SMC Networks 8028L2 Management Manual Download Page 84

Page: 84 / 392

HAPTER

| Configuring the Switch

Configuring 802.1X Port Authentication

– 84 –

expires, the switch will consider the client alive, and leave it

authenticated. Therefore, an age period of T will require the client to

send frames more frequent than T/2 to stay authenticated.

◆

Hold Time

- The time after an EAP Failure indication or RADIUS

timeout that a client is not allowed access. This setting applies to ports

running MAC-based authentication only. (Range: 10-1000000 seconds;

Default: 10 seconds)
If the RADIUS server denies a client access, or a RADIUS server

request times out (according to the timeout specified on the

Authentication menu,

page 65

), the client is put on hold in the

Unauthorized state. In this state, frames from the client will not cause
the switch to attempt to reauthenticate the client.

Port Configuration

◆

Port

– Port identifier. (Range: 1-28)

◆

Admin State

- Sets the authentication mode to one of the following

options:

■

Authorized

- Forces the port to grant access to all clients, either

dot1x-aware or otherwise. (This is the default setting.)

■

Unauthorized

- Forces the port to deny access to all clients, either

dot1x-aware or otherwise.

■

802.1X

- Requires a dot1x-aware client to be authorized by the

authentication server. Clients that are not dot1x-aware will be

denied access.

■

MAC-Based

- Enables MAC-based authentication on the port. The

switch does not transmit or accept EAPOL frames on the port.

Flooded frames and broadcast traffic will be transmitted on the port,

whether or not clients are authenticated on the port, whereas

unicast traffic from an unsuccessfully authenticated client will be

dropped. Clients that are not (or not yet) successfully authenticated

will not be allowed to transmit frames of any kind.

Port Admin state can only be set to Authorized for ports participating in

the Spanning Tree algorithm (see

page 78

When 802.1X authentication is enabled on a port, the MAC address

learning function for this interface is disabled, and the addresses

dynamically learned on this port are removed from the common

address table.
Authenticated MAC addresses are stored as dynamic entries in the

switch's secure MAC address table. Configured static MAC addresses

are added to the secure address table when seen on a switch port (see

page 98

). Static addresses are treated as authenticated without

sending a request to a RADIUS server.
When port status changes to down, all MAC addresses are cleared from

the secure MAC address table. Static VLAN assignments are not

restored.

Summary of Contents for 8028L2

Page 1: ...MANAGEMENT GUIDE TigerSwitchTM 10 100 1000 28 Port Gigabit Ethernet Switch SMC8028L2 ...

Page 2: ...20 Mason Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions Janurary 2010 Pub 149100000079A E012010 MW R01 ...

Page 3: ...ranted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2010 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack TigerSwitch and TigerAccess are trademarks of SMC Networks Inc Other product and company names are trad...

Page 4: ... 4 WARRANTY AND PRODUCT REGISTRATION To register SMC products and to review the detailed warranty statement please refer to the Support Section of the SMC Website at http www smc com ...

Page 5: ...your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that could cause personal injury RELATED PUBLICATIONS The following publication details the hardware features of the switch including the physical and performance related characteristics and how to insta...

Page 6: ...ABOUT THIS GUIDE 6 ...

Page 7: ...up and Restore 28 Authentication 28 Access Control Lists 29 Port Configuration 29 Rate Limiting 29 Port Mirroring 29 Port Trunking 29 Storm Control 29 Static Addresses 29 IEEE 802 1D Bridge 30 Store and Forward Switching 30 Spanning Tree Algorithm 30 Virtual LANs 31 Traffic Prioritization 31 Quality of Service 32 Multicast Filtering 32 System Defaults 33 2 INITIAL SWITCH CONFIGURATION 35 Connectin...

Page 8: ...on Options 50 Panel Display 51 Main Menu 51 4 CONFIGURING THE SWITCH 55 Configuring System Information 55 Setting an IP Address 56 Setting an IPv4 Address 56 Setting an IPv6 Address 58 Setting the System Password 61 Filtering IP Addresses for Management Access 61 Configuring Port Connections 63 Configuring Authentication for Management Access and 802 1X 65 Creating Trunk Groups 69 Configuring Stat...

Page 9: ...iting 113 Configuring Storm Control 115 Access Control Lists 117 Assigning ACL Policies and Responses 117 Configuring Rate Limiters 118 Configuring Access Control Lists 119 Configuring Port Mirroring 127 Simple Network Management Protocol 128 Configuring SNMP System and Trap Settings 129 Setting SNMPv3 Community Access Strings 134 Configuring SNMPv3 Users 135 Configuring SNMPv3 Groups 136 Configur...

Page 10: ...n the Spanning Tree 164 Displaying Bridge Status for STA 164 Displaying Port Status for STA 166 Displaying Port Statistics for STA 167 Displaying Port Security Information 168 Displaying Port Security Status 168 Displaying Port Security Statistics 169 Showing IGMP Snooping Information 173 Displaying LLDP Information 174 Displaying LLDP Neighbor Information 174 Displaying LLDP Port Statistics 176 D...

Page 11: ...nd Line Processing 196 CLI Command Groups 197 9 SYSTEM COMMANDS 199 system configuration 200 system reboot 200 system restore default 201 system contact 201 system name 201 system location 202 system password 202 system timezone 203 system log 203 system access configuration 204 system access mode 204 system access add 205 system access ipv6 add 206 system access delete 207 system access lookup 20...

Page 12: ...us 221 auth acct_radius 222 auth tacacs 224 auth client 225 auth statistics 226 12 PORT COMMANDS 229 port configuration 229 port state 231 port mode 231 port flow control 232 port maxframe 233 port power 233 port excessive 234 port statistics 235 port veriphy 236 port numbers 237 13 LINK AGGREGATION COMMANDS 239 aggr configuration 240 aggr add 241 aggr delete 241 aggr lookup 242 aggr mode 242 14 L...

Page 13: ...tp cost 255 rstp priority 257 rstp edge 257 rstp autoedge 258 rstp p2p 259 rstp status 259 rstp statistics 260 rstp mcheck 260 16 IEEE 802 1X COMMANDS 263 dot1x configuration 263 dot1x mode 265 dot1x state 265 dot1x authenticate 266 dot1x reauthentication 267 dot1x period 268 dot1x timeout 268 dot1x clients 268 dot1x agetime 269 dot1x holdtime 270 dot1x statistics 270 17 IGMP COMMANDS 273 igmp con...

Page 14: ...iguration 283 lldp mode 284 lldp optional_tlv 284 lldp interval 285 lldp hold 286 lldp delay 286 lldp reinit 287 lldp info 287 lldp statistics 288 lldp cdp_aware 289 19 MAC COMMANDS 291 mac configuration 291 mac add 292 mac delete 292 mac lookup 293 mac agetime 293 mac learning 293 mac dump 294 mac statistics 295 mac flush 295 20 VLAN COMMANDS 297 vlan configuration 297 vlan aware 298 vlan pvid 29...

Page 15: ...configuration 308 qos default 308 qos tagprio 309 qos qcl port 309 qos qcl add 310 qos qcl delete 311 qos qcl lookup 312 qos mode 312 qos weight 313 qos rate limiter 313 qos shaper 314 qos storm unicast 315 qos storm multicast 315 qos storm broadcast 316 qos dscp remarking 316 qos dscp queue mapping 317 23 ACL COMMANDS 319 acl configuration 319 acl action 320 acl policy 321 acl rate 321 acl add 32...

Page 16: ...6 snmp trap community 336 snmp trap destination 337 snmp trap ipv6 destination 337 snmp trap authentication failure 337 snmp trap link up 338 snmp trap inform mode 338 snmp trap inform timeout 339 snmp trap inform retry times 339 snmp trap probe security engine id 340 snmp trap security engine id 340 snmp trap security name 341 snmp engine id 341 snmp community add 342 snmp community delete 342 sn...

Page 17: ...h configuration 357 ssh mode 357 29 UPNP COMMANDS 359 upnp configuration 359 upnp mode 359 upnp ttl 360 upnp advertising duration 361 30 DHCP COMMANDS 363 dhcp relay configuration 363 dhcp relay mode 363 dhcp relay server 364 dhcp relay information mode 364 dhcp relay information policy 365 dhcp relay statistics 365 31 FIRMWARE COMMANDS 367 firmware load 367 firmware ipv6 load 368 SECTION IV APPEN...

Page 18: ...CONTENTS 18 Standards 375 Management Information Bases 375 B TROUBLESHOOTING 377 Problems Accessing the Management Interface 377 Using System Logs 378 GLOSSARY 379 INDEX 387 ...

Page 19: ...ion 86 Figure 15 HTTPS Configuration 88 Figure 16 SSH Configuration 89 Figure 17 IGMP Snooping Configuration 93 Figure 18 IGMP Snooping Port Group Filtering Configuration 94 Figure 19 LLDP Configuration 98 Figure 20 MAC Address Table Configuration 100 Figure 21 VLAN Membership Configuration 102 Figure 22 VLAN Port Configuration 104 Figure 23 Private VLAN Membership Configuration 105 Figure 24 Port...

Page 20: ...149 Figure 46 Port State Overview 149 Figure 47 Port Statistics Overview 150 Figure 48 Queuing Counters 151 Figure 49 Detailed Port Statistics 154 Figure 50 RADIUS Overview 156 Figure 51 RADIUS Details 160 Figure 52 LACP System Status 161 Figure 53 LACP Port Status 162 Figure 54 LACP Port Statistics 163 Figure 55 Spanning Tree Bridge Status 166 Figure 56 Spanning Tree Port Status 167 Figure 57 Spa...

Page 21: ...FIGURES 21 Figure 68 Factory Defaults 186 Figure 69 Software Upload 187 Figure 70 Configuration Save 187 Figure 71 Configuration Upload 188 ...

Page 22: ...FIGURES 22 ...

Page 23: ...nd Levels 129 Table 13 System Capabilities 175 Table 14 Keystroke Commands 196 Table 15 Command Group Index 197 Table 16 System Commands 199 Table 17 IP Commands 209 Table 18 Authentication Commands 219 Table 19 Port Commands 229 Table 20 Port Configuration 229 Table 21 Link Aggregation Commands 239 Table 22 LACP Commands 245 Table 23 RSTP Commands 251 Table 24 Recommended STA Path Cost Range 256 ...

Page 24: ...to Egress Queues 310 Table 37 ACL Commands 319 Table 38 Mirror Commands 327 Table 39 Configuration Commands 329 Table 40 SNMP Commands 331 Table 41 HTTPS Commands 353 Table 42 HTTPS System Support 354 Table 43 SSH Commands 357 Table 44 UPnP Commands 359 Table 45 DHCP Commands 363 Table 46 Firmware Commands 367 Table 47 Troubleshooting Chart 377 ...

Page 25: ...rview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Introduction on page 27 Initial Switch Configuration on page 35 ...

Page 26: ...SECTION Getting Started 26 ...

Page 27: ...on 82 relay information IP Source Guard Access Control Lists Supports up to 128 rules DHCP Client Supported DNS Proxy service Port Configuration Speed duplex mode flow control MTU response to excessive collisions power saving mode Rate Limiting Input rate limiting per port using ACL Port Mirroring One or more ports mirrored to single analysis port Port Trunking Supports up to 14 trunks using eithe...

Page 28: ... This switch authenticates management access via the console port Telnet or a web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 ...

Page 29: ...w incorporated in IEEE 802 3 2002 RATE LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped PORT MIRRORING The swit...

Page 30: ...h provides 0 75 MB for frame buffering This buffer can queue packets awaiting transmission on congested networks SPANNING TREE ALGORITHM The switch supports these spanning tree protocols Spanning Tree Protocol STP IEEE 802 1D Supported by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will ch...

Page 31: ...N Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Use protocol VLANs to restrict traffic to specified interfaces based on protocol type TRAFFIC PRIORITIZATION This switch prioritizes each packet based on the required level o...

Page 32: ...or VLAN lists Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real t...

Page 33: ...ed Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Disabled HTTP Secure Server Redirect Disabled SNMP SNMP Agent Disabled Community Strings public read only private read write Traps Global disabled Authentication traps enabled Link up down events enabled SNMP V3 View default_view Group default_rw_group Port Configuration Admin ...

Page 34: ...ght 1 2 4 8 Ethernet Type Disabled VLAN ID Disabled VLAN Priority Tag Disabled ToS Priority Disabled IP DSCP Priority Disabled TCP UDP Port Priority Disabled IP Settings Management VLAN Any VLAN configured with an IP address IP Address DHCP assigned fallback is 192 168 2 10 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 DHCP Client Enabled DNS Disabled Multicast Filtering IGMP Snooping Snooping...

Page 35: ...eb agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial co...

Page 36: ...em information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a terminal emulation program to the switch You can use the console cable provided with this package or use a null...

Page 37: ...y default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on page 38 If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 2 10 and subnet mask 255 255 255 0 NOTE This switch supports four Telnet sessions or four SSH sessions Telnet and SSH cannot be used concurrently After configuring the s...

Page 38: ...s through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch can send an IPv4 configuration request to DHCP address allocation servers on the network or can automatic...

Page 39: ...r IP address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID ip setup 192 168 0 10 255 255 255 0 192 168 0 1 1 ASSIGNING AN IPV6 ADDRESS This section describes how to configure a global unicast address by specifying the full IPv6 address including network and host portions...

Page 40: ...ription Set or show the IPv6 setup Syntax IP IPv6 Setup ipv6_addr ipv6_prefix ipv6_router vid ip ipv6 setup 2001 DB8 2222 7272 72 64 2001 DB8 2222 7272 254 1 ip ipv6 setup IPv6 AUTOCONFIG mode Disabled IPv6 Address 2001 db8 2222 7272 72 IPv6 Prefix 64 IPv6 Router 2001 db8 2222 7272 254 IPv6 VLAN ID 1 DYNAMIC CONFIGURATION OBTAINING AN IPV4 ADDRESS If you enable the IP DHCP option IP will be enable...

