background image

i

L

IMITED

 W

ARRANTY

Limited Warranty Statement:

 SMC Networks, Inc. (“SMC”) warrants its products to be free 

from defects in workmanship and materials, under normal use and service, for the applicable 
warranty term. All SMC products carry a standard 90-day limited warranty from the date of 
purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace 
any product not operating as warranted with a similar or functionally equivalent product, during 
the applicable warranty term. SMC will endeavor to repair or replace any product returned under 
warranty within 30 days of receipt of the product. 
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering 
new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can 
be accomplished via the enclosed product registration card or online via the SMC web site. 
Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty 
covers a product during the Life of that Product, which is defined as the period of time during 
which the product is an “Active” SMC product. A product is considered to be “Active” while it is 
listed on the current SMC price list. As new technologies emerge, older technologies become 
obsolete and SMC will, at its discretion, replace an older product in its product line with one that 
incorporates these newer technologies. At that point, the obsolete product is discontinued and is 
no longer an “Active” SMC product. A list of discontinued products with their respective dates 
of discontinuance can be found at:

http://www.smc.com/index.cfm?action=customer_service_warranty

.

All products that are replaced become the property of SMC. Replacement products may be 
either new or reconditioned. Any replaced or repaired product carries either a 30-day limited 
warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for 
any custom software or firmware, configuration information, or memory data of Customer 
contained in, stored on, or integrated with any products returned to SMC pursuant to any 
warranty. Products returned to SMC should have any customer-installed accessory or add-on 
components, such as expansion modules, removed prior to returning the product for 
replacement. SMC is not responsible for these items if they are returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to returning 
any product to SMC. Proof of purchase may be required. Any product returned to SMC without 
a valid Return Material Authorization (RMA) number clearly marked on the outside of the 
package will be returned to customer at customer’s expense. For warranty claims within North 
America, please call our toll-free customer support number at (800) 762-4968. Customers are 
responsible for all shipping charges from their facility to SMC. SMC is responsible for return 
shipping charges from SMC to customer.

Summary of Contents for 6752AL2 - annexe 1

Page 1: ...J 45 ports 17 8 Gbps of aggregate bandwidth Non blocking switching architecture Spanning Tree Protocol and Rapid STP Up to four LACP or static 4 port trunks Layer 2 3 4 CoS support through four priority queues Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Management Guide SMC6752AL2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions November 2004 Pub 149100005200H ...

Page 4: ...e is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...7 Dynamic Configuration 2 8 Enabling SNMP Management Access 2 9 Community Strings 2 9 Trap Receivers 2 10 Saving Configuration Settings 2 11 Managing System Files 2 12 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 Basic Configuration 3 11 Displaying System Information 3 11 Di...

Page 8: ...t Protocol 3 45 Setting Community Access Strings 3 45 Specifying Trap Managers and Trap Types 3 46 User Authentication 3 48 Configuring User Accounts 3 48 Configuring Local Remote Logon Authentication 3 50 Configuring HTTPS 3 54 Replacing the Default Secure site Certificate 3 56 Configuring the Secure Shell 3 57 Generating the Host Key Pair 3 60 Configuring the SSH Server 3 63 Configuring Port Sec...

Page 9: ...rm Thresholds 3 109 Configuring Port Mirroring 3 111 Configuring Rate Limits 3 113 Rate Limit Granularity 3 113 Rate Limit Configuration 3 114 Showing Port Statistics 3 115 Address Table Settings 3 122 Setting Static Addresses 3 122 Displaying the Address Table 3 123 Changing the Aging Time 3 125 Spanning Tree Algorithm Configuration 3 125 Displaying Global Settings 3 127 Configuring Global Settin...

Page 10: ... 3 4 Priorities to CoS Values 3 175 Selecting IP Precedence DSCP Priority 3 176 Mapping IP Precedence 3 176 Mapping DSCP Priority 3 178 Mapping IP Port Priority 3 180 Mapping CoS Values to ACLs 3 182 Multicast Filtering 3 184 Layer 2 IGMP Snooping and Query 3 185 Configuring IGMP Snooping and Query Parameters 3 185 Displaying Interfaces Attached to a Multicast Router 3 188 Specifying Static Interf...

Page 11: ... 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 timeout login response 4 18 exec timeout 4 19 password thresh 4 20 silent time 4 21 databits 4 22 parity 4 23 speed 4 23 stopbits 4 24 disconnect 4 25 show line 4 25 General Commands 4 26 enable 4 27 disable 4 28 configure 4 28 show history 4 29 reload 4 30 end 4 30 exit 4 31 quit 4 31 System Management Commands 4 32 Dev...

Page 12: ...5 Secure Shell Commands 4 46 ip ssh server 4 49 ip ssh timeout 4 50 ip ssh authentication retries 4 51 ip ssh server key size 4 51 delete public key 4 52 ip ssh crypto host key generate 4 53 ip ssh crypto zeroize 4 54 ip ssh save host key 4 54 show ip ssh 4 55 show ssh 4 55 show public key 4 57 Event Logging Commands 4 59 logging on 4 59 logging history 4 60 logging host 4 61 logging facility 4 62...

Page 13: ... Status Commands 4 78 show startup config 4 78 show running config 4 81 show system 4 83 show users 4 83 show version 4 84 Frame Size Commands 4 85 jumbo frame 4 85 Flash File Commands 4 86 copy 4 87 delete 4 90 dir 4 91 whichboot 4 92 boot system 4 93 Authentication Commands 4 94 Authentication Sequence 4 94 authentication login 4 94 authentication enable 4 96 RADIUS Client 4 97 radius server hos...

Page 14: ...te 4 111 dot1x re authentication 4 111 dot1x timeout quiet period 4 112 dot1x timeout re authperiod 4 112 dot1x timeout tx period 4 113 show dot1x 4 114 Access Control List Commands 4 117 IP ACLs 4 118 access list ip 4 119 permit deny Standard ACL 4 120 permit deny Extended ACL 4 122 show ip access list 4 124 ip access group 4 125 show ip access group 4 126 map access list ip 4 126 show map access...

Page 15: ...4 146 negotiation 4 147 capabilities 4 148 flowcontrol 4 149 shutdown 4 150 switchport broadcast packet rate 4 151 clear counters 4 152 show interfaces status 4 153 show interfaces counters 4 154 show interfaces switchport 4 156 Mirror Port Commands 4 158 port monitor 4 158 show port monitor 4 159 Rate Limit Commands 4 160 rate limit 4 161 rate limit granularity 4 161 show rate limit 4 162 Link Ag...

Page 16: ...187 spanning tree pathcost method 4 188 spanning tree transmission limit 4 188 spanning tree spanning disabled 4 189 spanning tree cost 4 190 spanning tree port priority 4 191 spanning tree edge port 4 191 spanning tree portfast 4 192 spanning tree link type 4 193 spanning tree protocol migration 4 194 show spanning tree 4 195 VLAN Commands 4 197 Editing VLAN Groups 4 197 vlan database 4 197 vlan ...

Page 17: ...7 garp timer 4 218 show garp timer 4 219 Priority Commands 4 220 Priority Commands Layer 2 4 220 queue mode 4 221 switchport priority default 4 222 queue bandwidth 4 223 queue cos map 4 224 show queue mode 4 225 show queue bandwidth 4 225 show queue cos map 4 226 Priority Commands Layer 3 and 4 4 227 map ip port Global Configuration 4 227 map ip port Interface Configuration 4 228 map ip precedence...

Page 18: ... snooping query max response time 4 243 ip igmp snooping router port expire time 4 244 Static Multicast Routing Commands 4 245 ip igmp snooping vlan mrouter 4 245 show ip igmp snooping mrouter 4 246 IP Interface Commands 4 247 ip address 4 247 ip default gateway 4 249 ip dhcp restart 4 249 show ip interface 4 250 show ip redirects 4 251 ping 4 251 A Software Specifications A 1 Software Features A ...

Page 19: ...ess Queue Priority Mapping 3 181 Table 4 1 Command Modes 4 8 Table 4 2 Configuration Modes 4 10 Table 4 3 Command Line Processing 4 11 Table 4 4 Command Groups 4 12 Table 4 5 Line Commands 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Management Commands 4 32 Table 4 8 Device Designation Commands 4 33 Table 4 9 User Access Commands 4 34 Table 4 10 Default Login Settings 4 35 Table 4 11 IP ...

Page 20: ...g 4 133 Table 4 38 ACL Information 4 135 Table 4 39 SNMP Commands 4 136 Table 4 40 Interface Commands 4 144 Table 4 41 Interfaces Switchport Statistics 4 157 Table 4 42 Mirror Port Commands 4 158 Table 4 43 Rate Limit Commands 4 160 Table 4 44 Link Aggregation Commands 4 164 Table 4 45 show lacp counters display description 4 174 Table 4 46 show lacp internal display description 4 175 Table 4 47 s...

