sendmail s...

Page 358: ...of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example...

Page 359: ...ration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabl...

Page 360: ...ervers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 70 sntp server Specifies one or more time servers GC 4 70 sntp poll Sets the interval at which the client polls fo...

Page 361: ...Related Commands sntp client 4 70 sntp poll 4 72 show sntp 4 73 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Console config sntp server 10 1 0 ...

Page 362: ...on the interval set via the sntp poll command Example Related Commands Related Commands 4 71 sntp poll 4 72 show sntp 4 73 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 se...

Page 363: ...xample clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 1 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC afte...

Page 364: ... after of UTC Example Related Commands show sntp 4 73 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of mont...

Page 365: ...mple shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console ...

Page 366: ... group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Table 4 23 System Status Commands Command Function Mode Page show running config Displays the configuration data ...

Page 367: ...se Default Setting None Command Mode Privileged Exec Command Usage Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw vlan database vlan 1 name DefaultVlan media et...

Page 368: ... modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address configured for the switch Spanning tree settings Any configured se...

Page 369: ...r community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport...

Page 370: ...r for assistance Example Console show system System description SMC Networks SMC6152L2 System OID string 1 3 6 1 4 1 202 20 66 System Information System Up Time 0 days 0 hours 7 minutes and 22 65 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 00 12 32 23 21 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Serv...

Page 371: ... i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Page 372: ...or jumbo frames Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Console show version Unit 1 Serial number A429048179 Hardware version R01 EPLD version 15 15 Number of ports 48 Main power status up Agent master Unit ID 1 Loader version 1 0 1 3 Boot ROM version 1 0 1 4 Operation code version 1 0 0 4 Console Table 4 24 Frame Size Commands...

Page 373: ...s such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to ...

Page 374: ... config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you...

Page 375: ...ch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must...

Page 376: ...e file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write t...

Page 377: ...iguration file or image name unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public key type 1 RSA 2 DSA 1 2 1 S...

Page 378: ...ax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on this file cannot be shown unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec ...

Page 379: ...hboot unit unit Stack unit Range 1 8 Default Setting None Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte Unit1 diag_0060 Boot Rom image Y 111...

Page 380: ...pe of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the d...

Page 381: ...ommand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 91 RADIUS Client Configures settings for authentication via a RADIUS server 4 94 TACACS Client Configures settings for authentication via a TACACS server 4 99 Port Security Configures secure addresses for a port 4 101 Port Authentication Configures host authentication on specific ports using 802...

Page 382: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command t...

Page 383: ...IUS server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body o...

Page 384: ...entication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands Co...

Page 385: ...nce until a server responds or the retransmit period expires host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authentica...

Page 386: ...1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Console config radius server 1 host 192 168 1 20 port 181...

Page 387: ...tore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config radius server key green Console config Console config radius server retransmit 5 Console config ...

Page 388: ...tch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Co...

Page 389: ...r host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 99 tacacs server por...

Page 390: ...1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mo...

Page 391: ...ready stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabli...

Page 392: ...ake when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Table...

Page 393: ...set the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled usin...

Page 394: ...t identity packet to the client before it times out the authentication session IC 4 106 dot1x port control Sets dot1x mode for a port interface IC 4 106 dot1x operation mode Allows single or multiple hosts on a dot1x port IC 4 107 dot1x re authenticate Forces re authentication on specific ports PE 4 108 dot1x re authentication Enables re authentication for all ports IC 4 108 dot1x timeout quiet pe...

Page 395: ...t Syntax no dot1x system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default values Syntax dot1x default Command Mode Global Configuration Example Console config dot1x system auth control Console config Console config dot1x default Console config ...

Page 396: ...control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients eithe...

Page 397: ...ingle host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot...

Page 398: ...unit Always unit 1 port Port number Range 1 30 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x operation mode multi host max count 10 C...

Page 399: ...od seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configura...

Page 400: ... seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 Console config interface eth 1 2 Console config if...

Page 401: ...thenticated page 4 109 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 109 tx period Time a port waits during authentication session before re transmitting EAP packet page 4 110 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Maximum number of times...

Page 402: ... Reauthentication State Machine State Current state including initialize reauthenticate Example Console show dot1x Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 25 disabled Single Host ForceAuthorized yes 1 26 enabled Single Host Auto...

Page 403: ...L one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT AC...

Page 404: ...tched the implicit default is permit all IP ACLs Table 4 33 Access Control List Commands Command Groups Function Page IP ACLs Configure ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 114 ACL Information Display ACLs and associated rules shows ACLs assigned to each port 4 123 Table 4 34 IP ACL Commands Command Function Mode Page access list ip Creates an IP ACL ...

Page 405: ...aracters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to show ip access list Displays the rules for configured IP ACLs PE 4 118 ip access group Adds a port to an IP ACL IC 4 119 show ip access group Shows port as...

Page 406: ... rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are a...

Page 407: ...ination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol number udp any source address bitmask host source any destination address bitmask host destination source port sport end destination port dport end no permit deny tcp any source address bitmask host source any destination address bitmask host...

Page 408: ... for each IP packet entering the port s to which this ACL has been assigned Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination ad...

Page 409: ...oup This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip access group acl_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL...

Page 410: ...mands ip access group 4 119 map access list ip This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS v...

Page 411: ...ee queue cos map on 4 226 Example Related Commands queue cos map 4 226 show map access list ip 4 121 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Always unit 1 Table 4 35 Egress Que...

Page 412: ...NTERFACE 4 122 port Port number Range 1 30 Command Mode Privileged Exec Example Related Commands map access list ip 4 120 Console show map access list ip Access list to COS of Eth 1 24 Access list ALS1 cos 0 Console ...

Page 413: ... Shows all ACLs and associated rules PE 4 123 show access group Shows the ACLs assigned to each port PE 4 124 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code...

Page 414: ... default specify read and write access views for the MIB tree configure SNMP user groups with the required security model i e SNMP v1 v2c or v3 and security level i e authentication and privacy and then assign SNMP users to these groups along with their specific authentication and privacy passwords Console show access group Interface ethernet 1 25 IP standard access list david IP access list jerry...

Page 415: ... 130 snmp server enable traps Enables the device to send SNMP traps i e SNMP notifications GC 4 133 snmp server engine id Sets the SNMPv3 engine ID GC 4 134 show snmp engine id Shows the SNMPv3 engine ID PE 4 135 snmp server view Adds an SNMPv3 view GC 4 136 show snmp view Shows the SNMPv3 views PE 4 137 snmp server group Adds an SNMPv3 group mapping users to views GC 4 138 show snmp group Shows t...

Page 416: ...ing None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command Console config snmp server Console config ...

Page 417: ...only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP logging di...

Page 418: ...ment stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Co...

Page 419: ...his command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 128 Console config snmp server contact Paul Console config Console config ...

Page 420: ...dge receipt Range 0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you def...

Page 421: ...t one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefor...

Page 422: ...oup that includes the required notify view page 4 138 6 Specify a remote engine ID where the user resides page 4 134 7 Then configure a remote user page 4 141 The switch can send SNMP version 1 2c or 3 notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is to send SNMP ve...

Page 423: ... Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the ...

Page 424: ... no form to restore the default Syntax snmp server engine id local remote ip address engineid string no snmp server engine id local remote address local Specifies the SNMP engine on this switch remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters Default Setting A u...

Page 425: ...therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 1234 is equivalent to 1234 followed by 22 zeroes A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engineID is ...

Page 426: ...fines an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Remote SNMP engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Table 4 38 show snmp engine id display description Field Description Local SNMP engineID String ...

Page 427: ...nterfaces table ifDescr The wild card is used to select all the index values in this table This view includes the MIB 2 interfaces table and the mask selects all index entries show snmp view This command shows information on the SNMP views Command Mode Privileged Exec Console config snmp server view mib 2 1 3 6 1 2 1 included Console config Console config snmp server view ifEntry 2 1 3 6 1 2 1 2 2...

Page 428: ...on or with authentication and privacy See Simple Network Management Protocol on page 3 44 for further information about these authentication and encryption options Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type nonvolatile Row Status active Console Tab...

Page 429: ...rithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported by this switch see Supported Notification Messages on page 3 61 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with t...

Page 430: ... defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 4 40 show snmp group ...

Page 431: ...address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Us...

Page 432: ...mote device where the user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You the...

Page 433: ...e mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage T...

Page 434: ...COMMAND LINE INTERFACE 4 144 ...

Page 435: ...rface when autonegotiation is disabled IC 4 147 negotiation Enables autonegotiation of a given interface IC 4 148 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 149 flowcontrol Enables flow control on a given interface IC 4 150 shutdown Disables an interface IC 4 151 clear counters Clears statistics on an interface PE 4 152 show interfaces status Disp...

Page 436: ...30 port channel channel id Range 1 6 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interf...

Page 437: ...ll duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force ope...

Page 438: ... for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the spee...

Page 439: ...n 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asym...

Page 440: ...peed duplex 4 147 flowcontrol 4 150 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled bac...

Page 441: ...l on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands negotiation 4 148 capabilities flowcontrol symmetric 4 149 shutdown This command disables an interface To restart a disabled interfac...

Page 442: ...nterface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management int...

Page 443: ...k unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 108 Console ...

Page 444: ...s ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled Port security Disabled Max MAC count 0 Port security action None Media type None Current statu...

Page 445: ...064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 227208 Packets 3338 ...

Page 446: ...ged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 500 packets second LACP status Enabled Ingress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Enabled Acceptable frame type All frames Native...

Page 447: ...enabled Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 202 Native VLAN Indicates the default Port VLAN ID page 4 205 Priority for untagged traffic Indicates the default priority for untagged frames page 4 221 GVRP status Shows if GARP VLAN Registration Protocol is enabled or disabled page 4 218 Allowed VLAN Shows the VLANs this interface has jo...

Page 448: ...ng 500 packets per second Command Mode Global Configuration Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped The specified threshold value applies to all ports on the switch Table 4 44 Broadcast Commands Command Function Mode Page broadcast packet rate Configures the global threshold level GC 4 158 switchport broadcast Enables broadcast ...

Page 449: ...broadcast storm control on an interface Use the no form to disable broadcast storm control on an interface Syntax no switchport broadcast Default Setting Enabled Command Mode Interface Configuration Example The following shows how to disable broadcast storm control on an interface Console config broadcast packet rate 600 Console config if no switchport broadcast ...

Page 450: ...rt unit Stack unit Always unit 1 port Port number Range 1 30 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 4 45 Mirror Port Commands Command Func...

Page 451: ...s must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Always unit 1 por...

Page 452: ...y the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input rate no rate limit input Console config interface eth...

Page 453: ...63 input Input rate rate Percentage Default Setting 100 percent Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 454: ...perating at full duplex Table 4 47 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode for the trunk GC 4 146 channel group Adds a port to a trunk IC Ethernet 4 166 Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet 4 166 lacp system priority Config...

Page 455: ...channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channe...

Page 456: ...ic trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no...

Page 457: ...ormed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails ...

Page 458: ...11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A4 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control Disabled Port secu...

Page 459: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 460: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side ...

Page 461: ... Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inte...

Page 462: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side...

Page 463: ...messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Channel group 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker ...

Page 464: ...s group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp internal Channel group 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key ...

Page 465: ...administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggre...

Page 466: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partn...

Page 467: ...A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 51 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ...

Page 468: ...k unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration mac address table aging time Sets the aging time of the address table GC 4 1...

Page 469: ...ddress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system ...

Page 470: ...e Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx ...

Page 471: ...aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 00 00 00 00 17 1 Learned Eth 1 1 00 E0 29 94 34 DE 1 Delete on reset Console Console config...

Page 472: ...3 Spanning Tree Commands Command Function Mode Page spanning tree Enables the spanning tree protocol GC 4 183 spanning tree mode Configures STP or RSTP mode GC 4 184 spanning tree forward time Configures the spanning tree bridge forward time GC 4 185 spanning tree hello time Configures the spanning tree bridge hello time GC 4 186 spanning tree max age Configures the spanning tree bridge maximum ag...

Page 473: ...ee spanning disabled Disables spanning tree for an interface IC 4 190 spanning tree cost Configures the spanning tree path cost of an interface IC 4 190 spanning tree port priority Configures the spanning tree priority of an interface IC 4 191 spanning tree edge port Enables fast forwarding for edge ports IC 4 192 spanning tree portfast Sets an interface to fast forwarding IC 4 193 spanning tree l...

Page 474: ... Spanning Tree Protocol IEEE 802 1D rstp Rapid Spanning Tree Protocol IEEE 802 1w Default Setting rstp Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be i...

Page 475: ...expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This command configures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax spanning tree forward time seconds no spanning tree forward time seconds...

Page 476: ...ry data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Global Configuration...

Page 477: ...Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes ...

Page 478: ...ridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost method This command configures the path cost method used for Rapid Spanning Tree Use the no form to rest...

Page 479: ...ned to ports with slower media Note that path cost page 4 190 takes precedence over port priority page 4 191 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in s...

Page 480: ...Channel Example spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost cost cost The path cost for the port Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Console config spanni...

Page 481: ...o ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 188 is set to short the maximum value for path cost is 65 535 Example spanning tree port priority This command configures the priority for the specified interface Use the no form to restore the default Syntax spanning tre...

Page 482: ...anning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause ...

Page 483: ...to disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the fast spanning tree mode for the selected port In this mode ports skip the Discarding and Learning states and proceed straight to Forwarding Since end nodes cannot cause forwarding loops they can be p...

Page 484: ...orm to restore the default Syntax spanning tree link type auto point to point shared no spanning tree link type auto Automatically derived from the duplex mode setting point to point Point to point link shared Shared medium Default Setting auto Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be connected to exactly on...

Page 485: ...lways unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re ...

Page 486: ...e show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST For a description of the items displayed under Spanning tree information see Configu...

Page 487: ... Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 0...

Page 488: ...ly Default Setting None Table 4 54 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 198 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 200 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 208 Configuri...

Page 489: ...y entering the show running config command Example Related Commands show vlan 4 208 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name A...

Page 490: ... name RD5 The VLAN is activated by default Related Commands show vlan 4 208 Configuring VLAN Interfaces Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Table 4 56 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 4 201 switchport mode Configures VLAN membership mode...

Page 491: ...gn an IP address to the VLAN Related Commands shutdown 4 151 switchport native vlan Configures the PVID native VLAN of an interface IC 4 205 switchport allowed vlan Configures the VLANs associated with an interface IC 4 206 switchport gvrp Enables GVRP for an interface IC 4 218 switchport forbidden vlan Configures forbidden VLANs for an interface IC 4 207 switchport priority default Sets a port pr...

Page 492: ...with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then set the switchport mode to hybrid Related Commands switchport acceptable frame types 4 202 switchport acceptable frame types This command configures the acceptable frame types for a port Use the no form to restore the default Syntax...

Page 493: ...sage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 202 Console config interface ethernet 1 1 Console config if switchport acceptable frame types tagged Console config if ...

Page 494: ...ngress filtering Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will discard received frames tagged for VLANs for it which it is not a member Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU...

Page 495: ...l Command Usage Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged The no switchport native vlan command will set the native VLAN of the port to untagged VLAN 1 If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress port Example The follo...

Page 496: ...t List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting All ports are assigned to VLAN 1 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mo...

Page 497: ...e following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove the list of forbidden VLANs Syntax switchport forbidden vlan add vlan list remove vlan list no switchport forbidden vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifie...

Page 498: ...tax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 57 Displaying VLAN Information Command Function ...

Page 499: ...th any of the promiscuous ports in the associated primary VLAN In both cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN Note that private VLANs and ...

Page 500: ...secondary VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan command to verify your configuration settings Table 4 58 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private vlan Adds or deletes primary or community VLANs VC 4 211 private vlan association Associates a community VLAN with a primary VLA...

Page 501: ...community VLANs and serves to channel traffic between community VLANs and other locations Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same community VLAN and channel traffic passing outside the community through promiscuous ports When using community VLANs they must be mapped to an associated primary VLAN that co...

Page 502: ...s secondary vlan id ID of secondary i e community VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the ...

Page 503: ...s Default Setting Normal VLAN Command Mode Interface Configuration Ethernet Port Channel Command Usage To assign a promiscuous port to a primary VLAN use the switchport private vlan mapping command To assign a host port to a community VLAN use the private vlan host association command Example switchport private vlan host association Use this command to associate an interface with a secondary VLAN ...

Page 504: ...ers but must communicate with resources outside of the group via promiscuous ports in the associated primary VLAN Example switchport private vlan mapping Use this command to map an interface to a primary VLAN Use the no form to remove this mapping Syntax switchport private vlan mapping primary vlan id no switchport private vlan mapping primary vlan id ID of primary VLAN Range 1 4093 no leading zer...

Page 505: ... show vlan private vlan mapping community primary community Displays all community VLANs along with their associated primary VLAN and assigned host interfaces primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console config interface ethernet 1 2 Console config if switchport private vlan mapping 2 Consol...

Page 506: ...or the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 59 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 216 show bridge ext Shows the global bridge extension configuration PE 4 217 switchport gvrp Enables GVRP for an interface IC 4 218 switchport forbidden vlan Configures forbi...

Page 507: ...ion for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 4 165 and Displaying Bridge Extension Capabilities on page 4 17 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast ...

Page 508: ... GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console sho...

Page 509: ... Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP...

Page 510: ...nit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 219 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds...

Page 511: ...ered in the switch due to congestion This switch supports CoS with eight priority queues for each port Data packets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues ...

Page 512: ...lass of service values 4 229 Table 4 61 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 222 switchport priority default Sets a port priority for incoming untagged frames IC 4 222 queue bandwidth Assigns round robin weights to the priority queues GC 4 225 queue cos map Assigns class of service values to the prio...

Page 513: ...Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Example The following example sets the queue mode to strict priority service mode swi...

Page 514: ... be used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Theref...

Page 515: ...sed by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues for port 5 Related Commands show queue band...

Page 516: ...oS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface Configur...

Page 517: ...ue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Pr...

Page 518: ...t unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console ...

Page 519: ...chport priority Example The following example shows how to enable IP DSCP mapping globally Table 4 63 Priority Commands Layer 3 and 4 Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 4 229 map ip dscp Maps IP DSCP value to a class of service IC 4 230 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 120 show...

Page 520: ...hat all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware ...

Page 521: ...d shows the IP DSCP priority map Syntax show map ip dscp interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 5 Console config if map ip dscp 1 cos 0 Console config if ...

Page 522: ...h router to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 65 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment ...

Page 523: ... Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 233 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 234 ip igmp snooping version Configures the IGMP version for snooping GC 4 235 ip igmp snooping immediate leave Enables IGMP immediate leave for a VLAN interface IC 4 236 show ip igmp snooping Shows the IGMP snooping and query configuration PE 4 2...

Page 524: ...n id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 30 port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet 1 5 Co...

Page 525: ...on 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to u...

Page 526: ...face to be removed from the multicast forwarding table without first sending an IGMP group specific query to the interface Upon receiving a group specific IGMPv2 leave message the switch immediately removes the interface from the Layer 2 forwarding table entry for that multicast group unless a multicast router was learned on the port Example show ip igmp snooping This command shows the IGMP snoopi...

Page 527: ...cast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Console show ip igmp snooping Service status Enabled Querier status Disabled Q...

Page 528: ...w mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 67 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 238 ip igmp snooping query count Configures the query count GC 4 239 ip igmp snooping query interval Configures the query i...

Page 529: ...cast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If...

Page 530: ...uery messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This command configures the query report delay Use the no form to restore the default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time secon...

Page 531: ...lient is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 235 ip igmp snooping query max response time 4 240 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip igmp snooping router port expire ti...

Page 532: ...vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4093 interface ethernet unit port unit Stack unit Always unit 1 Console config ip igmp snooping router port expire time 300 Console config Table 4 68 Static Multicast Routing Commands Command Function M...

Page 533: ... you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4093 Default...

Page 534: ...her devices that exist on another network segment Basic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 69 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 245 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 246 ip default gatewa...

Page 535: ... configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been received Requests will be broadca...

Page 536: ...CP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address pro...

Page 537: ... address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart...

Page 538: ...d shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain 4 246 Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode User ...

Page 539: ...etting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten...

Page 540: ...o 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console Table 4 70 IP Source Guard Commands Command Function Mode Page ip s...

Page 541: ...l and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor Setting source guard mode to sip or sip mac enables this function on the selected port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC address Use th...

Page 542: ...ip mac option If a matching entry is found in the binding table and the entry type is static IP source guard binding the packet will be forwarded If the DHCP snooping is enabled IP source guard will check the VLAN ID source IP address port number and source MAC address for the sip mac option If a matching entry is found in the binding table and the entry type is static IP source guard binding stat...

Page 543: ...nfiguration Command Usage Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP Binding Static DHCP Binding VLAN identifier and port identifier All static entries are configured with an infinite lease time which is indicated with a value of zero by the show ip source guard command page 4 254 When source guard is enabled traffic is filtered based upo...

Page 544: ...IP source guard binding Example This example configures a static source guard binding on port 5 Related Command ip source guard 4 251 ip dhcp snooping 4 256 ip dhcp snooping vlan 4 258 show ip source guard This command shows whether source guard is enabled or disabled on each interface Command Mode Privileged Exec Example Console config ip source guard binding 11 22 33 44 55 66 vlan 1 192 168 0 99...

Page 545: ...ase sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console Table 4 71 DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DHCP snooping globally GC 4 256 ip dhcp snooping vlan Deletes entries from the host name to address table GC 4 258 ip dhcp snooping trust Defines a default domain name for incomplete host names IC 4 259 ip dhcp snooping verify m...

Page 546: ...ng vlan command page 4 258 DHCP messages received on an untrusted interface as specified by the no ip dhcp snooping trust command page 4 259 from a device not listed in the DHCP snooping table will be dropped When enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for untrusted interfaces Each entry...

Page 547: ...DHCP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If the DHCP packet is from a client such as a DECLINE or RELEASE message the switch forwards the packet only if the corresponding entry is found in the binding table If the DHCP packet is from client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC a...

Page 548: ...rver Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets received from untrusted ports are dropped Example This example enables DHCP snooping globally for the switch Related Command ip dhcp snooping vlan 4 258 ip dhcp snooping trust 4 259 ip dhcp snooping vlan This command enables DHCP s...

Page 549: ... re enabled When DHCP snooping is globally enabled configuration changes for specific VLANs have the following effects If DHCP snooping is disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table Example This example enables DHCP snooping for VLAN 1 Related Command ip dhcp snooping 4 256 ip dhcp snooping trust 4 259 ip dhcp snooping trust This command config...

Page 550: ...hen an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Additional considerations when the switch itself is a DHCP client The port s through which it submits a client request to the DHCP server must be configured as trusted Example This example sets port 5 to untrusted Related Commands ip dhcp snooping 4 256 ip dhcp snooping v...

Page 551: ... 4 259 ip dhcp snooping information option This command enables the DHCP Option 82 information relay for the switch Use the no form to disable this function Syntax no ip dhcp snooping information option Default Setting Disabled Command Mode Global Configuration Command Usage DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DH...

Page 552: ...g information option policy for DHCP client packets that include Option 82 information Syntax ip dhcp snooping information policy drop keep replace drop Discards all DHCP client packets with Option 82 information keep Retains the client s DHCP information replace Overwrites the DHCP client packet information with the switch s relay information Default Setting replace Command Mode Global Configurat...

Page 553: ...tries to flash memory These entries will be restored to the snooping table when the switch is reset However note that the lease time shown for a dynamic entry that has been restored from flash memory will no longer be valid Example show ip dhcp snooping This command shows the DHCP snooping configuration settings Command Mode Privileged Exec Console config ip dhcp snooping information policy drop C...

Page 554: ...elnet to communicate directly with the Commander throught its IP address and the Commander manages Member switches using cluster internal IP addresses There can be up to 36 Member switches in one cluster Cluster switches are limited to within a single IP subnet Console show ip dhcp snooping Global DHCP Snooping status disable DHCP Snooping is configured on the following VLANs 1 Verify Source Mac A...

Page 555: ...hen they become Members and are used for communication between Member switches and the Commander Table 4 72 Switch Cluster Commands Command Function Mode Page cluster Configures clustering on the switch GC 4 256 cluster commander Configures the switch as a cluster Commander GC 4 258 cluster ip pool Sets the cluster IP address pool for Members GC 4 259 cluster member Sets Candidate switches as clus...

Page 556: ...ting Disabled Command Mode Global Configuration Command Usage Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station Cluster Member switches can be managed through only using a Telnet connection...

Page 557: ...gn IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only the base IP address of the pool needs to be set since Member IDs can only be between 1 and 36 Set a Cluster IP Pool that does not conflict with addresses in the network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication b...

Page 558: ...mber id The ID number to assign to the Member switch Range 1 36 Default Setting No Members Command Mode Global Configuration Command Usage The maximum number of cluster Members is 36 The maximum number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member CLI for configuration Syntax rcommand id member id member id The ID number to assign to the Member switc...

Page 559: ...to the Member switch CLI Example show cluster This command shows the switch clustering configuration Command Mode Privileged Exec Example show cluster members This command shows the current switch cluster members Command Mode Privileged Exec Vty 0 rcommand id 1 CLI session with the SMC6152L2 is opened To end the CLI session enter Exit Vty 0 Console show cluster Role commander Interval heartbeat 30...

Page 560: ...ode Privileged Exec Example Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 12 cf 23 49 c0 Description SMC6152L2 Console Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 23 49 c0 SMC6152L2 CANDIDATE 00 12 cf 0b 47 a0 SMC6152L2 Console ...

Page 561: ...l duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring One source ports one destination port Rate Limits Input Limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Span...

Page 562: ...ed by VLAN tag or port Layer 3 4 priority mapping IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet Web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 con...

Page 563: ... 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging DHCP Client RFC 1541 HTTPS IGMP RFC 1112 IGMPv2 RFC 2236 RADIUS RFC 2618 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 3410 2273 3411 3415 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 Management Information B...

Page 564: ...2 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Community MIB RFC 3584 TACACS Auth...

Page 565: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 566: ...p an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and the baud rate ...

Page 567: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 568: ...TROUBLESHOOTING B 4 ...

Page 569: ...hem in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up...

Page 570: ...on Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership...

Page 571: ...vice QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to fir...

Page 572: ...t Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A...

Page 573: ...ction meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchroni...

Page 574: ...s Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including...

Page 575: ... Tree Protocol STP A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Acces...

Page 576: ...s that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share informatio...

Page 577: ...3 186 3 195 4 221 DSCP 3 193 4 229 layer 3 4 priorities 3 192 4 229 queue mapping 3 187 4 226 queue mode 3 190 4 222 traffic class weights 3 191 4 225 D default gateway configuration 3 20 4 247 default priority ingress port 3 186 4 223 default settings system 1 7 DHCP 3 22 4 245 client 3 20 dynamic configuration 2 7 Differentiated Code Point Service See DSCP downloading software 3 25 4 84 DSCP ena...

Page 578: ...CACS client 3 69 3 70 4 99 TACACS server 3 69 3 70 4 99 logon authentication sequence 3 71 4 92 4 93 M main menu 3 5 Management Information Bases MIBs A 3 mirror port configuring 3 131 4 160 multicast filtering 3 206 3 218 3 239 4 232 multicast groups 3 214 4 237 displaying 4 237 static 3 214 4 234 4 237 multicast services configuring 3 215 3 220 3 221 3 224 4 234 displaying 3 214 4 237 multicast ...

Page 579: ... displaying version 3 15 4 81 downloading 3 25 4 84 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 3 77 4 49 4 50 STA 3 144 4 182 edge port 3 156 3 159 4 192 global settings configuring 3 149 4 183 4 189 global settings displaying 3 146 4 196 interface settings 3 153 4 195 4 196 link type 3 156 3 159 4 194 path cost 3 147 3 155 path cost method 3 152 4 188 port priority...

Page 580: ...12 adding static members 3 170 3 172 4 206 creating 3 168 4 199 description 3 161 displaying basic information 3 165 4 217 displaying port members 3 166 4 208 egress mode 3 174 4 202 interface configuration 3 173 4 202 4 207 private 3 176 3 184 4 209 W Web interface access requirements 3 1 configuration buttons 3 4 home page 3 3 menu list 3 4 3 5 panel display 3 4 ...

Page 581: ......

Page 582: ...39 02 739 12 68 Fax 39 02 739 14 17 Benelux 31 0 654 776 790 Fax 31 0 172 242 393 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic and Baltics 46 0 566 622 83 Fax 45 0 566 622 86 Eastern Europe 420 266 794 421 Fax 420 266 794 423 Sub Saharian Africa 27 012 661 0232 Fax 34 93 471 3374 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 34 93 477 4920 Fax 34 93 477 3774 PRC 86 10 6235...

Reviews:

No comments

Brands by name

Popular brands

Load more brands