Page 41: ...et address prefix received in router advertisement messages To dynamically generate an IPv6 host address for the switch type the following command and press Enter ip ipv6 autoconfig enable ip ipv6 autoconfig enable ip ipv6 autoconfig IPv6 AUTOCONFIG mode Enabled IPv6 Address 2001 db8 2222 7272 72 IPv6 Prefix 64 IPv6 Router 2001 db8 2222 7272 254 IPv6 VLAN ID 1 ENABLING SNMP MANAGEMENT ACCESS The s...

Page 42: ...ions to receive trap messages from the switch You therefore need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are able to both retrieve and modify MIB objects To prevent unauthorized access...

Page 43: ...ver For a more detailed description of these parameters and other SNMP commands see SNMP Commands on page 331 The following example creates a trap host for a version 1 SNMP client snmp trap version 1 snmp trap community remote_user snmp trap destination 192 168 2 19 snmp trap mode enable snmp mode enable snmp configuration SNMP Mode Enabled SNMP Version 1 Read Community rd Write Community private ...

Page 44: ...p called r d snmp user add 800007e5017f000001 steve md5 greenearth des blueseas snmp group add usm steve r d snmp view add mib 2 included 1 3 6 1 2 1 snmp view add 802 1d included 1 3 6 1 2 1 17 snmp access add r d usm noauthnopriv mib 2 802 1d snmp configuration SNMPv3 Users Table Idx Engine ID User Name Level Auth Priv 1 Local default_user NoAuth NoPriv None None 2 Local steve Auth Priv MD5 DES ...

Page 45: ...cuted after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces It can be uploaded from a TFTP server using the CLI or from a management station using the web interface See Upgrading Firmware on page 186 for more information SAVING OR RESTORING CONFIGURATION SETTINGS Configuration commands modify the running configuration and ...

Page 46: ...CHAPTER 2 Initial Switch Configuration Managing System Files 46 ...

Page 47: ... detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 49 Configuring the Switch on page 55 Monitoring the Switch on page 145 Performing Basic Diagnostics on page 181 Performing System Maintenance on page 185 ...

Page 48: ...SECTION Web Configuration 48 ...

Page 49: ... tasks 1 Configured the switch with a valid IP address subnet mask and default gateway using an out of band serial connection or DHCP protocol See Setting an IP Address on page 38 2 Set the system password using an out of band serial connection See Setting Passwords on page 38 3 After you enter a user name and password you will have access to the system configuration program NOTE You are allowed t...

Page 50: ... image of the front panel on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 1 Home Page CONFIGURATION OPTIONS Configurable parameters have a dialog box or a drop down list Once a configuration change has been made on a page be sure to click on the Save button to confirm the new setting The following table summarizes...

Page 51: ...ng on the image of a port opens the Detailed Statistics page as described on page 152 Figure 2 Front Panel Indicators MAIN MENU Using the onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from this program Table 4 Main Menu Menu Description Page Configuratio...

Page 52: ...ivate VLANs PVLAN Membership Configures PVLAN groups 104 Port Isolation Prevents communications between designated ports within the same private VLAN 105 QoS 106 Ports Configures default traffic class user priority queue mode and queue weights 107 DSCP Remarking Remarks DSCP values to standard CoS classes best effort or expedited forwarding 108 QoS Control List Configures QoS policies for handling...

Page 53: ...message 148 Access Management Statistics Displays the number of packets used to manage the switch via HTTP HTTPS SNMP Telnet and SSH 148 Ports 149 State Displays a graphic image of the front panel indicating active port connections 149 Traffic Overview Shows basic Ethernet port statistics 150 QoS Statistics Shows the number of packets entering and leaving the egress queues 151 Detailed Statistics ...

Page 54: ...s for LLDP protocol packets crossing each port 176 DHCP Relay Statistics Displays server and client statistics for packets affected by the relay information policy 177 MAC Address Table Displays dynamic and static address entries associated with the CPU and each port 179 Diagnostics 181 Ping Tests specified path using IPv4 ping 181 Ping6 Tests specified path using IPv6 ping 181 VeriPHY Performs ca...

Page 55: ... the System Information page System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters System Location Specifies the system location Maximum length 255 characters System Timezone Offset minutes Sets the time zone as an offset from Greenwich Mean Time GMT Negative values indicate a zone before e...

Page 56: ...rough either of these address types You can manually configure a specific IPv4 or IPv6 address or direct the switch to obtain an IPv4 address from a DHCP server when it is powered on An IPv6 address can either be manually configured or dynamically generated SETTING AN IPV4 ADDRESS The IPv4 address for the switch is obtained via DHCP by default for VLAN 1 To manually configure an address you need t...

Page 57: ...t 192 168 2 10 IP Mask This mask identifies the host address bits used for routing to specific subnets Default 255 255 255 0 IP Router IP address of the gateway router between the switch and management stations that exist on other network segments VLAN ID ID of the configured VLAN By default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belo...

Page 58: ...ing the switch with an IPv4 address see Setting an IP Address on page 56 IPv6 includes two distinct address types link local unicast and global unicast A link local address makes the switch accessible over IPv6 for all devices attached to the same local subnet Management traffic using this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up a...

Page 59: ...orm of the interface identifier to automatically create the host portion of the address This option can be selected by enabling the Auto Configuration option You can also manually configure the global unicast address by entering the full address and prefix length PARAMETERS The following parameters are displayed on the IPv6 Time page IPv6 Configuration Auto Configuration Enables stateless autoconf...

Page 60: ...h are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4095 Default 1 SNTP Server Sets the IPv6 address for a time server NTP or SNTP The switch attempts to periodically update the time from the specified server The polling interval is fixed at 15 minutes WEB INTERFACE To configure an IPv6 ...

Page 61: ...the web interface 1 Click Configuration System Password 2 Enter the old password 3 Enter the new password 4 Enter the new password again to confirm your input 5 Click Save Figure 6 System Password FILTERING IP ADDRESSES FOR MANAGEMENT ACCESS You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface SNMP or Telnet ...

Page 62: ...cket Layer SSL protocol to provide an encrypted connection SNMP Filters IP addresses for access through SNMP TELNET SSH Filters IP addresses for access through Telnet or through Secure Shell which provides authentication and encryption WEB INTERFACE To configure Access Management controls in the web interface 1 Click Configuration System Access Management 2 Set the Mode to Enabled 3 Enter the star...

Page 63: ...100Mbps FDX Supports 100 Mbps full duplex operation 100Mbps HDX Supports 100 Mbps half duplex operation 10Mbps FDX Supports 10 Mbps full duplex operation 10Mbps HDX Supports 10 Mbps half duplex operation Default Autonegotiation enabled Advertised capabilities for RJ 45 1000BASE T 10half 10full 100half 100full 1000full SFP 1000BASE SX LX LH 1000full NOTE The 1000BASE T standard does not support for...

Page 64: ...er Control Adjusts the power provided to ports based on the length of the cable used to connect to other devices Only sufficient power is used to maintain connection requirements IEEE 802 3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters Enabling power saving mode can significantly reduce power used for cable lengths of 20 meters o...

Page 65: ... each user that requires management access to the switch USAGE GUIDELINES The switch supports the following authentication services Authorization of users that access the Telnet SSH the web or console management interfaces on the switch Accounting for users that access the Telnet SSH the web or console management interfaces on the switch Accounting for IEEE 802 1X authenticated users that access t...

Page 66: ...nt Specifies how the administrator is authenticated when logging into the switch via Telnet SSH a web browser or the console interface Authentication Method Selects the authentication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback Uses the local user database for authentication if none of the confi...

Page 67: ...on messages Range 1 65535 Default 0 If the UDP port is set to 0 zero the switch will use 1812 for RADIUS authentication servers 1813 for RADIUS accounting servers or 49 for TACACS authentication servers Secret Encryption key used to authenticate logon access for the client Maximum length 29 characters To set an empty secret use two quotes To use spaces in the secret enquote the secret Quotes in th...

Page 68: ...authentication for management access in the web interface 1 Click Configuration Authentication 2 Configure the authentication method for management client types the common server timing parameters and address UDP port and secret key for each required RADIUS or TACACS server 3 Click Save Figure 9 Authentication Configuration ...

Page 69: ...he trunk fail one of the standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices configure the trunk on the devices at both ends When using a port trunk take note of the f...

Page 70: ...trunk However depending on the device to which a trunk is connected and the traffic flows in the network this load balance algorithm may result in traffic being distributed mostly on one port in a trunk To ensure that the switch traffic load is distributed evenly across all links in a trunk the hash method used in the load balance calculation can be selected to provide the best result for trunk co...

Page 71: ... the switch is destined for many different hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Number All traffic with the same source and destination TCP UDP port number is output on the same link in a trunk Avoid using his mode as a lone option It may overload a single port member of the trunk f...

Page 72: ...B INTERFACE To configure a static trunk 1 Click Configuration Aggregation Static 2 Select one or more load balancing methods to apply to the configured trunks 3 Assign port members to each trunk that will be used 4 Click Save Figure 10 Static Trunk Configuration ...

Page 73: ... by forced mode or auto negotiation Trunks dynamically established through LACP will be shown on the LACP System Status page page 161 and LACP Port Status page 161 pages under the Monitor menu Ports assigned to a common link aggregation group LAG must meet the following criteria Ports must have the same LACP Admin Key Using auto configuration of the Admin Key will avoid this problem One of the por...

Page 74: ...to automatically send LACP negotiation packets once each second Use Passive initiation mode on a port to make it wait until it receives an LACP protocol packet from a partner before starting negotiations WEB INTERFACE To configure a dynamic trunk 1 Click Configuration Aggregation LACP 2 Enable LACP on all of the ports to be used in an LAG 3 Specify the LACP Admin Key to restrict a port to a specif...

Page 75: ...ed to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down ...

Page 76: ...ansmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology RSTP RSTP is designed as a general replacement for the slower legacy STP RSTP is also incorporated in...

Page 77: ...orwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Default 15 Transmit Hold Count The number ...

Page 78: ...n of an edge port and point to point link type PARAMETERS The following parameters are displayed on the RSTP Port Configuration page Port Port identifier Range 1 28 This field is not applicable to static trunks or dynamic trunks created through LACP Also note that only one set of interface configuration settings can be applied to all trunks RSTP Enabled Enables RSTP on this interface Default Enabl...

Page 79: ...AN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying edge ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables Table 5 Recommended STA Path Cost Range Port Type IEEE ...

Page 80: ... the port Default Enabled Point2Point The link type attached to an interface can be set to automatically detect the link type or manually configured as point to point or shared medium Transition to the forwarding state is faster for point to point links than for shared media These options are described below Auto The switch automatically determines if the interface is attached to a point to point ...

Page 81: ... which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The encry...

Page 82: ...ing 802 1X authentication the RADIUS server and 802 1X client must support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type MD5 PEAP TLS or TTLS Native support for these encryption methods is provided in Windows XP and in Windows 2000 with Service Pack 4 To support th...

Page 83: ... period after which a connected client must be re authenticated Range 1 3600 seconds Default 3600 seconds EAP Timeout Sets the time the switch waits for a supplicant response during an authentication session before retransmitting an EAP packet Range 1 255 Default 30 seconds Age Period The period used to calculate when to age out a client allowed access to the switch through MAC based authenticatio...

Page 84: ... 1X Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access MAC Based Enables MAC based authentication on the port The switch does not transmit or accept EAPOL frames on the port Flooded frames and broadcast traffic will be transmitted on the port whether or not clients are authenticated on the port whereas unicast traffic ...

Page 85: ...t to MAC Based Range 1 112 Default 112 The switch has a fixed pool of state machines from which all ports draw whenever a new client is seen on the port When a given port s maximum is reached counting both authorized and unauthorized clients further new clients are disallowed access Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining p...

Page 86: ...g the Switch Configuring 802 1X Port Authentication 86 WEB INTERFACE To configure 802 1X Port Security 1 Click Configuration Port Security 2 Modify the required attributes 3 Click Save Figure 14 Port Security Configuration ...

Page 87: ...sh a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS PARAMETERS The following parameters are displayed on the HTTPS Configuration page Mode Enables HTTPS service on the switch Default Disabled Automatic Red...

Page 88: ...ata traveling over the network arrives unaltered USAGE GUIDELINES You need to install an SSH client on the management station to access the switch for management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either locally or via a RADIUS or TACACS remote authenticatio...

Page 89: ...h reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on to the hosts which subscribed to this service This switch can use Internet Group Management Protocol IGMP to filter multicast traffic IGMP Snooping can be used to passively monitor or snoop on exchan...

Page 90: ...need to forward multicast traffic Multicast routers use information from IGMP snooping and query reports along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet PARAMETERS The following parameters are displayed on the IGMP Snooping Configuration page Global Configuration Snooping Enabled When enabled the switch will monitor network traffic to det...

Page 91: ...e precedence When IGMP snooping is disabled globally snooping can still be configured per VLAN interface but the interface settings will not take effect until snooping is re enabled globally IGMP Querier When enabled the switch can serve as the Querier on the selected interface which is responsible for asking hosts if they want to receive multicast traffic Default Disabled A router or multicast en...

Page 92: ... the query within the specified timeout period If Fast Leave is enabled the switch assumes that only one host is connected to the interface Therefore Fast Leave should only be enabled on an interface if it is connected to only one IGMP enabled device either a service host or a neighbor running IGMP snooping Fast Leave is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is u...