Page 21: ... 228 Table 4 61 Mapping IP Precedence Values 4 231 Table 4 62 IP DSCP to CoS Values 4 233 Table 4 63 Multicast Filtering Commands 4 237 Table 4 64 IGMP Snooping Commands 4 237 Table 4 65 IGMP Query Commands Layer 2 4 241 Table 4 66 Static Multicast Routing Commands 4 246 Table 4 67 IP Interface Commands 4 248 Table B 1 Troubleshooting Chart B 1 ...

Page 22: ...TABLES xviii ...

Page 23: ... 37 Figure 3 17 Displaying Logs 3 38 Figure 3 18 Enabling and Configuring SMTP Alerts 3 40 Figure 3 19 Resetting the System 3 41 Figure 3 20 SNTP Configuration 3 43 Figure 3 21 Setting the System Clock 3 44 Figure 3 22 Configuring SNMP Community Strings 3 46 Figure 3 23 Configuring IP Trap Managers 3 47 Figure 3 24 Access Levels 3 49 Figure 3 25 Authentication Settings 3 53 Figure 3 26 HTTPS Setti...

Page 24: ...s 3 119 Figure 3 53 Configuring a Static Address Table 3 122 Figure 3 54 Configuring a Dynamic Address Table 3 123 Figure 3 55 Setting the Address Aging Time 3 124 Figure 3 56 STA Information 3 128 Figure 3 57 STA Configuration 3 133 Figure 3 58 STA Port Information 3 137 Figure 3 59 STA Port Configuration 3 141 Figure 3 60 Enabling GVRP 3 146 Figure 3 61 VLAN Basic Information 3 147 Figure 3 62 D...

Page 25: ...gure 3 78 Mapping IP DSCP Priority Values 3 178 Figure 3 79 IP Port Priority Status 3 180 Figure 3 80 IP Port Priority 3 180 Figure 3 81 ACL CoS Priority 3 182 Figure 3 82 IGMP Configuration 3 186 Figure 3 83 Multicast Router Port Information 3 188 Figure 3 84 Static Multicast Router Port Configuration 3 189 Figure 3 85 IP Multicast Registration Table 3 190 Figure 3 86 IGMP Member Port Table 3 192...

Page 26: ...FIGURES xxii ...

Page 27: ... s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP Community strings Port IEEE 802 1X MAC address filtering Access Control Lists Supports up to 88 IP or MAC ACLs DHCP Client Supported Port Con...

Page 28: ...ications Some of the management features are briefly described below Port Trunking Supports up to 4 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eli...

Page 29: ...gement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol TCP UDP port number or TCP control code or any frames based on MAC address or Ethernet type ACLs can be used to improve performance by blocking unnecessary ne...

Page 30: ...ing over the load if a port in the trunk should fail The switch supports up to four trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricted If broadcast traffic rises above a pre defined threshold it will be throttled until the level falls back beneath ...

Page 31: ...s to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to 3 to 5 seconds compared to 30 seconds o...

Page 32: ... queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used to provide independent priorities for delay sensitive data and best effort data This switch also supports several common methods of prioritizing layer 3 4 traffic to meet application requirements Traffic c...

Page 33: ...2 System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Po...

Page 34: ...n Status Enabled Auto negotiation Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Disabled all ports Broadcast Limit Rate 32 000 octets per second Spanning Tree Enabled Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table A...

Page 35: ...2 4 6 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled bu...

Page 36: ...INTRODUCTION 1 10 ...

Page 37: ...witch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 seri...

Page 38: ...02 1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 4 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information ...

Page 39: ...terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to 9600 bps Set the data format to 8 data bits 1 stop bit and no parity Set flow control to none Set the emulation mode to VT100 When using HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have...

Page 40: ...amic address assignment via DHCP or BOOTP see Setting an IP Address on page 2 6 Note This switch supports four concurrent Telnet SSH sessions After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can al...

Page 41: ...ser name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification procedure starts 2 At the Username prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level...

Page 42: ...e switch to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation se...

Page 43: ... the network Network mask for this network To assign an IP address to the switch complete the following steps 1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 Type ip address ip address netmask where ip address is the switch IP address and netmask is the network mask for the network Press Enter 3 Type e...

Page 44: ... as soon as it is powered on To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network complete the following steps 1 From the Global Configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via ...

Page 45: ...onfigured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified us...

Page 46: ...ng steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simply type no snmp server community string where string is the community access string to remove Press Enter Trap Re...

Page 47: ...ved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file...

Page 48: ... after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 21 for more information Diagnostic Code Software that is run during system boot up also known as POST Power On Self Test Due to the size limit of the flash memory the switch supports only two operation code files However you can have as ...

Page 49: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and password...

Page 50: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 51: ...s and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and ...

Page 52: ... Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e wi...

Page 53: ...13 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 21 Copy Allows the transfer and copying files 3 21 Delete Allows deletion of files from the flash memory 3 22 Set Startup Sets the startup file 3 22 Line 3 28 Console Sets console port connection parameters 3 28 Telnet Sets Telnet connection parameters 3 30 Log 3 33...

Page 54: ...ost Key Settings Generates the host key pair public and private 3 60 Settings Configures Secure Shell server settings 3 63 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 3 65 802 1X Port authentication 3 67 Information Displays global configuration settings 3 70 Configuration Configures the global configuration setting 3 7...

Page 55: ... 98 Port Counters Displays statistics for LACP protocol messages 3 102 Port Internal Information Displays settings and operational state for the local side 3 103 Port Neighbors Information Displays settings and operational state for the remote side 3 106 Port Broadcast Control Sets the broadcast storm threshold for each port 3 108 Trunk Broadcast Control Sets the broadcast storm threshold for each...

Page 56: ...ures global bridge settings for STA and RSTP 3 130 Port Information Displays individual port settings for STA 3 134 Trunk Information Displays individual trunk settings for STA 3 134 Port Configuration Configures individual port settings for STA 3 138 Trunk Configuration Configures individual trunk settings for STA 3 138 VLAN 3 141 802 1Q VLAN GVRP Status Enables GVRP VLAN registration protocol 3 ...

Page 57: ...r secondary VLANs 3 163 Port Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 165 Trunk Information Shows VLAN port type and associated primary or secondary VLANs 3 163 Trunk Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 165 Priority 3 167 Default Port Priority Sets the default priority f...

Page 58: ...and associated class of service value 3 179 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 181 IGMP Snooping 3 183 IGMP Configuration Enables multicast filtering configures parameters for multicast query 3 184 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 187 Static ...

Page 59: ... the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS inter...

Page 60: ...stem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet Figure 3 3 System Information ...

Page 61: ...y Console config hostname R D 5 4 34 Console config snmp server location WC 9 4 138 Console config snmp server contact Ted 4 138 Console config exit Console show system 4 83 System description TigerSwitch 10 100 6752AL2 System OID string 1 3 6 1 4 1 202 20 44 System information System Up time 0 days 2 hours 4 minutes and 7 13 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC ad...

Page 62: ...sion Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Combination RJ 45 SFP ports These additional parameters are displayed for the CLI Unit ID Unit number in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 3 4 Switch Information ...

Page 63: ...lasses This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 3 167 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 121 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database ...

Page 64: ...VLAN Capable This switch does not support multiple local bridges outside of the scope of 802 1Q defined VLANs GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Configuration...

Page 65: ...o 255 separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whe...

Page 66: ... address bits used for routing to specific subnets Default 255 0 0 0 Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments Default 0 0 0 0 MAC Address The physical layer address for this switch Restart DHCP Requests a new IP address from the DHCP server Manual Configuration Web Click System IP Configuration Select the V...

Page 67: ...P Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address Console config Console config interfa...

Page 68: ...quest to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 4 145 Console config if ip a...

Page 69: ...om the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit1 Copies a file from this switch to another unit in the stack unit to file3 Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain slas...

Page 70: ...up file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation...

Page 71: ...d click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Operation File To delete a file select System File Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 10 Deleting Files ...

Page 72: ...Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch to a TFTP server running config to file Copies...

Page 73: ...erver to the startup config file to unit2 Copies a file from this switch to another unit in the stack unit to file2 Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify config configuration to copy configuration settings File Name The file name should not contain slashes or the leading letter of the file name should no...

Page 74: ...ion file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Copy Select tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then cl...

Page 75: ...ettings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 4 87 TFTP server ip address 192 168 1 19 Source configuration file name config 1 Start...

