manualshive.com logo in svg

SMC Networks 6724AL2, Management Manual

Get the SMC Networks 6724AL2 Installation Manual for free! Easily download this comprehensive manual from our website. Discover detailed step-by-step instructions to effortlessly set up and enjoy the features of the SMC Networks 6724AL2. Get yours now and unleash the full potential of your SMC Networks 6724AL2 device.

Share
Download
background image

S

ECURITY

2-37

Command Usage

By default, management access is always checked against the 
authentication database stored on the local switch. If a remote 
authentication server is used, you must specify the authentication 
sequence and the corresponding parameters for the remote 
authentication protocol.

RADIUS uses UDP while uses TCP. UDP only offers best 
effort delivery, while TCP offers a connection-oriented transport. 
Also, note that RADIUS encrypts only the password in the 
access-request packet from the client to the server, while  
encrypts the entire body of the packet.

RADIUS and  logon authentication control management 
access via the console port, Web browser, or Telnet. These access 
options must be configured on the authentication server.

RADIUS and  logon authentication assign a specific 
privilege level for each user name/password pair. The user name, 
password, and privilege level must be configured on the server.

You can specify up to three authentication methods for any user to 
indicate the authentication sequence. For example, if you select (1) 
RADIUS, (2)  and (3) Local, the user name and password 
on the RADIUS server is verified first. If the RADIUS server is not 
available, then authentication is attempted using the  server, 
and finally the local user name and password is checked.

Summary of Contents for 6724AL2

Page 1: ...regate bandwidth Non blocking switching architecture Spanning Tree Protocol Up to 4 port trunks RADIUS and TACACS authentication Rate limiting for bandwidth management CoS support for four level priority Full support for VLANs with GVRP IP Multicasting with IGMP Snooping Manageable via console Web SNMP RMON Management Guide SMC6724AL2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions January 2004 Pub 150200037700A ...

Page 4: ... is granted by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 5: ...stomer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of the initial warranty whichever is longer SMC is not responsible for any custom software or firmware configuration information or memory data of Customer contained in st...

Page 6: ... BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS SO THE A...

Page 7: ... Browser Interface 2 3 Home Page 2 3 Configuration Options 2 4 Panel Display 2 4 Main Menu 2 5 Basic Configuration 2 9 Displaying System Information 2 9 Displaying Switch Hardware Software Versions 2 11 Displaying Bridge Extension Capabilities 2 14 Setting the IP Address 2 16 System Logs Configuration 2 19 Logs 2 19 System Logs 2 19 Remote Logs Configuration 2 21 Managing Firmware 2 23 Downloading...

Page 8: ...s 2 49 Configuring Global dot1x Parameters 2 51 Displaying 802 1x Statistics 2 54 Access Control Lists 2 55 Configuring Access Control Lists 2 56 Binding a Port to an Access Control List 2 63 Port Configuration 2 64 Displaying Connection Status 2 64 Configuring Interface Connections 2 66 Trunk Configuration 2 68 Statically Configuring a Trunk 2 70 Dynamically Configuring a Trunk 2 71 Setting Broad...

Page 9: ...ivate VLANs 2 121 Displaying Current Private VLANs 2 122 Configuring Private VLANs 2 123 Associating VLANs 2 125 Displaying Private VLAN Interface Information 2 126 Configuring Private VLAN Interfaces 2 128 Class of Service Configuration 2 130 Setting the Default Priority for Interfaces 2 130 Mapping CoS Values to Egress Queues 2 132 Selecting the Queue Mode 2 135 Setting the Service Weight for Tr...

Page 10: ...ng Help on Commands 3 4 Partial Keyword Lookup 3 6 Negating the Effect of Commands 3 6 Using Command History 3 6 Understanding Command Modes 3 6 Exec Commands 3 7 Configuration Commands 3 8 Command Line Processing 3 9 Command Groups 3 10 General Commands 3 12 enable 3 12 disable 3 13 configure 3 14 show history 3 15 reload 3 16 prompt 3 17 end 3 17 exit 3 18 quit 3 18 Flash File Commands 3 19 copy...

Page 11: ...show users 3 42 show version 3 43 Web Server Commands 3 44 ip http port 3 45 ip http server 3 45 ip http secure server 3 46 ip http secure port 3 47 Secure Shell Commands 3 48 ip ssh server 3 49 ip ssh 3 50 show ip ssh 3 51 disconnect ssh 3 51 show ssh 3 52 Port Security 3 53 SNTP Commands 3 54 sntp client 3 55 sntp server 3 56 sntp poll 3 57 sntp broadcast client 3 58 show sntp 3 58 clock timezon...

Page 12: ... 72 show ip redirects 3 72 ping 3 73 Line Commands 3 74 line 3 75 login 3 76 password 3 77 exec timeout 3 78 password thresh 3 79 silent time 3 80 databits 3 81 parity 3 82 speed 3 83 stopbits 3 84 show line 3 84 Interface Commands 3 85 interface 3 86 description 3 87 speed duplex 3 87 negotiation 3 89 capabilities 3 90 flowcontrol 3 91 clear counters 3 93 shutdown 3 94 switchport broadcast octet ...

Page 13: ... spanning tree transmission limit 3 113 spanning tree cost 3 114 spanning tree port priority 3 115 spanning tree portfast 3 116 spanning tree edge port 3 117 spanning tree protocol migration 3 118 spanning tree link type 3 119 show spanning tree 3 120 VLAN Commands 3 122 vlan database 3 123 vlan 3 124 interface vlan 3 125 switchport mode 3 126 switchport acceptable frame types 3 127 switchport ing...

Page 14: ...tion Commands 3 149 channel group 3 150 lacp 3 151 Rate Limit Commands 3 153 rate limit 3 153 show rate limit 3 154 Authentication Commands 3 155 authentication login 3 157 radius server host 3 158 radius server port 3 159 radius server key 3 159 radius server retransmit 3 160 radius server timeout 3 161 show radius server 3 161 tacacs server host 3 162 tacacs server port 3 162 tacacs server key 3...

Page 15: ...183 permit deny MAC ACL 3 184 mac access group 3 185 show mac access group 3 186 show mac access list 3 187 ACL Information 3 187 show access list 3 187 show access group 3 188 Priority Commands 3 189 switchport priority default 3 190 queue mode 3 191 queue bandwidth 3 192 queue cos map 3 193 show queue mode 3 195 show queue bandwidth 3 195 show queue cos map 3 196 map ip port Global Configuration...

Page 16: ...ooping 3 208 show mac address table multicast 3 209 ip igmp snooping querier 3 210 ip igmp snooping query count 3 211 ip igmp snooping query interval 3 212 ip igmp snooping query max response time 3 212 ip igmp snooping router port expire time 3 213 ip igmp snooping vlan mrouter 3 214 show ip igmp snooping mrouter 3 215 A Troubleshooting A 1 Troubleshooting Chart A 1 B Upgrading Firmware via the S...

Page 17: ...page 1 6 The switch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics graphically using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The switch s management agent is based on SNMP ...

Page 18: ... any port Configure the bandwidth of any port by rate limiting Configure up to 255 IEEE 802 1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to four static or LACP trun...

Page 19: ...rt on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable s to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the data rate to 9600 baud Set the data format to 8 data bits 1 stop bi...

Page 20: ...ss for this switch is assigned via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP or BOOTP see Setting an IP Address on page 1 6 Note This switch supports four concurrent Telnet sessions After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration p...

Page 21: ...e CLI at the Privileged Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification procedure starts 2 At the Username prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt i...

Page 22: ...s and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you...

Page 23: ...ormation from your network administrator IP address for the switch Default gateway for the network Network mask for this network To assign an IP address to the switch complete the following steps 1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 Type ip address ip address netmask where ip address is the ...

Page 24: ... is powered on To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network complete the following steps 1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP setti...

Page 25: ...s to the switch either to return information or to set a parameter the switch provides the requested data or sets the specified parameter The switch can also be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management acc...

Page 26: ...ent access to the switch is disabled To prevent unauthorized access to the switch via SNMP it is recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro rea...

Page 27: ...ntication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the fo...

Page 28: ...ation Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI Web and SNMP management interfaces See Managing Firmware on page 2 23 for more information Diagnostic Code Software that is run during system boot up also known as POST Power On Self Test This code also provides a facility to upload firmware file...

Page 29: ...iles should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 30: ...nction Parameter Default IP Settings Management VLAN 1 DHCP Enabled BOOTP Disabled User Specified Disabled IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Web Management HTTP Server Enabled HTTP Port Number 80 SNMP Community Strings public read only private read write Authentication Failure Traps Enabled Link up Down Traps Enabled Security Privileged Exec Level Username admin Pass...

Page 31: ...bled 100BASE TX FX 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex Full duplex flow control disabled 1000BASE T 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled 1000BASE X 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow co...

Page 32: ...ass of Service Ingress Port Priority 0 Weighted Round Robin 1 2 4 6 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled Multicast Filtering IGMP Snooping Enabled Act as Querier Enabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 32000 octets second System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0...

Page 33: ...r 3 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol see Setting the IP Address on page 2 16 2 Set user names and passwords using an out of band serial connection Access to the Web ag...

Page 34: ...etween your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding to improve the switch s response time to management commands issued through the Web interface See Displaying Interface Settings on page 2 98 ...

Page 35: ...played as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics If this is your first time to access the management agent you should define a new Administrator user name and password record them and put them in a safe place S...

Page 36: ...e to click on the Apply button to confirm the new setting The following table summarizes the Web page configuration buttons Panel Display The Web agent displays an image of the switch s ports indicating whether each link is up or down Clicking on the image of a port opens the Port Configuration page as described on page 2 67 Button Action Apply Sets specified values to the system Revert Cancels sp...

Page 37: ...nfiguration Sets the IP address for management access 2 16 System Logs Sends error messages to a logging process 2 19 Logs Stores and displays error messages 2 21 Remote Logs Configures the logging of messages to a remote logging process 2 21 Firmware Manages code image files 2 23 Configuration Manages switch configuration files 2 25 Reset Restarts the switch 2 28 SNTP 2 28 SNTPConfiguration Confi...

Page 38: ...resses 2 57 ACL Port Binding Binds a port to the specified ACL 2 64 Port 2 65 Port Information Displays port connection status 2 65 Trunk Information Displays trunk connection status 2 65 Port Configuration Configures port connection settings 2 67 TrunkConfiguration Configures trunk connection settings 2 69 Trunk Membership Specifies ports to group into static trunks 2 71 LACP Configuration Allows...

Page 39: ... VLAN Basic Information Displays basic information on the VLAN type supported by this switch 2 110 VLAN Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 2 111 VLAN Static List Used to create or remove VLAN groups 2 113 VLAN Static Table Modifies the settings for an existing VLAN 2 115 VLAN Static Membership Configures membership type for i...

Page 40: ... 2 138 IP Precedence Priority Sets IP Type of Service priority mapping the precedence tag to a class of service value 2 140 IP DSCP Priority Sets IP Differentiated Services Code Point priority mapping a DSCP tag to a class of service value 2 142 IP Port Priority Status Globally enables or disables IP Port Priority 2 144 IP Port Priority Sets TCP UDP port priority defining the socket number and ass...

Page 41: ...II object ID for switch s network management subsystem Location Specifies the system location Contact Administrator responsible for the system System Up Time Length of time the management agent has been up IP Multicast Registration Table Displays all multicast groups active on this switch including multicast IP addresses and VLAN ID 2 153 IGMP Member Port Table Indicates multicast addresses associ...

Page 42: ...ick System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet ...

Page 43: ...of the main board Console config hostname SMC6724AL2 3 28 Console config snmp server location TPS 3rd Floor 3 62 Console config snmp server contact Chris 3 61 Console show system 3 41 System description TigerSwitch 10 100 6724AL2 System OID string 1 3 6 1 4 1 202 20 31 System information System Up time 0 days 1 hours 44 minutes and 20 41 seconds System Name SMC6724AL2 System Location TPS 3rd Floor...

Page 44: ...e redundant power supply CLI only Management Software Loader Version Version number of loader code Boot ROM Version Version number of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows if the switch is stacked or operating stand alone Expansion Slot Expansion Slot 1 2 Slots for expansion modules ...

Page 45: ...on information Console show version 3 43 Unit1 Serial number ag1005 Service tag Hardware version Module A type not present Module B type not present Number of ports 24 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 2 1 0 3 Boot rom version 2 0 1 0 Operation code version 2 0 4 2 Console ...

Page 46: ...affic classes Refer to Class of Service Configuration on page 2 131 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 2 86 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the defau...

Page 47: ...twork This function should be enabled to permit VLAN groups which extend beyond the local switch Web Click System Bridge Extension Configuration CLI Enter the following command Console show bridge ext 3 143 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capabl...

Page 48: ...e connected to any port on the switch However if other VLANs are configured and you change the Management VLAN you may lose management access to the switch In this case you should reconnect the management station to a port that is a member of the Management VLAN IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or...

Page 49: ...f this switch Manual Configuration Web Click System IP Configuration Specify the management interface IP address and default gateway then click Apply CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 Console config if ip address 192 168 10 3 255 255 255 0 3 68 Console config if exit Console config ip default gateway 0 0 0 0 3 70 Cons...

Page 50: ...DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit a client request to restart DHCP service Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settin...

Page 51: ...ork problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded Logs The Logs page allows you to scroll through the logged system and event messages The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entr...

Page 52: ...d to the switch s temporary RAM memory for all levels up to the specified level For example if level 7 is specified all messages from level 0 to level 7 will be logged to RAM Note The Flash Level must be equal to or less than the Ram Level Web Click System Log System Logs Specify System Log Status then change the level of messages and click Apply CLI Specify the hostname location and contact infor...

Page 53: ...ote logging of syslog messages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be ...

Page 54: ...dress choose the facility type and set the logging trap Console config logging host 10 1 0 9 Console config logging facility 23 Console config logging trap 4 Console config Console show logging trap Syslog logging Enable REMOTELOG status enable REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip address 10 1 0 9 REMOTELOG server ip address 0 0 0 0 REMOTE...

Page 55: ... letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note Up to two copies of the system software i e the runtime firmware can be stored in the file directory on the switch The currently designated startup version of this file cannot be deleted Downloading S...

Page 56: ...peration code used at startup and click Apply Changes To start the new firmware reboot the system via the System Reset menu CLI Enter the IP address of the TFTP server select config or opcode file type then enter the source and destination file names set the new file to start up the system and then restart the switch Console copy tftp file 3 19 TFTP server ip address 10 1 0 99 Choose file type 1 c...

Page 57: ...s settings Command Attributes TFTP Server IP Address The IP address of a TFTP server Destination File Name The configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of us...

Page 58: ... the TFTP server but cannot be used as a destination file name on the switch Web Click System File Configuration Enter the IP address of the TFTP server enter the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Transfer from Server Setting the Startup Configuration File If you download to a new file name then select the new file from ...

Page 59: ...this file as the startup file at a later time and then restart the switch Console copy tftp startup config 3 19 TFTP server ip address 192 168 1 19 Source configuration file name startup2 0 Startup configuration file name startup startup2 0 Console Console config Console config boot system config startup2 0 3 25 Console config exit Console reload Console copy running config file 3 19 destination f...

Page 60: ...h enables the system log to record meaningful dates and times for event entries You can also manually set the clock using the CLI See calendar set on page 3 59 If the clock is not set the switch will only record the time from the factory default set at the last bootup This switch acts in a unicast mode The switch periodically sends a request for a time update to a configured time server You can co...

Page 61: ... a time update from a time server Range 16 16284 seconds Default 16 seconds SNTP Server Sets the IP address for up to three time servers The switch attempts to update the time from the first server if this fails it attempts an update from the next server in the sequence Web Select SNTP Configuration Modify any of the required parameters and click Apply CLI This example configures the switch to ope...

Page 62: ...or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply CLI This ex...

Page 63: ... as HP OpenView Access rights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings and related trap functions are described in the following sections Setting Community Access Strings You may configure up to five community strings auth...

Page 64: ...drop down list then click Add CLI The following example adds the string spiderman with read write access Specifying Trap Managers Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as HP OpenView You can specify up to five...

Page 65: ...anagement station to receive trap messages Trap Manager Community String Specifies a valid community string for the new trap manager entry Though you can set this string in the Trap Managers table we recommend that you define this string in the SNMP Protocol table as well Range 1 32 characters case sensitive Trap Version Indicates if the user is running version 1 or version 2c Enable Authenticatio...

Page 66: ...box and the Trap Manager Community String box mark Enable Authentication Traps if required and then click Add CLI This example adds a trap manager and enables authentication traps Console config snmp server host 10 1 19 23 batman 3 63 Console config snmp server enable traps authentication 3 64 ...

Page 67: ...board agent You should therefore assign a new administrator password as soon as possible and store it in a safe place If for some reason your password is lost you can delete all the user defined configuration files to restore the factory defaults and the default password as described in Upgrading Firmware via the Serial Port on page B 1 The default guest name is guest with the password guest The d...

Page 68: ...ods RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to a switch Like RADIUS Terminal Access Controller Access Contr...

Page 69: ...tire body of the packet RADIUS and TACACS logon authentication control management access via the console port Web browser or Telnet These access options must be configured on the authentication server RADIUS and TACACS logon authentication assign a specific privilege level for each user name password pair The user name password and privilege level must be configured on the server You can specify u...

Page 70: ...equence RADIUS Settings Server IP Address Address of the RADIUS server Default 10 1 0 1 Server Port Number Network UDP port of the RADIUS server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Number of Server Transmits Number of times the sw...

Page 71: ...9 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 32 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI Web Click Security Authentication Settings Specify the authentication sequence server address port number and other parameters then click A...

Page 72: ... config authentication login radius 3 156 Console config radius server host 192 168 1 25 3 157 Console config radius server port 181 3 158 Console config radius server key green 3 158 Console config radius server retransmit 5 3 159 Console config radius server timeout 10 3 160 Console show radius server 3 160 Server IP address 192 168 1 25 Communication key with radius server green Server port num...

Page 73: ... Navigator 4 x The following Web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 2 42 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP port number used for HTTPS SSL connection to the swit...

Page 74: ... the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you ...

Page 75: ...he older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled managem...

Page 76: ...waits for a response from a client during an authentication attempt Range 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Web Click Security SSH Settings Enable SSH and adjust the authentication param...

Page 77: ...ough that port To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other devi...

Page 78: ...nk to be enabled A port that is already configured as an LACP or static trunk port cannot be enabled as a secure port The default maximum number of MAC addresses allowed on a secure port is zero You must configure a maximum address count from 1 20 for the port to allow access Command Attributes Status Enables or disables port security on the port Default disabled Max MAC Count Sets the maximum num...

Page 79: ...lick Apply CLI This example selects the target port then uses the port security max mac count command to set the maximum MAC addresses allowed on the port Use the port security command to enable security for the port Console config interface ethernet 1 5 Console config if port security max mac count 10 Console config if port security Console config if ...

Page 80: ...client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the ...

Page 81: ...e Each client that needs to be authenticated must have dot1x client software installed and properly configured The RADIUS server and 802 1x client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type MD5 TLS TTLS PEAP etc Some clients have native support in window...

Page 82: ...n exceeded before attempting to acquire a new client Timeout for Re authentication Period Indicates the time period after which a connected client must be re authenticated Timeout for TX Period The time period during an authentication session that the switch waits before re transmitting an EAP packet Supplicant timeout The time the switch waits for a client response to an EAP request Server timeou...

Page 83: ...age 3 168 Console show dot1x 3 168 Global 802 1X Parameters reauth enabled no reauth period 3600 quiet period 60 tx period 30 supp timeout 30 server timeout 30 reauth max 2 max req 2 802 1X Port Summary Port Name Status Mode Authorized 1 disabled ForceAuthorized yes 2 disabled ForceAuthorized n a 3 disabled ForceAuthorized n a 4 disabled ForceAuthorized n a 23 disabled ForceAuthorized n a 24 disab...

Page 84: ...imum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session Range 1 10 Default 2 Timeout for Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 seconds Timeout for Re authentication Period Sets th...

Page 85: ...rt Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise Force Unauthorized Forces the port to deny access to all clients either dot1x aware or otherwise Co...

Page 86: ... on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk port Web Select Security 802 1X Port Configuration CLI In Interface mode type dot1x port control auto or use the no form to disable Console config interface ethernet 1 2 Console config if dot1x port control auto 3 164 Console config if ...

Page 87: ...mber of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the m...

Page 88: ...es based on address protocol TCP UDP port number or TCP control code or any frames based on MAC address or Ethernet type To filter incoming packets first create an access list add the required rules and then bind the list to a specific port Console show dot1x statistics 3 168 Eth 1 2 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 0 0 0 0 0 0 0 Last Last...

Page 89: ... list the packet is accepted Note An ACL can contain up to 32 rules Command Attributes ACL Configuration Setting the Name and Type Name Name of the ACL Maximum length 16 characters Type There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type ...

Page 90: ...ned ACL Configuration Configuring an Extended IP ACL Action An ACL can contain all permit rules or all deny rules Default Permit rules Src Dst IP Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default An...

Page 91: ...ay be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control flag 2 2 Both SYN and ACK valid use control flag 18 18 SYN valid and ACK invalid use control flag 2 18 ACL Configuration Configuring a MAC ACL Action An ACL can conta...

Page 92: ... ACL List name in the Name field 3 Select the list type IP Standard IP Extended or MAC 4 Click Add to open the configuration page for the new list CLI This example creates a standard IP ACL named david Standard IP ACL Web 1 Specify the action i e Permit or Deny 2 Select the address type Any Host or IP where Host means a specific address and IP means an address range 3 If you selected Host enter th...

Page 93: ...r the host address If you selected IP enter the subnet address and mask 4 Select the destination IP Any Host or IP 5 Select the service type TOS Precedence or DSCP 6 Select the protocol type TCP UDP or Others where the range for others includes protocol numbers 0 255 7 Enter the TCP UDP source and destination port numbers Range 0 65535 8 If you selected TCP protocol type then you can also specify ...

Page 94: ...rough 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP 3 Permit all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit 10 7 1 1 255 255 255 0 any 3 175 Console config ext acl permit 192 168 1 0 255 255 255 0 any destination port 80 Console config ext acl per...

Page 95: ...sing a binary bitmask to indicate an address range 4 Specify the Destination MAC and a Destination Mask if required 5 Specify the VID and the Ethernet Type as a protocol number Range 1536 65535 Default all 6 Click Add CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29...

Page 96: ...ess List to enable for a port Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ACL select the required ACL from the drop down list then click Apply CLI This example assigns an IP and MAC access list to port 1 and an IP access list to port 2 Console config interface ethernet 1 1 3 85 Console config if ip access group david in 3 178 Console config if mac ...

Page 97: ...00BASE SX 1000BASE LX or 1000BASE GBIC Admin Status Shows if the interface is enabled or disabled Web Displays Enabled or Disabled CLI Displays Port Admin up or down Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Flow Control Status Indicates the type of flow control currently in use Autonegotiation Shows if auto negotiation is enabled o...

Page 98: ...rnet 1 13 3 94 Information of Eth 1 13 Basic information Port type 100tx Mac address 00 30 f1 47 58 46 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 3200 octets second Flow control Disabled Lacp Disabled Port Security Disabled Max Mac count 0 Current status Link status Down Operation speed duplex 100full ...

Page 99: ...th auto negotiation disabled Flow Control Allows automatic or manual selection of flow control Autonegotiation Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 Mb...

Page 100: ...ng signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Trunk Indicates if a port is a member of a trunk To create trunks and select port members see Trunk Configuration on page 2 69 Note Autonegotia...

Page 101: ...CP configured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another device are also configured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than four ports all other ports will be placed in a standby mode Should...

Page 102: ...four trunks on the switch with up to four ports per trunk The ports at both ends of a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard When configuring static trunks you may not be able to link switches of different types depending on the manufacturer s implementation The ports at...

Page 103: ...EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Web Click Port Trunk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add A...

Page 104: ...e assigned the next available trunk ID Console config interface port channel 1 3 85 Console config if exit Console config interface ethernet 1 11 Console config if channel group 1 3 148 Console config if exit Console config interface ethernet 1 12 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 3 94 Information of Trunk 1 Basic information Port...

Page 105: ... and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply ...

Page 106: ...st storms by setting a threshold for broadcast traffic Any broadcast octets exceeding the specified threshold will then be dropped Console config interface ethernet 1 17 Console config if lacp 3 149 Console config if exit Console config interface ethernet 1 18 Console config if lacp Console config if end Console show interfaces status port channel 1 3 94 Information of Trunk 1 Basic information Po...

Page 107: ...s 64 95232000 octets per second Default 32000 octets per second Protect Status Shows whether or not broadcast storm control has been enabled Default Enabled Web Click Port Broadcast Control Set the threshold for specific ports click Apply CLI Specify an interface and then enter the threshold This threshold will then be set for all ports The following sets broadcast suppression at 1000 octets per s...

Page 108: ...therwise traffic may be dropped from the monitor port When mirroring port traffic the target port must be included in the same VLAN as the source port A source port can only mirror traffic to one target port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose traffic will be monitored Source Port The port whose traffic will be monitored Type All...

Page 109: ...ate for traffic transmitted or received on a port Rate limiting is configured on ports at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traf...

Page 110: ...is 512 Kbps 1 Mbps or 3 3 Mbps For Gigabit Ethernet interfaces the rate limit granularity is 33 3 Mbps Web Click Port Rate Limit Granularity Choose the required rate limit for Fast Ethernet and Gigabit Ethernet Granularity and click Apply CLI This example displays Fast Ethernet and Gigabit Ethernet granularity Console show rate limit 3 153 Fast ethernet granularity 3300 Gigabit ethernet granularit...

Page 111: ...l interfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or disables the rate limit Rate Limit Level Sets the rate limit level Range 1 30 Default 30 Note Actual Rate limit Rate Limit Level Granularity Web Click Port Rate Limit Input Output Rate Limit Port Trunk Configuration Enable the Rate Limit Status for the required interfaces set the Rate Limit Level and c...

Page 112: ...ted since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default Note RMON groups 2 3 and 9 can only be accessed using SNMP management software Statistical Values Console config interface ethernet 1 3 3 85 Console config if rate limit input level 3 3 151 Console config if rate limit output level 3 3 151 Console config if exit Console config i...

Page 113: ...s The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent Transmit Broadc...

Page 114: ...icular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR mess...

Page 115: ...CS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Oversize Frames The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received...

Page 116: ...CONFIGURING THE SWITCH 2 84 Web Click Port Port Statistics Select the required interface and then click Query You can also use the Refresh button at the bottom of the page to update the screen ...

Page 117: ...errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize p...

Page 118: ...ic address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts The number of manually configured addresses Current Static Address Table Lists all the static ...

Page 119: ...he Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Console config mac address table static 00 e0 29 94 3...

Page 120: ...le Sort Key You can sort the information displayed based on interface port or trunk or MAC address Dynamic Address Counts The number of addresses dynamically learned Current Dynamic Address Table Lists all the dynamic addresses Web Click Address Table Dynamic Addresses Specify the search type i e Interface MAC Address or VLAN the method of sorting the displayed addresses then click Query ...

Page 121: ...can change the aging time for entries in the dynamic address table Command Attributes Aging Time The time after which a learned entry is discarded Range 10 30000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time then click Apply Console show mac address table ethernet 1 11 3 101 Interface Mac Address Vlan Type Eth 1 11 00 10 b5 62 03 74 1 Learned Console ...

Page 122: ...t a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device It selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from th...

Page 123: ...ils and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs Displaying Global Settings Command Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the swi...

Page 124: ...e through this port If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Root Hello Time Interval in seconds at which this device transmits a configuration message Root Maximum Age The maximum time in seconds this device can wait without receiving a configuration...

Page 125: ...to a discarding state otherwise temporary data loops might result Root Hold Time The interval in seconds during which no more than two bridge configuration protocol data units shall be transmitted by this node Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured CLI only Web Click Spanning Tree STA...

Page 126: ...onsole show spanning tree 3 118 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enable Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 0030f147583a Current root port 0 Current root cost 0 Number of topology changes 1 Last topology changes...

Page 127: ...les STA on this switch Default Enabled Spanning Tree Type Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default Priority Bridge priority is used in selecting the root device root port and designated port The...

Page 128: ...f it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to lear...

Page 129: ...hat can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Web Click Spanning Tree STA Configuration Modify the r...

Page 130: ...ort address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the sma...

Page 131: ... port must communicate to reach the root of the Spanning Tree Designated Port The port priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detect...

Page 132: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured...

Page 133: ...ce end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reco...

Page 134: ...e RSTP Spanning tree enable disable enable Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 00A0CA445566 Current root port 0 Current root cost 0 Number of topology changes 2 Last topology changes time sec 2209 Transmission limit 5 Path Cost Method long Eth 1 1 informati...

Page 135: ...receiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for...

Page 136: ... to exactly one other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can p...

Page 137: ...ion button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default Disabled Web Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply CLI This example sets STA attributes for port 5 Console config interface ethernet 1 5 Console config if spanning tree port priority 0 3 113 Console...

Page 138: ...t by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes ...

Page 139: ...ate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not support VLAN tagging VLAN Classification When the switch r...

Page 140: ...omatically place the receiving port in the specified VLANs and then forward the message to all other ports When the message arrives at another switch that supports GVRP it will also place the receiving port in the specified VLANs and pass the message on to all other ports VLAN requirements are propagated in this way throughout the network This allows GVRP compliant devices to be automatically conf...

Page 141: ...s When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first ...

Page 142: ...rmation page displays basic information on the VLAN type supported by the switch Command Attributes VLAN Version Number The VLAN version used by this switch as specified in the IEEE 802 1Q standard Maximum VLAN ID Maximum VLAN ID recognized by this switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web only Console config bridge ext gvrp 3 142 Co...

Page 143: ...one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Console show bridge ext 3 143 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicas...

Page 144: ...untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry ...

Page 145: ...e groups Command Attributes Current Lists all the current VLAN groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name ...

Page 146: ... is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged Web Click VLAN 802 1Q VLAN Static List To create a new VLAN enter the VLAN ID and VLAN name mark the Enable checkbox to activate the VLA...

Page 147: ...17 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 2 118 Console config vlan database 3 121 Console config vlan 2 name R D media ethernet state act...

Page 148: ...d that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For mo...

Page 149: ...ndex Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tagged member Console config interface ethernet 1 1 Console config if switchport allowed vlan add 2 tagged 3 128 Console config if exit Console config interface ethernet 1 2 Conso...

Page 150: ...er or click Remove to remove the interface After configuring VLAN membership for each interface click Apply CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces including the default VLAN identifier PVID accepted frame types ingress filtering GVRP status and GARP timer...

Page 151: ... experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before...

Page 152: ...frames such as GVRP or STP However it does affect VLAN dependent BPDU frames such as GMRP GVRP Status Enables disables GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect See Displaying Bridge Extension Capabilities on page 2 14 When disabled any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated fro...

Page 153: ... of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Mode Indicates VLAN membership mode for an interface Default 1Q Trunk 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN ...

Page 154: ...ity VLANs A primary VLAN allows traffic to pass between promiscuous ports and between promiscuous ports and isolated or community ports subordinate to the primary VLAN An isolated VLAN allows traffic to pass only between isolated ports and promiscuous ports all other traffic between ports in the VLAN is blocked A community VLAN conveys traffic between community ports and from the community ports t...

Page 155: ...ous ports in its own VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through a promiscuous port Then assign any promiscuous ports to a primary VLAN and any host ports a secondary VLAN i e community VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch including ...

Page 156: ...d as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLANs The Private VLAN Configuration page is used to create remove primary or community VLANs Console show vlan private vlan 3 137 Primary Secondary Type Interfaces 5 primary Eth1...

Page 157: ...ociated promiscuous ports Current Displays a list of the currently configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then click Remove Note that all member ports must be removed from the VLAN before it can be deleted CLI ...

Page 158: ... associated with the selected primary VLAN Non Association Community or isolated VLANs not associated with the selected primary VLAN Web Click VLAN Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN An isolated or community VLAN can onl...

Page 159: ...omiscuous port s Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Isolated VLA...

Page 160: ...nd 5 have been configured as host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to set the private VLAN interface type and associate the interfaces with a private VLAN Console show vlan private vlan 3 137 Primary Secondary T...

Page 161: ...omiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs If PVLAN type is Promiscuous then specify the associated primary VLAN For Host type the Primary VLAN displayed is the one to which the selected secondary VLAN has been associated Secondary VLAN On this switch all secondary VLANs are community VLANs A community VLAN conveys traffic between commun...

Page 162: ...and mapped to VLAN 5 while ports 4 and 5 have been configured as host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console config interface ethernet 1 3 Console config if switchport mode private vlan promiscuous 3 134 Console config if switchport private vlan mapping 5 3 136 Console config if exit Console config interface ethernet 1 4 Conso...

Page 163: ...he mapping of frame priority tags to the switch s traffic classes Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate egress queue at the output port Command Usage This switch provides four egress queues...

Page 164: ... Priority Modify the default priority for any interface then click Apply CLI This example assigns a default priority of 5 to port 3 Console config interface ethernet 1 3 Console config if switchport priority default 5 3 189 Console config if end Console show interfaces switchport ethernet 1 5 3 97 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second Lacp status Disabled VLAN membe...

Page 165: ...ic by using four egress queues for each port with service schedules based on Weighted Round Robin WRR Up to 8 separate traffic priorities are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table Queue 0 1 2 3 Priority Level 0 1 2 3 4 5 6 7 ...

Page 166: ...lication traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 3 where 3 is the highest CoS egress queue CLI shows Queue ID Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than...

Page 167: ...shows how to map CoS values 1 and 2 to CoS egress queue 0 value 0 and 3 to CoS egress queue 1 values 4 and 5 to CoS egress queue 2 and values 6 and 7 to CoS egress queue 3 Console config interface ethernet 1 1 Console config queue cos map 0 1 2 3 192 Console config queue cos map 1 0 3 Console config queue cos map 2 4 5 Console config queue cos map 3 6 7 Console config exit Console show queue cos m...

Page 168: ...on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 1 4 16 for egress queues 0 through 3 respectively Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower pr...

Page 169: ...ssign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue Weight Value Sets a new weight...

Page 170: ...r Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP...

Page 171: ... both priority services This is the default setting IP Precedence Maps layer 3 4 priorities using IP Precedence IP DSCP Maps layer 3 4 priorities using Differentiated Services Code Point Mapping Web Click Priority IP Precedence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu CLI The following example enables IP Precedence service on the switch Console config...

Page 172: ...to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value 0 7 Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Note IP ...

Page 173: ... IP Precedence service on the switch maps IP Precedence value 1 to CoS value 0 on port 5 and then displays all the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip precedence 3 197 Console config interface ethernet 1 5 Console config if map ip pr...

Page 174: ...ds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represen...

Page 175: ...r trunk from the Interface field Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to all interfaces on the switch ...

Page 176: ...number in the frame header Some of the more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority Interface Selects the port or trunk interface to which the settings apply IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Console config map ip dscp ...

Page 177: ...ity Status Set IP Port Priority Global Status to Enabled Web Click Priority IP Port Priority Select a port or trunk from the Interface field Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box and then click Add IP Port Mapping specific values for IP Precedence is implemented as an interface configuration command but any chang...

Page 178: ...s only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 2 133 Command Attributes IP ACL Name Name of the IP ACL IP CoS 0 7 CoS value used for packets matching an IP ACL rule Range 0 7 MAC ACL Name Name of the MAC ACL MAC CoS 0 7 CoS value used for packets matching a MAC ACL rule Range 0 7 F...

Page 179: ...e network and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on the hosts which subscribed to this service This switch uses IGMP Inte...

Page 180: ...t multicast traffic This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance Command Usage IGMP Snooping This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers switches and IP multicast host groups to identify the IP multicast group members It simply monitors the IGMP packets passing through i...

Page 181: ...r which there has been no response before the switch takes action to drop a client from the multicast group Default 2 Range 2 10 IGMP Query Interval Sets the frequency in seconds at which the switch sends IGMP host query messages Default 125 Range 60 125 IGMP Report Delay Sets the time in seconds between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP...

Page 182: ...s Console config ip igmp snooping 3 205 Console config ip igmp snooping querier 3 209 Console config ip igmp snooping query count 10 3 210 Console config ip igmp snooping query interval 100 3 211 Console config ip igmp snooping query max response time 20 3 211 Console config ip igmp snooping query time out 300 3 212 Console config ip igmp snooping version 2 3 207 Console config exit Console show i...

Page 183: ...ch Displaying Interfaces Attached to a Multicast Router You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interfac...

Page 184: ...ork to an interface port or trunk on your switch you can manually configure that interface to join all the current multicast groups This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicas...

Page 185: ...N 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast IP address Command Attributes VLAN ID Selects the VLAN in which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Ports propagating a multicast service i e ports that belong to the indicated VLAN group...

Page 186: ...tically configured Adding Multicast Addresses to VLANs Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping Parameters on page 2 148 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First add all the ports attached to participating hosts to ...

Page 187: ...ll multicast traffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the multicast ...

Page 188: ...s all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet 1 12 3 206 Console config exit Console show mac address table multicast vlan 1 3 208 VLAN M cast IP addr Member ports Type 1 224 0 0 12 Eth1 12 USER 1 224 1 2 3 Eth1 12 IGMP Console ...

Page 189: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 190: ...tch is unassigned by default To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an i...

Page 191: ...l access mode i e Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of key...

Page 192: ...sword for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining ch...

Page 193: ...face history Information of history interfaces Information of interfaces ip IP information line TTY line information logging Show the contents of logging buffers mac address table Set configuration of the address table map Map priority port Characteristics of the port queue Information of priority queue radius server Radius server information running config The system configuration of running snmp...

Page 194: ...CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configu...

Page 195: ...session with the user name and password admin The system will now display the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by entering the enable command followed by the privileged level password super page 3 12 To enter Privileged Exec mode enter the following commands and passwords Class Mode Exec Normal Privileged Configuration Global Interface Lin...

Page 196: ...and snmp server community Access Control List Configuration These commands are used for packet filtering DHCP Configuration These commands are used to configure the DHCP server Interface Configuration These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include commands such as parit...

Page 197: ...mmands to enter interface configuration mode and then return to Privileged Exec mode Command Line Processing Commands are not case sensitive You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You can use the Tab key to complete partial commands or enter a partial command Console configure...

Page 198: ...t word typed Delete key or backspace key Erases a mistake when entering a command Command Group Description Page General Basic commands for entering privileged access mode restarting the system or quitting the CLI 3 12 Flash File Manages code image or switch configuration files 3 19 System Management Controls system logs system passwords user name browser management options and a variety of other ...

Page 199: ...ithout affecting the data passing through or the performance of the monitored port 3 145 Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggregation Control Protocol for port trunks 3 148 Rate Limiting Controls the maximum rate for traffic transmitted or received on a port 3 152 Authentication Configures RADIUS and TACACS client server authentication f...

Page 200: ...Understanding Command Modes on page 3 6 Command Function Mode Page enable Activates privileged mode NE 3 12 disable Returns to normal mode from privileged mode PE 3 13 configure Activates global configuration mode PE 3 14 show history Shows the contents of the command history buffer NE PE 3 15 reload Restarts the system PE 3 16 prompt Customizes the CLI prompt GC 3 17 end Returns to Privileged Exe...

Page 201: ...et this password see the enable password command on page 3 29 The character is appended to the end of the prompt to indicate that the system is in privileged access mode Example Related Commands disable 3 13 enable password 3 29 disable Use this command to return to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or E...

Page 202: ...command to activate Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See Understanding Command Modes on page 3 6 Default Setting None Command Mode Privileged Exec Example Con...

Page 203: ...nfiguration commands Example In this example the show history command lists the contents of the command history buffer The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are Console show history Execution command history 2 config 1 show history Configuration c...

Page 204: ...restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch Console 2 Console config Console config Console reload System wil...

Page 205: ...cters Default Setting Console Command Mode Global Configuration Example end Use this command to return to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console config prompt SMC6724AL2 SMC6724...

Page 206: ... to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit Use this command to exit the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Console config exit Console exit Press ENTER to start session User Access Verification Username ...

Page 207: ...ater be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection Console quit Press ENTER to start session User Access Verification Username Command Function Mode Page copy Copies a code image or a switch configuration to or from flash memory or a TFTP server PE 3 19 delete Delete...

Page 208: ...ies a HTTPS certificate from a TFTP server to the switch Default Setting None Command Mode Privileged Exec Command Usage The system prompts for data required to complete the copy command The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for fi...

Page 209: ...ile on the TFTP server The following example shows how to copy the running configuration to a startup file The following example shows how to download a configuration file Console copy file tftp Choose file type 1 config 2 opcode 1 2 1 Source file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 Console Console copy running config file destination file name startup Wr...

Page 210: ...mage name Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 3 23 Console delete test2 cfg Console ...

Page 211: ...e Name of the file or image If this file exists but contains errors information on this file cannot be shown Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files File information is shown below Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config...

Page 212: ...or a description of the file information displayed by this command Console dir file name file type startup size byte LEO_X_Diag_v2 0 1 0 bix Boot Rom image Y 169912 LEO_X_SMC_V2042 bix Operation Code Y 1319328 Factory_Default_Config cfg Config File N 2665 startup Config File Y 2835 Total free space 5505024 Console Console whichboot file name file type startup size byte LEO_X_Diag_v2 0 1 0 Boot Rom...

Page 213: ...t ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Example Related Commands dir 3 23 whichboot 3 24 Console config boot system...

Page 214: ...password to control access to various Privileged Exec levels GC 3 29 Event Logging Commands logging on Controls logging of error messages GC 3 31 logging history Limits syslog messages saved to switch memory based on severity GC 3 31 logging host Adds a syslog server host IP address that will receive logging messages GC 3 33 logging facility Sets the facility type for remote logging of syslog mess...

Page 215: ...ows the switch to be monitored or configured from a browser GC 3 45 ip http secure server Enables HTTPS SSL for encrypted communications GC 3 46 ip http secure port Specifies the UDP port number for HTTPS SSL GC 3 47 Secure Shell Commands ip ssh server Enables the SSH server on the switch GC 3 49 ip ssh Specifies the authentication timeout for the SSH server and the number of retries allowed by a ...

Page 216: ...le username Use this command to add named users require authentication at login specify or change a user s password or specify that no password is required or specify or change a user s access level Use the no form to remove a user name Syntax username name access level level nopassword password 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maxi...

Page 217: ...th legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how to set the access level and password for a user enable password After initially logging onto the system you should set the Priv...

Page 218: ...r Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 3 12 The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading ...

Page 219: ...d to switch memory or sent to remote syslog servers You can use the logging history command to control the type of error messages that are stored in memory The logging trap command controls the type of error messages that are sent to specified syslog servers Example Related Commands logging history 3 31 logging trap 3 35 clear logging 3 36 logging history Use this command to limit syslog messages ...

Page 220: ... Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Levels Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpected return errors 3 Error conditions e g invalid i...

Page 221: ...st_ip_address no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example Console config logging history ram 0 Console config Console config logging host 10 1 0 3 ...

Page 222: ...o form to return the type to the default Syntax logging facility type no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Example Console config logging facility 19 Console config ...

Page 223: ...etting Level 3 0 Command Mode Global Configuration Level Name Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpected return errors 3 Error conditions e g invalid input default used critical 2 Critical conditions e g memory allocation or...

Page 224: ... RAM i e memory flushed on power reset Default Setting Flash and RAM Command Mode Privileged Exec Example Related Commands show logging 3 36 show logging Use this command to display the logging configuration along with any system and event messages stored in memory Syntax show logging flash ram trap flash Event history stored in flash memory i e permanent memory Console config logging trap 4 Conso...

Page 225: ...ote syslog servers has been enabled via the logging host command the message level s that are sent and a list of configured syslog server IP addresses Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message level for RAM is debugging i e default level 7 0 and lists one sample error Console show logging flash ...

Page 226: ...in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for...

Page 227: ... username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface vlan 1 ip address 0 0 0 0 255 0 0 0 ip address dhcp line console line vty en...

Page 228: ...ation stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each inter...

Page 229: ...ame admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface vla...

Page 230: ...ss of Telnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System description TigerSwitch 10 100 6724AL2 System OID string 1 3 6 1 4 1 202 20 31 System information System Up time 0 days 1 hours 1 minutes and 1 93 seconds System Name SMC6724Al2 System Location NONE System Contact NONE MAC address 00 30 F1 6E 0D E0 Web server enable Web server port 80 Web s...

Page 231: ...oftware version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 2 11 for detailed information on software items Console show users Username accounts Username Privilege guest 0 admin 15 Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 00 00 1 vty 0 admin 0 04 37...

Page 232: ... present Agent master Unit id 1 Loader version 2 1 0 0 Boot rom version 2 0 0 7 Operation code version 2 0 3 1 Console Command Function Mode Page ip http port Specifies the port to be used by the Web browser interface GC 3 45 ip http server Allows the switch to be monitored or configured from a browser GC 3 45 ip http secure server Enables HTTPS SSL for encrypted communications GC 3 46 ip http sec...

Page 233: ...e TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands logging on 3 31 ip http server Use this command to allow this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 234: ...d Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital ce...

Page 235: ...nds ip http secure port 3 47 copy tftp https certificate 3 19 ip http secure port Use this command to specify the UDP port number used for HTTPS SSL connection to the switch s Web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Web Browser Operating System Internet Explorer...

Page 236: ...nted for Microsoft Windows and other environments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement f...

Page 237: ... Syntax no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 3 49 ip ssh Specifies the authentication timeout for the SSH server and the n...

Page 238: ...ssh timeout seconds authentication retries count no ip ssh timeout authentication retries seconds The timeout for client response during SSH negotiation Range 1 120 count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting timeout 120 seconds retries 3 Command Mode Global Configuration Command Usage The timeout specifies the interval the swi...

Page 239: ... ssh 3 50 disconnect ssh Use this command to terminate a Secure Shell SSH client connection Syntax disconnect ssh connection id connection id The session identifier as displayed in the show users command Command Mode Privileged Exec Console config ip ssh timeout 60 Console config ip ssh authentication retires 2 Console config Console show ip ssh Information of secure shell SSH status enable SSH au...

Page 240: ...0 Console Console show ssh Information of secure shell Session Username Version Encrypt method Negotiation state 0 admin 1 5 cipher 3des session started Console Field Description Session The session number Range 0 3 Username The user name of the client Version The Secure Shell version number Encrypt method The encryption method Options cipher des cipher 3des Negotiation state The authentication ne...

Page 241: ...ly learn MAC addresses until the specified number has been reached and then stop Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port You can also manu...

Page 242: ... Commands The system clock can be dynamically set by polling a set of specified time servers NTP or SNTP Console config interface ethernet 1 5 Console config if port security max mac count 10 Console config if port security Console config if Command Function Mode Page sntp client Accepts time from specified time servers GC 3 55 sntp server Specifies one or more time servers GC 3 56 sntp poll Sets ...

Page 243: ... for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp server 3 56 sntp poll 3 57 show sntp 3...

Page 244: ...ge This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp client 3 55 sntp poll 3 57 show sntp 3 58 sntp poll Use this command to...

Page 245: ...lated Commands sntp client 3 55 show sntp Use this command to display the current time and configuration settings for the SNTP client and whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchronization requests when the switch is set to SNTP client mode and ...

Page 246: ...ter utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes...

Page 247: ...ond Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2101 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 February 1st 2004 show calendar Use this command to display the system clock Default Setting None Console calendar...

Page 248: ... remove the specified community string Console show calendar set 15 12 34 February 1 2004 Console Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 3 62 snmp server contact Sets the system contact string GC 3 63 snmp server location Sets the system location string GC 3 63 snmp server host Specifies the recipient of an SNMP not...

Page 249: ...o both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP SNMP v1 and v2c The no snmp server ...

Page 250: ...iguration Example Related Commands snmp server location 3 63 snmp server location Use this command to set the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Console config snmp server conta...

Page 251: ...tination IP address entries community string Password like community string sent with the notification operation Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP...

Page 252: ...ersion 2c traps to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is to send SNMP version 1 traps However some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Example Related Commands snmp server...

Page 253: ...you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host command Use the snmp server host command to specify which host or hosts receive SNMP notifications In order to...

Page 254: ... Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command ...

Page 255: ...hing outside this format will not be accepted by the CLI program Console show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested varia...

Page 256: ...dhcp Obtains IP address from DHCP Default Setting DHCP is enabled by default Command Mode Interface Configuration VLAN Command Function Mode Page ip address Sets the IP address for the current interface IC 3 69 ip dhcp restart Submits a BOOTP or DCHP client request PE 3 70 ip default gateway Defines the default gateway through which an in band management station can reach this device GC 3 71 show ...

Page 257: ...CP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command or by rebooting the switch Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP address ...

Page 258: ...n Example In the following example the device is reassigned the same address Related Commands ip address 3 69 ip default gateway Use this command to a establish a static route between this device and management stations that exist on another network segment Use the no form to remove the static route Syntax ip default gateway gateway no ip default gateway gateway IP address of the default gateway C...

Page 259: ...nes a default gateway for this device Related Commands show ip redirects 3 73 show ip interface Use this command to display the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Example Related Commands show ip redirects 3 73 Console config ip default gateway 10 1 0 254 Console config Console show ip interface IP address and netmask 10 1 0 254 255 255 255 0 on...

Page 260: ...ode on the network Syntax ping host count count size size host IP address or IP alias of the host count Number of packets to send Range 1 16 default 5 size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than the size specified because the switch adds header information Default Setting This command has no default for the host Command Mode Norma...

Page 261: ... gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response t...

Page 262: ... a line LC 3 78 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 3 79 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 3 80 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thres...

Page 263: ...ll be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 3 84 show users 3 42 login Use this command to enable password checking at login Use the no form to disable password checking and allow connections without a passw...

Page 264: ...cal selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no authentication When using this method the management interface starts in Normal Exec NE mode This command c...

Page 265: ...tion is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility wi...

Page 266: ...e 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Example To set the timeout to two minutes enter...

Page 267: ...mpts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections ...

Page 268: ... The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 3 80 databits Use this command to set the number of data bits per character that are interpreted and generated by the console port Use th...

Page 269: ...ata bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 3 82 parity Use this command to define generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity ...

Page 270: ...ecify no parity enter this command speed Use this command to set the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Options 9600 57600 38400 19200 115200 bps Default Setting 9600 bps Command Mode Line Configuration Console config line...

Page 271: ... bps enter this command stopbits Use this command to set the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command show line Use this command to display the terminal line s parameters Console config lin...

Page 272: ...egated link or VLAN Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive timeout 600 sec Console Command Function Mode Page interface Configures an interface type and enters interface configuration mode GC 3 86 description Adds a d...

Page 273: ...es Advertises the capabilities of a given interface for use in autonegotiation IC 3 90 flowcontrol Enables flow control on a given interface IC 3 91 clear counters Clears the statistics on a given interface PE 3 93 shutdown Disables an interface IC 3 94 switchport broadcast octet rate Configures broadcast storm control IC 3 94 show interfaces status Displays status for the specified interface NE P...

Page 274: ...tion Syntax description string no description string Comment or a description to help you remember what is attached to this interface Range 1 64 characters Default Setting None Command Mode Interface Configuration Ethernet Port Channel Example The following example adds a description to port 25 Console config interface ethernet 1 25 Console config if Console config interface ethernet 1 25 Console ...

Page 275: ...fault Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force operation to the speed and duplex mode specified in a speed duplex command use the no negotiation command to disable auto nego...

Page 276: ...de Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disa...

Page 277: ...ties 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and r...

Page 278: ...o negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control Related Commands negotiation 3 89 speed duplex 3 88 flowcontrol 3 91 flowcontrol Use this command to enable flow control Use the no form to disable flow control Syntax flowcon...

Page 279: ...selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming si...

Page 280: ...and Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on Ethe...

Page 281: ...excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast octet rate Use this command to configure broadcast storm control Use the no form to disable broadcast storm control Syntax switchport broadcast octet rate rate no switchport broadcast rate Threshold...

Page 282: ...terface However the specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast storm control at 600 octets per second on port 5 show interfaces status Use this command to display the status for an interface Syntax show interfaces status interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Rang...

Page 283: ...show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 500 octets second Flow control Disabled Lacp Disabled Current status Link status Up Port operation status Up Operation speed duplex 100fu...

Page 284: ...t unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows the counters for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Showing Port Statistics on page 2 80 ...

Page 285: ...tats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stat...

Page 286: ...e All frames Native VLAN 1 Priority for untagged traffic 0 Gvrp status Disabled Allowed Vlan 1 u Forbidden Vlan Private vlan mode NONE Private vlan host association NONE Private vlan mapping NONE Console Field Description Broadcast threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 3 94 Lacp status Shows if Link Aggregation Contr...

Page 287: ...ace has joined where u indicates untagged and t indicates tagged page 3 129 Forbidden Vlan Shows the VLANs this interface can not dynamically join via GVRP page 3 130 Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 3 101 show mac address table Displays entries in the bridge forwarding database PE 3 102 clear mac address table dynamic Removes any lea...

Page 288: ...ort channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command ...

Page 289: ... command to view classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 sort Sort by address vlan...

Page 290: ...l numbers where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example clear mac address table dynamic Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive count...

Page 291: ...m to restore the default aging time Syntax mac address table aging time seconds seconds Time in number of seconds 10 30000 Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 300 Console config ...

Page 292: ...ing treepriority Configures the spanning tree bridge priority GC 3 110 spanning tree pathcost method Configures the path cost method for RSTP GC 3 111 spanning tree transmission limit Configures the transmission limit for RSTP GC 3 112 spanning tree cost Configures the spanning tree path cost of an interface IC 3 113 spanning tree port priority Configures the spanning tree priority of an interface...

Page 293: ...sed to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Exampl...

Page 294: ... but sends only 802 1D BPDUs Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D brid...

Page 295: ...r max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for c...

Page 296: ... Global Configuration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age Use this command to configure the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 ...

Page 297: ...ssage becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority Use this command to configure the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the br...

Page 298: ... Use the no form to restore the default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting short method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices There...

Page 299: ...the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example Console config spanning tree pathcost method long Console config Console config spanning tree transmission limit 4 Console config...

Page 300: ...lf duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached t...

Page 301: ...nd defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Example Related Commands spanning t...

Page 302: ...can be passed through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device ...

Page 303: ...ng tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeo...

Page 304: ...rivileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP comp...

Page 305: ...nnel Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP o...

Page 306: ...ommand Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface For a description of the items displayed under Spanning tree information see Configuring Global Settings on page 2 94 For a descriptio...

Page 307: ...68 0000ABCD0000 Current root port 0 Current root cost 0 Number of topology changes 2 Last topology changes time sec 1718 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role disable State discarding Path cost 100000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 0000ABCD0000 Designated bridge 32768 0000ABCD0000 Forward transitions 0 Fa...

Page 308: ... VC 3 123 Configure VLAN Interfaces interface vlan Enters interface configuration mode for specified VLAN IC 3 124 switchport mode Configures VLAN membership mode for an interface IC 3 125 switchport acceptable frame types Configures frame types to be accepted by an interface IC 3 126 switchport ingress filtering Enables ingress filtering on an interface IC 3 127 switchport native vlan Configures ...

Page 309: ...mand Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 3 131 show interfaces status vlan Displays status for the specified VLAN interface NE PE 3 95 show inte...

Page 310: ...N name vlan name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name remove...

Page 311: ...lan id vlan id ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Related Commands shutdown 3 94 Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Console ...

Page 312: ... that frames belonging to the port s default VLAN i e associated with the PVID are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then s...

Page 313: ...agged The port only passes tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic passed on port 1 to tagged frames Related Commands switchport mode 3 125 Console co...

Page 314: ...ed for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN depend...

Page 315: ...ce is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering...

Page 316: ...s untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when a...

Page 317: ...t of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLA...

Page 318: ...SCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Console show vlan id 1 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth...

Page 319: ...onfigure private VLANs follow these steps 1 Use the private vlan command to designate one or more isolated or community VLANs and the primary VLAN that will channel traffic outside the community groups Command Function Mode Page Edit Private VLAN Groups private vlan Adds or deletes primary and secondary VLANs VC 3 133 private vlan association Associates a secondary with a primary VLAN VC 3 133 Con...

Page 320: ...se the switchport private vlan host association command to assign a port to a secondary VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary or secondary i e isolated or community private VLAN Use the no form to remove the specified p...

Page 321: ... switchport mode on page 3 125 Example private vlan association Use this command to associate a primary VLAN with a secondary i e community VLAN Use the no form to remove all associations for the specified primary VLAN Syntax private vlan primary vlan id association secondary vlan id add secondary vlan id remove secondary vlan id no private vlan primary vlan id association primary vlan id ID of pr...

Page 322: ... default setting Syntax switchport mode private vlan host isolated promiscuous no switchport mode private vlan host This port type can communicate with all other host ports assigned to the same secondary VLAN All communications outside of this VLAN must pass through a promiscuous port in the associated primary VLAN isolated The port is an isolated port that can only communicate with promiscuous po...

Page 323: ...n host association secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e isolated or community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources o...

Page 324: ...4 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage Promiscuous ports assigned to a primary VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example Console config interface ethernet 1 3 Console config if switchport private vlan host association 3 Con...

Page 325: ...h their associate primary VLAN and assigned host interfaces isolated Displays all isolated VLANs along with their associate primary VLAN and assigned host interfaces primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console show vlan private vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 com...

Page 326: ...for the Bridge Extension MIB Command Function Mode Page Interface Commands switchport gvrp Enables GVRP for an interface IC 3 140 switchport forbidden vlan Configures forbidden VLANs for an interface IC 3 130 show gvrp configuration Displays GVRP configuration for selected interface NE PE 3 140 garp timer Sets the GARP timer for the selected function IC 3 141 show garp timer Shows the GARP timer f...

Page 327: ...ernet Port Channel Example show gvrp configuration Use this command to show if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console conf...

Page 328: ...iseconds leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be c...

Page 329: ...ccessfully Example Related Commands show garp timer 3 142 show garp timer Use this command to show the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Consol...

Page 330: ...ommand Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall t...

Page 331: ...ormation on page 2 110 and Displaying Bridge Extension Capabilities on page 2 14 for a description of the displayed items Example Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GVRP status Disab...

Page 332: ...e ethernet unit port source port unit Switch unit 1 port Port number rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Command Function Mode Page port moni...

Page 333: ...se traffic may be dropped from the monitor port Example The following example configures the switch to mirror all packets from port 6 to port 11 show port monitor Use this command to display mirror information Syntax show port monitor interface interface ethernet unit port source port unit Switch unit 1 port Port number Default Setting Shows all sessions Command Mode Privileged Exec Command Usage ...

Page 334: ...configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Console show port monitor Port Mirroring Destination port listen port Eth1 1 Source port monitored port Eth1 6 Mode RX TX Console ...

Page 335: ... 4 Gbps when operating at full duplex Guidelines for Creating Trunks Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop A trunk can have up to four 10 100 Mbps ports or up to two 1000 Mbps ports The ports at both ends of a connection must be configured as trunk ports All ports in a trunk must consist of the same media type i...

Page 336: ... for the entire trunk via the specified port channel channel group Use this command to add a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 6 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switche...

Page 337: ...duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode an...

Page 338: ...rnet 1 12 Console config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 100tx Mac address 00 00 e8 00 00 0b Configuration Name Port admin status Up Speed duplex Auto Capabilities 10half 10full 100half 100full Flow ...

Page 339: ...ges Rate limit granularity is an additional feature enabling the network manager greater control over traffic on the network The rate limit granularity is multiplied by the rate limit level page 3 153 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces rate limit Use this command to define the rate limit for a s...

Page 340: ...d to restore the default setting Syntax rate limit fastethernet gigabitethernet granularity granularity no rate limit fastethernet gigabitethernet granularity fastethernet Fast Ethernet granularity gigabitethernet Gigabit Ethernet granularity granularity Sets rate limit granularity for the system For Fast Ethernet choose 512 Kbps 1000 Kbps or 3300 Kbps For Gigabit Ethernet only one granularity opt...

Page 341: ...efault Setting Fast Ethernet interface 3 3 Mbps Gigabit Ethernet interface 33 3 Mbps Command Mode Privileged Exec Command Usage For Fast Ethernet interfaces the rate limit granularity is 512 Kbps 1 Mbps or 3 3 Mbps For Gigabit Ethernet interfaces the rate limit granularity is 33 3 Mbps Example Console config rate limit fastethernet granularity 1000 Console config rate limit gigabitethernet granula...

Page 342: ...user or group that require management access to a switch The switch supports IEEE 802 1x dot1x port based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication Client authentication is controlled centrally by an authentication server using EAP Extensible Authentication Protocol Command Function Mode Page Authentication Met...

Page 343: ...client before authentication fails GC 3 165 dot1x port control Sets dot1x mode for a port interface IC 3 165 dot1x re authenticate Forces a re authentication on specific ports PE 3 166 dot1x re authentication Enables re authentication for all ports GC 3 167 dot1x timeout quiet period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a...

Page 344: ...ADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server RADIUS and TACACS logon authentication can control management access via the console port a Web browser or Telnet These access options must be configured on the authenti...

Page 345: ...ed on the TACACS server If the TACACS server is not available the local user name and password is checked Example Related Commands username 3 28 radius server host Use this command to specify the RADIUS server Use the no form to restore the default Syntax radius server host host_ip_address no radius server host host_ip_address IP address of server Default Setting 10 1 0 1 Command Mode Global Confi...

Page 346: ... messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key Use this command to set the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Default Set...

Page 347: ...e default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config radius server key green Console config Console config radius server retransmit 5 Console config ...

Page 348: ...aits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server Use this command to display the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote radius server configuration Server IP address...

Page 349: ...er Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port Use this command to specify the TACACS server TCP port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Console config taca...

Page 350: ...sed to authenticate logon access for the client Do not use blank spaces in the string Maximum length 32 characters Default Setting None Command Mode Global Configuration Example show tacacs server Use this command to display the current settings for the TACACS server Default Setting None Command Mode Global Configuration Console config tacacs server port 181 Console config Console config tacacs se...

Page 351: ...and Mode Global Configuration Example dot1x default Sets all configurable dot1x global and port settings to their default values Command Mode Global Configuration Example Console show tacacs server Remote TACACS server configuration Server IP address 10 11 12 13 Communication key with tacacs server green Server port number 49 Console Console config authentication dot1x default radius Console confi...

Page 352: ... Default 2 Command Mode Global Configuration Example dot1x port control Sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Confi...

Page 353: ...Command Mode Interface Configuration Example dot1x re authenticate Forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Console config interface eth 1 2 Console config if dot1x port control auto Console config if ...

Page 354: ... timeout quiet period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form of this command to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Global Configuration Console dot1x re auth...

Page 355: ...econds Command Mode Global Configuration Example dot1x timeout tx period Sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Default 30 seconds Console config dot1x timeout quiet period 350 ...

Page 356: ...lays the following information Global 802 1X Parameters Displays the global port access control parameters that can be configured for this switch as described in the preceding pages including reauth period page 3 168 quiet period page 3 167 tx period page 3 168 and max req page 3 165 It also displays the following global parameters which are set to a fixed value including the following items supp ...

Page 357: ...ays the following information Status Authorization status authorized or unauthorized Supplicant MAC address of authorized client Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current sta...

Page 358: ...zed n a 2 disabled ForceAuthorized n a 25 disabled ForceAuthorized yes 26 enabled Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 26 Max request 2 Quiet period 350 Reauth period 300 Tx period 300 Status Unauthorized Port control Auto Supplicant 00 00 00 00 00 00 Authenticator State Machine State Connecting Reauth Count 3 Backend State Machine State Idle Request ...

Page 359: ...the rules If a list contains all deny rules then a packet will be rejected as soon as it fails any one of the rules In other words if no rules match for a permit list the packet is dropped and if no rules match for a deny list the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packe...

Page 360: ...mit deny Filters packets matching a specified source IP address STD ACL 3 175 permit deny Filters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT ACL 3 176 ip access group Adds a port to an IP ACL IC 3 179 show ip access group Shows port assignments for IP ACLs PE 3 179 show ip access list Displays the ru...

Page 361: ...dress and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage An ACL can contain either all permit commands or all deny commands When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you mu...

Page 362: ...e IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are added to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bit to indicat...

Page 363: ...t destination protocol protocol number no permit deny any source bitmask host source any destination bitmask host destination protocol protocol number permit deny tcp any source bitmask host source any destination bitmask host destination source port source port destination port destination port control flag control flag flag bitmask no permit deny tcp any source bitmask host source any destinatio...

Page 364: ...55 control flag Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Default Setting None Command Mode Extended ACL Command Usage All new rules are added to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a p...

Page 365: ...ol flag 2 18 Examples This permits only 192 168 1 1 and 210 244 51 x This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set ...

Page 366: ...p access group acl_name in no ip access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to input packets Default Setting None Command Mode Interface Configuration Ethernet Example Related Commands show ip access list 3 180 Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any control flag 2 2 Console config ext acl Console confi...

Page 367: ...ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 3 175 ip access group 3 179 Console show ip access group Interface ethernet 1 25 IP standard access list david Console Console show ip access list standard IP stan...

Page 368: ...6 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map on page 3 193 Example Related Commands queue cos map 3 193 show map access list...

Page 369: ...value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list ip 3 181 Console show map access list ip Access list to COS of Eth 1 24 Access list ALS1 cos 0 Console ...

Page 370: ...commands When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list Command Function Mode Page access list mac Creates a MAC ACL and enters configuration mode GC 3 183 permit deny Filters packets matching a specified source and destination address and...

Page 371: ...Ethernet protocol type Use the no form to remove a rule Syntax permit deny any host source source bitmask any host destination destination bitmask any ethertype protocol no permit deny any host source source bitmask any host destination destination bitmask any ethertype protocol any Any MAC source address destination address or Ethernet protocol source Source MAC address source bitmask Binary mask...

Page 372: ...he following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 3 183 mac access group Use this command to bind ports to a MAC ACL Use the no form to remove the ports Syntax mac access group acl_name in acl_name Name of the ACL Maximum length 16 charact...

Page 373: ...d Commands show mac access list 3 187 show mac access group Use this command to show the ports assigned to MAC ACLs Command Mode Privileged Exec Example Related Commands mac access group 3 185 Console config interface ethernet 1 2 Console config if mac access group jerry in Console config if Console show mac access group Interface ethernet 1 25 MAC access list jerry Console ...

Page 374: ...ample Related Commands permit deny 3 184 mac access group 3 185 ACL Information show access list Use this command to show all ACLs and associated rules Command Mode Privileged Exec Console show mac access list MAC access list jerry permit any 00 e0 29 94 34 de ethertype 0800 Console Command Function Mode Page show access list Show all ACLs and associated rules PE 3 187 show access group Shows the ...

Page 375: ...00 30 29 94 34 de ethertype 0800 IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit tcp 192 168 1 0 0 0 0 255 any destination port 80 permit tcp 192 168 1 0 0 0 0 255 any protocol tcp control flag 2 2 Console Console show access group Interface ethernet 1 25 IP standard access list david MAC access list ...

Page 376: ...d frames IC 3 190 queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 3 191 queue bandwidth Assigns round robin weights to the priority queues GC 3 192 queue cos map Assigns class of service values to the priority queues IC 3 193 show queue mode Shows the current queue mode PE 3 195 show queue bandwidth Shows round robin weights assigned to the priority queues PE 3 195...

Page 377: ...rt Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the I...

Page 378: ...VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 queue mode This command sets the queue mode to strict priority or Weighted Round Robin WRR for the class of service CoS priority queues Use the no form to restore the default value Syntax queue mode strict wrr no queue mode strict Services the egres...

Page 379: ... occur with strict priority queuing Example The following example sets the queue mode to strict priority service mode queue bandwidth Use this command to assign weighted round robin WRR weights to the four class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight0 weight3 no queue bandwidth weight0 weight3 The ratio of weights for queues 0 3 ...

Page 380: ...ress queues i e hardware output queues 0 3 Use the no form to set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The ID of the priority queue Range is 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the h...

Page 381: ...onfiguration Ethernet Port Channel Command Usage CoS assigned at the ingress port is used to select a CoS priority at the egress port Example The following example shows how to map CoS values 0 1 and 2 to egress queue 0 value 3 to egress queue 1 values 4 and 5 to egress queue 2 and values 6 and 7 to egress queue 3 Queue 0 1 2 3 Priority Level 0 1 2 3 4 5 6 7 Console config interface ethernet 1 1 C...

Page 382: ...ng None Command Mode Privileged Exec Example show queue bandwidth Use this command to display the weighted round robin WRR bandwidth allocation for the priority queues Default Setting None Command Mode Privileged Exec Example Console show queue mode Queue mode wrr Console Console show queue bandwidth Queue ID Weight 0 1 1 4 2 16 3 24 Console ...

Page 383: ...d Range 1 6 Default Setting None Command Mode Privileged Exec Example map ip port Global Configuration Use this command to enable IP port mapping i e class of service mapping for TCP UDP sockets Use the no form to disable IP port mapping Syntax map ip port no map ip port Default Setting Disabled Console show queue cos map ethernet 1 11 Information of Eth 1 11 Priority Queue 0 1 2 3 4 5 6 7 Traffic...

Page 384: ...y i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or I...

Page 385: ...ting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally Console config interface ...

Page 386: ...efault Setting The list below shows the default priority mapping Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then sub...

Page 387: ...t Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally Console config interface e...

Page 388: ...able Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subseq...

Page 389: ...Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Commands map ip port Global Configuration 3 196 map ip port Interface Configuration 3 197 Console config interface ethernet 1 5 Console config if map ip dscp 1 cos 0 Console config if Console show map ip port TCP port m...

Page 390: ...number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Related Commands map ip precedence Global Configuration 3 198 map ip precedence Interface Configuration 3 199 Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 ...

Page 391: ...rt Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 3 200 map ip dscp Interface Configuration 3 201 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 392: ...206 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 3 207 ip igmp snooping version Configures the IGMP version for snooping GC 3 208 show ip igmp snooping Shows the IGMP snooping and query configuration PE 3 208 show mac address table multicast Shows the IGMP snooping MAC multicast list PE 3 209 IGMP Querier Commands ip igmp snooping querier Allows this device to...

Page 393: ... Enabled Command Mode Global Configuration Example The following example enables IGMP snooping show ip igmp snooping Shows the IGMP snooping configuration PE 3 208 Multicast Router Commands ip igmp snooping vlan mrouter Adds a multicast router port GC 3 214 show ip igmp snooping mrouter Shows multicast router ports PE 3 215 Console config ip igmp snooping Console config Command Function Mode Page ...

Page 394: ...n vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 ...

Page 395: ...Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping Use thi...

Page 396: ...wn multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query interval 125...

Page 397: ...Use the no form to disable it Syntax ip igmp snooping querier no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled the switch will serve as querier if elected The querier is responsible for asking hosts if they want to receive multicast traffic Example Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ...

Page 398: ... Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not responded then that client...

Page 399: ...ommand Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time Use this command to configure the snooping report delay Use the no form of this command to restore the default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised ...

Page 400: ...t group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 3 208 ip igmp snooping query max response time 3 212 ip igmp snooping router port expire time Use this command to configure the query timeout Use the no form of this command to restore the default Syntax ip igmp snooping router port expire time seconds no ip igmp s...

Page 401: ...this command to statically configure a multicast router port Use the no form to remove the configuration Syntax ip igmp snooping vlan vlan id mrouter interface no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting No static multicast router ports are confi...

Page 402: ...ample The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode P...

Page 403: ...FILTERING COMMANDS 3 215 Example The following shows the ports in VLAN 1 which are attached to multicast routers Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Port Type 1 Eth 1 11 Static Console ...

Page 404: ...COMMAND LINE INTERFACE 3 216 ...

Page 405: ...nt station and the switch If you cannot connect using Telnet you may have exceeded the maximum number of concurrent Telnet sessions permitted Try connecting again at a later time Cannot access the on board configuration program via a serial port connection Be sure to have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and 9600 bps Check that the null modem s...

Page 406: ...TROUBLESHOOTING A 2 ...

Page 407: ...b interface to download runtime code via TFTP Downloading large runtime code files via TFTP is normally much faster than downloading via the switch s serial port You can upgrade switch firmware by connecting a PC directly to the serial Console port on the switch s front panel and using VT100 terminal emulation software that supports the XModem protocol See Required Connections on page 1 3 1 Connec...

Page 408: ...software to match the 115200 baud rate Press Enter to reset communications with the switch 8 Check that the switch has sufficient flash memory space for the new code file before starting the download You can store a maximum of only two runtime and two diagnostic code files in the switch s flash memory Use the D elete File command to remove a runtime or diagnostic file File Name S Up Type Size Crea...

Page 409: ...en downloaded you are prompted with Update Image File to specify the type of code file Press R for runtime code D for diagnostic code or L for loader code Caution If you select L for loader code be sure the file is a valid loader code file for the switch If you download an invalid file the switch will not be able to boot Unless absolutely necessary do not attempt to download loader code files 11 S...

Page 410: ...n to change the baud rate of the switch s serial connection back to 9600 baud 14 Set your PC s terminal emulation software baud rate back to 9600 baud Press Enter to reset communications with the switch 15 Press Q to quit the firmware download mode and boot the switch Select Xmodem Receiving Start Image downloaded to buffer R untime D iagnostic L oader Warning you sure what you are doing Update Im...

Page 411: ... blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of ...

Page 412: ... Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registration Protocol Generic Multicast Registration Protoco...

Page 413: ...s to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3 Defines carrier sense multiple access with collision detection CSMA CD access method and physical layer specifications IEEE 802 3ab Defines CSMA CD access method and physical layer specifications for 1000BASE T Gigabit Ethernet IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802...

Page 414: ...s multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from the highest priority for network control packets to the lowest priority for routine traffic The eight values are mapped one to one to the Class of Service categories by default but may be configured diff...

Page 415: ...ticast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards...

Page 416: ...rovides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Secure Shell SSH A secure replacement for rem...

Page 417: ...are running on a central server to control access to TACACS compliant devices on the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Transmission Control Protocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A TCP IP protoco...

Page 418: ...GLOSSARY Glossary 8 ...

Page 419: ... 32 configuration settings saving or restoring 2 25 2 26 CoS IP precedence 2 139 queue mode 2 135 3 191 D default priority ingress port 2 130 default settings 1 14 DHCP 2 18 Differentiated Code Point Service See DSCP Displaying Basic VLAN Information 2 109 dot1x default 3 164 downloading software 2 23 DSCP enabling 2 138 E edge port STA 2 100 error message logging 3 31 F firmware version displayin...

Page 420: ...ulticast configuring 2 146 router 3 214 P passwords administrator setting 2 35 path cost 2 99 method 3 112 STA 3 112 path cost method 2 96 port priority configuring 2 130 default ingress 2 130 port security configuring 2 45 ports configuring 2 64 priority default port ingress 2 130 priority STA 2 99 problems troubleshooting A 1 R RADIUS 2 36 RADIUS logon authentication 2 36 remote logging 3 35 rat...

Page 421: ... system clock setting 2 28 3 54 system software downloading from server 2 23 T TACACS 2 36 TACACS logon authentication 2 36 time setting 2 28 3 54 trap manager 2 33 troubleshooting A 1 trunk configuration 2 68 LACP 2 71 static 2 70 U upgrading software 2 23 user password 2 3 2 35 V VLANs configuring 2 105 egress mode 2 120 W Web interface access requirements 2 1 configuration buttons 2 4 home page...

Page 422: ...INDEX Index 4 ...

Page 423: ......

Page 424: ... 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 8701 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 11 314 1133 Fax 27 11 314 9133 North Africa 34 93 477 4920 Fax 34 93 477 3774 Russia 7 095 290 ...

Reviews:

No comments

Related manuals for 6724AL2

Canon C50FSi - VB Network Camera Setup Manual preview
C50FSi - VB Network Camera
Brand: Canon Pages: 32
National Instruments NI 9229 Operating Instructions Manual preview
NI 9229
Brand: National Instruments Pages: 34
M86 Security R3000 Series Evaluation Manual preview
R3000 Series
Brand: M86 Security Pages: 46
Draytek Vigor 2710e Quick Start Manual preview
Vigor 2710e
Brand: Draytek Pages: 8
ZyXEL Communications ZyXEL EES-1024AF User Manual preview
ZyXEL EES-1024AF
Brand: ZyXEL Communications Pages: 99
US Robotics USR8700 Quick Installation Manual preview
USR8700
Brand: US Robotics Pages: 36
Jøtul ERS 01 Operation And Maintenance Manual preview
ERS 01
Brand: Jøtul Pages: 20
Valcom VIP-822A Quick Start Manual preview
VIP-822A
Brand: Valcom Pages: 4
IBASE Technology FWA8207 Series User Manual preview
FWA8207 Series
Brand: IBASE Technology Pages: 39
Zhone 6388-A1-XXX Technical Specifications preview
6388-A1-XXX
Brand: Zhone Pages: 2
National Instruments NI 9229E Operating Instructions Manual preview
NI 9229E
Brand: National Instruments Pages: 26
SriHome NVS001B Quick Operation Manual preview
NVS001B
Brand: SriHome Pages: 12
LUX LUMEN 10230 Manual preview
10230
Brand: LUX LUMEN Pages: 41
NETGEAR MA 301 Reference Manual preview
MA 301
Brand: NETGEAR Pages: 20
Option Audio GlobeSurfer X-1 User Manual preview
GlobeSurfer X-1
Brand: Option Audio Pages: 30
Comnet CNGE28FX4TX24MS2 Installation And Operation Manual preview
CNGE28FX4TX24MS2
Brand: Comnet Pages: 154
Aaeon FWS-7811 Manual preview
FWS-7811
Brand: Aaeon Pages: 100
DAPAudio Odin CL-4 Connect User Manual preview
Odin CL-4 Connect
Brand: DAPAudio Pages: 20

Brands by name

Popular brands

Load more brands