Page 93: ...ring the Switch IGMP Snooping 93 WEB INTERFACE To configure IGMP Snooping 1 Click Configuration IGMP Snooping Basic Configuration 2 Adjust the IGMP settings as required 3 Click Save Figure 17 IGMP Snooping Configuration ...

Page 94: ...iltering Configuration page Port Port identifier Range 1 28 Filtering Groups Multicast groups that are denied on a port When filter groups are defined IGMP join reports received on a port are checked against the these groups If a requested multicast group is denied the IGMP join report is dropped WEB INTERFACE To configure IGMP Snooping Port Group Filtering 1 Click Configuration IGMP Snooping Port...

Page 95: ...ssion Delay Tx Hold Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 3 The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner TTL in seconds is based on the following rule Transmission Interval Transmission Hold Time 6...

Page 96: ...ies are shown as others in the LLDP neighbors table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch When CDP awareness for a port is disabled the CDP information is not removed immediately but will be removed when the hold time is exceeded Optional TLVs ...

Page 97: ...d with this address The interface number and OID are included to assist SNMP applications in the performance of network discovery by indicating enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address T...

Page 98: ... table You can also manually configure static addresses that are bound to a specific port PARAMETERS The following parameters are displayed on the MAC Address Table Configuration page Aging Configuration Disable Automatic Aging Disables the automatic aging of dynamic entries Address aging is enabled by default Age Time The time after which a learned entry is discarded Range 10 1000000 seconds Defa...

Page 99: ... the serial interface NOTE If the learning mode for a given port in the MAC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Static MAC Table Configuration VLAN ID VLAN Identifier Range 1 4095 MAC Address Physical address of a device mapped to a port A sta...

Page 100: ... Click Save Figure 20 MAC Address Table Configuration IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storm...

Page 101: ...devices Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supp...

Page 102: ...ncluding whether or not the ports are VLAN aware enabling ingress filtering accepting Queue in Queue frames with embedded tags setting the accepted frame types and configuring the default VLAN identifier PVID PARAMETERS The following parameters are displayed on the VLAN Port Configuration page Port Port identifier VLAN Aware Configures whether or not a port processes the VLAN ID in ingress frames ...

Page 103: ...ecific Specific If the port is VLAN aware untagged frames received on the port are assigned to the default PVID and tagged frames are processed using the frame s VLAN ID If the port is not VLAN aware all frames received on the port are assigned to the default PVID Regardless of whether or not a port is VLAN aware if the VLAN to which the frame has been assigned is different from the default PVID a...

Page 104: ...n not communicate with any other ports on the switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communicate with any downlink ports within the same private VLAN to which it has been assigned and to any other ports within the 802 1Q VLANs to which it has been assigned One example of how private VLANs can be used is in ...

Page 105: ...ers of PVLAN 1 require access Port Port identifier WEB INTERFACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any existing PVLAN or click Add New Private VLAN and mark the port members 3 Click Save Figure 23 Private VLAN Membership Configuration USING PORT ISOLATION Ports within a private VLAN PVLAN are isolated fr...

Page 106: ...affic classes The manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end Quality of Service QoS solution This section describes how to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch provides four ...

Page 107: ...th untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used Inbound frames that do not have VLAN tags are tagged with the input port s default ingress tag priority and then placed in the appropriate priority queue at the output port Note that if the output port...

Page 108: ...igure 25 Port QoS Configuration CONFIGURING DSCP REMARKING The Differentiated Services Code Point should be set at network boundaries or by trusted hosts within those boundaries to ensure a consistent service policy for different types of traffic Services can be realized by the use of particular packet classification based on DSCP remarking buffer management and traffic conditioning mechanisms tha...

Page 109: ...ngs to this service aggregate Such packets may be sent into a network without adhering to any particular rules and the network will deliver as many of these packets as possible and as soon as possible A reasonable implementation would be a queueing discipline that sends packets of this aggregate whenever the output link is not required to service any of the other queues CS1 CS7 Class Selector code...

Page 110: ...ist of up to 24 entries and can be mapped to a specific port using the Port QoS Configuration menu page 107 Once a QCL is mapped to a port traffic matching the first entry in the QCL is assigned to the traffic class Low Medium Normal or High defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port PARAMETERS The following parameters are displa...

Page 111: ...packets Range 600 ffff hex Default ffff A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX VLAN ID VLAN ID Range 1 4095 Default 1 TCP UDP Port Source destination port number or range Range 0 65535 Default 0 65535 DSCP IPv4 IPv6 DSCP priority level Range 0 63 Default 63 ToS Type of Service level which processes the...

Page 112: ...figuration QoS Control Lists 2 Click the button to add a new QCL or use the other QCL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the QCE Configuration page select the QCE type specify the relevant criteria to be matched for this type and set the traffic class to which traffic matching this crite...

Page 113: ...the customer service package by limiting traffic into or out of the switch Packets that exceed the acceptable amount of traffic are dropped while conforming traffic is forwarded without any changes PARAMETERS The following parameters are displayed on the Rate Limit Configuration page Port Port identifier Ingress Limits Policer Enabled Enables or disables ingress rate limiting Default Disabled Poli...

Page 114: ...of measure for the port shaper Options kbps Mbps Default kbps WEB INTERFACE To configure Rate Limits 1 Click Configuration QoS Rate Limiters 2 To set an rate limit on ingress traffic check Policer Enabled box next to the required port set the rate limit in the Policer Rate field and select the unit of measure for the traffic rate 3 To set an rate limit on egress traffic check Shaper Enabled box ne...

Page 115: ...exceeding the specified threshold will then be dropped Note that the limit specified on this page applies to each port PARAMETERS The following parameters are displayed on the Storm Control Configuration page Frame Type Specifies broadcast multicast or unknown unicast traffic Status Enables or disables storm control Default Disabled Rate pps The threshold above which packets are dropped This limit...

Page 116: ...2 Enable storm control for unknown unicast broadcast or multicast traffic by marking the Status box next to the required frame type 3 Select the control rate as a function of 2n pps i e a value with no suffix for the unit of measure or a rate in Kpps i e a value marked with the suffix K 4 Click Save Figure 29 Storm Control Configuration ...

Page 117: ...to which matching frames are copied enable logging or shut down a port when a matching frame is seen Note that rate limiting configured with the Rate Limiter menu page 118 is implemented regardless of whether or not a matching packet is seen PARAMETERS The following options are displayed on the ACL Port Configuration page Port Port Identifier Policy ID An ACL policy configured on the ACE Configura...

Page 118: ...4 Click Save Figure 30 ACL Port Configuration CONFIGURING RATE LIMITERS The ACL Rate Limiter Configuration page is used to define the rate limits applied to a port as configured either through the ACL Ports Configuration menu page 117 or the Access Control List Configuration menu page 119 PARAMETERS The following options are displayed on the ACL Rate Limiter Configuration page Rate Limiter ID Rate...

Page 119: ...cess Control List Configuration page is used to define filtering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effect immediately while those defined for a policy must be mapped to one or more ports using the ACL Ports Configuration menu page 117 USAGE GUIDELINES Rules within an ACL are checked in the configured order from top to bottom A packet will be ...

Page 120: ...IP option flag source destination IP VLAN ID VLAN priority PARAMETERS The following options are displayed on the Access Control List Configuration page ACCESS CONTROL LIST CONFIGURATION Ingress Port Any port port identifier or policy Frame Type The type of frame to match Action Shows whether a frame is permitted or denied when it matches an ACL rule Rate Limiter Shows if rate limiting will be enab...

Page 121: ...ast UC unicast Default Any Ethernet MAC Parameters SMAC Filter The type of source MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any DMAC Filter The type of destination MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any Ethernet Type Parameters EtherType Filter This option can only be used to filter Ethernet II...

Page 122: ... or RARP Reply opcode flag Default Any Sender IP Filter Specifies the sender s IP address Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and SIP Mask fields Default Any Target IP Filter Specifies the destination IP address Options Any no target IP filter is spec...

Page 123: ...whether frames can be matched according to their ARP RARP protocol address space PRO settings Options Any any value is allowed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Default Any IPv4 MAC Parameters DMAC Filter The type of destination MAC address Options Any MC multicast BC broadcast U...

Page 124: ...e for this rule Options Any any value is allowed 0 TCP frames where the RST field is set must not match this entry 1 TCP frames where the RST field is set must match this entry Default Any TCP PSH Specifies the TCP Push Function PSH value for this rule Options Any any value is allowed 0 TCP frames where the PSH field is set must not match this entry 1 TCP frames where the PSH field is set must mat...

Page 125: ...ddress and SIP Mask fields Default Any DIP Filter Specifies the destination IP filter for this rule Options Any no destination IP filter is specified Host specifies the destination IP address in the DIP Address field Network specifies the destination IP address and destination IP mask in the DIP Address and DIP Mask fields Default Any Response to take when a rule is matched Action Permits or denie...

Page 126: ...lick the button to add a new ACL or use the other ACL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the ACE Configuration page note that the items displayed depend on various selections such as Frame Type and IP Protocol Type Specify the relevant criteria to be matched for this rule and set the act...

Page 127: ...ation port that will mirror the traffic from the source port All mirror sessions must share the same destination port Default Disabled Port The port whose traffic will be monitored Mode Specifies which traffic to mirror to the target port Options Disabled Enabled receive and transmit Rx only receive Tx only transmit Default Disabled WEB INTERFACE To configure port mirroring 1 Click Configuration M...

Page 128: ...ons 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as HP OpenView Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings To communicate with the switch the management station must first submit a valid...

Page 129: ...o SNMPv1 and SNMPv2c SNMPv3 uses the User based Security Model USM for authentication and privacy This Table 12 SNMP Security Models and Levels Model Level Community String Group Read View Write View Security v1 noAuth NoPriv public default_ro_group default_view none Community string only v1 noAuth NoPriv private default_rw_group default_view default_view Community string only v1 noAuth NoPriv use...

Page 130: ...ID is deleted or changed all local SNMP users will be cleared You will need to reconfigure all existing users SNMP Trap Configuration Trap Mode Enables or disables SNMP traps Default Disabled You should enable SNMP traps so that key events are reported by this switch to your management station Traps indicating status changes can be issued by the switch to the specified trap manager by sending auth...

Page 131: ...ault 1 second Trap Inform Retry Times The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 5 Trap Probe Security Engine ID SNMPv3 Specifies whether or not to use the engine ID of the SNMP trap probe in trap and inform messages Default Enabled Trap Security Engine ID SNMPv3 Indicates the SNMP trap security engine ID SNMPv3 sends t...

Page 132: ...y access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration table enable the Trap Mode to allow the switch to send SNMP traps Specify the trap version trap community and IP address of the management station that will receive trap messages either as an IPv4 or IPv6 address Select the trap types to issue and set the trap inform settings for SNMP v2c ...

Page 133: ...CHAPTER 4 Configuring the Switch Simple Network Management Protocol 133 Figure 34 SNMP System Configuration ...

Page 134: ...vate For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table see Configuring SNMPv3 Groups on page 136 Source IP Specifies the source address of an SNMP client Source Mask Specifies the address mask for the SNMP client WEB INTERFACE To configure SNMP community access strings 1 Click Configuration SNMP C...

Page 135: ... digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Configuring SNMP System and Trap Settings on page 129 Use...

Page 136: ...e SNMPv3 Access Configuration page page 139 You can use the pre defined default groups or create a new group and the views authorized for that group PARAMETERS The following parameters are displayed on the SNMPv3 Groups Configuration page Security Model The user security model Options SNMP v1 v2c or the User based Security Model usm Security Name The name of user connecting to the SNMP agent Range...

Page 137: ...a new group 3 Select a security model 4 Select the security name For SNMP v1 and v2c the security names displayed are based on the those configured in the SNMPv3 Communities menu For USM the security names displayed are based on the those configured in the SNMPv3 Users Configuration menu 5 Enter a group name Note that the views assigned to a group must be specified on the SNMP Accesses Configurati...

Page 138: ...identifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if the view type of an entry is excluded another entry of view type included should exist and its OID subtree should overlap the excluded view entry OID Subtree Object identifiers of branches within the MIB tree Note that the first character must be a period Wild cards can be used to mask a specific por...

Page 139: ... characters ASCII characters 33 126 only Security Model The user security model Options any v1 v2c or the User based Security Model usm Default any Security Level The security level assigned to the group NoAuth NoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 Auth NoPriv SNMP communications use authentication but the data is not encrypted A...

Page 140: ...evice to broadcast its services to control points on the network Similarly when a control point is added to the network the UPnP discovery protocol allows that control point to search for UPnP enabled devices on the network Once a control point has discovered a device its next step is to learn more about the device and its capabilities by retrieving the device s description from the URL provided b...

Page 141: ... attributes advertised through UPnP PARAMETERS The following parameters are displayed on the UPnP Configuration page Mode Enables disables UPnP on the device Default Disabled TTL Sets the time to live TTL value for UPnP messages transmitted by the switch Range 4 255 Default 4 Advertising Duration The duration carried in Simple Service Discover Protocol SSDP packets which informs a control point or...

Page 142: ...ents can be identified by the VLAN and switch port to which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire VLAN In some cases the switch may receive DHCP packets from a client that already includes DHCP Option 82 information The switch can be configured t...

Page 143: ...that already contains relay information WEB INTERFACE To configure DHCP Relay 1 Click Configuration DHCP Relay 2 Enable the DHCP relay function specify the DHCP server s IP address enable Option 82 information mode and set the policy by which to handle relay information found in client packets 3 Click Save Figure 41 DHCP Relay Configuration ...

Page 144: ...CHAPTER 4 Configuring the Switch Configuring DHCP Relay and Option 82 Information 144 ...

Page 145: ...tact information PARAMETERS These parameters are displayed on the System Information page System To configure the following items see Configuring System Information on page 55 Contact Administrator responsible for the system Name Name assigned to the switch system Location Specifies the system location Hardware MAC Address The physical layer address for this switch Time System Date The current sys...