Page 76: ...current session is terminated Range 0 65535 seconds Default 0 Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Silent Time Sets t...

Page 77: ... password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login3 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name...

Page 78: ...t Enabled Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 0 4 18 Console config line exec timeout 0 4 19 Console config line password thresh 3 4 20 Console config line silent time 60 4 21 Console config line data...

Page 79: ...eshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Password4 Specifies a password for the line connection When a connection is started on a line with password protection the system ...

Page 80: ...Console config line vty 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 300 4 18 Console config line exec timeout 600 4 19 Console config line password thresh 3 4 20 Console config line end Console show line 4 25 Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent...

Page 81: ...ms Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM Command Attributes Sy...

Page 82: ...3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Aler...

Page 83: ... the show logging command to display the current settings Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations You can also limit the error messages sent to only those messages below a specified level Console config logging on 4 59 Console config logging history ram 0 4 60 Console config end Conso...

Page 84: ...his type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0...

Page 85: ...cility type and set the logging trap Console config logging host 192 168 1 15 4 61 Console config logging facility 23 4 62 Console config logging trap 4 4 63 Console config end Console show logging trap 4 63 Syslog logging Enabled REMOTELOG status Enabled REMOTELOG facility type local use 7 REMOTELOG level type Informational messages only REMOTELOG server ip address 192 168 1 15 REMOTELOG server i...

Page 86: ...memory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Console show log ram 4 64 1 00 01 37 2001 01 01 DHCP request failed will retry later level 4 module 9 function 0 and event no 10 0 00 00 35 2001 01 01 System coldStart notification level 6 module 6 function 1 and...

Page 87: ... or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 34 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of up to three recipient SM...

Page 88: ...ty level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 3 18 Enabling and Configuring SMTP Alerts ...

Page 89: ...eset to reboot the switch When prompted confirm that you want reset the switch Figure 3 19 Resetting the System Console config logging sendmail host 192 168 1 200 4 68 Console config logging sendmail level 4 4 69 Console config logging sendmail source email john acme com 4 70 Console config logging sendmail destination email geoff acme com 4 70 Console config logging sendmail 4 71 Console config e...

Page 90: ... switch will only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization...

Page 91: ...y Figure 3 20 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp server 10 1 0 19 137 82 140 80 128 250 36 2 4 74 Console config sntp poll 60 4 75 Console config sntp client 4 73 Console config exit Console show sntp Current time Jan 6 14 56 05 2004 Poll interval 60 Current mode unicast ...

Page 92: ...ibutes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 21 Setting th...

Page 93: ...rights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in the following sections Setting Community Access Strings You may configure up to ...

Page 94: ...ure 3 22 Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC Elite...

Page 95: ...ons as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Enable Link up and Link down Traps Issues a trap message whenever a port link is established or broken Default Enabled Web Click SNMP Configuration Fill in the IP address and community ...

Page 96: ... addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new ad...

Page 97: ... Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Remove Adds or removes an account from the list Web Click Security User Accounts To configure a new user account specify a user name select the user s access level then enter a password and confirm it Click Add to save the new user account and add it to th...

Page 98: ...ices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet fro...

Page 99: ...on server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attri...

Page 100: ...n the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default...

Page 101: ...ation Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and click Apply Figure 3 25 Authentication Settings ...

Page 102: ... config radius server retransmit 5 4 100 Console config radius server timeout 10 4 100 Console config radius server 1 host 192 168 1 25 4 98 Console config end Console show radius server 4 101 Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Server 1 Server IP address 192 168 1 25 Communication key ...

Page 103: ...nternet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 56 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP po...

Page 104: ... a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we re...

Page 105: ...ntended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfers passing betwe...

Page 106: ...enable the SSH server Authentication Settings To use the SSH server complete these steps 1 Generate a Host Key Pair On the SSH Host Key Settings page create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file ...

Page 107: ...229029789827213532671316294325328189150453 06393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Settings page enable the SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to conta...

Page 108: ...both current Telnet sessions and SSH sessions Generating the Host Key Pair A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the proceeding section Command Usage Field Attributes Public Key of ...

Page 109: ...or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable th...

Page 110: ...k Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 27 SSH Host Key Settings ...

Page 111: ... key 4 49 Console show public key host 4 49 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB3NzaC...

Page 112: ...ies the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page b...

Page 113: ...rusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table...

Page 114: ...s count from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 90 Command Attributes Port Port number Name Descriptive text page 4 145 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send...

Page 115: ...ork resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data The IEEE 802 1X dot1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for ...

Page 116: ... appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an accept or reject packet If authentication is successful the switch allows the client to access the network Otherwise network access is denied and the port remains blocked The operation of 802 1X on the switch requires the following The switch must have a...

Page 117: ...ent also have to support the same EAP authentication type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1X protocol provides port authentication Command Attributes 802 1X System Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 3 30 802 1X Global Information ...

Page 118: ...bled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 31 802 1X Configuration CLI This example enables 802 1X globally for the switch Console show dot1x 4 114 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single H...

Page 119: ... a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the default sett...

Page 120: ...x Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk p...

Page 121: ...ameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 ...

Page 122: ... of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most ...

Page 123: ...ing 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 114 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 124: ...ps can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the en...

Page 125: ...iltering Entry Adds removes an IP address from the list Web Click Security IP Filter Enter the IP addresses or range of addresses that are allowed management access to an interface and click Add IP Filtering Entry to update the filter list Figure 3 34 Creating a Web IP Filter List ...

Page 126: ...ply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is acc...

Page 127: ...s ports 2 User defined rules in the Ingress IP ACL for ingress ports 3 Explicit default rule permit any any in the ingress IP ACL for ingress ports 4 Explicit default rule permit any any in the ingress MAC ACL for ingress ports 5 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Co...

Page 128: ...35 Selecting ACL Type CLI This example creates a standard IP ACL named david Configuring a Standard IP ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and S...

Page 129: ...signed Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Then click Add Figure 3 36 ACL Configuration Standard IP CLI This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 ...

Page 130: ...he following criteria Precedence IP precedence level Range 0 7 TOS Type of Service level Range 0 15 DSCP DSCP priority level Range 0 63 Protocol Specifies the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Contr...

Page 131: ...e 18 control bitmask 18 SYN valid and ACK invalid use control code 2 control bitmask 18 Web Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol typ...

Page 132: ...L Command Attributes Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the Address and Bitmask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bitmask Hex...

Page 133: ...resses Select the address type Any Host or MAC If you select Host enter a specific address e g 11 22 33 44 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID or Ethernet type Then click Add Figure 3 38 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 ...

Page 134: ...s ACLs for ingress filtering You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering Command Attributes Port Fixed port or SFP module Range 1 52 IP Specifies the IP Access List to enable for a port MAC Specifies the MAC Access List to enable globally IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enabled field for th...

Page 135: ...es if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member5 Shows if port is a trunk member Creation6 Shows if a trunk is manually configured or dynamically set via ...

Page 136: ... type Indicates the port type 100BASE TX 1000BASE T or SFP MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice ...

Page 137: ...d or disabled Broadcast storm limit Shows the broadcast storm threshold 64 95232000 octets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the respon...

Page 138: ... it after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Flow Control Allows automatic or manual selection of flow control Console show interfaces status ethernet 1 5 4 153 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 f1 47 58...

Page 139: ...s symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem ...

Page 140: ... to four trunks at a time The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can Console config interface ethernet 1 13 4 145 Console config if description RD SW 13 4 145 Console conf...

Page 141: ... use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop You can create up to four trunks on the switch with up to four ports per trunk The ports at both ends of a connection must be configured a...

Page 142: ...Channel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Ra...

Page 143: ...runk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 42 Static Trunk Configuration ...

Page 144: ...if exit Console config interface ethernet 1 1 4 145 Console config if channel group 2 4 166 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console config if end Console show interfaces status port channel 2 4 153 Information of Trunk 2 Basic information Port type 100TX Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto C...

Page 145: ... configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 95 Command Attributes Member List Current Shows configured trunks Unit Port New Includes entry fields for creating new trunks Port Port identifier Range 1 52 Web Click Port LACP Configuration Select any of th...

Page 146: ... a port to be allowed to join a channel group Console config interface ethernet 1 1 4 145 Console config if lacp 4 166 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 153 Information of Trunk 1 Basic information Port type 100TX Mac address 22 22 22 22 22 2d Configuration Name Port admin Up Spe...

Page 147: ...st be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a lin...

Page 148: ...You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 44 LACP Aggregation Port ...

Page 149: ...em priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 173 Port Channel System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 173 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Inter...

Page 150: ...mber of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but ...

Page 151: ...th 1 1 LACPDUs Sent 91 LACPDUs Receive 43 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 3 7 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LAC...

Page 152: ...ollection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the...

Page 153: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 173 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 3 LACP Port Priority 128 Admin Key 120 Oper Key 120 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long time...

Page 154: ...alue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the p...

Page 155: ...ote side of port channel 1 Console show lacp 1 neighbors 4 173 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 30 F1 CE 2A 20 Partner Admin Port Number 5 Partner Oper Port Number 3 Port Admin Priority 32768 Port Oper Priority 128 Admin Key 0 Oper Key 120 Admin State defaulted distributing collecting synchronization long timeout Oper Stat...

Page 156: ...oadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Port7 Port number Trunk8 Trunk number Type Indicates the port type 100BASE TX 1000BASE T or SFP Threshold Threshold as percentage of por...

Page 157: ...PORT CONFIGURATION 3 109 Web Click Port Port Trunk Broadcast Control Set the threshold mark the Enabled field for the desired interface and click Apply Figure 3 48 Port Broadcast Control ...

Page 158: ...ame destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Console config interface ethernet 1 1 4 145 Console config if no switchport broadcast 4 151 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast octet rate 600 4 151 Console config if end Console show interfaces switchport ethernet 1 2...

Page 159: ...ll duplicate or mirror the traffic on the source port Target Port The port that will mirror the traffic on the source port Web Click Port Mirror Port Configuration Specify the source port unit the traffic type to be mirrored and the monitor port unit then click Add Figure 3 49 Mirror Port Configuration CLI Use the interface command to select the monitor port then use the port monitor command to sp...

Page 160: ...ing traffic is dropped conforming traffic is forwarded without any changes Rate Limit Granularity Rate limit granularity is an additional feature enabling the network manager greater control over traffic on the network The rate limit granularity is multiplied by the rate limit level page 3 113 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethern...

Page 161: ...nterfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or disables the rate limit Default Disabled Rate Limit Level Sets the rate limit level Range 1 30 Default 30 Note Actual rate limit Rate Limit Level Granularity Console config rate limit fastethernet granularity 512 4 162 Console config rate limit gigabitethernet granularity 33300 4 162 console show rate lim...

Page 162: ...sed on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values d...

Page 163: ...o a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The number of packets received via the interface which were ...

Page 164: ... of errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into the transmission of a packet FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not inclu...

Page 165: ...unt of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of resources Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Received By...

Page 166: ...herwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frame...

Page 167: ...CONFIGURATION 3 119 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 52 Port Statistics ...

Page 168: ...errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize p...

Page 169: ...c address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts9 The number of manually configured addresses Current Static Address Table Lists all the static ...

Page 170: ...ess Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address as...

Page 171: ... addresses Web Click Address Table Dynamic Addresses Specify the search type i e mark the Interface MAC Address or VLAN checkbox select the method of sorting the displayed addresses and then click Query Figure 3 54 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 180 Interface Mac Address...

Page 172: ...ime CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exis...

Page 173: ...est cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hel...

Page 174: ... All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which inclu...

Page 175: ... tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Root Hello Time Interva...

Page 176: ...tion each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the transmission of consecutive RSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can ...

Page 177: ...spanning tree 4 196 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes tim...

Page 178: ...ssumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Command Attributes Basic Configuration of Global Settings Spanning Tree State Enables disables STA on this switch Default Enabled S...

Page 179: ...hich the root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information pr...

Page 180: ...loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specif...

Page 181: ...n configures the STA and RSTP parameters Console config spanning tree 4 184 Console config spanning tree mode rstp 4 185 Console config spanning tree priority 45056 4 188 Console config spanning tree hello time 5 4 186 Console config spanning tree max age 38 4 187 Console config spanning tree forward time 20 4 186 Console config spanning tree pathcost method long 4 189 Console config spanning tree...

Page 182: ...ort begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other...

Page 183: ...er is initialized to the setting for Admin Edge Port in STA Port Configuration on page 3 138 i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to th...

Page 184: ...all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Designated root...

Page 185: ...ing required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one...

Page 186: ... ports and trunks Command Attributes The following attributes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 134 for additional information Discarding Port receives STA configuration messages but does not forward packets Console show spanning tree ethernet 1 5 4 196 Eth 1 5 information Admin sta...

Page 187: ...are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Pa...

Page 188: ...ass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also...

Page 189: ... group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment Console config int...

Page 190: ...icit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assi...

Page 191: ...w access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLA...

Page 192: ... network This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in ...

Page 193: ...n forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the ...

Page 194: ... local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 60 Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number11 The VLAN version used by this switch as specifi...

Page 195: ...rt based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Console show bridge ext 4 218 Max support vlan numbers 255 Max support vlan ID 4094...

Page 196: ...isplaying Current VLANs Command Attributes CLI VLAN ID of configured VLAN 1 4094 Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel groups Shows the ...

Page 197: ...ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets Console show vlan id 1 4 208 Vlan ID 1 Type Static Name DefaultVlan Status Active Ports Port Channel Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S ...

Page 198: ...N group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged Web Click VLAN 802 1Q VLAN Static List To create a new VLAN enter the VLAN ID and VLAN name mark the Enable checkbox to activate the VLAN and then click Add Figure 3 63 Configuring a VLAN Static List ...

Page 199: ...fied by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 155 Console config vlan database 4 198 Console config vlan vlan 2 name R D media ethernet state active 4 199 Console config vlan end Console show vlan 4 208 Vlan ID 1 Type Static Name DefaultVlan Status Active Ports Channel groups Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth...

Page 200: ...g and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see A...

Page 201: ...ers to VLANs Port Index Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tagged member Console config interface ethernet 1 1 4 145 Console config if switchport allowed vlan add 2 tagged 4 206 Console config if exit Console config int...

Page 202: ...rface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 65 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Console config interface ethernet 1 3 4 145 Console config if switchport allowed vl...

Page 203: ...ed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untag...

Page 204: ...d on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer12 The interval between transmitting requests queries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer12 The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that af...

Page 205: ...o the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Port Configuration or VLAN Trunk Configuration Fil...

Page 206: ...hin the same switch Each private VLAN consists of two components a primary VLAN and one or more community VLANs A primary VLAN allows traffic to pass between promiscuous ports and between promiscuous ports and community ports subordinate to the primary VLAN A community VLAN conveys traffic between community ports and from the community ports to their associated promiscuous ports Multiple primary V...

Page 207: ...to promiscuous ports in its own VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through a promiscuous port Then assign any promiscuous ports to a primary VLAN and any host ports a secondary VLAN i e community VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch...

Page 208: ...figured with primary VLAN 5 and secondary VLAN 6 Port 3 has been configured as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console show vlan private vlan 4 216 Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 Console...

Page 209: ...ports and to their associated promiscuous ports Isolated VLANs Conveys traffic only between the VLAN s isolated ports and promiscuous ports Traffic between isolated ports within the VLAN is blocked Current Displays a list of the currently configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private ...

Page 210: ...ity or isolated VLANs not associated with the selected primary VLAN Web Click VLAN Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 69 Private VLAN Assoc...

Page 211: ... own community VLAN and with the designated promiscuous port s Isolated The port is an isolated port that can only communicate with promiscuous ports within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated s...

Page 212: ...tween the VLAN s isolated ports and promiscuous ports Traffic between isolated ports within the VLAN is blocked Trunk The trunk identifier Port Information only Web Click VLAN Private VLAN Port Information or Trunk Information Figure 3 70 Private VLAN Port Information ...

Page 213: ...ort Type Sets the private VLAN port types Normal The port is not configured into a private VLAN Host The port is a community port or an isolated port A community port can communicate with other ports in its own community VLAN and with the designated promiscuous port s An isolated port can only communicate with the designated promiscuous port s it cannot communicate with other hosts in its own isol...

Page 214: ...onveys traffic only between the VLAN s isolated ports and promiscuous ports Traffic between isolated ports within the VLAN is blocked If PVLAN Port Type is Isolated then specify the associated isolated VLAN Web Click VLAN Private VLAN Port Configuration or Trunk Configuration Set the PVLAN Port Type for each port that will join a private VLAN For promiscuous ports set the associated primary VLAN F...

Page 215: ... interface and configure the mapping of frame priority tags to the switch s priority queues Layer 2 Queue Settings Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Co...

Page 216: ...EEE 802 1p User Priority bits will be used If the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Command Attributes Default Priority13 The priority that is assigned to untagged frames received on the specified interface Range 0 7 Default 0 Number of Egress Traffic Classes The number of queue buffers provided for each port W...

Page 217: ...interface ethernet 1 3 4 145 Console config if switchport priority default 5 4 224 Console config if end Console show interfaces switchport ethernet 1 3 4 156 Information of Eth 1 3 Broadcast threshold Disabled LACP status Disabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Enabled Acceptable frame type Tagged frames only Native ...