Page 146: ...em Log Information page to scroll through the logged system and event messages PARAMETERS These parameters are displayed on the System Log Information page Display Filter Level Specifies the type of log messages to display Info Informational messages only Warning Warning conditions Error Error conditions All All levels Start from ID The error ID from which to start the display with entries per pag...

Page 147: ...isplay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entries Use the arrow buttons to scroll through the log messages updates the system log entries starting from the first available entry ID updates the system log entries ending at the last entry currently ...

Page 148: ...ISPLAYING ACCESS MANAGEMENT STATISTICS Use the Access Management Statistics page to view statistics on traffic used in managing the switch USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 61 and traffic matching one of the entries is detected PARAMETERS These parameters are displayed on the Access M...

Page 149: ...ION ABOUT PORTS You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of packets processed by each service queue or detailed statistics on port traffic DISPLAYING PORT STATUS ON THE FRONT PANEL Use the Port State Overview page to display an image of the switch ...

Page 150: ...nsmit The number of packets received and transmitted Bytes Receive Transmit The number of bytes received and transmitted Errors Receive Transmit The number of frames received with errors and the number of incomplete transmissions Drops Receive Transmit The number of frames discarded due to ingress or egress congestion Filtered Receive The number of received frames filtered by the forwarding proces...

Page 151: ...of packets received and transmitted through the low priority queue Normal Queue Receive Transmit The number of packets received and transmitted through the normal priority queue Medium Queue Receive Transmit The number of packets received and transmitted through the medium priority queue High Queue Receive Transmit The number of packets received and transmitted through the high priority queue WEB ...

Page 152: ...ber of received and transmitted broadcast packets good and bad Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive Transmit Size Counters The number of received and transmitted packets good and bad split into categories based on their respective frame sizes Receive Transmit Queue Counters The number of received and t...

Page 153: ...abber The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and had either an FCS or alignment error Rx Filtered The number of received frames filtered by the forwarding process Transmit Error Counters Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The numbe...

Page 154: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 154 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 49 Detailed Port Statistics ...

Page 155: ...d on the RADIUS Overview page IP Address The IP address and UDP port number of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access att...

Page 156: ...RS These parameters are displayed on the RADIUS Details page RADIUS Authentication Statistics Receive Packets Access Accepts The number of RADIUS Access Accept packets valid or invalid received from this server Access Rejects The number of RADIUS Access Reject packets valid or invalid received from this server Access Challenges The number of RADIUS Access Challenge packets valid or invalid receive...

Page 157: ...d a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Timeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as...

Page 158: ...r of RADIUS packets of unknown types that were received from the server on the accounting port Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Transmit Packets Requests The number of RADIUS packets sent to the server This does not include retransmissions Retransmissions The number of RADIUS packets retransmitt...

Page 159: ...t reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time The time interval measured in milliseconds between the most recent Response and the Request that matched it from t...

Page 160: ... the Switch Displaying Information on Authentication Servers 160 WEB INTERFACE To display statistics for configured authentication and accounting servers click Monitor Authentication RADIUS Details Figure 51 RADIUS Details ...

Page 161: ...ciated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Changed The time since this LAG changed Local Ports Shows the local ports that are a part of this LAG WEB INTERFACE To display an overview of LACP groups active on this switch click Monitor LACP System Status Figure 52 LACP System Stat...

Page 162: ... Current operational value of the key for the aggregation port Note that only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this LAG Partner System ID LAG partner s system ID assigned by the LACP protocol i e its MAC address Partner Port The partner port connected to this local port WEB INTERFACE To display LACP status for local ports this switch click Monit...

Page 163: ...ters are displayed on the LACP Port Statistics page Port Port Identifier LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or illegal LACP frames that have been discarded at each port WEB INTERFACE To display LACP statistics for local ports this switch click Monitor LACP Port Statistics Figur...

Page 164: ...s closest to the root This switch communicates with the root device through this port If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Root Cost The path cost from the root port on this switch to the root device For the root bridge this is zero For all other bridges it is the sum of the port path costs on the least cost path to the root br...

Page 165: ...and continues learning addresses Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port This will either be a value computed from the Auto setting or any explicitly configured value Edge The current RSTP port operational Edge Flag An Edge Port is a switch port to which no bridges are attached The flag may be automatically computed o...

Page 166: ... Port Port Identifier Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed State Displays current state of this port...

Page 167: ...T STATISTICS FOR STA Use the Port Statistics page to display statistics on spanning tree protocol packets crossing each port PARAMETERS These parameters are displayed on the RSTP Port Statistics page Port Port Identifier RSTP The number of RSTP Configuration BPDU s received transmitted on a port STP The number of legacy STP Configuration BPDU s received transmitted on a port TCN The number of lega...

Page 168: ...er State The current state of the port Disabled 802 1X and MAC based authentication are globally disabled Link Down 802 1X or MAC based authentication is enabled but there is no link on the port Authorized The port is authorized This state exists when 802 1X authentication is enabled the port has a link the Admin State is 802 1X and the supplicant is authenticated or when the Admin State is Author...

Page 169: ...or Port Security Status Figure 58 Port Security Status DISPLAYING PORT SECURITY STATISTICS Use the Port Security Statistics page to display IEEE 802 1X statistics and protocol information for each port It provides detailed IEEE 802 1X statistics for a specific switch port running port based authentication For MAC based ports it shows only selected backend server RADIUS Authentication Server statis...

Page 170: ...authorized unauthorized clients below the two counter tables There are slight differences in the interpretation of the counters between port and MAC based authentication as shown below Access Challenges For port based authentication this field counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant It indicates ...

Page 171: ...ossible retransmissions are not counted Last Supplicant Info Version For port based authentication this field indicates the protocol version number carried in the most recently received EAPOL frame For MAC based authentication this field is not applicable Source For port based authentication this field indicates the source MAC address carried in the most recently received EAPOL frame For MAC based...

Page 172: ...ring the Switch Displaying Port Security Information 172 WEB INTERFACE To display IEEE 802 1X statistics and protocol information for each port click Monitor Port Security Statistics Figure 59 Port Security Statistics ...

Page 173: ...to receive multicast traffic Querier Transmit The number of transmitted Querier messages Querier Receive The number of received Querier messages V1 Reports Receive The number of received IGMP Version 1 reports V2 Reports Receive The number of received IGMP Version 2 reports V3 Reports Receive The number of received IGMP Version 3 reports V2 Leave Receive The number of received IGMP Version 2 leave...

Page 174: ...isplay information advertised by LLDP neighbors and statistics on LLDP control frames DISPLAYING LLDP NEIGHBOR INFORMATION Use the LLDP Neighbor Information page to display information about devices connected directly to the switch s ports which are advertising information through LLDP PARAMETERS These parameters are displayed on the LLDP Neighbor Information page Local Port The local port to whic...

Page 175: ...ry function s of the system as shown in the following table When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement WEB INTERFACE To display informat...

Page 176: ...d The number of times which the remote database on this switch dropped an LLDPDU because the entry table was full Total Neighbors Entries Aged Out The number of times that a neighbor s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired LLDP Statistics Local Port Port Identifier Tx Frames Number of LLDP PDUs transmitted Rx Frames Number of LLDP PD...

Page 177: ...control frames click Monitor LLDP Port Statistics Figure 62 LLDP Port Statistics DISPLAYING DHCP RELAY STATISTICS Use the DHCP Relay Statistics page to display statistics for the DHCP relay service supported by this switch and DHCP relay clients PARAMETERS These parameters are displayed on the DHCP Relay Statistics page Server Statistics Transmit to Server The number of packets relayed from the cl...

Page 178: ...with a Remote ID option that did not match a known remote ID Client Statistics Transmit to Client The number of packets that were relayed from the server to a client Transmit Error The number of packets containing errors that were sent to servers Receive from Client The number of packets received from clients Receive Agent Option The number of packets received where the switch Replace Agent Option...

Page 179: ...ters are displayed on the MAC Address Table Start from VLAN and MAC address with entries per page These input fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic entering the switch To configure static addresses refer to Configuring the MAC Address Table on pa...

Page 180: ...CHAPTER 5 Monitoring the Switch Displaying the MAC Address Table 180 WEB INTERFACE To display the address table click Monitor MAC Address Table Figure 64 MAC Address Table ...

Page 181: ...iods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Ping Size The payload size of the ICMP packet Range 8 1400 bytes WEB INTERFACE To ping another device on the network 1 Click Diagnostics Ping 2 Enter the IP address of the target device 3 Specify t...

Page 182: ...iagnostics can be performed on all ports or on a specific port Cable Status Shows the cable length operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pair cabling WEB INTERFACE To run cable diagnostics 1 Click Diagnostics VeriPHY 2 Select all ports or indicate a specific port for testing 3 Click Start If a specific port is selected the test will take ...

Page 183: ... in the cable status table Note that VeriPHY is only accurate for cables 7 140 meters long Ports will be linked down while running VeriPHY Therefore running VeriPHY on a management port will cause the switch to stop responding until testing is completed Figure 66 VeriPHY Cable Diagnostics ...

Page 184: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 184 ...

Page 185: ...ftware restoring or saving configuration settings and resetting the switch RESETTING THE SWITCH Use the Reset Device page to restart the switch WEB INTERFACE To restart the switch 1 Click Maintenance Reset Device 2 Click Yes The reset will be complete when the user interface displays the login page Figure 67 Reset Device ...

Page 186: ...eboot is necessary Figure 68 Factory Defaults UPGRADING FIRMWARE Use the Software Upload page to upgrade the switch s system firmware by specifying a file provided by SMC You can download firmware files for your switch from the Support section of the SMC web site at www smc com WEB INTERFACE To upgrade firmware 1 Click Maintenance Software Upload 2 Click the Browse button and select the firmware f...

Page 187: ...guration settings to the switch SAVING CONFIGURATION SETTINGS Use the Configuration Save page to save the current configuration settings to a file on your local management station WEB INTERFACE To save your current configuration settings 1 Click Maintenance Configuration Save 2 Click the Save configuration button 3 Specify the directory and name of the file under which to save the current configur...

Page 188: ... previously saved configuration settings to the switch from a file on your local management station WEB INTERFACE To restore your current configuration settings 1 Click Maintenance Configuration Upload 2 Click the Browse button and select the configuration file 3 Click the Upload button to restore the switch s settings Figure 71 Configuration Upload ...

Page 189: ... on page 199 IP Commands on page 209 Authentication Commands on page 219 Port Commands on page 229 Link Aggregation Commands on page 239 LACP Commands on page 245 RSTP Commands on page 251 IEEE 802 1X Commands on page 263 IGMP Commands on page 273 LLDP Commands on page 283 MAC Commands on page 291 VLAN Commands on page 297 PVLAN Commands on page 303 QoS Commands on page 307 ACL Commands on page 31...

Page 190: ...SECTION Command Line Interface 190 SNMP Commands on page 331 HTTPS Commands on page 353 SSH Commands on page 357 UPnP Commands on page 359 DHCP Commands on page 363 Firmware Commands on page 367 ...

Page 191: ...ONSOLE CONNECTION To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin with no password When the administrator s user name and password are entered the CLI displays the prompt 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the logout command Afte...

Page 192: ...itch and set the default gateway if you are managing the switch from a different IP subnet For example ip setup 192 168 0 10 255 255 255 0 192 168 0 1 1 If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the netw...

Page 193: ...and is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters Commands are organized into functional groups You can enter the full command from the main level command prompt or enter the name of a command group e g port and then enter the required command without the group name prefix For example in the command port configuration 5 port config...

Page 194: ...splay a list of valid keywords for a specific command For example the command system displays a list of possible system commands help General Commands Help Get help on a group or a specific command Up Move one command level up Logout Exit CLI Command Groups System System settings and reset options IP IP configuration and Ping Auth Authentication Port Port management Aggr Link Aggregation LACP Link...

Page 195: ...stem Access Add access_id start_ip_addr end_ip_addr web snmp telnet System Access Ipv6 Add access_id start_ipv6_addr end_ipv6_addr web snmp telnet System Access Delete access_id System Access Lookup access_id System Access Clear System Access Statistics clear PARTIAL KEYWORD LOOKUP If you terminate a partial keyword with a question mark alternatives that match the initial letters are provided Reme...

Page 196: ...rameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You can use the Tab key to complete partial commands or enter a partial command followed by the character to display a list of possible matches You can also use the following editing keystrokes for command line processing Table 14 Keystroke Commands Keystroke Function Ctr...

Page 197: ...IGMP Configures IGMP snooping query throttling and filtering 273 LLDP Configures Link Layer Discovery Protocol 283 MAC Configures the MAC address table including learning mode aging time and setting static addresses 291 VLAN Configures VLAN port members and port attributes 297 PVLAN Configures private VLANs and isolated ports 303 QoS Configures quality of service parameters including default port ...

Page 198: ...e Upgrades firmware via a TFTP server 367 Debug Displays debugging information for all key functions These commands are not described in this manual Please refer to the prompt messages included in the CLI interface Table 15 Command Group Index Command Group Description Page ...

Page 199: ...switch system system location Displays or sets the system location system password Displays or sets the administrator password system timezone Displays or sets the time zone for the switch s internal clock system log Displays log entries configures the log levels to display or clears the log table system access configuration Displays the access mode and the number of authorized addresses system ac...

Page 200: ... or all EXAMPLE System configuration System Contact System Name System Location System Password Timezone Offset 0 MAC Address 00 01 c1 00 00 a9 System Time 1970 01 01 03 39 06 0000 System Uptime 03 39 06 Software Version SMC8028L2 Managed standalone v1 0 Software Date 2009 12 28 11 31 02 0800 System system reboot This command restarts the system SYNTAX system reboot COMMAND USAGE NOTE When the sys...