Page 218: ...or your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class14 Output queue buffer Range 0 3 where 3 is the highest CoS priority queue Table 3 11 CoS Priority Levels Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 1...

Page 219: ...ific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 145 Console config if queue cos map 0 0 4 226 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if end Console show queue cos map ethernet 1 1 4 228 Information of Eth 1 1 CoS ...

Page 220: ...e This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 for queues 0 through 3 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower...

Page 221: ...responding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table15 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class However note that Queue 0 is...

Page 222: ...or Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is I...

Page 223: ...P from the scroll down menu then click Apply Figure 3 76 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffi...

Page 224: ...esent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 77 Mapping IP Precedence Priority Values Table 3 12 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type 7 Network Control 3 Flash 6 Internetwork Control 2 Immediate 5 Critical 1 ...

Page 225: ... bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence 4 229 Console config interface ethe...

Page 226: ...Note that 0 represents low priority and 7 represent high priority Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 78 Mapping IP DSCP Priority Values 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 Table 3 13 Mapping DSCP Priority Values Continued IP DSCP Value CoS Value ...

Page 227: ...er Some of the more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority C...

Page 228: ... IP Port Priority Status to Enabled Figure 3 79 IP Port Priority Status Click Priority IP Port Priority Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box and then click Apply Figure 3 80 IP Port Priority ...

Page 229: ...as shown in the following table Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 169 Command Attributes Port Port identifier Name16 Name of ACL Type Type of ACL IP or MAC Console config map ip port 4 229 Console config interface ethernet 1 5 Conso...

Page 230: ... Click Priority ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Add Figure 3 81 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24 Console config interface ethernet 1 24 4 145 Console config if map access list ip bill cos 0 4 126 Console config if ...

Page 231: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure t...

Page 232: ... appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 191 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switc...

Page 233: ... is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 D...

Page 234: ...ult 2 Notes 1 All systems on the subnet must support the same version 2 Some attributes are only enabled for IGMPv2 including IGMP Report Delay and IGMP Query Timeout Web Click IGMP Snooping IGMP Configuration Adjust the IGMP settings as required and then click Apply The default settings are shown below Figure 3 82 IGMP Configuration ...

Page 235: ...for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Console config ip igmp snooping 4 239 Console config ip igmp snooping querier 4 243 Console config ip igmp snooping query count 10 4 243 Console config ip igmp snooping query inter...

Page 236: ...ctions IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all ...

Page 237: ...g interfaces to the list click Apply Figure 3 84 Static Multicast Router Port Configuration CLI This example configures port 11 as a multicast router port within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast IP address Command Attributes VLAN ID Selects the VLAN for which to display port members Multicast IP Add...

Page 238: ...n lists The switch will display all the interfaces that are propagating this multicast service Figure 3 85 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding services The Type field shows if this entry was learned dynamically or was statically configured Console show bridge 1 multicast vl...

Page 239: ...ng hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate...

Page 240: ...Add After you have completed adding ports to the member list click Apply Figure 3 86 IGMP Member Port Table CLI This example assigns a multicast address to VLAN 1 and then displays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 11 4 239 Console config exit Console show mac address table multicast vlan 1 4 241 VLAN M cast IP ...

Page 241: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 242: ...t set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to...

Page 243: ...you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessions to the device via Telnet Username admin Password CLI session with the...

Page 244: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 245: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 246: ...formation ip IP information lacp LACP statistic line TTY line information log Login records logging Login setting mac MAC access list mac address table Configuration of the address table management Management IP filter map Maps priority port Port Characteristics public key Public Key information queue Priority queue information radius server RADIUS server information rate limit Configures rate lim...

Page 247: ...g command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again...

Page 248: ... user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will no...

Page 249: ... the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such as parity a...

Page 250: ...ileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console configure Console config Table 4 2 Configuration Modes Mode Command Prompt Page Line line console vty Console config line 4 14 Access Control List access list ip standard access list ip extended access list mac Console config std acl Console config e...

Page 251: ...ne Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters ...

Page 252: ... also configures port security and IEEE 802 1X port access control 4 94 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 117 SNMP Activates authentication failure traps configures community access strings and trap managers also configures IP address filtering 4 136 Interfa...

Page 253: ... VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 217 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets pr...

Page 254: ...imeout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 20 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command LC 4 21 data...

Page 255: ...efault Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 25 show users 4 ...

Page 256: ...ified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respe...

Page 257: ...Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The ...

Page 258: ...onds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The ...

Page 259: ... specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the ...

Page 260: ...ld The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached fo...

Page 261: ... set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 20...

Page 262: ...bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related...

Page 263: ...ation protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Op...

Page 264: ...s if the speed you selected is not supported Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command Console config line spee...

Page 265: ... 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 55 show users 4 84 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows al...

Page 266: ...c console Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 29 reload Restarts the system PE 4 30 end Returns to Privileged Exec mode any config mode 4 30 exit Returns to the previous con...

Page 267: ...0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 36 The character is appended to the end of the prompt to indicate that the system is in priv...

Page 268: ...and Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 27 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Config...

Page 269: ... Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 270: ...ad This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end T...

Page 271: ...mmand returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Console exit Press ENTER...

Page 272: ...Verification Username Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a web browser 4 40 Telnet Ser...

Page 273: ...Status Displays system configuration active managers and version information 4 78 Frame Size Enables support for jumbo frames 4 85 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 138 snmp server location Sets th...

Page 274: ... for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 94 and host access authentication for specific ports page 4 107 Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Function Mode Page username Es...

Page 275: ...ve Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting T...

Page 276: ...ed Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password passwo...

Page 277: ...configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 27 authentication enable 4 96 IP Filter Commands Console config enable password level 15 0 admin Console config Table 4 11 IP Filter Commands Command Function Mode Page management Configures IP add...

Page 278: ...range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include ...

Page 279: ...llowed management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Console config manag...

Page 280: ...25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 41 ip http server Allows the switch to be monitored or configured from a browser GC 4 41 ip http secure server Enables HTTPS SSL for encryp...

Page 281: ...The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 41 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 282: ...e can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server ne...

Page 283: ...ficate 4 87 ip http secure port This command specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Table 4 13 HTTPS System Support Web Browser Operating System Internet Explorer 5 ...

Page 284: ...4 42 Telnet Server Commands ip telnet port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax ip telnet port port number no ip telnet port port number The TCP port to be used by the browser interface Range 1 65535 Console config ip http secure port 1000 Console config Table 4 14 Telnet Server Commands Command Function Mode Page ip...

Page 285: ...rver This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuration Example Related Commands ip telnet port 4 44 Console config ip telnet port 123 Console config Console config ip telnet server Console config ...

Page 286: ...cess authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install a SSH client on the management station when using this protocol to configure the switch Note T...

Page 287: ...he switch and enable the SSH server To use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair ip ssh crypto host key generate Generates the host key PE 4 53 ip ssh crypto zeroize Clear the host key from RAM PE 4 54 ip ssh save host key Saves the host key from RAM to flash memory PE 4 54 disconnect ...

Page 288: ...witch via the User Accounts page as described on page 3 48 The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187721...

Page 289: ... use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Default Setting Disabled Com...

Page 290: ...imeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Console ...

Page 291: ...h authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 55 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key s...

Page 292: ...fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example Console config ip ssh server key size 512 Console config Console delete publ...

Page 293: ...pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with t...

Page 294: ...rs the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 53 ip ssh save host key 4 54 no ip ssh server 4 49 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key...

Page 295: ...e SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Sessio...

Page 296: ...DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three ite...

Page 297: ...re entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA key is displayed the first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 35 and the last string is the encoded modulus When a DSA key is displayed the first field indicates that the encryp...

Page 298: ...A ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2HxcYV44sXZ2JXhamLK6P8bvuiyacWbUWa4PAtp1KMSdqsKeh3hKoA3vRRSy1N2 XFfAKxl5fwFfvJlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRA AAAFQChb4vsdfQGNIjwbvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZ vH p9cnrfwFTMU01VFDly3IR2G395NLy5Qd7ZDxfA9mCOfTyyEfbobMJZi8oGCstSNO xrZZVnMqWrTYfdrKX7YKBw Kjw6Bm iFq7O jAhf1Dg45loAc27s6TLdtny1w...

Page 299: ...s that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 59 logging history Limits syslog messages saved to switch memory based on severity GC 4 60 logging host Adds a syslog server host IP address that will receive logging messages GC 4 61 logging facility Sets the facility type for remote logging of syslog messages GC 4 62 ...

Page 300: ...n power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g return...

Page 301: ... server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration 1 alerts Immediate action needed 0 emergencies System unusable Console config logging history ram 0 Console config Table 4 18 Logging Levels Continued...

Page 302: ... A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort me...

Page 303: ...o logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 60 Default Setting Enabled Level 6 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also en...

Page 304: ...show logging 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on po...

Page 305: ...g flash Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level informational Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging hi...

Page 306: ... 0 REMOTELOG server IP address 0 0 0 0 Console Table 4 20 show logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility...

Page 307: ...t messages stored in memory including the time stamp message level page 4 60 program module function and event number Example The following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 4 00 01 00 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00...

Page 308: ...mmand Mode Global Configuration Command Usage You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server Table 4 21 SMTP Alert Commands Command Function Mode Page logging sendmail host SMTP servers to receive alert messages GC 4 68 logging sendmail level Severity threshold used to trigger alert messages GC 4 69 logging sendmail sourc...

Page 309: ...sfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax logging sendmail level level level One of the system message levels page 4 60 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event...

Page 310: ...ion Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will set the source email john acme com logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address ...

Page 311: ...This command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Console config logging sendmail destination email ted this company com Console config Console config...

Page 312: ...inimum severity level 4 SMTP destination email addresses 1 ted this company com SMTP source email address john acme com SMTP status Enabled Console Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 73 sntp server Specifies one or more time servers GC 4 74 sntp poll Sets the interval at which the client polls for time GC 4 75 show sntp Sho...

Page 313: ...ecords the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp server 4 74 sntp poll 4 75 show sntp 4 75 Console config sntp server 10 1 0 19 Conso...

Page 314: ... addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands...

Page 315: ...etting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 4 73 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchr...

Page 316: ...c Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your ...

Page 317: ...th day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 April 1st 2004 Console config cloc...

Page 318: ...ion Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 79 show running config Displays the configuration data currently in use PE 4 81 show system Displays system information NE PE 4 83 show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet clients NE P...

Page 319: ...running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for ea...

Page 320: ...guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw logging history ram 6 logging history flash 3 vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface vlan 1 ip address dhcp line console line...

Page 321: ...nd displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP community strings Users names access levels and encrypted passwords Event log settings VLAN database VLAN ID name and state VLAN co...

Page 322: ... access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca logging history ram 6 logging history flash 3 vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged s...

Page 323: ...assistance Example Console show system System description TigerSwitch 10 100 6752AL2 System OID string 1 3 6 1 4 1 202 20 44 System information System Up time 3 hours 0 minutes and 7 18 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 30 F1 D3 26 00 Web server enabled Web server port 80 Web secure server enabled Web secure server port 443 Telnet server enable Telnet...

Page 324: ... e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168 1...

Page 325: ... the no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number A419048860 Service tag Hardware version R0B Module A type 1000BaseT Module B type 1000BaseT Number of ports 52 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 2 2 1 1 Boot ROM version 2 2 1 3 Operation code version 2 2 2 2 Console Table 4...

Page 326: ...odes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 4 151 The current setting for jumbo frames can be disabled with the show system command page...

Page 327: ...y tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Copies an HTTPS certificate from...

Page 328: ...ault_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot ...

Page 329: ...file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to ...

Page 330: ...guration file or image name unit Stack unit This is unit 1 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public key type 1 RSA 2 DSA 1 2...

Page 331: ...e The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the configuration file or code image unit Stack unit This is unit 1 Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files A c...

Page 332: ...Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir 1 file name file type startup size byte Unit1 Diag_V2 2 1 3 bix Boot Rom image Y 196020 V2 1 5 4 bix Operation Code N 1745120 V2 2 2 2 bix Operation Code Y 17...

Page 333: ...t rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or code image unit Specifies the unit number This is unit 1 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an error it cannot be set as the default file Cons...

Page 334: ...mmand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 94 RADIUS Client Configures settings for authentication via a RADIUS server 4 97 TACACS Client Configures settings for authentication via a TACACS server 4 102 Port Security Configures secure addresses for a port 4 104 Port Authentication Configures host authentication on specific ports using 802...

Page 335: ...pts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command ...

Page 336: ...US server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of...

Page 337: ...hentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands C...

Page 338: ...f server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticate ...

Page 339: ... 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode ...

Page 340: ... 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 6553...

Page 341: ...vileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Sever 1 Server IP address 192 168 1 1 Communication key with RADIUS server Server port number 181 Retransmit times 2 Request timeout 5 Console ...

Page 342: ...rver host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 102 tacacs server port S...

Page 343: ... 1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command M...

Page 344: ...eady stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disablin...

Page 345: ...esponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Table 4 31 Port ...

Page 346: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using...

Page 347: ...ntity packet to the client before it times out the authentication session IC 4 109 dot1x port control Sets dot1x mode for a port interface IC 4 109 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 110 dot1x re authenticate Forces re authentication on specific ports PE 4 111 dot1x re authentication Enables re authentication for all ports IC 4 111 dot1x timeout quiet period...

Page 348: ...the default Syntax no system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default values Command Mode Global Configuration Example Console config dot1x system auth control Console config Console config dot1x default Console config ...

Page 349: ...control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients eithe...

Page 350: ...st max count count no dot1x operation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count...

Page 351: ...on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Co...

Page 352: ... seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Console config interface eth 1 2 Console config if dot1x...

Page 353: ...P packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x timeout re authperiod 300 Console config if Console config interface eth 1 2 Console config if dot1x timeout tx pe...

Page 354: ...d on the switch 802 1X Port Summary Displays the port access control parameters for each interface including the following items Status Administrative state for port access control Operation Mode Dot1x port control operation mode page 4 110 Mode Dot1x port control mode page 4 109 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control paramete...

Page 355: ... this port page 4 110 Port control Shows the dot1x mode on a port as auto force authorized or force unauthorized page 4 109 Supplicant MAC address of authorized client Current Identifier The integer 0 255 used by the Authenticator to identify the current authentication session Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated ...

Page 356: ...ingle Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 e8 49 5e dc Current Identifier 3 Authenticator State Machine St...

Page 357: ...ule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as ...

Page 358: ...rts 5 If no explicit rule is matched the implicit default is permit all IP ACLs Table 4 33 Access Control Lists Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 118 MAC ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4 128 ACL Information Displays ACLs and associated rules shows ACLs...

Page 359: ...ation IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration show ip access list Displays the rules for configured IP ACLs PE 4 124 ip access group Adds a port to an IP ACL IC 4 125 show ip access group Shows port assignments for IP ACLs PE 4 125 mapaccess list ip Sets the CoS value and corresponding ...

Page 360: ...ample Related Commands permit deny 4 120 ip access group 4 125 show ip access list 4 124 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number...

Page 361: ...mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Related Commands access list ip 4 119 Console config std acl permit h...

Page 362: ...os tos dscp dscp source port sport end destination port dport end control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precedence level Range 0 7 tos Type of Service l...

Page 363: ... You can specify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Fini...

Page 364: ...92 168 1 0 with the TCP control code set to SYN Related Commands access list ip 4 119 show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Console config ext acl perm...

Page 365: ...s that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Console show ip access list standar...

Page 366: ... ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Console config int eth 1 25 Console config if ip access group david i...

Page 367: ... map 4 226 show map access list ip 4 127 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Table 4 35 Egress Queue Priority Mapping Qu...

Page 368: ...d Function Mode Page access list mac Creates a MAC ACL and enters configuration mode GC 4 128 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 130 show mac access list Displays the rules for configured MAC ACLs PE 4 131 mac access group Adds a port to a MAC ACL IC 4 132 show mac access group Shows port assignments for MAC ACL...

Page 369: ...to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny MAC ACL 4 130 mac access group 4 132 show mac access list 4 131 Console config access list mac jerry Console conf...

Page 370: ...t II packets any Any MAC source or destination address host A specific MAC address source Source MAC address destination Destination MAC address range with bitmask address bitmask18 Bitmask for MAC address in hexidecimal format vid VLAN ID Range 1 4094 vid end Upper bound of VID range Range 1 4094 protocol A specific Ethernet protocol number Range 0 65535 protocol end Upper bound of protocol range...

Page 371: ... is 0800 Related Commands access list mac 4 128 show mac access list This command displays the rules for configured MAC ACLs Syntax show mac access list acl_name acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 130 mac access group 4 132 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 Console config ma...

Page 372: ...et Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac access list 4 131 show mac access group This command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Console config interface ethernet 1 25 Console config if ...

Page 373: ...t mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a rule within the specified ACL is mapped to one of the output queues as shown below Example Table 4 37 Egress Queu...