Page 201: ...mple shows how to restore all factory defaults System restore default System system contact This command displays or sets the system contact SYNTAX system contact contact contact String that describes the system contact information Maximum length 255 characters DEFAULT SETTING None COMMAND USAGE No blank spaces are permitted as part of the contact string EXAMPLE System contact Maggie System system...

Page 202: ...paces are permitted as part of the location string EXAMPLE System location WC5 System system password This command displays or sets the administrator password SYNTAX system password password clear password The authentication password for the administrator Maximum length 8 characters plain text case sensitive clear Removes the administrator password DEFAULT SETTING None COMMAND USAGE The administra...

Page 203: ...ased on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of minutes your time zone is east before or west after of UTC EXAMPLE System time 240 System system log This command displays log entries configures the log levels to display or clears the log table SYNTAX system log log id all info warning error clear log id Sy...

Page 204: ...56 0000 Frame of 243 bytes received on port 1 597 Info 1970 01 01 02 23 56 0000 Frame of 243 bytes received on port 0 System system access configuration This command displays the access mode and the number of authorized addresses SYNTAX system access configuration EXAMPLE System Access configuration System Access Mode Enabled System Access number of entries 1 Idx Start IP Address End IP Address WE...

Page 205: ...s IP address es to the SNMP group telnet Adds IP address es to the Telnet group DEFAULT SETTING None COMMAND USAGE To set a single address for a entry enter the same address for both the start and end of a range If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap messag...

Page 206: ...ess must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields To set a single address for a entry enter the same address for both the start and end of a range If anyone tries to access a management interface on the switch from a...

Page 207: ...stem access lookup access id access id Entry index Range 1 16 EXAMPLE System Access lookup 1 Idx Start IP Address End IP Address WEB SNMP TELNET 1 192 168 1 0 192 168 2 0 Yes NO NO System Access system access clear This command clears all access management entries SYNTAX system access clear EXAMPLE System Access clear System Access system access statistics This command displays or clears access ma...

Page 208: ...LE System Access statistics Access Management Statistics HTTP Receive 3 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 System Access ...

Page 209: ...sets the DHCP client mode ip setup Displays or sets the switch s IPv4 address and gateway for the specified VLAN ip ping Sends ICMP echo request packets to another node on the network ip dns Displays or sets a DNS server to which client requests for mapping host names to IP addresses are forwarded ip dns_proxy Displays or sets DNS proxy mode which can maintain a local database based on previous re...

Page 210: ...either of these address types You can manually configure a specific IPv4 or IPv6 address or direct the switch to obtain an IPv4 address from a DHCP server when it is powered on The IPv4 address for the switch is obtained via DHCP by default for VLAN 1 To manually configure an address you need to change the switch s default settings to values that are compatible with your network using the ip setup...

Page 211: ...default gateway vlan id VLAN to which the management address is assigned Range 1 4095 DEFAULT SETTING IP Address 192 168 2 10 Network Mask 255 255 255 0 Gateway none VLAN 1 COMMAND USAGE NOTE Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP addres...

Page 212: ... 192 168 0 9 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 IP ip ping This command sends ICMP echo request packets to another node on the network SYNTAX ip ping ip addr packet size ip addr IP address or IP alias of the host An IPv4 address consists of 4 numbers 0 to 255 separated by periods packet size The payload size of the ICMP packet Range 8 1400 bytes The actual pac...

Page 213: ...tes from 192 168 2 19 icmp_seq 2 time 0ms 60 bytes from 192 168 2 19 icmp_seq 3 time 0ms 60 bytes from 192 168 2 19 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP ip dns This command displays or sets a DNS server to which client requests for mapping host names to IP addresses are forwarded SYNTAX ip dns ip addr ip addr IP address of domain name server An IPv4 address consists of 4 numbe...

Page 214: ... the IP address for a time server SYNTAX ip sntp ip addr ip addr IP address or IP alias of a time server NTP or SNTP An IPv4 address consists of 4 numbers 0 to 255 separated by periods DEFAULT SETTING None COMMAND USAGE The switch attempts to periodically update the time from the specified server The polling interval is fixed at 15 minutes EXAMPLE IP sntp 192 168 2 19 IP ip ipv6 autoconfig This co...

Page 215: ...ys or sets the switch s IPv6 address and gateway for the specified VLAN SYNTAX ip ipv6 setup ipv6 addr ipv6 prefix ipv6 gateway vlan id ipv6 addr The full IPv6 address of the switch including the network prefix and host address bits ipv6 prefix A decimal value indicating how many contiguous bits starting at the left of the address comprise the prefix ipv6 gateway The IPv6 address of the default ne...

Page 216: ...he gateway has been configured on the switch EXAMPLE This example specifies the IPv6 address the prefix length the IPv6 gateway and the VLAN to which the address is assigned IP IPv6 setup 2001 DB8 2222 7272 72 96 FE80 269 3EF9 FE19 6780 1 IP IPv6 setup IPv6 AUTOCONFIG mode Enabled IPv6 Link Local Address fe80 2e1 ff fe00 0 IPv6 Address 2001 db8 2222 7272 72 IPv6 Prefix 96 IPv6 Router fe80 269 3ef9...

Page 217: ...ination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table EXAMPLE IP IPv6 ping6 192 168 2 19 PING6 server 192 168 2 19 recvfrom Operation timed out recvfrom Operation timed out recvfrom Operation timed out recvfrom Operation timed out recvfrom Operation timed out Sent 5 ...

Page 218: ...HAPTER 10 IP Commands 218 COMMAND USAGE The switch attempts to periodically update the time from the specified server The polling interval is fixed at 15 minutes EXAMPLE IP IPv6 sntp 129 6 15 28 IP IPv6 ...

Page 219: ...e 18 Authentication Commands Command Function auth configuration Displays settings for authentication servers and the authentication methods used for each access protocol auth timeout Displays or sets the time the switch waits for a reply from an authentication server before it resends the request auth deadtime Displays or sets the time after which the switch considers an authentication server to ...

Page 220: ...Disabled 49 Client Configuration Client Authentication Method Local Authentication Fallback console local Disabled telnet local Disabled ssh local Disabled web local Disabled Auth auth timeout This command displays or sets the time the switch waits for a reply from an authentication server before it resends the request SYNTAX auth timeout timeout timeout The time the switch waits for a reply from ...

Page 221: ...SYNTAX auth radius server index enable disable ip addr secret server port server index Allows you to specify up to five servers These servers are queried in sequence until a server responds or the retransmit period expires enable Enables the specified RADIUS authentication server disable Disables the specified RADIUS authentication server ip addr IP address or IP alias of authentication server An ...

Page 222: ...D5 Message Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security NOTE This guide assumes that RADIUS servers have already been configured to support AAA The configuration of RADIUS server software is beyond the scope of this guide Refer to the documentation provided with the RADIUS and server software EXAMPLE Auth radius 1 enable 192 168 0 19 greenhills Auth radius RADIUS...

Page 223: ...secret Quotes in the secret are not allowed DEFAULT SETTING Accounting Disabled Server Port 1813 COMMAND USAGE The switch supports the following accounting services Accounting for users that access the Telnet SSH or web management interfaces on the switch Accounting for IEEE 802 1X authenticated users that access the network through the switch This accounting can be used to provide reports auditin...

Page 224: ...ret are not allowed DEFAULT SETTING Authentication Disabled Server Port 49 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication method and the corresponding parameters for the remote authentication protocol Local and remote logon authentication contro...

Page 225: ...t ssh Settings for SSH web Settings for HTTP or HTTPS none Disables access for the specified management protocol local Authenticates through the local database radius Authenticates through RADIUS tacacs Authenticates through TACACS enable Enables fallback to local authentication if remote authentication fails If authentication fallback is enabled the switch uses the local user database for authent...

Page 226: ...S Authentication Statistics Rx Access Accepts 0 Tx Access Requests 0 Rx Access Rejects 0 Tx Access Retransmissions 0 Rx Access Challenges 0 Tx Pending Requests 0 Rx Malformed Acc Responses 0 Tx Timeouts 0 Rx Bad Authenticators 0 Rx Unknown Types 0 Rx Packets Dropped 0 State Disabled Round Trip Time 0 ms Server 1 192 168 0 29 1813 RADIUS Accounting Statistics Rx Responses 0 Tx Requests 0 Rx Malform...

Page 227: ...ed 0 State Disabled Round Trip Time 0 ms Server 4 0 0 0 0 1812 RADIUS Authentication Statistics Rx Access Accepts 0 Tx Access Requests 0 Rx Access Rejects 0 Tx Access Retransmissions 0 Rx Access Challenges 0 Tx Pending Requests 0 Rx Malformed Acc Responses 0 Tx Timeouts 0 Rx Bad Authenticators 0 Rx Unknown Types 0 Rx Packets Dropped 0 State Disabled Round Trip Time 0 ms Server 4 0 0 0 0 1813 RADIU...

Page 228: ...CHAPTER 11 Authentication Commands 228 Rx Bad Authenticators 0 Tx Pending Requests 0 Rx Unknown Types 0 Tx Timeouts 0 Rx Packets Dropped 0 State Disabled Round Trip Time 0 ms Auth ...

Page 229: ...rt state Displays or sets administrative state to enabled or disabled port mode Displays or sets port speed and duplex mode port flow control Displays or sets flow control mode port maxframe Displays or sets the maximum frame size port power Displays or sets the power provided to ports based on the length of the cable used to connect to other devices port excessive Displays or sets the response to...

Page 230: ...600 Disabled Discard Down 16 Enabled Auto Disabled 9600 Disabled Discard Down 17 Enabled Auto Disabled 9600 Disabled Discard Down 18 Enabled Auto Disabled 9600 Disabled Discard Down 19 Enabled Auto Disabled 9600 Disabled Discard Down 20 Enabled Auto Disabled 9600 Disabled Discard Down 21 Enabled Auto Disabled 9600 Disabled Discard Down 22 Enabled Auto Disabled 9600 Disabled Discard Down 23 Enabled...

Page 231: ...to disable a port for security reasons EXAMPLE Port state 5 disable Port port mode This command displays or sets port speed and duplex mode of a port SYNTAX port mode port list 10hdx 10fdx 100hdx 100fdx 1000fdx auto port list A specific port or a range of ports Range 1 28 or all 10hdx Supports 10 Mbps half duplex operation 10fdx Supports 10 Mbps full duplex operation 100hdx Supports 100 Mbps half ...

Page 232: ...d COMMAND USAGE Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3 2005 formally IEEE 802 3x for full duplex operation When auto negotiation is used this parameter indicates the flow control capability advertised to the link partner...

Page 233: ... Port port power This command displays or sets the power provided to ports based on the length of the cable used to connect to other devices Only sufficient power is used to maintain connection requirements SYNTAX port power port list enable disable actiphy perfectreach port list A specific port or a range of ports Range 1 28 or all enable Both link up and link down power savings enabled disable A...

Page 234: ...5 enable Port power 5 Port Power Usage 5 Enabled 41 Port port excessive This command displays or sets the response to take when excessive transmit collisions are detected on a port SYNTAX port excessive port list discard restart port list A specific port or a range of ports Range 1 28 or all discard Discards a frame after 16 collisions restart Restarts the backoff algorithm after 16 collisions DEF...

Page 235: ... packets received and transmitted through the low priority queue normal The number of packets received and transmitted through the normal priority queue medium The number of packets received and transmitted through the medium priority queue high The number of packets received and transmitted through the high priority queue DEFAULT SETTING Displays all statistics for all ports EXAMPLE Port statisti...

Page 236: ...ke approximately 5 seconds If all ports are selected it can run approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables 7 140 meters long Potential conditions which may be listed by the diagnostics include OK Correctly terminated pair Open Open pair no link partne...

Page 237: ...2 Open 2 2 OK 14 OK 14 Abnormal 3 Abnormal 3 3 Open 0 Open 0 Short 0 Short 0 4 Open 0 Open 0 Open 0 Open 0 5 Open 0 Open 0 Open 0 Open 0 6 Open 0 Open 0 Open 0 Open 0 7 Open 0 Open 0 Open 0 Open 0 8 Open 0 Open 0 Open 0 Open 0 9 Open 0 Open 0 Open 0 Open 0 10 Open 0 Open 0 Open 0 Open 0 Port port numbers This command shows the port numbering on the front panel of the switch SYNTAX port numbers EXA...

Page 238: ...CHAPTER 12 Port Commands 238 ...

Page 239: ...unk via the configuration interface Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices configure the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect ...

Page 240: ...bit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk aggr configuration This command displays configuration settings for all link aggregation groups SYNTAX aggr configuration EXAMPLE Aggr con...

Page 241: ...reating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports EXAMPLE Aggr add 4 8 1 Aggr configuration Aggregation Mode SMAC Enabled DMAC Disabled IP Enabled Port Enabled Aggr ID Name Type Configured Ports Aggregated Ports 1 LLAG1 Static 4 8 4 5 Aggr aggr delete This command deletes a link aggregation group SYNTAX aggr delete aggr id aggr...

Page 242: ...m many different hosts dmac Destination MAC Address All traffic with the same destination MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is destined for many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic ip IP Address All tr...

Page 243: ... each conversation are mapped to the same trunk link To achieve this requirement and to distribute a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the traffic flows in the network this load balance algorithm may result in traffic being distributed mostly on...

Page 244: ...CHAPTER 13 Link Aggregation Commands 244 ...

Page 245: ... in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices configure the trunk on the devices at both ends When using a port trun...

Page 246: ...be made for the entire trunk If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if ...

Page 247: ...isabled Auto Active 4 Enabled Auto Active 5 Enabled Auto Active 6 Enabled Auto Active 7 Enabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP lacp mode This command displays or sets the LACP mode for specified ports SYNTAX lacp mode port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables LACP disable Disables ...

Page 248: ...ey The key must be set to the same value for ports that belong to the same LAG Range 0 65535 or auto DEFAULT SETTING auto A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID EXAMPLE LACP key 11 15 5 LACP lacp role This command displays or sets the LACP initiation mode for specified ports SYNTAX lacp role port list active passive port list A spec...

Page 249: ...tem ID Partner Key Last Changed Ports 1 00 01 c1 00 00 a9 3 01 34 46 4 5 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 2 2 Disabled 2 3 Disabled 1 4 Enabled 2 1 00 01 c1 00 00 a9 2 5 Enabled 2 1 00 01 c1 00 00 a9 1 6 Disabled 1 7 Disabled 1 8 Disabled 1 9 Disabled 1 10 Disabled 1 LACP lacp statistics This command displays LACP statistics for specified ports SYNTAX lacp status por...

Page 250: ...mple shows the number of LACP frames received and transmitted as well as the number of unknown or illegal LACP frames that have been discarded LACP statistics 4 5 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 4 5942 6136 0 0 5 5942 6136 0 0 LACP ...

Page 251: ...ays or sets RSTP administrative mode for specified interfaces rstp cost Displays or sets RSTP path cost for specified interfaces rstp priority Displays or sets RSTP priority for specified interfaces rstp edge Displays or sets RSTP edge port for specified ports rstp autoedge Displays or sets RSTP automatic edge detection for specified ports rstp p2p Displays or sets RSTP point to point link type fo...

Page 252: ...e Point2point 1 Enabled Auto 128 Enabled Enabled Auto 2 Enabled Auto 128 Enabled Enabled Auto 3 Enabled Auto 128 Enabled Enabled Auto 4 Enabled Auto 128 Enabled Enabled Auto 5 Enabled Auto 128 Enabled Enabled Auto RSTP rstp sysprio This command Displays or sets RSTP system priority SYNTAX rstp sysprio system priority system priority Bridge priority used in selecting the root device root port and d...

Page 253: ... is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean interfaces which includes both ports and trunks EXAMPLE RSTP age 28 RSTP rstp delay This command displays or sets RSTP forward delay SYNTAX rstp delay forward delay forward delay The maximum time this device will wait before changing states i e discardi...

Page 254: ...normal compatible Compatible with STP normal RSTP DEFAULT SETTING Normal COMMAND USAGE RSTP supports connections to either RSTP or STP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below In normal mode if RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires ...

Page 255: ...YNTAX rstp cost port list path cost port list A specific port or a range of ports Range 1 28 all for all ports or 0 for all link aggregation groups path cost The path cost for an interface Range 1 200000000 or auto for auto configuration DEFAULT SETTING Auto configuration COMMAND USAGE This parameter is used by the STA to determine the best path between devices Therefore lower values should be ass...

Page 256: ...ink Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 26 Default STA Path Costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet ...

Page 257: ... priority the port with lowest numeric identifier will be enabled EXAMPLE RSTP priority 19 0 RSTP rstp edge This command displays or sets an edge port to enable fast forwarding SYNTAX rstp edge port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables interface as an edge port disable Disables interface as an edge port DEFAULT SETTING Enabled COMMAND U...

Page 258: ...r specified ports SYNTAX rstp autoedge port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables automatic edge port detection disable Disables automatic edge port detection DEFAULT SETTING Enabled COMMAND USAGE This command controls whether automatic edge detection is enabled on a bridge port When enabled the bridge can determine that a port is at the...

Page 259: ...aster for point to point links than for shared media Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is ass...

Page 260: ...or all EXAMPLE This example displays RSTP statistics for port 1 and LAG1 For a description of the items displayed in this example refer to Displaying Port Statistics for STA on page 167 RSTP statistics 1 Port Rx RSTP Tx RSTP Rx STP Tx STP Rx TCN Tx TCN Rx Ill Rx Unk 1 943 8774 2587 3 0 1 0 0 LLAG1 5 5041 1 2560 2 1 0 0 RSTP rstp mcheck This command performs RSTP protocol migration check for specif...

Page 261: ...CHAPTER 15 RSTP Commands 261 appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible EXAMPLE RSTP mcheck RSTP ...

Page 262: ...CHAPTER 15 RSTP Commands 262 ...

Page 263: ...nction dot1x configuration Displays 802 1X settings for the switch and specified ports dot1x mode Displays or sets the 802 1X mode for the switch dot1x state Displays or sets the 802 1X authentication mode for specified ports dot1x authenticate Restarts the client authentication process for specified ports dot1x reauthentication Displays or sets periodic re authentication for all ports dot1x perio...

Page 264: ...zed This state exists when 802 1X authentication is enabled the port has a link the Admin State is 802 1X and the supplicant is authenticated or when the Admin State is Authorized Unauthorized The port is unauthorized This state exists when 802 1X authentication is enabled the port has a link and the Admin State is Auto but the supplicant is not or not yet authenticated or when the Admin State is ...

Page 265: ...list A specific port or a range of ports Range 1 28 or all macbased Enables MAC based authentication on the port The switch does not transmit or accept EAPOL frames on the port Flooded frames and broadcast traffic will be transmitted on the port whether or not clients are authenticated on the port whereas unicast traffic from an unsuccessfully authenticated client will be dropped Clients that are ...

Page 266: ...ents are not restored EXAMPLE Dot1x state 9 authorized Dot1x state 9 Port Admin State Port State Last Source Last ID 9 Authorized Link Down Dot1x dot1x authenticate This command restarts the client authentication process for specified ports SYNTAX dot1x authenticate port list now port list A specific port or a range of ports Range 1 28 or all now Forces re initialization of the port clients and th...

Page 267: ...orized disable Disables 802 1X reauthentication DEFAULT SETTING Disabled COMMAND USAGE For port based authentication the re authentication process verifies the connected client s user ID and password on the RADIUS server During re authentication the client remains connected to the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the p...

Page 268: ...et SYNTAX dot1x timeout eap timeout eap timeout The time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Range 1 255 seconds DEFAULT SETTING 30 seconds EXAMPLE Dot1x timeout 300 Dot1x dot1x clients This command displays or sets the maximum number of allowed clients for MAC based ports SYNTAX dot1x clients port list all client count port l...

Page 269: ...se a client is connected to a 3rd party switch or hub which in turn is connected to a port on this switch that is running MAC based authentication and suppose the client gets successfully authenticated Now assume that the client powers down his PC What should make the switch forget about the authenticated client Reauthentication will not solve this problem since this doesn t require the client to ...

Page 270: ...od specified by the auth timeout command page 220 the client is put on hold in the Unauthorized state In this state frames from the client will not cause the switch to attempt to re authenticate the client EXAMPLE Dot1x holdtime 60 Dot1x dot1x statistics This command displays IEEE 802 1X statistics and protocol information for specified ports SYNTAX dot1x statistics port list clear eapol radius po...

Page 271: ...E Dot1x statistics 1 Rx Access Rx Other Rx Auth Rx Auth Tx MAC Port Challenges Requests Successes Failures Responses Address 1 0 0 0 0 0 Dot1x statistics 1 Port 1 EAPOL Statistics Rx Total 0 Tx Total 3 Rx Response Id 0 Tx Request Id 0 Rx Response 0 Tx Request 0 Rx Start 0 Rx Logoff 0 Rx Invalid Type 0 Rx Invalid Length 0 Port 1 Backend Server Statistics Rx Access Challenges 0 Tx Responses 0 Rx Oth...

Page 272: ...CHAPTER 16 IEEE 802 1X Commands 272 ...

Page 273: ... all DEFAULT SETTING All ports Table 29 IGMP Commands Command Function igmp configuration Displays IGMP snooping settings for the switch all VLANs and specified ports igmp mode Displays or sets the IGMP snooping mode for the switch igmp state Displays or sets the IGMP snooping state for specified VLAN igmp querier Displays or sets the IGMP querier mode for specified VLAN igmp fastleave Displays or...

Page 274: ...ages are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs VLAN Settings VID VLAN identifier State Shows if IGMP snooping is enabled or disabled Querier Shows if the switch can serve as querier on this VLAN Port Settings Port Port identifier Router Shows if a port is set to function as a router port whi...

Page 275: ...h it picks out the group registration information and configures the multicast filters accordingly EXAMPLE IGMP mode enable IGMP igmp state This command displays or sets the IGMP snooping state for the specified VLAN SYNTAX igmp state vlan id enable disable vlan id VLAN to which the management address is assigned Range 1 4095 enable Enables IGMP snooping When enabled the switch will monitor networ...

Page 276: ...le for asking hosts if they want to receive multicast traffic disable Disables the switch from serving as querier on this VLAN DEFAULT SETTING Disabled COMMAND USAGE A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and ...

Page 277: ...roup specific GS query to that interface If Fast Leave is not used a multicast router or querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the specified time out period If Fast Leave is enabled the switch assumes that only one host is connected to the interfac...

Page 278: ...ot the last dynamic member port in the group the receiving port is not a router port and no IGMPv1 member port exists in the group the switch will generate and send a group specific GS query to the member port which received the leave message and then start the last member query timer for that port When the conditions in the preceding item all apply except that the receiving port is a router port ...

Page 279: ...filtering port list add del group address port list A specific port or a range of ports Range 1 28 or all add Adds a new IGMP group filtering entry del Deletes a IGMP group filtering entry group address IGMP multicast group address DEFAULT SETTING None COMMAND USAGE Multicast groups specified by this command are denied access on the specified ports When filter groups are defined IGMP join reports ...

Page 280: ...uter switch This interface will then join all the current multicast groups supported by the attached router switch to ensure that multicast traffic is passed to all appropriate interfaces within the switch EXAMPLE IGMP router 9 enable IGMP igmp flooding This command displays or sets flooding of unregistered IGMP services SYNTAX igmp flooding enable disable enable Floods unregistered multicast traf...

Page 281: ... This command displays IGMP querier status and protocol statistics SYNTAX igmp status vlan id vlan id VLAN to which the management address is assigned Range 1 4095 DEFAULT SETTING Displays status for all VLANs COMMAND USAGE For a description of the information displayed by this command see Showing IGMP Snooping Information on page 173 EXAMPLE IGMP status Querier Rx Tx Rx Rx Rx Rx VID Status Querie...

Page 282: ...CHAPTER 17 IGMP Commands 282 ...

Page 283: ... port list port list A specific port or a range of ports Range 1 28 or all DEFAULT SETTING All ports Table 31 LLDP Commands Command Function lldp configuration Displays LLDP configuration settings for the switch and for specified ports lldp mode Displays or sets LLDP message transmit and receive modes for specified ports lldp optional_tlv Displays or sets LLDP optional TLVs for specified ports lld...

Page 284: ...transmission only DEFAULT SETTING Disabled EXAMPLE LLDP mode enable LLDP lldp optional_tlv This command displays or sets LLDP optional TLVs for specified ports SYNTAX lldp optional_tlv port list port_descr sys_name sys_descr sys_capa mgmt_addr enable disable port list A specific port or a range of ports Range 1 28 or all port_descr The port description is taken from the ifDescr object in RFC 2863 ...

Page 285: ...e specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address The interface number and OID are included to assist SNMP applications in the performance of network discovery by indicating enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are...

Page 286: ...AULT SETTING 3 COMMAND USAGE The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner EXAMPLE LLDP hold 10 LLDP lldp delay This command displays or sets the delay between the successive transmission of LLDP advertisements SYNTAX lldp delay delay delay The delay between the successive t...

Page 287: ...einit reinit reinit The delay before attempting to re initialize after LLDP ports are disabled or the link goes down Range 1 10 seconds DEFAULT SETTING 2 seconds COMMAND USAGE When LLDP is re initialized on a port all information in the remote system s LLDP MIB associated with this port is deleted EXAMPLE LLDP reinit 10 LLDP lldp info This command displays information about devices connected direc...

Page 288: ...ort or a range of ports Range 1 28 or all clear Clears LLDP statistics DEFAULT SETTING Disabled COMMAND USAGE For a description of the information displayed by this command see Displaying LLDP Port Statistics on page 176 EXAMPLE LLDP statistics 4 LLDP global counters Neighbor entries was last changed at 1970 01 01 05 52 43 0000 5314 sec ago Total Neighbors Entries Added 2 Total Neighbors Entries D...

Page 289: ...hassis ID field CDP TLV Address is mapped into the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbors table CDP TLV Port ID is mapped into the LLDP Port ID field CDP TLV Version and Platform is mapped into the LLDP System Description field Both the CDP and LLDP support system capabilities but the CDP capabiliti...

Page 290: ...CHAPTER 18 LLDP Commands 290 ...

Page 291: ...le 32 MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a MAC address entry from the specified VLAN mac lookup Searches for the specified MAC address in the specified VLAN mac agetime Displays or sets the MAC address aging time mac learning Displays or sets...

Page 292: ...to the assigned port and will not be moved When a static address is seen on another port the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the mac delete command see page 292 EXAMPLE MAC add 00 12 cf 94 34 dd 1 1 MAC mac delete This command deletes a MAC address entry from the specified VLAN...

Page 293: ...AX mac agetime age time age time The time after which a learned entry is discarded Range 10 1000000 seconds or 0 to disable aging DEFAULT SETTING 300 seconds EXAMPLE MAC agetime 100 MAC mac learning This command displays or sets the MAC address learning mode SYNTAX mac learning port list auto disable secure port list A specific port or range of ports Range 1 28 or all auto Learning is done automat...

Page 294: ... An example of such a module is the MAC Based Authentication under 802 1X EXAMPLE MAC learning 9 secure MAC mac dump This command displays sorted list of MAC address entries SYNTAX mac dump mac max mac addr vlan id mac max Maximum number of MAC addresses to display mac addr First MAC address to display Format xx xx xx xx xx xx vlan id VLAN identifier Range 1 4095 DEFAULT SETTING Maximum Displays a...