Page 374: ...rrent interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Range 1 52 Command Mode Privileged Exec Example Related Commands map access list mac 4 133 Console show map access list mac Access list to COS of Eth 1 5 Access list jerry cos 0 Console ...

Page 375: ...ated rules PE 4 135 show access group Shows the ACLs assigned to each port PE 4 136 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 16 0 255 255 240 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list j...

Page 376: ...d access list david MAC access list jerry Console Table 4 39 SNMP Commands Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 4 137 snmp server contact Sets the system contact string GC 4 138 snmp server location Sets the system location string GC 4 138 snmp server host Specifies the recipient of an SNMP notification operation ...

Page 377: ...read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify ...

Page 378: ...ation Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 138 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Set...

Page 379: ...pient Maximum host addresses 5 trap destination IP address entries community string Password like community string sent with the notification operation Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifie...

Page 380: ...ons are sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP version 1 or version 2c notifications to a host IP address dependi...

Page 381: ... controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps comma...

Page 382: ...fault Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command ...

Page 383: ...NMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP logging enabled Lo...

Page 384: ...4 146 negotiation Enables autonegotiation of a given interface IC 4 147 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 148 flowcontrol Enables flow control on a given interface IC 4 149 shutdown Disables an interface IC 4 150 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 151 clear counters Clears statistics on ...

Page 385: ... Range 1 52 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to th...

Page 386: ...uplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Chann...

Page 387: ...or a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed ...

Page 388: ...upports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric paus...

Page 389: ...ed duplex 4 146 flowcontrol 4 149 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back...

Page 390: ...rol on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands negotiation 4 147 capabilities flowcontrol symmetric 4 148 shutdown This command disables an interface To restart a disabled interf...

Page 391: ...rol Syntax switchport broadcast octet rate rate no switchport broadcast rate Threshold level as a rate i e octets per second Range 64 95232000 Default Setting Enabled for all ports Packet rate limit 32000 octets per second Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped This command can enab...

Page 392: ... Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on...

Page 393: ...This is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 87 ...

Page 394: ...erfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 F1 D3 26 05 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 32000 octets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Current status Link stat...

Page 395: ...064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 227208 Packets 3338 ...

Page 396: ...Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 600 octets second LACP status Enabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type...

Page 397: ...ws if acceptable VLAN frames include all types or tagged frames only page 4 203 Native VLAN Indicates the default Port VLAN ID page 4 205 Priority for untagged traffic Indicates the default priority for untagged frames page 4 222 Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled page 4 219 Allowed Vlan Shows the VLANs this interface has joined where u indicates untagged a...

Page 398: ...ransmitted packets Default Setting No mirror session is defined Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner The destinati...

Page 399: ...to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 Default Setting Shows all sessions Command Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX Console config interface etherne...

Page 400: ...re to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Note The rate limit granularity is multiplied by the rate limit page 4 161 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces Console config interface ethernet 1 11 Console config if port monitor ethern...

Page 401: ...tore the default status of disabled Syntax rate limit input output level rate no rate limit input output input Input rate output Output rate rate Maximum value Range 1 30 Default Setting 30 Command Mode Interface Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example Console config interface ethernet 1 1 Console config if rate limit input level 20 ...

Page 402: ...nularity granularity Sets rate limit granularity for the system For Fast Ethernet choose 512 Kbps 1 Mbps or 3 3 Mbps For Gigabit Ethernet only one granularity option is supported 33 3 Mbps Default Setting Fast Ethernet interface 3 3 Mbps Gigabit Ethernet interface 33 3 Mbps Command Mode Global Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example ...

Page 403: ...s Gigabit Ethernet interface 33 3 Mbps Command Mode Privileged Exec Command Usage For Fast Ethernet interfaces the rate limit granularity is 512 Kbps 1 Mbps or 3 3 Mbps For Gigabit Ethernet interfaces the rate limit granularity is 33 3 Mbps Example Console show rate limit Fast ethernet granularity 1000 Gigabit ethernet granularity 33300 Console ...

Page 404: ...perating at full duplex Table 4 44 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 4 145 channel group Adds a port to a trunk IC Ethernet 4 166 Dynamic Configuration Command lacp Configures LACP for the current interface IC Ethernet 4 166 lacp system priority Config...

Page 405: ... to added or deleted from a VLAN via the specified port channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin ...

Page 406: ...tches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no lacp Default Set...

Page 407: ...n A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active li...

Page 408: ...e config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 100TX Mac address 00 00 e8 00 00 0b Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Flow control status Disabled...

Page 409: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 410: ...stem priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side of ...

Page 411: ...ort Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Et...

Page 412: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side...

Page 413: ...entifier for a link aggregation group Range 1 4 counters Statistics for LACP protocol messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sysid Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec ...

Page 414: ...s received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slo...

Page 415: ...ronization aggregation long timeout LACP activity Table 4 46 show lacp internal display description Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP system priority assigned to...

Page 416: ...enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is co...

Page 417: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Page 418: ...up configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 49 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 179 clear mac address table dynamic Removes any l...

Page 419: ...nt lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characte...

Page 420: ...ess table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 vlan id VLAN ID Range ...

Page 421: ...s Enter hexadecimal numbers where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address table aging time This command sets the aging time for entries in the address table Use the no form to restore the default...

Page 422: ...dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Console show mac address table aging time Aging time 100 sec Console ...

Page 423: ... age Configures the spanning tree bridge maximum age GC 4 187 spanning tree priority Configures the spanning tree bridge priority GC 4 188 spanning tree path cost method Configures the path cost method for RSTP GC 4 189 spanning tree transmission limit Configures the transmission limit for RSTP GC 4 189 spanning tree spanning disabled Disables spanning tree for an interface IC 4 190 spanning tree ...

Page 424: ...r bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree protocol migration Re checks the appropriate BPDU format...

Page 425: ...ts connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 ...

Page 426: ...states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example spanning tree hello time This command configures the...

Page 427: ...x age seconds Time in seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports exce...

Page 428: ... the bridge Range 0 65535 Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have...

Page 429: ... cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 191 takes precedence over port priority page 4 192 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RS...

Page 430: ...panning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command limits the maximum transmission rate for BPDUs Example This example disables the spanning tree algorithm for port 5 Console config spanning tree transmission limit 4 Console config Console config i...

Page 431: ...Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with ...

Page 432: ...or the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 191 spanning t...

Page 433: ...of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device This command has the same effect as the spanning tree portfast Example R...

Page 434: ...fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future software versions Example Related Commands spanning tree edge port 4 192 spanning tree link...

Page 435: ...point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Example spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet un...

Page 436: ... Example show spanning tree This command shows the configuration for the spanning tree Syntax show spanning tree interface interface ethernet unit port unit This is device 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for...

Page 437: ...y sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 50000 Number of topology changes 5 Last topology changes time sec 226 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding Path cost 100000 Priority 128 Designated cost 200000 Designated por...

Page 438: ...iately Default Setting None Table 4 51 VLANs Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 198 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 201 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 208 Configuring P...

Page 439: ...y entering the show running config command Example Related Commands show vlan 4 208 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name A...

Page 440: ... id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the switch Example The following example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Related Commands show vlan 4 208 Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan ...

Page 441: ...r a specified VLAN IC 4 201 switchport mode Configures VLAN membership mode for an interface IC 4 202 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 203 switchport ingress filtering Enables ingress filtering on an interface IC 4 204 switchport native vlan Configures the PVID native VLAN of an interface IC 4 205 switchportallowedvlan Configures the VLAN...

Page 442: ...a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames private vlan For an explanation of this command see switchport mode private vlan on page ...

Page 443: ...all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged ...

Page 444: ...gged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN depe...

Page 445: ...is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering th...

Page 446: ...ntagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when addi...

Page 447: ...f VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN f...

Page 448: ...ng from 1 to 32 characters private vlan For an explanation of this command see show vlan private vlan on page 4 216 private vlan type Indicates the private vlan type Options Community Isolated Primary Default Setting Shows all VLANs Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 54 Show VLAN Commands Command Function Mode Page show...

Page 449: ...scribes commands used to configure private VLANs Console show vlan id 1 Vlan ID 1 Type Static Name DefaultVlan Status Active Ports Port Channel Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1 19 S Eth1 20 S Eth1 21 S Eth1 22 S Eth1 23 S Eth1 24 S Eth1 25 S Eth1 26 S Eth1 ...

Page 450: ...e the switchport private vlan isolated command to assign a port to an isolated VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan command to verify your configuration settings Configure Private VLAN Interfaces switchport mode private vlan Sets an interface to host mode or promiscuous mode IC 4 213 switchport private vlan host ...