Page 295: ...8 or all DEFAULT SETTING Displays statistics for all ports EXAMPLE MAC statistics 1 Port Dynamic Addresses 1 0 Total Dynamic Addresses 5 Total Static Addresses 4 MAC mac flush This command clears all learned entries SYNTAX mac flush EXAMPLE MAC flush MAC dump Type VID MAC Address Ports Static 1 00 01 c1 00 00 a9 None CPU Static 1 33 33 ff 00 00 e1 None CPU Static 1 33 33 ff a8 02 0a None CPU Stati...

Page 296: ...CHAPTER 19 MAC Commands 296 ...

Page 297: ...n Displays VLAN attributes for specified ports and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames vlan pvid Displays or sets the VLAN ID assigned to untagged frames received on specified ports vlan frametype Displays or sets a port to accept all frame types including tagged or untagged frames or only tagged frames vlan ...

Page 298: ...e has been assigned is different from the default PVID a tag indicating the VLAN to which this frame was assigned will be inserted in the egress frame Otherwise the frame is transmitted without a VLAN tag When the PVID is set to none by the vlan pvid command see page 299 the ID for the VLAN to which this frame has been assigned is inserted in frames transmitted from the port The assigned VLAN ID c...

Page 299: ...rted in frames transmitted from the port The assigned VLAN ID can be based on the ingress tag for tagged frames or the default PVID for untagged ingress frames Note that this mode is normally used for ports connected to VLAN aware switches EXAMPLE VLAN pvid 9 2 VLAN vlan frametype This command displays or sets a port to accept all frame types including tagged or untagged frames or only tagged fram...

Page 300: ...not a member these frames will be flooded to all other ports DEFAULT SETTING Disabled COMMAND USAGE Ingress filtering only affects tagged frames Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP EXAMPLE VLAN ingressfilter 9 enable VLAN vlan qinq This command displays or sets whether or not a port accept...

Page 301: ...o VLAN 1 COMMAND USAGE Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you must connect them through a router EXAMPLE VLAN add 2 9 VLAN vlan delete This command deletes the specified VLAN SYNTAX vlan delete vlan id vlan i...

Page 302: ...CHAPTER 20 VLAN Commands 302 vlan lookup This command displays port members for specified VLAN SYNTAX vlan lookup vlan id vlan id VLAN identifier Range 1 4095 EXAMPLE VLAN lookup 2 VID Ports 2 9 VLAN ...

Page 303: ...ge of ports Range 1 28 or all EXAMPLE PVLAN configuration 1 10 Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled PVLAN ID Ports 1 1 28 PVLAN Table 34 PVLAN Commands Command Function pvlan configuration Displays PVLAN member ports and whether or not port isolation is enabled pvlan add Add specified ports to a PVLAN pvlan de...

Page 304: ... of both a standard IEEE 802 1Q VLAN and the private VLAN By default all ports are configured as members of VLAN 1 and PVLAN 1 Because all of these ports are members of 802 1Q VLAN 1 isolation cannot be enforced between the members of PVLAN 1 To use PVLAN 1 properly remove the ports to be isolated from VLAN 1 using the vlan add described on page 301 Then connect the uplink ports to the local serve...

Page 305: ...n isolate port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables port isolation disable Disables port isolation DEFAULT SETTING Disabled COMMAND USAGE Ports within a PVLAN are isolated from other ports which are not in the same PVLAN Port Isolation can be used to further prevent communications between ports within the same PVLAN An isolated port can...

Page 306: ...CHAPTER 21 PVLAN Commands 306 ...

Page 307: ...l port Displays or sets the QCL assigned to specified ports qos qcl add Adds or modifies a QoS control entry qos qcl delete Deletes a QoS control entry qos qcl lookup Displays the specified QoS control list or control entry qos mode Displays or sets the egress queuing mode for specified ports qos weight Displays or sets the egress queue weight for specified ports qos rate limiter Displays or sets ...

Page 308: ...d Strict 1 2 4 8 3 Low 0 1 Disabled Disabled Strict 1 2 4 8 4 Low 0 1 Disabled Disabled Strict 1 2 4 8 5 Low 0 1 Disabled Disabled Strict 1 2 4 8 6 Low 0 1 Disabled Disabled Strict 1 2 4 8 7 Low 0 1 Disabled Disabled Strict 1 2 4 8 8 Low 0 1 Disabled Disabled Strict 1 2 4 8 9 Low 0 1 Disabled Disabled Strict 1 2 4 8 10 Low 0 1 Disabled Disabled Strict 1 2 4 8 QoS qos default This command displays ...

Page 309: ...t have VLAN tags are tagged with the input port s default ingress tag priority and then placed in the appropriate priority queue at the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission EXAMPLE QoS tagprio 9 7 QoS qos qcl port This command displays or sets the QCL assigned to specified ports SYNTAX...

Page 310: ...matted packets Range 0x600 0xffff hex Default 0xffff A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX vlan id VLAN identifier Range 1 4095 udp tcp port Source destination port number or range Range 0 65535 dscp IPv4 IPv6 DSCP priority level Range 0 63 tos list Type of Service level which processes the precedence...

Page 311: ...dium Normal or High defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port see the qos default command on page 308 EXAMPLE QoS QCL add 1 1 tos 1 2 4 1 QoS QCL qos qcl delete This command deletes a QoS control entry SYNTAX qos qcl delete qcl id qce id qcl id A Quality Control List containing one or more classification criteria used to determi...

Page 312: ...ys all QCLs EXAMPLE QoS QCL lookup QCL ID 1 QCE ID Type Class Mapping 1 VLAN ID 1 Low 2 UDP TCP 0 Low QoS QCL qos mode This command displays or sets the egress queuing mode for specified ports SYNTAX qos mode port list strict weighted port list A specific port or range of ports Range 1 28 or all strict Services the queues based on a strict rule that requires all traffic in a higher priority queues...

Page 313: ...312 the switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue The traffic classes are mapped to one of the egress queues provided for each port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities EXAMPLE QoS weight 3 8 QoS qos rate limiter This command displays or sets ingress rate limi...

Page 314: ...ports SYNTAX qos shaper port list enable disable bit rate port list A specific port or range of ports Range 1 28 or all enable Enables egress rate limiting disable Disables egress rate limiting bit rate Maximum egress rate in kilobits second Range 500 1000000 kbps DEFAULT SETTING Disabled 500 kbps when enabled COMMAND USAGE Rate limiting controls the maximum rate for traffic transmitted or receive...

Page 315: ... then be dropped Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates into an enforced threshold of 1002 1 pps EXAMPLE QoS Storm unicast enable 2k QoS Storm qos storm multicast This command displays or sets multicast storm rate limits for the switch SYNTAX qos storm multicast enable disable packet rate enable Enables multicast s...

Page 316: ...packets are dropped Options 1 2 4 512 1k 2k 4k 1024k pps DEFAULT SETTING Disabled 2 pps when enabled COMMAND USAGE The specified limit applies to each port Any packets exceeding the specified threshold will then be dropped Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates into an enforced threshold of 1002 1 pps EXAMPLE QoS S...

Page 317: ...CP remarking for specified ports SYNTAX qos dscp queue mapping port list class dscp port list A specific port or range of ports Range 1 28 or all class Output queue buffer Range low normal medium high or 1 2 3 4 dscp IPv4 IPv6 DSCP priority level Options 0 8 16 24 32 40 46 48 56 DEFAULT SETTING Low 8 Normal 16 Medium 24 High 32 EXAMPLE QoS DSCP queue mapping 9 low 16 QoS DSCP ...

Page 318: ...CHAPTER 22 QoS Commands 318 ...

Page 319: ...isabled Disabled Disabled Disabled 0 4 1 Permit Disabled Disabled Disabled Disabled 818 5 1 Permit Disabled Disabled Disabled Disabled 818 Rate Limiter Rate 1 1 2 1 3 1 4 1 5 1 6 1 Table 37 ACL Commands Command Function acl configuration Displays ACL configuration settings including policy response rate limiters port copy logging and shutdown acl action Displays or sets default action for specifie...

Page 320: ...ned policy see the acl policy command rate limiter Specifies a rate limiter see the acl rate command on page 321 to apply to the port Range 1 15 or disable port copy Defines a port to which matching frames are copied Range 1 28 or disable logging Enables logging of matching frames to the system log Options log or log_disable Use the system log command page 203 to view any information stored in the...

Page 321: ...icy 9 7 ACL acl rate This command displays or sets the rate limiter and maximum packet rate SYNTAX acl rate rate limiter list packet rate rate limiter list Rate limiter identifier Range 1 15 packet rate The threshold above which packets are dropped Options 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K pps Due to an ASIC limitation the enforced rate limits are slightly l...

Page 322: ...entifier to which this ACE is assigned Range 1 8 vlan id The VLAN to filter for this rule Range 1 4095 or any tag priority Specifies the User Priority value found in the VLAN tag 3 bits as defined by IEEE 802 1p to match for this rule Range 0 7 or any dmac type The type of destination MAC address Options any unicast multicast broadcast Default any etype One of the following Ethernet or MAC paramet...

Page 323: ...s where the PRO is equal to IP 0x800 any any value is allowed Default any ip One of the following IP parameters sip Source IP address a b c d n or any dip Destination IP address a b c d n or any protocol IP protocol number 0 255 or any ip flags One of the following IP flags ttl Time to Live flag with any value options Options flag with any value fragment 0 1 any Specifies the fragment offset setti...

Page 324: ...CP frames with any value in the PSH field ack TCP frames with any value in the ACK field urg 0 1 any Specifies the TCP Urgent Pointer field significant URG value for this rule Options 0 TCP frames where the URG field is set must not match this entry 1 TCP frames where the URG field is set must match this entry any any value is allowed Default any permit Permits a frame which matches this ACE This ...

Page 325: ...is command deletes an access control entry SYNTAX acl delete ace id ace id An ACL entry Range 1 128 DEFAULT SETTING None EXAMPLE ACL delete 9 ACL acl lookup This command displays the specified access control entry SYNTAX acl lookup ace id ace id An ACL entry Range 1 128 DEFAULT SETTING Displays all ACEs EXAMPLE ACL lookup 1 ACE ID 1 Rate Limiter Disabled Ingress Port Port 9 Port Copy Disabled Type...

Page 326: ...HAPTER 23 ACL Commands 326 Tag Priority Any ACL acl clear This command clears all ACL counters displayed in the ACL lookup table see the acl lookup command page 325 SYNTAX acl clear EXAMPLE ACL clear ACL ...

Page 327: ...Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled Mirror mirror port This command displays or sets the destination port to which data is mirrored SYNTAX mirror port port disable port The destination port that will mirror the traffic from the source port All mirror sessions must share the same destination port Range 1 28 disable Disables mirroring to the destination port Table 38 Mirror Commands...

Page 328: ... mode for specified source ports SYNTAX mirror mode port list enable disable rx tx port list A specific port or range of ports Range 1 28 or all enable Mirror both received and transmitted packets disable Disables mirroring from the specified ports rx Mirror received packets tx Mirror transmitted packets DEFAULT SETTING Disabled EXAMPLE Mirror mode 10 enable Mirror ...

Page 329: ... later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is inclu...

Page 330: ...ly saved configuration file The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length is 31 characters for files on the switch Valid characters A Z a z 0 9 _ check Just check the configuration file for errors do not apply DEFAULT SETTING Check and apply the file COMMAND USAGE You can also restore the factory default se...

Page 331: ... for SNMP read access snmp write community Displays or sets the community string for SNMP read write access snmp trap mode Displays or sets the SNMP trap mode snmp trap version Displays or sets the SNMP trap protocol version snmp trap community Displays or sets the community string for SNMP traps snmp trap destination Displays or sets the SNMP trap destination s IPv4 address snmp trap ipv6 destina...

Page 332: ...D Enabled snmp community add Adds or modifies an SNMPv3 community entry snmp community delete Deletes an SNMPv3 community entry snmp community lookup Displays SNMPv3 community entries snmp user add Adds an SNMPv3 user entry snmp user delete Deletes an SNMPv3 user entry snmp user changekey Changes an SNMPv3 user password snmp user lookup Displays SNMPv3 user entries snmp group add Adds an SNMPv3 gr...

Page 333: ...Security Name Group Name 1 v1 public default_ro_group 2 v1 private default_rw_group 3 v2c public default_ro_group 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries 5 SNMPv3 Views Table Idx View Name View Type OID Subtree 1 default_view included 1 Number of entries 1 SNMPv3 Accesses Table Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw...

Page 334: ... SNMP version 3 SNMP snmp read community This command displays or sets the community string for SNMP read access SYNTAX snmp read community community community The community string used for read only access to the SNMP agent Range 0 255 characters ASCII characters 33 126 only DEFAULT SETTING public COMMAND USAGE This parameter only applies to SNMPv1 and SNMPv2c SNMPv3 uses the User based Security ...

Page 335: ...uthentication and privacy This community string is associated with SNMPv1 or SNMPv2 clients in the SNMPv3 communities table see the snmp community lookup command on page 343 EXAMPLE SNMP write community r d SNMP snmp trap mode This command displays or sets the SNMP trap mode SYNTAX snmp trap mode enable disable enable Enables SNMP traps disable Disables SNMP traps DEFAULT SETTING Disabled COMMAND ...

Page 336: ...MP v1 COMMAND USAGE This command specifies whether to send notifications as SNMP v1 v2c or v3 traps EXAMPLE SNMP Trap version 3 SNMP Trap snmp trap community This command displays or sets the community string for SNMP traps SYNTAX snmp trap community community community The community access string to use when sending SNMP trap packets Range 0 255 characters ASCII characters 33 126 only DEFAULT SET...

Page 337: ...ipv6 address ipv6 address IPv6 address of the management station to receive notification messages An IPv6 address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING Displays trap destination EXAMPLE SNMP T...

Page 338: ...D USAGE When this function is enabled the switch will issue a notification message whenever a port link is established or broken EXAMPLE SNMP Trap link up enable SNMP Trap snmp trap inform mode This command displays or sets the SNMP trap inform mode SYNTAX snmp trap inform mode enable disable enable Enables sending notifications as inform messages disable Disables sending notifications as inform m...

Page 339: ... trap inform timeout SYNTAX snmp trap inform timeout timeout timeout The number of seconds to wait for an acknowledgment before re sending an inform message Range 0 2147 seconds DEFAULT SETTING 1 second EXAMPLE SNMP Trap Inform timeout 5 SNMP Trap Inform snmp trap inform retry times This command displays or sets the retry times for re sending an SNMP trap inform when the recipient does not acknowl...

Page 340: ...the SNMP trap security engine ID SYNTAX snmp trap security engine id engine id engine id Specifies the SNMP trap security engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s DEFAULT SETTING None COMMAND USAGE SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these traps and informs is needed When trap probe security engine ID is en...

Page 341: ...SNMP snmp engine id This command displays or sets the SNMPv3 local engine ID SYNTAX snmp engine id engine id engine id The SNMPv3 engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s DEFAULT SETTING 800007e5017f000001 COMMAND USAGE An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engi...

Page 342: ...dd command page 346 ip address Specifies the source address of an SNMP client address mask Specifies the address mask for the SNMP client DEFAULT SETTING public private COMMAND USAGE All community strings used to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 communities table For security reasons you should consider removing the default strings Add any new community st...

Page 343: ...tries EXAMPLE SNMP Community lookup Idx Community Source IP Source Mask 1 public 0 0 0 0 0 0 0 0 2 private 0 0 0 0 0 0 0 0 3 r d 192 168 2 19 255 255 255 0 Number of entries 3 SNMP Community snmp user add This command adds an SNMPv3 user entry SYNTAX snmp user add engine id user name md5 sha auth password des priv password engine id The engine identifier for the SNMP agent on the remote device whe...

Page 344: ...SHA des The encryption algorithm use for data privacy only 56 bit DES is currently available priv password A string identifying the privacy pass phrase Range 8 40 characters ASCII characters 33 126 only DEFAULT SETTING Authentication method MD5 COMMAND USAGE Each SNMPv3 user is defined by a unique name and remote engine ID Users must be configured with a specific security level and the types of au...

Page 345: ...its excluding a string of all 0 s or all F s user name The name of user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only auth password A plain text string identifying the authentication pass phrase Range 1 32 characters for MD5 8 40 characters for SHA priv password A string identifying the privacy pass phrase Range 8 40 characters ASCII characters 33 126 only DEFAULT...

Page 346: ...ity add command page 342 can be used For USM or SNMPv3 the names configured with the local engine ID with the snmp user add command page 343 can be used To modify an entry for USM the current entry must first be deleted group name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only DEFAULT SETTING None COMMAND USAGE An SNMPv3 group sets the access policy for its assigned ...

Page 347: ...fault_rw_group 5 usm default_user default_rw_group 6 usm steve tps Number of entries 6 SNMP Group delete 6 SNMP Group snmp group lookup This command displays SNMPv3 group entries SYNTAX snmp group lookup index index Index to SNMPv3 group table Range 1 64 DEFAULT SETTING Displays all entries EXAMPLE SNMP Group lookup Idx Model Security Name Group Name 1 v1 public default_ro_group 2 v1 private defau...

Page 348: ...entifiers of branches within the MIB tree Note that the first character must be a period Wild cards can be used to mask a specific portion of the OID string using an asterisk Length 1 128 DEFAULT SETTING None COMMAND USAGE SNMPv3 views are used to restrict user access to specified portions of the MIB tree The predefined view default_view includes access to the entire MIB tree EXAMPLE SNMP View add...

Page 349: ... level read view name write view name group name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only security model The user security model Options any v1 v2c or the User based Security Model usm security level The security level assigned to the group noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authe...

Page 350: ...fEntry a SNMP Access snmp access delete This command deletes an SNMPv3 access entry SYNTAX snmp access delete index index Index to SNMPv3 access table Range 1 64 DEFAULT SETTING None EXAMPLE SNMP Access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv 3 r d usm Auth Priv Number of entries 3 SNMP Access delete 3 SNMP Access snmp access look...

Page 351: ...PTER 26 SNMP Commands 351 EXAMPLE SNMP Access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv 3 r d usm Auth Priv Number of entries 3 SNMP Access ...

Page 352: ...CHAPTER 26 SNMP Commands 352 ...

Page 353: ...rational mode SYNTAX https mode enable disable enable Enables HTTPS service on the switch disable Disables HTTPS service on the switch DEFAULT SETTING Disabled COMMAND USAGE You can configure the switch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Table 41 HTTPS Commands Com...

Page 354: ...zilla Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS EXAMPLE HTTPS mode enable HTTPS https redirect This command displays or sets HTTPS redirect mode from HTTP connections SYNTAX https redirect enable disable enable Enables HTTPS redirect When enabled management access to the HTTP web interface for the switch are automatically redirected to HTTPS ...

Page 355: ...CHAPTER 27 HTTPS Commands 355 EXAMPLE HTTPS redirect enable HTTPS ...

Page 356: ...CHAPTER 27 HTTPS Commands 356 ...

Page 357: ... switch DEFAULT SETTING Disabled COMMAND USAGE SSH provides remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled manag...

Page 358: ...be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified the auth radius command page 221 or auth tacacs command page 224 To use SSH with password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys The SSH ...

Page 359: ...nables UPnP on the switch disable Disables UPnP on the switch DEFAULT SETTING Disabled COMMAND USAGE The first step in UPnP networking is discovery When a device is added to the network the UPnP discovery protocol allows that device to broadcast its services to control points on the network Similarly when a control point Table 44 UPnP Commands Command Function upnp configuration Displays UPnP conf...

Page 360: ...ervice includes a list of actions the service responds to and a list of variables that model the state of the service at run time If a device has a URL for presentation then the control point can retrieve a page from this URL load the page into a web browser and depending on the capabilities of the page allow a user to control the device and or view device status EXAMPLE UPnP mode enable UPnP upnp...

Page 361: ... Service Discover Protocol SSDP packets which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch Due to the unreliable nature of UDP the switch sends SSDP messages periodically at the interval one half of the advertising duration minus 30 seconds Range 100 86400 seconds DEFAULT SETTING 100 seconds EXAMPLE UPnP advertising dur...

Page 362: ...CHAPTER 29 UPnP Commands 362 ...

Page 363: ... mode SYNTAX dhcp relay mode enable disable enable Enables the DHCP relay function disable Disables the DHCP relay function DEFAULT SETTING Disabled Table 45 DHCP Commands Command Function dhcp relay configuration Displays DHCP relay configuration settings dhcp relay mode Displays or sets DHCP relay operational mode dhcp relay server Displays or sets the IP address of the DHCP relay server dhcp re...

Page 364: ... DHCP response to the client A DHCP relay server must first be configured see the dhcp relay server command on page 364 before DHCP relay mode can be enabled with this command EXAMPLE DHCP Relay mode enable DHCP Relay dhcp relay server This command displays or sets the IP address of the DHCP relay server SYNTAX dhcp relay server ip address ip address IP address of DHCP server to be used by the swi...

Page 365: ...having to flood them to the entire VLAN EXAMPLE DHCP Relay Information mode enable DHCP Relay Information dhcp relay information policy This command displays or sets the DHCP relay policy for DHCP client packets that include Option 82 information SYNTAX dhcp relay information policy replace keep drop replace Overwrites the DHCP client packet information with the switch s relay information keep Ret...

Page 366: ...P Relay statistics Server Statistics Transmit to Server 0 Transmit Error 0 Receive from Server 0 Receive Missing Agent Option 0 Receive Missing Circuit ID 0 Receive Missing Remote ID 0 Receive Bad Circuit ID 0 Receive Bad Remote ID 0 Client Statistics Transmit to Client 0 Transmit Error 0 Receive from Client 0 Receive Agent Option 0 Replace Agent Option 0 Keep Agent Option 0 Drop Agent Option 0 DH...

Page 367: ...ad firmware files for your switch from the Support section of the SMC web site at www smc com After the software image is uploaded a message announces that the firmware update has been initiated After about a minute the firmware is updated and the switch is rebooted CAUTION While the firmware is being updated the switch cannot be accessed through any management protocol The front LED flashes Green...

Page 368: ... VCOREII system ARM9 178MHz RAM 0x00000000 0x02000000 0x0002c348 0x01fe1000 available FLASH 0x80000000 0x807fffff 128 x 0x10000 blocks Executing boot script in 3 000 seconds enter C to abort RedBoot led_set g RedBoot diag d m h Memory BIST Running Done DDR SDRAM Testing 0x0002c348 0x01fe1000 Done H W specific tests Running Done RedBoot led_set g RedBoot fis load a managed Image loaded from 0x00100...

Page 369: ...CHAPTER 31 Firmware Commands 369 EXAMPLE Firmware ipv6 load 2001 DB8 2222 7272 72 SMC8028L2 0_7_smbstax_estax_34 dat Downloaded SMC8028L2 0_7_smbstax_estax_34 dat 1812567 bytes RedBoot go Username ...

Page 370: ...CHAPTER 31 Firmware Commands 370 ...

Page 371: ... 371 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 373 Troubleshooting on page 377 ...

Page 372: ...SECTION Appendices 372 ...

Page 373: ...ONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a critical threshold PORT MIRRORING Multiple source ports one destination port RATE LIMITS Input ouput limit per port using ACL PORT TRUNKING Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol SPANNING TREE ALGORITHM Spanning Tre...

Page 374: ...raffic shaping MULTICAST FILTERING IGMP Snooping ADDITIONAL FEATURES DHCP Client DNS Proxy LLDP Link Layer Discover Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol UPnP MANAGEMENT FEATURES IN BAND MANAGEMENT Telnet web based HTTP or HTTPS SNMP manager or Secure Shell OUT OF BAND MANAGEMENT RS 232 DB 9 consol...

Page 375: ...ng ARP RFC 826 DHCP Client RFC 2131 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2 RFC 2236 IGMPv3 RFC 3376 partial support RADIUS RFC 2618 RMON RFC 2819 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 3410 2273 3411 3415 SNTP RFC 2030 SSH Version 2 0 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Eth...

Page 376: ...ate MIB Quality of Service MIB RADIUS Accounting Server MIB RFC 2621 RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Community MIB RFC 3584 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB R...

Page 377: ...number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Be sure the control parameters for the SSH server are properly configured on the switch and that the SSH client software is ...

Page 378: ...or messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Contact your distributor s service engineer For example sy...

Page 379: ... well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particular forwarding treatment or per hop behavior at each network node DiffServ allocates different levels of service to users on the network with mechanisms such as traffic meters shapers droppers packet markers at the bou...

Page 380: ...ble Authentication Protocol over LAN EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard GARP Generic Attr...

Page 381: ...EEE 802 3AC Defines frame extensions for VLAN tagging IEEE 802 3X Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 IGMP Internet Group Management Protocol A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwor...

Page 382: ...s an algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Information Base An acronym for Management Information Base It is a set of database obje...

Page 383: ...en ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports QOS Quality of Service QoS refers to the capability of a network to provide better service to selected traffic flows using features such as data prioritization queuing congestion avoidance and traffic shaping These features effectively provide preferential treatment to specific flows eit...

Page 384: ...rk systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network TACACS Terminal Access Controller Access Control System Plus TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network TCP IP Transmission Control Protocol Internet Pr...

Page 385: ...ual LAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN XMODEM A protocol used to transfer files between devices Data is grouped in 128 byte b...

Page 386: ...GLOSSARY 386 ...

Page 387: ...ess port 107 308 default settings system 33 DHCP 57 210 client 57 210 dynamic configuration 40 DHCP relay information option 142 364 information option policy 142 365 DNS server 57 213 Domain Name Service See DNS downloading software 367 using HTTP 186 367 using TFTP 367 downoading software 186 dynamic addresses displaying 98 179 294 E edge port STA 78 79 80 257 259 event logging 146 203 F firmwar...

Page 388: ...ain menu 51 management access filtering IP addresses 61 204 Management Information Bases MIBs 375 maximum frame size 64 mirror port configuring 127 327 multicast filtering 90 273 multicast groups 173 281 displaying 173 281 multicast services displaying 173 281 leave proxy 90 278 multicast storm threshold 115 315 multicast filtering 94 279 multicast static router port 91 280 multicast throttling 92...

Page 389: ...ion 260 transmission hold count 77 254 transmission limit 77 254 standards IEEE 375 static addresses setting 99 292 statistics port 150 235 STP 77 254 STP Also see STA switch settings restoring 187 188 329 330 saving 187 329 system clock setting the time zone 55 203 setting with SNTP 57 60 214 system information configuring 55 displaying 145 200 system logs 146 203 displaying 146 203 system softwa...

Page 390: ...INDEX 390 W web interface access requirements 49 configuration buttons 50 home page 50 menu list 51 panel display 51 ...

Page 391: ...INDEX 391 ...

Page 392: ...149100000079A R01 SMC8028L2 ...

Search results

Summary of Contents for 8028L2

Reviews:

Related manuals for 8028L2

Brands by name

Popular brands

SMC Networks 8028L2, Management Manual

Search results

Summary of Contents for 8028L2

Reviews:

Related manuals for 8028L2

Brands by name

Popular brands