Page 451: ...LANs and other locations isolated Specifies an isolated VLAN Ports assigned to an isolated VLAN can only communicate with promiscuous ports within their own VLAN Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same VLAN community and channel traffic passing outside the community through promiscuous ports that have be...

Page 452: ...es secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the...

Page 453: ...n the same primary VLAN as well as with all the ports in the associated secondary VLANs Default Setting Normal VLAN Command Mode Interface Configuration Ethernet Port Channel Command Usage To assign a host port to a community VLAN use the private vlan host association command To assign a host port to an isolated VLAN use the switchport private vlan isolated command Example Console config interface...

Page 454: ...t Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via a promiscuous port Example switchport private vlan isolated Use this command to associate an interface with an isolated VLAN Use the no form to remove this association Syntax switchport private vlan isolated isolated vlan i...

Page 455: ...te vlan mapping primary vlan id no switchport private vlan mapping primary vlan id ID of primary VLAN Range 1 4094 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage Promiscuous ports assigned to a primary VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example Console...

Page 456: ...their associated primary VLAN and assigned host interfaces isolated Displays all isolated VLANs along with their associated primary VLAN and assigned host interfaces primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console show vlan private vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 com...

Page 457: ...ally for the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 56 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 217 show bridge ext Shows the global bridge extension configuration PE 4 218 switchport gvrp Enables GVRP for an interface IC 4 219 switchport forbidden vlan Configures...

Page 458: ...or bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 146 and Displaying Bridge Extension Capabilities on page 3 15 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filte...

Page 459: ...ows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 6 Console config if switchport gvrp Console config if Cons...

Page 460: ...Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP regis...

Page 461: ...s is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 220 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 100 centiseconds Leave timer 60 centi...

Page 462: ... Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 222 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4 229 Table 4 58 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round ...

Page 463: ... Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the s...

Page 464: ...e The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priorit...

Page 465: ...ault weights Syntax queue bandwidth weight1 weight3 no queue bandwidth weight1 weight3 The ratio of weights for queues 0 3 determines the weights used by the WRR scheduler However note that Queue 0 is fixed at a weight of 1 and cannot be configured Range 1 31 Default Setting Weights 1 2 4 6 are assigned to queues 0 3 respectively Queue 0 is non configurable Command Mode Global Configuration Comman...

Page 466: ...rated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Comma...

Page 467: ...eged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue cos map 0 0 1 2 Console config if queue cos map 1 3 Console config if queue cos map 2 4 5 Console config if queue cos map 3 6 7 Console config if end Console show queue cos map ...

Page 468: ...interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 6 Console Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 0 0 1 2 2 3 3 Console ...

Page 469: ...ecedence value to a class of service IC 4 232 map ip dscp Enables IP DSCP class of service mapping GC 4 233 map ip dscp Maps IP DSCP value to a class of service IC 4 233 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 126 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 133 show ma...

Page 470: ...t priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 1 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Preced...

Page 471: ...d Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally Console config interface ethernet 1 5...

Page 472: ... Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Examp...

Page 473: ...itchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally map ip dscp Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip d...

Page 474: ...ty DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 Table 4 62 IP DSCP to CoS Values IP DSCP Value CoS Value 0 0 8 1 10 12 ...

Page 475: ... 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Commands map ip port Global Configuration 4 229 map ip port Interface Configuration 4 230 Console show map ip port TCP port mapping status enabled Port Port no COS Eth 1 5 80 0 Console ...

Page 476: ...umber Range 1 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip port Global Configuration 4 229 map ip precedence Interface Configuration 4 232 Console show map ip precedence ethernet 1 5 Precedence mapping status enabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1...

Page 477: ...ort number Range 1 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 233 map ip dscp Interface Configuration 4 233 Console show map ip dscp ethernet 1 1 DSCP mapping status enabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 478: ...icast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 238 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 242 Static Multicast Routing Configures static multicast router ports 4 247 Table 4 64 IGMP Snooping Commands Command Function Mode Page ip i...

Page 479: ...s IGMP snooping ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit This is unit 1 port Port number Range 1 52 port channel channel id Range 1 4 Default Setti...

Page 480: ...ing IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures t...

Page 481: ...ration show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Console show ip igmp snooping Service status Enabled Querier status Enabled...

Page 482: ...ng VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 65 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 243 ip igmp snooping query count Configures the query count GC 4 243 ip igmp snooping query interval Configures the query interval GC 4 244 ip igmp snooping query max resp...

Page 483: ...le for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast g...

Page 484: ...ample The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 245 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Ra...

Page 485: ...command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the...

Page 486: ...er the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snoopin...

Page 487: ...g No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the curre...

Page 488: ...ter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip igmp sno...

Page 489: ...ress Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Table 4 67 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current inte...

Page 490: ...st periodically by this device in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command or by rebooting the switch Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through...

Page 491: ...ault gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 253 ip dhcp restart This command submits a BOOTP or DHCP client request Default Setting None C...

Page 492: ... following example the device is reassigned the same address Related Commands ip address 4 249 show ip interface This command displays the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Example Related Commands show ip redirects 4 253 Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart Console show...

Page 493: ... the network Syntax ping host size size count count host IP address or IP alias of the host size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than the size specified because the switch adds header information count Number of packets to send Range 1 16 default 5 Default Setting This command has no default for the host Command Mode Normal Exec...

Page 494: ... destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 145 Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time ...

Page 495: ...ll duplex 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex Flow Control Full Duplex IEEE 802 3 2002 Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring One source port one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks...

Page 496: ... VLAN tag or port Layer 3 4 priority mapping IP Port IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet Web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Managemen...

Page 497: ... IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet Full duplex flow control Link Aggregation Control Protocol IEEE 802 3ac VLAN tagging DHCP Client RFC 1541 HTTPS IGMP RFC 1112 IGMPv2 RFC 2236 RADIUS RFC 2618 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2 RFC 2571 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 ...

Page 498: ...up MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP Community MIB RFC 2576 SNMPv2 IP MIB RFC 2011 TACACS Authentication Client MI...

Page 499: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 500: ... SSH client Be sure you have set up an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 sto...

Page 501: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 502: ...TROUBLESHOOTING B 4 ...

Page 503: ...e appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provi...

Page 504: ...on Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership...

Page 505: ...dard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame start stop requests and timer...

Page 506: ...mbership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control pack...

Page 507: ...one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechani...

Page 508: ...s Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including...

Page 509: ...icated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a...

Page 510: ... targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same...

Page 511: ...or restoring 2 11 3 24 4 87 console port required connections 2 2 CoS configuring 3 167 4 221 DSCP 3 177 3 181 4 232 IP precedence 3 175 4 228 4 229 4 230 layer 3 4 priorities 3 174 4 228 queue mapping 3 169 4 225 queue mode 3 172 4 222 traffic class weights 3 173 4 224 D default gateway configuration 3 18 4 250 default priority ingress port 3 167 4 223 default settings system 1 7 DHCP 3 19 4 248 ...

Page 512: ...3 17 4 248 IP precedence enabling 3 175 4 228 4 229 4 230 mapping priorities 3 175 4 231 J jumbo frame 4 85 L LACP local parameters 4 173 partner parameters 4 173 protocol message statistics 4 173 link type STA 3 137 3 140 4 194 logging syslog traps 4 63 to syslog servers 4 61 log in Web interface 3 3 logon authentication 3 48 4 94 RADIUS client 4 97 RADIUS server 4 97 TACACS client 3 50 4 102 TAC...

Page 513: ...59 problems troubleshooting B 1 promiscuous ports 3 158 protocol migration 3 140 4 195 PVLAN association 3 162 community ports 3 158 interface configuration 3 165 primary VLAN 3 159 promiscuous ports 3 158 Q queue weights 3 173 4 224 R RADIUS logon authentication 4 97 rate limits setting 3 112 4 160 remote logging 4 63 restarting the system 3 41 4 30 RSTP 3 124 4 185 global configuration 3 126 4 1...

Page 514: ... clock setting 3 42 4 72 System Logs 3 33 system software downloading from server 3 22 4 87 T TACACS logon authentication 3 50 4 102 time setting 3 42 4 72 traffic class weights 3 173 4 224 trap manager 2 10 3 46 4 139 troubleshooting B 1 trunk configuration 3 92 4 164 LACP 3 96 4 166 static 3 94 4 166 U upgrading software 3 22 4 87 user password 3 48 4 35 4 36 V VLANs 3 141 3 167 4 198 4 216 addi...

Page 515: ......

Page 516: ...73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 8701 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 11 314 1133 Fax 27 11 314 9133 North Africa 34 93 477 4920 Fax 34 93 477 3774 Russia 7 095 290 29 96 Fax 7 095 290 29 96 PRC 8...

Reviews: