SMC Networks 8124PL2 Management Manual Download Page 461 | Manualshive

Page: 461 / 491

background image

Command Line Interface

4-228

4

ip dhcp snooping

This command enables DHCP snooping globally. Use the no form to restore the
default setting.

Syntax

[

no

]

ip dhcp snooping

Default Setting

Disabled

Command Mode

Global Configuration

Command Usage

• Network traffic may be disrupted when malicious DHCP messages are

received from an outside source. DHCP snooping is used to filter DHCP
messages received on an unsecure interface from outside the network or
firewall. When DHCP snooping is enabled globally by this command, and
enabled on a VLAN interface by the

ip dhcp snooping vlan

command (page

4-230

), DHCP messages received on an untrusted interface (as specified by

the

no ip dhcp snooping trust

command, page

4-230

) from a device not

listed in the DHCP snooping table will be dropped.

• When enabled, DHCP messages entering an untrusted interface are filtered

based upon dynamic entries learned via DHCP snooping.

• Table entries are only learned for untrusted interfaces. Each entry includes a

MAC address, IP address, lease time, entry type (Dynamic-DHCP-Binding,
Static-DHCP-Binding), VLAN identifier, and port identifier.

• When DHCP snooping is enabled, the rate limit for the number of DHCP

messages that can be processed by the switch is 100 packets per second.
Any DHCP packets in excess of this limit are dropped.

• Filtering rules are implemented as follows:

- If the global DHCP snooping is disabled, all DHCP packets are

forwarded.

- If DHCP snooping is enabled globally, and also enabled on the VLAN

where the DHCP packet is received, all DHCP packets are forwarded for

ip dhcp snooping

information policy

Enables DNS-based host name-to-address translation

GC

4-233

ip dhcp snooping

database flash

Displays the static host name-to-address mapping table

GC

4-233

show ip dhcp snooping

Displays the configuration for DNS services

PE

4-234

show ip dhcp snooping

binding

Displays entries in the DNS cache

PE

4-234

Table 4-78. DHCP Snooping Commands

Command

Function

Mode

Page

«
...
459
460
461
462
463
...
»

Summary of Contents for 8124PL2

Page 1: ...MANAGEMENT GUIDE TigerSwitchTM 10 100 1000 24 Port Managed Switch with PoE SMC8124PL2 ...

Page 2: ......

Page 3: ...20 Mason Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions May 2007 Pub 149100034100A E052007 DT R01 ...

Page 4: ...ted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2007 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of the initial warranty whichever is longer SMC is not responsible for any custom software or firmware configuration information or memory data of Customer contained in stored on or integrated with any products returned to SMC...

Page 6: ...ON WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU THIS WARRA...

Page 7: ... 6 Community Strings for SNMP version 1 and 2c clients 2 7 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 2 Home Page 3 2 Configuration Options 3 2 Panel Display 3 3 Main Menu 3 3 Basic Configuration 3 10 Displayin...

Page 8: ... 39 Setting the Local Engine ID 3 40 Specifying a Remote Engine ID 3 40 Configuring SNMPv3 Users 3 41 Configuring Remote SNMPv3 Users 3 43 Configuring SNMPv3 Groups 3 45 Setting SNMPv3 Views 3 48 User Authentication 3 50 Configuring User Accounts 3 50 Configuring Local Remote Logon Authentication 3 51 Configuring HTTPS 3 54 Replacing the Default Secure site Certificate 3 56 Configuring the Secure ...

Page 9: ...3 99 Power over Ethernet Settings 3 104 Switch Power Status 3 105 Setting a Switch Power Budget 3 106 Displaying Port Power Status 3 106 Configuring Port PoE Power 3 107 Address Table Settings 3 108 Setting Static Addresses 3 108 Displaying the Address Table 3 109 Changing the Aging Time 3 110 Spanning Tree Algorithm Configuration 3 111 Displaying Global Settings 3 112 Configuring Global Settings ...

Page 10: ...of Service 3 153 Configuring Quality of Service Parameters 3 154 Configuring a Class Map 3 154 Creating QoS Policies 3 157 Attaching a Policy Map to Ingress Queues 3 160 Multicast Filtering 3 161 IGMP Protocol 3 161 Layer 2 IGMP Snooping and Query 3 162 Configuring IGMP Snooping and Query Parameters 3 162 Displaying Interfaces Attached to a Multicast Router 3 164 Specifying Static Interfaces for a...

Page 11: ...ce 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 1 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4 3 Command Completion 4 3 Getting Help on Commands 4 3 Showing Commands 4 3 Partial Keyword Lookup 4 5 Negating the Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 6 Configuration Commands 4 6 Command Line ...

Page 12: ...mmands 4 29 ip http port 4 29 ip http server 4 30 ip http secure server 4 30 ip http secure port 4 31 Telnet Server Commands 4 32 ip telnet server 4 32 ip telnet server port 4 32 Secure Shell Commands 4 33 ip ssh server 4 35 ip ssh timeout 4 36 ip ssh authentication retries 4 37 ip ssh server key size 4 37 delete public key 4 38 ip ssh crypto host key generate 4 38 ip ssh crypto zeroize 4 39 ip ss...

Page 13: ...endar set 4 56 show calendar 4 57 System Status Commands 4 57 show startup config 4 57 show running config 4 59 show system 4 60 show users 4 61 show version 4 62 Frame Size Commands 4 63 jumbo frame 4 63 Flash File Commands 4 64 copy 4 64 delete 4 67 dir 4 67 whichboot 4 68 boot system 4 69 Authentication Commands 4 70 Authentication Sequence 4 70 authentication login 4 70 authentication enable 4...

Page 14: ...ow dot1x 4 85 Access Control List Commands 4 88 IP ACLs 4 89 access list ip 4 89 permit deny Standard ACL 4 90 permit deny Extended ACL 4 91 show ip access list 4 92 ip access group 4 92 show ip access group 4 93 map access list ip 4 93 show map access list ip 4 94 ACL Information 4 95 show access list 4 95 show access group 4 95 SNMP Commands 4 96 snmp server 4 96 show snmp 4 97 snmp server commu...

Page 15: ... rate limit 4 124 Link Aggregation Commands 4 125 channel group 4 126 lacp 4 127 lacp system priority 4 128 lacp admin key Ethernet Interface 4 129 lacp admin key Port Channel 4 130 lacp port priority 4 131 show lacp 4 131 Address Table Commands 4 135 mac address table static 4 135 clear mac address table dynamic 4 136 show mac address table 4 137 mac address table aging time 4 138 show mac addres...

Page 16: ...t allowed vlan 4 157 switchport forbidden vlan 4 158 Displaying VLAN Information 4 159 show vlan 4 159 Configuring Private VLANs 4 160 private vlan 4 161 private vlan association 4 162 switchport mode private vlan 4 162 switchport private vlan host association 4 163 switchport private vlan mapping 4 164 show vlan private vlan 4 164 GVRP and Bridge Extension Commands 4 165 bridge ext gvrp 4 165 sho...

Page 17: ...r port expire time 4 185 Static Multicast Routing Commands 4 185 ip igmp snooping vlan mrouter 4 185 show ip igmp snooping mrouter 4 186 IGMP Filtering and Throttling Commands 4 187 ip igmp filter Global Configuration 4 187 ip igmp profile 4 188 permit deny 4 189 range 4 189 ip igmp filter Interface Configuration 4 190 ip igmp max groups 4 191 ip igmp max groups action 4 191 show ip igmp filter 4 ...

Page 18: ...Configuration 4 216 upnp device 4 217 upnp device ttl 4 217 upnp device advertise duration 4 218 show upnp 4 218 IP Interface Commands 4 219 Basic IP Configuration 4 219 ip address 4 219 ip dhcp restart 4 220 ip default gateway 4 221 show ip interface 4 222 show ip redirects 4 222 ping 4 222 IP Source Guard Commands 4 223 ip source guard 4 224 ip source guard binding 4 225 show ip source guard 4 2...

Page 19: ...d 4 238 show cluster 4 238 show cluster members 4 239 show cluster candidates 4 239 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 2 Glossary Index ...

Page 20: ...xvi Contents ...

Page 21: ...able 4 4 Command Group Index 4 8 Table 4 5 Line Command Syntax 4 9 Table 4 6 General Commands 4 19 Table 4 7 System Management Commands 4 23 Table 4 8 Device Designation Commands 4 24 Table 4 9 User Access Commands 4 25 Table 4 10 Default Login Settings 4 26 Table 4 11 IP Filter Commands 4 27 Table 4 12 Web Server Command 4 29 Table 4 13 HTTPS System Support 4 31 Table 4 14 Telnet Server Commands ...

Page 22: ...125 Table 4 48 show lacp counters display description 4 132 Table 4 49 show lacp internal display description 4 133 Table 4 50 show lacp neighbors display description 4 134 Table 4 52 Address Table Commands 4 135 Table 4 51 show lacp sysid display description 4 135 Table 4 53 Spanning Tree Commands 4 139 Table 4 54 VLAN Commands 4 152 Table 4 55 Editing VLAN Groups 4 152 Table 4 56 Configuring VLA...

Page 23: ...mbers display description 4 199 Table 4 74 LLDP Commands 4 199 Table 4 75 UPnP Commands 4 216 Table 4 76 IP Interface Commands 4 219 Table 4 77 IP Source Guard Commands 4 224 Table 4 78 DHCP Snooping Commands 4 227 Table 4 79 Switch Cluster Commands 4 235 Table 2 1 Troubleshooting Chart B 1 ...

Page 24: ...0 Resetting the System 3 32 Figure 3 21 SNTP Configuration 3 33 Figure 3 22 Setting the Time Zone 3 34 Figure 3 23 Enabling the SNMP Agent 3 36 Figure 3 24 Configuring SNMP Community Strings 3 37 Figure 3 25 Configuring SNMP Trap Managers 3 39 Figure 3 26 Setting an Engine ID 3 40 Figure 3 27 Setting an Engine ID 3 41 Figure 3 28 Configuring SNMPv3 Users 3 42 Figure 3 29 Configuring Remote SNMPv3 ...

Page 25: ... Power Budget 3 106 Figure 3 64 Displaying Port PoE Status 3 107 Figure 3 65 Configuring Port PoE Power 3 108 Figure 3 66 Mapping Ports to Static Addresses 3 109 Figure 3 67 Displaying the MAC Dynamic Address Table 3 110 Figure 3 68 Setting the Aging Time 3 111 Figure 3 69 Displaying the Spanning Tree Algorithm 3 114 Figure 3 70 Configuring the Spanning Tree Algorithm 3 117 Figure 3 71 Displaying ...

Page 26: ... Members of Multicast Services 3 167 Figure 3 104 Specifying Multicast Port Membership 3 168 Figure 3 105 MVR Global Configuration 3 170 Figure 3 106 MVR Port Information 3 171 Figure 3 107 MVR Group IP Information 3 172 Figure 3 108 MVR Port Configuration 3 173 Figure 3 109 MVR Group Member Configuration 3 174 Figure 3 110 DHCP Snooping Configuration 3 176 Figure 3 111 DHCP Snooping VLAN Configur...

Page 27: ...xxiii Figures ...

Page 28: ...ed Port Configuration Speed duplex mode and flow control Rate Limiting Input rate limiting per port Port Mirroring One port mirrored to single analysis port Port Trunking Supports up to 8 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses...

Page 29: ...rotocol over LANs EAPOL to request a user name and password from the 802 1X client and then verifies the client s right to access the network via an authentication server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent connection SNMP Version 3 IP address filtering for SNMP web Telnet management access an...

Page 30: ...d and will not be written to the address table Static addresses can be used to provide network security by restricting access for a known host to a specific port IEEE 802 1D Bridge The switch supports IEEE 802 1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to...

Page 31: ...nd the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using eight priority queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on i...

Page 32: ...led Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Port Authentication Disabled HTTPS Enabled SSH Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Numbe...

Page 33: ...led Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port interface Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP DSCP Priority Disabled IP Settings IP Address...

Page 34: ...us Enabled Messages Logged Levels 0 6 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 35: ...Introduction 1 8 1 ...

Page 36: ...cessed by a direct connection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch to be managed from any system in the network using network management software such as SMC EliteView The switch s Web interface CLI configuration progr...

Page 37: ...ation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of these baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud to view all system initialization messag...

Page 38: ...omputer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program ...

Page 39: ...assword Press Enter 4 Type username admin password 0 password for the Privileged Exec level where password is your new password Press Enter Note 0 specifies the password in plain text 7 specifies the password in encrypted form Setting an IP Address You must establish IP address information for the switch to obtain management access through the network This can be done in either of the following wa...

Page 40: ...bal configuration mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need t...

Page 41: ...ions send requests to the switch either to return information or to set a parameter the switch provides the requested data or sets the specified parameter The switch can also be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred The switch includes an SNMP agent that supports SNMP ...

Page 42: ...e prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simply type no snmp server community string where string is the community access string to remove Press Enter Note If you do not intend to support access to SNMP version 1 and 2c clie...

Page 43: ...yption For a more detailed explanation on how to configure the switch for access from SNMP v3 clients refer to Simple Network Management Protocol on page 33 34 or refer to the specific CLI commands for SNMP starting on page 4 96 Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuratio...

Page 44: ...ations and provides the CLI and Web management interfaces See Managing Firmware on page 33 18 for more information Diagnostic Code Software that is run during system boot up also known as POST Power On Self Test Due to the size limit of the flash memory the switch supports only two operation code files However you can have as many diagnostic code files and configuration files as available flash me...

Page 45: ...Initial Configuration 2 10 2 ...

Page 46: ...2 Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on page 2 4 3 After you enter a user name and password you will have access to the system configuration program Notes 1 You are allowed three attempts to enter the correct password on the third fa...

Page 47: ...tion on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Homepage Configuration Options Configurable parameters have a dialog box or a drop down list Once a configuration change has been made on a page be sure to click on the Apply button to confirm the new setting The following table summarizes the web page confi...

Page 48: ...described on page 3 83 Figure 3 2 Panel Display Main Menu Using the onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from this program Table 3 2 Main Menu Menu Description Page System 3 10 System Information Provides basic system description including conta...

Page 49: ...gs and related trap functions 3 36 Agent Status Enables or disables SNMP Agent Status 3 36 SNMPv3 3 39 Engine ID Sets SNMPv3 Engine ID 3 40 Remote Engine ID Adds a Remote Engine ID and IP Host 3 40 Users Creates or deletes user accounts 3 41 Remote Users Creates or deletes remote user accounts 3 43 Groups Creates or deletes SNMPv3 Groups 3 45 Views Creates or deletes SNMPv3 Views 3 48 Security 3 5...

Page 50: ...to group into static trunks 3 86 LACP 3 88 Configuration Allows ports to dynamically join trunks 3 88 Aggregation Port Configures system priority admin key and port priority 3 89 Port Counters Information Displays statistics for LACP protocol messages 3 91 Port Internal Information Displays settings and operational state for local side 3 92 Port Neighbors Information Displays settings and operatio...

Page 51: ...runk settings for STA 3 118 Port Configuration Configures individual port settings for STA 3 121 Trunk Configuration Configures individual trunk settings for STA 3 121 VLAN 3 123 802 1Q VLAN 3 123 Basic Information Displays information on the VLAN type supported by this switch 3 126 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3 126 St...

Page 52: ...us allows sending of SNMP notication messages and configures TLV information 3 141 Local Information Displays information about the local device 3 143 Remote Port Information Displays information about ports on a remote device 3 143 Remote Trunk Information Displays information about trunks ona remote device 3 143 Remote Information Details Sets the port and or trunk to display information about 3...

Page 53: ...g multicast IP addresses and VLAN ID 3 166 IGMP Member Port Table Indicates multicast addresses associated with the selected VLAN 3 167 MVR 3 168 Configuration Globally enables MVR sets the MVR VLAN adds multicast stream addresses 3 169 Port Information Displays MVR interface type MVR operational and activity status and immediate leave status 3 170 Trunk Information Displays MVR interface type MVR...

Page 54: ... source guard binding table 3 181 Dynamic Information Displays the source guard binding table for a selected interface 3 182 Cluster 3 183 Configuration Globally enables clustering for the switch 3 184 Member Configuration Adds switch Members to the cluster 3 185 Member Information Displays cluster Member switch information 3 185 Candidate Information Displays network Candidate switch information ...

Page 55: ...is switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telnet port Shows the TCP port used by the Telnet interface Jumbo...

Page 56: ...mber of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Displays the switch as a master or slave unit Console config hostname R D 5 4 25 Console config snmp server location WC 9 4 99 Console config snmp server contact Geoff 4 99 Console config exit Console show system 4 60 System Description SMC Networks SMC81...

Page 57: ... Attributes Extended Multicast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Displaying Private VLAN Interface Information on page 3 136 Console show version 4 62 Unit 1 Serial Number Hardware Versi...

Page 58: ...ts multiple local bridges i e multiple spanning trees Refer to VLAN Configuration on page 3 161 GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Configuration Figure 3 5 Br...

Page 59: ...nfigure static routes page 3 128 or use dynamic routing i e either RIP page 3 130 or OSPF page 3 140 The precedence for configuring IP interfaces is the IP General Routing Interface menu page 3 115 static routes page 3 128 and then dynamic routing Command Attributes Management VLAN ID of the configured VLAN 1 4093 no leading zeroes By default all ports on the switch are members of VLAN 1 However t...

Page 60: ...IP address subnet mask and gateway then click Apply and specify a Primary interface Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 111 Console config if ip address 10 1 0 254 255 255 255 0 4 219 Console config if exit Console config ip default gateway 192 168 1 254 4 221 Console config ...

Page 61: ...se a console connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart command Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose mana...

Page 62: ...ach VLAN page 3 115 To enable routing between the different interfaces on this switch you must enable IP routing page 3 114 To enable routing between the interfaces defined on this switch and external network interfaces you must configure static routes page 3 128 or use dynamic routing i e either RIP page 3 130 or OSPF page 3 140 The precedence for configuring IP interfaces is the IP General Routi...

Page 63: ...address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note Up to two copies of the system software i e the run...

Page 64: ...d at startup and click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 10 Setting the Startup Code To delete a file select System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 11 Deleting Files ...

Page 65: ...ng configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file from a TFTP server to the running c...

Page 66: ...Click System File Management Copy Operation Select tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Apply Figure 3 12 Downloading Configuration Settings for Startup If you download to a new file name using tftp to startup config or tftp to fi...

Page 67: ...ser input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the ...

Page 68: ...p bits transmitted per byte Range 1 2 Default 1 stop bit Available in CLI only Password Specifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single glob...

Page 69: ...ds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the Console...

Page 70: ...arted on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Telnet Speci...

Page 71: ...d system and event messages The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Console config line vty 4 10 Console config line login local 4 11 Console config line password 0 secret 4 12 Console config line timeout login response 300 4 13 Console config line exec timeout 600 4 13 Cons...

Page 72: ...re logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specified level For example if lev...

Page 73: ...ged to RAM and flash memory Use the show logging command to display the current settings 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert Immediate action needed 0 Eme...

Page 74: ...type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0 to ...

Page 75: ... conditions has occurred such as invalid input or default used Level 3 Critical Sends notification that a critical condition has occurred such as memory allocation or free memory error resource exhausted Level 2 Alert Sends urgent notification that immediate action must be taken Level 1 Emergency Sends an emergency notification that the system is now unusable Level 0 SMTP Server List Specifies a l...

Page 76: ...ck Remove Figure 3 19 Enabling and Configuring SMTP CLI Enter the host ip address followed by the mail severity level source and destination email addresses and enter the sendmail command to complete the action Use the show logging command to display SMTP information Console config logging sendmail host 192 168 1 19 Console config logging sendmail level 3 Console config logging sendmail source ema...

Page 77: ...record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to speci...

Page 78: ...umber of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Console config sntp client 4 54 Co...

Page 79: ...evice These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 clients This agent continuously monitors the status o...

Page 80: ...Table 3 4 SNMPv3 Security Models and Levels Model Level Group Read View Write View Notify View Security v1 noAuth NoPriv public read only defaultview none none Community string only v1 noAuth NoPriv private read write defaultview defaultview none Community string only v1 noAuth NoPriv user defined user defined user defined user defined Community string only v2c noAuth NoPriv public read only defau...

Page 81: ...Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configured Community String A community string that acts like a password and permits access to the SNMP protocol Default strings public r...

Page 82: ...hNoPriv or authPriv the user name must first be defined in the SNMPv3 Users page page 3 41 Otherwise the authentication password and or privacy password will not exist and the switch will not authorize SNMP access for the host However if you specify a V3 host with the no authentication noAuth option an SNMP user account will be automatically generated and the switch will authorize SNMP access for ...

Page 83: ...ring in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Version Indicates if the user is running SNMP v1 v2c or v3 Default v1 Trap...

Page 84: ...n and Link up down traps and then click Apply Figure 3 25 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default engine ID it must be changed first before configuring other parameters 2 Specify read and write a...

Page 85: ...he value For example the value 1234 is equivalent to 1234 followed by 22 zeroes Web Click SNMP SNMPv3 Engine ID Enter an ID of up to 26 hexadecimal characters and then click Save Figure 3 26 Setting an Engine ID CLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID To send inform messages to an SNMPv3 user on a remote device you must first specify the engine identifier for the SN...

Page 86: ... and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAut...

Page 87: ...ES is currently available Privacy Password A minimum of eight plain text characters is required Actions Enables the user to be assigned to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the ...

Page 88: ... The engine identifier for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 3 40 Remote IP The Internet address of the remote device where the user resides Security Model The user security model SNMP v1 v2c or v3 Default v1 Security Level The securi...

Page 89: ...available Privacy Password A minimum of eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 3 29 Configuring Remote SNMPv3 Users ...

Page 90: ...uthentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configured view for write access Range 1 64 characters Notify View The configured view for notifications Range 1 64 characters Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien 4 109 ...

Page 91: ...the included value of ifOperStatus linkUpa 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus authenticationFailurea 1 3 6 1...

Page 92: ... click Delete Figure 3 30 Configuring SNMPv3 Groups Private Traps swPowerStatus ChangeTrap 1 3 6 1 4 1 259 6 10 94 2 1 0 1 This trap is sent when the power state changes swIpFilterRejectTrap 1 3 6 1 4 1 259 6 10 94 2 1 0 40 This trap is sent when an incorrect IP address is rejected by the IP Filter a These are legacy notifications and therefore must be enabled in conjunction with the corresponding...

Page 93: ...e OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Click SNMP SNMPv3 Views Click New to configure a new view In the New View page define a name and specify OID subtrees in the switch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click...

Page 94: ...ole config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 105 Console config exit Console show snmp view 4 105 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile Row Status active View Name readaccess Subtree OID 1 3 6 1 2 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Stor...

Page 95: ...ace Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest with the password guest The default administrator name is admin with the pass...

Page 96: ...ssword Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Console config username bob access level 15 4 25 Console config username bob password 0 smit...

Page 97: ...rd pair The user name password and privilege level must be configured on the authentication server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted usin...

Page 98: ...ACACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI See username on page 4 25 Web Click Security Authentication Settings T...

Page 99: ...or encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS Console config authentication login radius 4 70 Console config radius server host 192 168 1 25 4 72 Console confi...

Page 100: ... File name for the certificate Source Private File Name Private key file name Private Password Password for the private key Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply To replace the default secure site certificate enter the TFTP Server IP Address the Source Certificate File Name the Source Private File Name and the Private Password then click Copy C...

Page 101: ...ed one Note The switch must be reset for the new certificate to be activated To reset the switch type Console reload Configuring the Secure Shell The Berkley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implemented for Microsoft Windows and other environments These tools including commands such as rlogin remote login rsh remote shell...

Page 102: ...t station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 3 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 5194174677298486546861571773939016477...

Page 103: ...tion the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys 2 The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Configuring the SSH settings The SSH server includes basic set...

Page 104: ... host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the proceeding section Command Usage Console config ip ssh server 4 35 Console config ip ssh timeout 100 4 36 Console config ip ssh authenticati...

Page 105: ...d then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Generate This button is used to generate the host key pair Note that you ...

Page 106: ...es a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption TFTP Server IP Address The TFTP server IP address location for the public key pair Source File Name The file name used for the public key pair Copy Public Key Save a copy of the public key pair Console ip ssh crypto host key generate 4 35 Console ip ssh save host key ...

Page 107: ...653006761 8240969094744832010252487896597759216832222558465238779154647980739631403 3869257931051057652122430528078658854857892726029378660892368414232759121 2760325919683697053439336438445223335188287173896894511729290510813919642 025190932104328579045764891 DSA ssh dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE Re6hlasfEthIwmjhLY4O0jqJZpcEQUgCfYlum0Y2uoLka Py9ieGWQ8f2gobUZKIICuKg6vjO 9XT...

Page 108: ...number of addresses that can be learned by a port To add new VLAN members at a later time you can manually add secure addresses with the Static Address Table page 3 108 or turn off port security to reenable the learning function long enough for new VLAN members to be registered Learning may then be disabled again if desired for security Command Usage A secure port has the following restrictions Ca...

Page 109: ...IEEE 802 1X dot1x standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication Access to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network This switch uses...

Page 110: ...t If authentication is successful the switch allows the client to access the network Otherwise network access is denied and the port remains blocked The operation of 802 1X on the switch requires the following The switch must have an IP address assigned RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified Each switch port that will be used must be s...

Page 111: ...02 1X protocol provides port authentication The 802 1X protocol must be enabled globally for the switch system before port settings are active Command Attributes 802 1X System Authentication Control Sets the global setting for 802 1X Default Disabled Console show dot1x 4 85 Global 802 1X Parameters system auth control Disabled 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1...

Page 112: ...fault Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant acc...

Page 113: ...switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk port Web Click Security 802 1X Port Configuration Modify the para...

Page 114: ...us Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 28 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operation ...

Page 115: ...he number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in ...

Page 116: ...ing 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 85 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 117: ...age The following restrictions apply to ACLs Each ACL can have up to 60 rules This switch supports ACLs for ingress filtering only However you can only bind one IP ACL to any port for ingress filtering In other words only one ACL can be bound to an interface Ingress IP ACL The order in which active ACLs are checked is as follows 1 User defined rules in the Ingress IP ACL for ingress ports 2 Explic...

Page 118: ...the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bit...

Page 119: ...t Permit rules Src Dst Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any Src Dst IP Address Source or destination IP address Src Dst Subnet Mask Subnet mask for source or destinatio...

Page 120: ...Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg...

Page 121: ...incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP 3 Permit all TCP packets from class C addresses 192 168 1 0 with ...

Page 122: ...xidecimal mask for source or destination MAC address VID VLAN ID Range 1 4095 VID Bit Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bitmask Range ...

Page 123: ...ere the Ethernet type is 0800 Binding a Port to an Access Control List After configuring the Access Control Lists ACL you can bind the ports that need to filter traffic to the appropriate ACLs You can assign one IP access list to any port Command Usage Each ACL can have up to 60 rules This switch supports ACLs for ingress filtering only However you can only bind one IP or MAC ACL to any port for i...

Page 124: ...anagement interfaces are open to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be config...

Page 125: ...b group SNMP IP Filter Configures IP address es for the SNMP group Telnet IP Filter Configures IP address es for the Telnet group IP Filter List IP address which are allowed management access to this interface Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list Web Clic...

Page 126: ... Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type1 Indicates the type of media used for ports 25 to 26 Trunk Member1 Shows if port is a tr...

Page 127: ...s 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 240 1488100 packets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LA...

Page 128: ...tion is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full...

Page 129: ...e for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Media Type Select the type of media to us for ports 25 to 26 Options Copper Forced SFP Forced SFP Preferred Auto Default SFP Preferred Auto Trunk Indicates if a port is a member of a trunk To create trunks and select port mem...

Page 130: ...ndby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the device...

Page 131: ... However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Incl...

Page 132: ... if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 4 117 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control Disabled Port security Disabled Max MAC co...

Page 133: ... same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Command Attributes Member List Current Shows configured trunks Port New Includes entry fields for creating new trunks Port Port identifier Range 1 28 Web Cl...

Page 134: ...used by the interfaces that joined the group lacp admin key as described in this section and on page 4 129 Command Attributes Set Port Actor This menu sets the local side of an aggregate link i e the ports on this switch Port Port number Range 1 28 Console config interface ethernet 1 1 4 111 Console config if lacp 4 127 Console config if exit Console config interface ethernet 1 6 Console config if...

Page 135: ...p link Range 0 65535 Default 32768 Set Port Partner This menu sets the remote side of an aggregate link i e the ports on the attached device The command attributes have the same meaning as those used for the port actor However configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next time an aggregate link is est...

Page 136: ... 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 131 Channel group 1 Oper Key 120 Admin Key 120 Console Table 3 8 LACP Port Counter Information Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Receive Number of valid LA...

Page 137: ...s and the operational state for the local side of an link aggregation Internal Configuration Information Console show 1 lacp counters 4 131 Channel group 1 Eth 1 1 LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 9 LACP Settings Field Description Oper Key Current operational value of the key for the aggregation port A...

Page 138: ... is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i ...

Page 139: ... 10 LACP Remote Side Settings Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol p...

Page 140: ... side of port channel 1 Console show 1 lacp neighbors 4 131 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper St...

Page 141: ...control does not effect IP multicast traffic The specified threshold applies to each individual port on the switch Command Attributes Port Port number Type Indicates the port type 100BASE TX 1000BASE T or SFP Protect Status Shows whether or not broadcast storm control has been enabled Default Enabled Threshold Threshold as percentage of port bandwidth Options 64 1000000 packets per second Default ...

Page 142: ...ws you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Rx Target Port The port that will duplicate or mirror the traffic on the source port Range 1 28 Console config interface ethernet 1 1 4 111 Console config if no switchport broadcast 4 121 Console config if exit Console config broadcast packet rate 500 4 121 Console config exit Console show interfaces...

Page 143: ...to limit traffic coming into the switch Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Configuration Use...

Page 144: ...ON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values displayed have...

Page 145: ... being deliverable to a higher layer protocol Transmit Octets The total number of octets transmitted out of the interface including framing characters Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that hig...

Page 146: ...ize Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy Internal MAC Receive Errors A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of resou...

Page 147: ...less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 B...

Page 148: ...Port Configuration 3 103 Figure 3 61 Displaying Etherlike and RMON Statistics ...

Page 149: ...h or low To control the power supply within the switch s budget ports set at critical or high priority have power enabled in preference to those ports set at low priority For example when a device is connected to a port set to critical priority the switch supplies the required Console show interfaces counters ethernet 1 13 4 118 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122...

Page 150: ...e provided to the switch ports Mainpower Consumption The amount of power being consumed by PoE devices connected to the switch Thermal Temperature2 The internal temperature of the switch Software Version The version of software running on the PoE controller subsystem in the switch Web Click PoE Power Status Figure 3 62 Displaying the Global PoE Status CLI This example displays the current power st...

Page 151: ...he supplied power Range 37 180 watts Default 180 Watts Web Click PoE Power Config Specify the desired power budget for the switch Click Apply Figure 3 63 Setting the Switch Power Budget CLI Use the power mainpower maximum allocation command to set the PoE power budget for the switch Displaying Port Power Status Use the Power Port Status page to display the current PoE power status for all ports Co...

Page 152: ...device is connected to a low priority port and causes the switch to exceed its budget port power is not turned on If a device is connected to a critical or high priority port and causes the switch to exceed its budget port power is turned on but the switch drops power to one or more lower priority ports Note Power is dropped from low priority ports in sequence starting from port number 1 Console s...

Page 153: ...port 1 to 8 watts the priority to high 2 and then enables the power Address Table Settings Switches store the addresses for all known devices This information is used to pass traffic directly between the inbound and outbound ports All the addresses learned by monitoring traffic are stored in the dynamic address table You can also manually configure static addresses that are bound to a specific por...

Page 154: ...dresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded...

Page 155: ... select the method of sorting the displayed addresses and then click Query Figure 3 67 Displaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table Command Attributes Aging Status Enables disables the function Aging Time The time after which a learned entry is...

Page 156: ...otocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device It selects a d...

Page 157: ... the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the switch system Max Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive...

Page 158: ...then become the root device Root Hello Time Interval in seconds at which this device transmits a configuration message Root Maximum Age The maximum time in seconds this device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals If the root port ages out STA inform...

Page 159: ...and Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs Rapid Spanning Tree Protocol Console show spanning tree 4 150 Spanning tree information Spanning tree mode RSTP Spanning tree enabled disabled enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Del...

Page 160: ...ty is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28...

Page 161: ...herwise temporary data loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is t...

Page 162: ...otocol and then configures the STA parameters Console config spanning tree 4 139 Console config spanning tree mode 4 140 Console config spanning tree priority 40000 4 143 Console config spanning tree hello time 5 4 142 Console config spanning tree max age 38 4 142 Console config spanning tree forward time 20 4 141 Console config spanning tree pathcost method long 4 144 Console config spanning tree...

Page 163: ...g state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the cost Designated Bridge The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree Designated Port The port priority and number of the port on t...

Page 164: ...figured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Designated root The priority and MAC address of the device in the Spanning Tree that this switch has accepted as...

Page 165: ... two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media Web Click Spanning Tree STA Port Information or Trunk Information Figure 3 71 Displaying STA Port Status Information CLI This example shows the STA attributes for port 5 Console show spanning tree ethernet 1 5 4 150 Eth 1 5 information Admin status enable Role disa...

Page 166: ...can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if ...

Page 167: ...member that Edge Port should only be enabled for ports connected to an end node device Default Disabled Migration If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU form...

Page 168: ...herently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLA...

Page 169: ...ame VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned If an end station or its netwo...

Page 170: ...ntagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged VLANs but are only allowed one untagged VLAN Each port on the switch is capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that contains any VLAN aware devic...

Page 171: ...isplaying Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4093 U...

Page 172: ...ny ID from the scroll down list Figure 3 74 Displaying VLAN Information by Port Membership Command Attributes CLI VLAN ID of configured VLAN 1 4093 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operationa...

Page 173: ...VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current l...

Page 174: ... the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 131 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on pag...

Page 175: ...e not carry VLAN or CoS information Note that an interface can only have one untagged VLAN which must be the same as the Port VID See Configuring VLAN Behavior for Interfaces on page 3 132 for configuring PVID Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 124 None Interface is not a member of the VLAN Pa...

Page 176: ...ect a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 77 Assigning VLAN Port and Trunk Groups CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Console config interface ethernet 1 1 4 111 Console config if switchport allowed vlan ...

Page 177: ...ngress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Ingress Filtering is always enabled Default Enabled Ingress filtering only affects tagged frames If a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However...

Page 178: ...ommunity ports that can only communicate with other hosts within the secondary VLAN and with any of the promiscuous ports in the associated primary VLAN In both cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and mult...

Page 179: ...other traffic through promiscuous ports Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch including primary and community VLANs and their assigned interfaces Command Attributes VLAN ID ID of configured VLAN 1 4093 and VLAN type ...

Page 180: ...VLANs Primary Conveys traffic between promiscuous ports and to their community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN Current Displays a list of the currently configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary or Community type then clic...

Page 181: ...ese entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 81 Private VLAN Association CLI This example associates community VLANs 6 and 7 with primary VLAN 5 Displaying Private VLAN Interface Information Use the Private VLAN Port Information and Private VLAN Trunk Information menus to display the interface associated with private VLANs Comman...

Page 182: ...ts Trunk The trunk identifier Port Information only Web Click VLAN Private VLAN Port Information or Trunk Information Figure 3 82 Private VLAN Port Information CLI This example shows the switch configured with primary VLAN 5 and community VLAN 6 Port 3 has been configured as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as host ports and associated with VLAN 6 Th...

Page 183: ... and community ports within the associated secondary VLANs If PVLAN type is Promiscuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set PVLAN Port Type to Host and then specify the associated Community VLAN Trunk The trunk identifier Port Information only Web Click VL...

Page 184: ...eate or remove protocol VLANs Command Attributes Protocol Group IP Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 Frame Type Ethernet frame type Protocol Type The options for Ethernet frame type includes IP ARP or RARP Web Click VLAN Protocol VLAN Configuration Figure 3 84 Protocol VLAN Configuration Console config interface ethernet 1 3 Console config if switchport mode ...

Page 185: ...ion about the sending device Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers This information can be used by SNMP applications to s...

Page 186: ... Port and Trunk Information These commands enable LLDP transmit receive or transmit and receive mode on the specified port whether to send SNMP notifications and sets the TLV type Command Attributes Port Specifies the port number LLDP Enables LLDP transmit Tx only receive Rx only or transmit and receive RxTx mode on the specified port Chosing Disabled disables LLDP on the port SNMP Notification En...

Page 187: ...ng of basic TLV parameters to be broadcast about the specified port Console config interface ge1 1 Console config if lldp transmit and receive 4 204 Console config if Console config interface ge1 1 Console config if lldp notification 4 207 Console config if Console config interface ge1 1 Console config if lldp basic tlv management address 4 204 Console config if lldp basic tlv description 4 205 Co...

Page 188: ... LLDP Local Information for local device information Or click LLDP Remote Port or Trunk Information for remote device port or trunk information Figure 3 88 LLDP Local Device Information Web Click LLDP Remote Information to specify the port or trunk associated with the device then click Remote Port or Remote Trunk for remote device port or trunk information Figure 3 89 LLDP Remote Device Informatio...

Page 189: ...ail Port ge1 1 Admin Status Rx Notification Enabled False Console config Console show lldp info local device 4 213 LLDP Local System Information Chassis Type MAC Address Chassis ID 00 01 22 33 44 AB System Description ECN430 System Capabilities Support Bridge Router System Capabilities Enable Bridge Router Management Address 0 0 0 0 IPv4 LLDP Port Information Port PortID Type PortID PortDesc ge1 1...

Page 190: ...ing of frame priority tags to the switch s priority queues switch show lldp info remote device 4 214 LLDP Remote Devices Information Interface ChassisId PortId SysName please provide sample data switch show lldp info remote device detail LLDP Remote Devices Information please provide sample data switch Console config switch show lldp info statistics 4 215 LLDP Device Statistics Neighbor Entries Li...

Page 191: ... and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used If the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Command Attributes Default Priority The priority that is assigned to untagged frame...

Page 192: ...y that benefits application traffic for your own network Console config interface ethernet 1 3 4 111 Console config if switchport priority default 5 4 170 Console config if end Console show interfaces switchport ethernet 1 3 4 119 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit enable K bits per second 25 VLAN membership mode Hybrid Ing...

Page 193: ...91 Configuring Class of Service CLI The following example shows how to change the CoS assignments to a one to one mapping 6 Voice less than 10 milliseconds latency and jitter 7 Network Control Console config interface ethernet 1 1 4 111 Console config if queue cos map 0 0 4 172 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console config exit Consol...

Page 194: ...priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Ro...

Page 195: ...gn a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue CLI shows Queue ID Web Click Prio...

Page 196: ... may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP DSCP Priority and then Default Port Priority Selecting IP DSCP Priority The switch allows you to enable or disable IP DSCP priority Command Attributes IP DSCP Priority Status Enables the priority services Maps layer 3 4 priorities using Differenti...

Page 197: ... values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a v...

Page 198: ...ed for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information can be assigned by end hosts or switches or routers along the path Priority can then be assigned based on a general policy or a detailed examination of the packet However note that detailed examinatio...

Page 199: ...affic that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specified rate 5 Use the Service Policy to assign a policy map to a specific interface Configuring a Class Map A class map is used for matching packets to a specified class Command Usage To configure a Class Map follow these steps Open the Class Map page and click Add Class When the Class Configur...

Page 200: ...h command is permitted per class map so the match any field refers to the criteria specified by the lone match command Description A brief description of a class map Range 1 64 characters Add Adds the specified class Back Returns to previous page without making any changes Match Class Settings Class Name List of the class maps ACL List Name of an access control list Any type of ACL can be specifie...

Page 201: ... Edit Rules to change the rules of an existing class Figure 3 97 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd_class match any Console config cmap match ip dscp 3 Console config cmap ...

Page 202: ...ended ACL IPv6 Standard ACL and IPv6 Extended ACL This limitation applies to each switch chip ES4524D ports 1 26 ES4548D ports 1 25 ports 26 50 Also note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the Burst field and the average rate tokens are ...

Page 203: ...duced Remove Class Deletes a class Policy Settings Class Name Name of class map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on page 3 147 Range CoS 0 7 DSCP 0 63 IP Precedence 0 7 IPv6 DSCP 0 63 Meter Check this to define the maximum throughput burst rate and the action that results...

Page 204: ...e 3 159 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 98 Configuring Policy Maps ...

Page 205: ...e policy map to an interface The current firmware does not allow you to bind a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from the scroll down box Web Click QoS DiffServ Service Policy Check Enabled and choose a Policy...

Page 206: ...p to any neighboring multicast switch router to ensure that it will continue to receive the multicast service This procedure is called multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all po...

Page 207: ... servers and dynamically configure the switch ports which need to forward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can manually designate a known IGMP querier i e a multicast router switch connected over the network to an interface on your switch page 3 165 This interface will then join all the current multicast groups supported by the atta...

Page 208: ...hen enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default 2 IGMP Query Interval Sets the frequency at which the switch sends I...

Page 209: ... the switch or statically assigned to an interface on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Console config ip igmp snooping 4 178 Console config ip igmp snooping querier 4 182 Console config ip igmp snooping query count 10 4 182 Console config ip igmp snooping query in...

Page 210: ... on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast tra...

Page 211: ... port within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN ...

Page 212: ...s on page 3 162 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VL...

Page 213: ...icast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the user iso...

Page 214: ...able set of hosts you can statically bind the multicast group to the participating interfaces see Assigning Static Multicast Groups to Interfaces on page 3 174 Configuring Global MVR Settings The global settings for Multicast VLAN Registration MVR include enabling or disabling MVR for the switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the se...

Page 215: ...sses Range 1 255 Default 0 Web Click MVR Configuration Enable MVR globally on the switch select the MVR VLAN add the multicast groups that will stream traffic to attached hosts and then click Apply Figure 3 105 MVR Global Configuration CLI This example first enables IGMP snooping enables MVR globally and then configures a range of MVR group addresses Displaying MVR Interface Status You can display...

Page 216: ...MVR Port Information CLI This example shows information about interfaces attached to the MVR VLAN Displaying Port Members of Multicast Groups You can display the multicast groups assigned to the MVR VLAN either through IGMP snooping or static configuration Field Attributes Group IP Multicast groups assigned to the MVR VLAN Group Port List Shows the interfaces with subscribers for multicast service...

Page 217: ...ured as MVR source ports MVR receiver ports cannot be members of a trunk Receiver ports can belong to different VLANs but should not be configured as a member of the MVR VLAN IGMP snooping can be used to allow a source port or receiver port to dynamically join or leave multicast groups within the MVR VLAN using the standard rules for multicast filtering Multicast groups can also be statically assi...

Page 218: ...e multicast subscriber to avoid disrupting services to other group members attached to the same interface Note that immediate leave does not apply to multicast groups which have been statically assigned to a port Command Attributes MVR Type The following interface types are supported Source An uplink port that can send and receive multicast data for the groups assigned to the MVR VLAN Receiver A s...

Page 219: ... IP multicast address range of 224 0 0 x Command Attributes Interface Indicates a port or trunk Member Shows the IP addresses for MVR multicast groups which have been statically assigned to the selected interface Non Member Shows the IP addresses for all MVR multicast groups which have not been statically assigned to the selected interface Web Click MVR Group Member Configuration Select a port or ...

Page 220: ...he received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received but the port is not trusted it is processed as follows If the DHCP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If the DHCP packet is fro...

Page 221: ...CP snooping globally DHCP Snooping MAC Address Verification Enables or disables MAC address verification DHCP packets will be dropped if the source MAC address in the Ethernet header of the packet is not same as the client s hardware address in the DHCP packet Web Click DHCP Snooping Configuration Figure 3 110 DHCP Snooping Configuration CLI This example first enables DHCP Snooping and then enable...

Page 222: ...ent without having to flood them to the entire VLAN In some cases the switch may receive DHCP packets from a client that already includes DHCP Option 82 information The switch can be configured to set the action policy for these packets Either the switch can discard the Option 82 information keep the existing information or replace it with the switch s relay information Note DHCP snooping must be ...

Page 223: ...res switch ports as trusted or untrusted An untrusted interface is an interface that is configured to receive messages from outside the network or firewall A trusted interface is an interface that is configured to receive only messages from within the network Command Attributes Trust Status Enables or disables port as trusted Web Click DHCP Snooping Information Option Configuration Figure 3 113 DH...

Page 224: ... unicast IP address IP Address Type Indicates an IPv4 or IPv6 address type Lease Time Seconds The time after which an entry is removed from the table Web Click DHCP Snooping DHCP Snooping Binding Information Figure 3 114 DHCP Snooping Binding Information CLI This example shows how to display the DHCP Snooping binding table entries Console config interface ethernet 1 5 Console config if ip dhcp sno...

Page 225: ...d by a host trying to use the IP address of a neighbor When enabled traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configured in the source guard binding table An inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac option are checked against the binding table If no matching entry is found the packet is dr...

Page 226: ...e Command Attributes Static Binding Table Counts The total number of static entries in the table Current Static Binding Table The list of current static entries in the table Port Switch port number Range 1 28 VLAN ID ID of a configured VLAN Range 1 4093 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Console config interface ethernet ...

Page 227: ...uard binding table for a selected interface Command Attributes Query by Select an interface to display the source guard binding Options Port VLAN MAC Address or IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Console config ip source guard binding ...

Page 228: ...ork A switch cluster has a Commander unit that is used to manage all other Member switches in the cluster The management station uses Telnet to communicate directly with the Commander throught its IP address and the Commander manages Member switches using cluster internal IP addresses There can be up to 36 Member switches in one cluster Cluster switches are limited to within a single IP subnet Onc...

Page 229: ...nder Command Attributes Cluster Status Enables or disables clustering on the switch Cluster Commander Enables or disables the switch as a cluster Commander Role Indicates the current role of the switch in the cluster either Commander Member or Candidate Cluster IP Pool An internal IP address pool that is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses ar...

Page 230: ...gure 3 119 Cluster Member Configuration CLI This example creates a new cluster Member by specifying the Candidate switch MAC address and setting a Member ID Cluster Member Information Displays current cluster Member switch information Command Attributes Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal clu...

Page 231: ...ilable to become cluster Members Command Attributes Clear Click the Clear button to clear the cluster candidate table Role Indicates the current status of Candidate switches in the network MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 121 Cluster Candidate Information Console sh...

Page 232: ...eve the device s description from the URL provided by the device in the discovery message After a control point has retrieved a description of the device the control point can send actions to a device s service To do this a control point sends a suitable control message to the control URL for the service provided in the device description The next step in UPnP networking is event notification or e...

Page 233: ...ime to live ttl value for receiving of UPnP messages on the device Web Click UPNP Configuration and enter the desired variables Figure 3 122 UPnP Configuration CLI This example enables UPnP sets the device advertise duration to 200 seconds the device ttl to 20 seconds and displays information about basic UPnP configuration Console config upnp device 4 217 Console config upnp device advertise durat...

Page 234: ...access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the quit or exit command After connecting to the system through the console port the login screen displays Telnet Connection Telnet o...

Page 235: ...ress of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty n for the guest to show that you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands t...

Page 236: ...ample to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will prin...

Page 237: ...Show management information map Maps priority mvr Show mvr interface information policy map Displays policy maps port Port characteristics power Show power protocol vlan Protocol VLAN information public key Public key information queue Priority queue information radius server RADIUS server information running config Information on the running configuration snmp Simple Network Management Protocol s...

Page 238: ...again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain switc...

Page 239: ...ommands modify the running configuration only and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server communit...

Page 240: ...owed by the character to display a list of possible matches You can also use the following editing keystrokes for command line processing Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 9 Access Control List access list ip standard access list ip extended Console config std acl Console config ext acl 4 88 Interf...

Page 241: ...ation files 4 64 Authentication Configures logon access using local or remote authentication also configures port security and IEEE 802 1X port access control 4 70 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 88 SNMP Activates authentication failure traps configures co...

Page 242: ...P settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 165 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP UDP traffic types and DSCP 4 169 Multicast Filtering Configures IGMP multicast filtering query parameters and specifies ports attac...

Page 243: ... 13 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 13 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 14 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command LC...

Page 244: ...ngle global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s p...

Page 245: ... system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility with legacy password settings i e plain text or encrypte...

Page 246: ...ection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command exec timeout This command sets the interval that the system waits until user input is detected Use the no form to ...

Page 247: ...rd thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set t...

Page 248: ...to 60 seconds enter this command Related Commands password thresh 4 14 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databits 7 8 no databits 7 Seven data bits per character 8 Eight data bits per character Default Setting 8 data bits per character Command Mode Line Configur...

Page 249: ...d Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bi...

Page 250: ...he speed accordingly Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH ...

Page 251: ...ers Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console disconnect 1 Console Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time D...

Page 252: ...Normal Exec to Privileged Exec To set this password see the enable password command on page 4 26 The character is appended to the end of the prompt to indicate that the system is in privileged access mode Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 19 disable Returns to normal mode from privileged mode PE 4 20 configure Activates global configuration...

Page 253: ...mand Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 19 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Confi...

Page 254: ...The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Console configure Console config Co...

Page 255: ... This example shows how to reset the switch end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration and VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode exit This command returns to the previous configuration mode or exit t...

Page 256: ...user names browser configuration options and display or configure a variety of other system information Console config exit Console exit Press ENTER to start session User Access Verification Username Console quit Press ENTER to start session User Access Verification Username Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely ide...

Page 257: ...lerts Configures SMTP email alerts 4 49 Time System Clock Sets the system clock automatically via NTP SNTP server or manually 4 53 System Status Displays system configuration active managers and version information 4 57 Frame Size Enables support for jumbo frames 4 63 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 24 hostna...

Page 258: ...cation via a remote authentication server page 4 70 and host access authentication for specific ports page 4 80 username This command adds named users requires authentication at login specifies or changes a user s password or specify that no password is required or specifies or changes a user s access level Use the no form to remove a user name Syntax username name access level level no password p...

Page 259: ... encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user enable password After initially logging onto the system you should set the Privileged Exec password Remember to record it i...

Page 260: ...e configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 19 authentication enable 4 71 IP Filter Commands management This command specifies the client IP addresses that are allowed management access to the switch through various protocols Use the no form to restore the default setting Syntax no management all clien...

Page 261: ...or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end ad...

Page 262: ...nd ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Command Command Function Mode Page ip http port Specifies the port to be used by the web browser i...

Page 263: ...nd Mode Global Configuration Example Related Commands ip http port 4 29 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configur...

Page 264: ...nd Netscape Navigator 4 x or later versions The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 56 Also refer to the copy command on page 4 64 Example Related Commands ip http secure port 4 31 copy tftp https certificate 4 64 ip http secure port This command specifies the UDP port ...

Page 265: ...this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuration Example ip telnet server port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Console config ip http secure port 1000 Console config Table 4 14 Telnet Serve...

Page 266: ... must match along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install an SSH client on the management st...

Page 267: ...osts file would appear similar to the following example 3 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737 08779454524083971752646358058176716709574804776117 4 Import ...

Page 268: ... negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can gain access The following exchanges take place during this process 9 The client sends its public key to the switch 10 The switch compares the client s public key to those stored in memory 11 If a match is found the switch uses the public key to encrypt a ran...

Page 269: ...ated Commands ip ssh crypto host key generate 4 38 show ssh 4 40 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifie...

Page 270: ...entication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 40 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Def...

Page 271: ...t Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage This command stores the...

Page 272: ...rs the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type rsa RSA key type Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this comm...

Page 273: ...rate 4 38 show ip ssh This command displays the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Ser...

Page 274: ...ation Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc h...

Page 275: ... keys for all users are displayed When an RSA key is displayed the first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 35 and the last string is the encoded modulus When a DSA key is displayed the first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modu...

Page 276: ...pE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw bvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZvH p9cnrfwFTMU01VFDly3IR 2G395NLy5Qd7ZDxfA9mCOfT yyEfbobMJZi8oGCstSNOxrZZVnMqWrTYfdrKX7YKBw Kjw6Bm iFq7O jAhf1Dg45loAc27s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3...

Page 277: ...y RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Default Setting Flash errors level 3 0 RAM warnings level 7 0 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Norm...

Page 278: ...er Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example logging facility This command sets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A nu...

Page 279: ...d level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 44 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote loggi...

Page 280: ...figuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power reset sendmail Displays settings for the SMTP event hand...

Page 281: ...ommand History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG s...

Page 282: ... no logging sendmail host ip_address Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page logging sendmail host Specifies SMTP servers that will be sent alert messages GC 4 ...

Page 283: ...nd mail the switch selects the next server in the list and tries to send mail again If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax logging sendmail level level level One of the system ...

Page 284: ...rator responsible for the switch Example This example will send email alerts for system errors from level 3 through 0 logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Defa...

Page 285: ...s command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email a...

Page 286: ...rom time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup e g 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Table 4 2...

Page 287: ...ifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands Related Commands 4 54 Console config sntp server 10 1 0 19 Console config sntp poll 60 Console c...

Page 288: ...seconds Default Setting 16 seconds Command Mode Global Configuration Example Related Commands Related Commands 4 54 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used f...

Page 289: ...iversal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Related Commands show sntp 4 55 calendar set This command sets the system clock It may be used if there is no time server on you...

Page 290: ...Mode Normal Exec Privileged Exec Example System Status Commands show startup config This command displays the configuration file stored in non volatile memory that is used to start up the system Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console Table 4 23 System Status Commands Command Function Mode Page show running config Displays the co...

Page 291: ...s command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address configured for the switch Spanning tree set...

Page 292: ...s separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access...

Page 293: ...00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca ...

Page 294: ...mmand Usage The session used to execute this command is indicated by a symbol next to the Line i e session index number Console show system System description SMC Networks SMC8124PL2 System OID string 1 3 6 1 4 1 259 6 10 94 System Information System Up Time 0 days 0 hours 7 minutes and 22 65 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 00 35 28 00 03 Web ...

Page 295: ...Versions on page 3 11 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168 1 19 Web online users Line Remote IP addr Username Idle time...

Page 296: ...ds To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Console show version Un...

Page 297: ...lity of the TFTP server and the quality of the network connection Syntax copy file file running config startup config tftp unit copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to...

Page 298: ...de files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server ...

Page 299: ... file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS ce...

Page 300: ...umber Example This example shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 4 67 delete public key 4 38 dir This command displays a list of files in flash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation...

Page 301: ...hichboot unit unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte Unit...

Page 302: ...mage to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Con...

Page 303: ... password tacacs Use TACACS server password Default Setting Local Console config boot system config startup Console config Table 4 27 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 70 RADIUS Client Configures settings for authentication via a RADIUS server 4 72 TACACS Client Configures settings for authentication via...

Page 304: ... authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Related Commands username for setting the local user names and passwords 4 25 authentication enable This comma...

Page 305: ...ple Related Commands enable password sets password for changing command modes 4 26 RADIUS Client Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels...

Page 306: ... waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting auth port 1812 timeout 5 seconds retransmit 2 Command Mode Global Configuration Exam...

Page 307: ...mum length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Settin...

Page 308: ...efore resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console config radius server retransmit 5 Console config Console config radius server timeout 10 Console config Console show radius server Remote RADIUS serve...

Page 309: ...acs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Settin...

Page 310: ...ring Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Console config tacacs server port 181 Console config Console config...

Page 311: ...rt security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is violated shutdown Disable port only trap Issue SNMP tra...

Page 312: ...command to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violat...

Page 313: ...s to their default values GC 4 81 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 81 dot1x port control Sets dot1x mode for a port interface IC 4 81 dot1x operation mode Allows single or multiple hosts on a dot1x port IC 4 82 dot1x re authenticate Forces re authentication on ...

Page 314: ...on session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Default 2 Command Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control Con...

Page 315: ...1x operation mode single host multi host max count count no dot1x operation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Con...

Page 316: ...le re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period Console config interface...

Page 317: ...mmand Mode Interface Configuration Example dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Configuration Co...

Page 318: ...single or multiple hosts page 4 82 Mode Dot1x port control mode page 4 81 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication page 4 83 reauth period Time after which a connected client must be re authenticated page 4 84 quiet period Time ...

Page 319: ...sed by the Authenticator to identify the current authentication session Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle i...

Page 320: ...ost Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Rea...

Page 321: ...P ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP control code The following restrictions apply to ACLs Each ACL can have up to 60 rules This switch supports ACLs f...

Page 322: ...ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Table 4 34 IP ACL Commands Command Function Mode Page access list ip Creates an IP ACL and enters configuration mode for standard or extended IP ACLs GC 4 89 permit deny Filters packets matching a specified...

Page 323: ...re appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned E...

Page 324: ...col number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address sport Protocol3 source port number Range 0 65535 dport Protocol destination port number Range 0 65535 end Upper bound of the protocol port range Range 0 65535 Default Setting None Command Mode Extende...

Page 325: ...t standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 90 ip access group 4 92 ip access group This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip access group acl_name in out acl_name Name of t...

Page 326: ...how ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example Related Commands ip access group 4 92 map access list ip This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Synta...

Page 327: ...le Related Commands queue cos map 4 172 show map access list ip 4 94 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 28 Command Mode Privileged E...

Page 328: ...st to COS of Eth 1 24 Access list ALS1 cos 0 Console Table 4 36 ACL Information Command Function Mode Page show access list Shows all ACLs and associated rules PE 4 95 show access group Shows the ACLs assigned to each port PE 4 95 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 255 255 255 0 any p...

Page 329: ...show access group Interface ethernet 1 25 IP standard access list david IP access list jerry Console Table 4 37 SNMP Commands Command Function Mode Page snmp server Enables the SNMPv3 server GC 4 96 show snmp Displays the status of SNMP communications NE PE 4 97 snmp server community Sets up the community access string to permit access to SNMP commands GC 4 98 snmp server contact Sets the system c...

Page 330: ... of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command Console config snmp server Console config ...

Page 331: ...nt stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version e...

Page 332: ...hat describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 99 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Max...

Page 333: ...5 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define this string using ...

Page 334: ...t as reliable as inform messages which include a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to issue notificati...

Page 335: ...ple Related Commands snmp server enable traps 4 102 snmp server enable traps This command enables this device to send Simple Network Management Protocol traps or informs i e SNMP notifications Use the no form to disable SNMP notifications Syntax no snmp server enable traps authentication link up down authentication Keyword to issue authentication failure notifications link up down Keyword to issue...

Page 336: ...ress local Specifies the SNMP engine on this switch remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters Default Setting A unique engine ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engi...

Page 337: ...er host 4 100 show snmp engine id This command shows the SNMP engine ID Command Mode Privileged Exec Example This example shows the default engine ID Console config snmp server engineID local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Remote SNMP engineID IP a...

Page 338: ...obal Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes the MIB 2 interfaces table ifDescr The wild card is used to select all the index values in this table This view includes the MIB 2 in...

Page 339: ...cryption options readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public4 read only private5 read write Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type nonvolatile Row Status active View Na...

Page 340: ...lgorithm is used for data encryption For additional information on the notification messages supported by this switch see Supported Notification Messages on page 3 45 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command page 4 102 Example show snmp group Four default groups are provi...

Page 341: ...olatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 4 40 show snmp group display description Field Description groupname Name of an S...

Page 342: ...crypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with 56 bit DES data encryption priv password Privacy password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password Default Setting None Command Mode Global Configuration Command Usage The SNMP engine ID is used to compute the au...

Page 343: ...Console config Console show snmp user EngineId 01000000000000000000000000 User Name steve Authentication Protocol md5 Privacy Protocol des56 Storage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description ...

Page 344: ...e type and enters interface configuration mode GC 4 111 description Adds a description to an interface configuration IC 4 112 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 112 negotiation Enables autonegotiation of a given interface IC 4 113 capabilities Advertises the capabilities of a given interface for use in autonegotiation I...

Page 345: ...onfigures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex 1000full 100full 100half 10full 10half no speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Force...

Page 346: ...5 to 100 Mbps half duplex operation Related Commands negotiation 4 113 capabilities 4 114 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings ...

Page 347: ...n 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 1000BASE T 10half 10full 100half 100full 1000...

Page 348: ...2 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included ...

Page 349: ...command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit port unit Stack unit Always unit 1 ...

Page 350: ...er reset Example The following example clears statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 28 port channel channel id Range 1 8 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal E...

Page 351: ...played by this command see Showing Port Statistics on page 3 99 Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled P...

Page 352: ...ut 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Interna...

Page 353: ... rate limiting is enabled and the current rate limit page 4 124 VLAN membership mode Indicates membership mode as Trunk or Hybrid page 4 155 Ingress rule Shows if ingress filtering is enabled or disabled page 4 156 Note Ingress filtering is always enabled Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 155 Native VLAN Indicates the default Port ...

Page 354: ...re dropped The specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast storm control at 600 packets per second switchport broadcast This command enables broadcast storm control on an interface Use the no form to disable broadcast storm control on an interface Syntax no switchport broadcast Table 4 44 Broadcast Commands Command Function Mo...

Page 355: ...tor interface interface ethernet unit port source port unit Stack unit Always unit 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destinati...

Page 356: ...ns must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Always unit 1 po...

Page 357: ...is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input rate no rate limit input input Input rate rate Percentage Default Setting 100 percent Command Mode Interface Con...

Page 358: ...p to 8 ports The ports at both ends of a connection must be configured as trunk ports All ports in a trunk must be configured in an identical manner including Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if Table 4 47 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters...

Page 359: ... Interface used by the interfaces that joined the group However if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channe...

Page 360: ...nds of an LACP trunk must be configured for full duplex and auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will...

Page 361: ...LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 10 Console config if lacp Console config if exit Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces s...

Page 362: ...ey Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 Default Setting 0 Command Mode Interface Configuration Ethernet Co...

Page 363: ... a specific link aggregation group LAG during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channe...

Page 364: ...t priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its opera...

Page 365: ... Illegal Pkts 0 Table 4 48 show lacp counters display description Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts...

Page 366: ...state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of...

Page 367: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Page 368: ... F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 51 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 52 Add...

Page 369: ...ecific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses will not be removed from the address table when a given interface link is down Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be writ...

Page 370: ...interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit ...

Page 371: ...nds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Console show mac address table Interface Mac Address Vlan Type Et...

Page 372: ... GC 4 142 spanning tree max age Configures the spanning tree bridge maximum age GC 4 142 spanning tree priority Configures the spanning tree bridge priority GC 4 143 spanning tree pathcost method Configures the path cost method for RSTP GC 4 144 spanning tree transmission limit Configures the transmission limit for RSTP GC 4 144 spanning tree spanning disabled Disables spanning tree for an interfa...

Page 373: ...estore the default Syntax spanning tree mode stp rstp no spanning tree mode stp Spanning Tree Protocol IEEE 802 1D rstp Rapid Spanning Tree Protocol IEEE 802 1w Default Setting rstp Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLA...

Page 374: ...nning tree forward time seconds no spanning tree forward time seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because e...

Page 375: ...ts the time interval in seconds at which the root device transmits a configuration message Example Related Commands spanning tree forward time 4 141 spanning tree max age 4 142 spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time i...

Page 376: ... 4 141 spanning tree hello time 4 142 spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53...

Page 377: ...obal Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 145 takes precedence over port priority page 4 146 Example spanning tree transmission limit This command configures the minimum interval b...

Page 378: ...ning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost cost cost The path cost for the port Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Setting Ethernet half duplex 2 00...

Page 379: ...ures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority priority The priority for a port Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree A...

Page 380: ...Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Ed...

Page 381: ... node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for ...

Page 382: ...P is forbidden Example spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 28 port channel channel id Range 1 8 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs i...

Page 383: ...mand with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST For a description of the items displayed under Spanning tree information see Configuring Global Settings on ...

Page 384: ...1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 ...

Page 385: ...ommand Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Table 4 54 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 152 Configu...

Page 386: ...tate active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the swi...

Page 387: ...s interface configuration mode for a specified VLAN IC 4 154 switchport mode Configures VLAN membership mode for an interface IC 4 155 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 155 switchport ingress filtering Enables ingress filtering on an interface IC 4 156 switchport native vlan Configures the PVID native VLAN of an interface IC 4 157 switchpo...

Page 388: ...et Port Channel Example The following shows how to set the configuration mode to port 1 and then set the switchport mode to hybrid Related Commands switchport acceptable frame types 4 155 switchport acceptable frame types This command configures the acceptable frame types for a port Use the no form to restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable ...

Page 389: ...Note Failed to ingress filtering on ethernet interface Syntax switchport ingress filtering Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will discard received frames tagged for VLANs for it which it is not a member Ingress filtering does not affect VLAN independent ...

Page 390: ...ed into all untagged frames entering the ingress port Example The following example shows how to set the PVID for port 1 to VLAN 3 switchport allowed vlan This command configures VLAN groups on the selected interface Use the no form to restore the default Note Each port can only have one untagged VLAN If a second VLAN is defined for a port as untagged the other VLAN that had untagged status will a...

Page 391: ...d VLAN 1 Note that each port can only have one untagged VLAN If a second VLAN is defined for a port as untagged the other VLAN that had untagged status will automatically be changed to tagged Setting a VLAN untagged will also change the native VLAN of the port to this VLAN If a VLAN on the forbidden list for an interface is manually added to that interface the VLAN is automatically removed from th...

Page 392: ...VLAN 3 Displaying VLAN Information show vlan This command shows VLAN information Syntax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Console config interface ethernet 1 1 Console ...

Page 393: ... VLANs can be associated with each primary VLAN Note that private VLANs and normal VLANs can exist simultaneously within the same switch Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 1...

Page 394: ...y VLAN Use the no form to remove the specified private VLAN Syntax private vlan vlan id community primary no private vlan vlan id vlan id ID of private VLAN Range 1 4093 no leading zeroes community A VLAN in which traffic is restricted to host memebers in the same VLAN and to promiscuous ports in the associate primary VLAN primary A VLAN which can contain one or more community VLANs and serves to ...

Page 395: ...e security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default s...

Page 396: ...iation secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e community VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via ...

Page 397: ... can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN configuration settings on this switch Syntax show vlan private vlan mapping community primary community Displays all community VLANs along with their associated primary VLAN and assigned host int...

Page 398: ...mation in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Console show vlan private vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 Console Table 4 59 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext g...

Page 399: ...ample switchport gvrp This command enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLA...

Page 400: ...ple garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Ranges join 20 1000 centiseconds leave 60 3000 centiseconds leaveall 500 18000 centiseconds Default Setting join 2...

Page 401: ...alues are applied to GVRP for all the ports on all VLANs Timer values must meet the following restrictions leave 2 x join leaveall leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 168 show garp timer This command shows the GARP timers for the selected interface S...

Page 402: ... priority queues You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 centiseconds Console Table 4 60 Priority Commands Command Groups Function Page Priority ...

Page 403: ...or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Table 4 61 Priority Commands Layer 2 Command Function Mode Page...

Page 404: ...both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN ta...

Page 405: ... by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues for port 5 Related Commands show queue bandwidth 4 174 queue cos map This command assigns class of service CoS values to the priority queues i e hardware output queues 0 7 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map q...

Page 406: ...s command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 4 174 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Table 4 62 Default CoS Priority Levels Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Console config inte...

Page 407: ...c Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Always unit 1 port Port number Range 1 28 port channel channel id Range 1 8 Default Setting None Console sh queue mode Wrr status Enabled Console Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 1...

Page 408: ...e shows how to enable IP DSCP mapping globally Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console Table 4 63 Priority Commands Layer 3 and 4 Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 4 175 map ip dscp Maps IP DSCP value to a class of service IC 4 176 map access list ip Sets the CoS...

Page 409: ... Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The...

Page 410: ...ort number Range 1 28 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 175 map ip dscp Interface Configuration 4 176 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 411: ...ps Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 178 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 182 Static Multicast Routing Configures static multicast router ports 4 185 Table 4 66 IGMP Sno...

Page 412: ...ways unit 1 port Port number Range 1 28 port channel channel id Range 1 8 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp snooping version 1 IGMP Ve...

Page 413: ...for a VLAN Syntax no ip igmp snooping immediate leave Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage The IGMP snooping immediate leave feature enables a Layer 2 LAN interface to be removed from the multicast forwarding table without first sending an IGMP group specific query to the interface Upon receiving a group specific IGMPv2 leave message the switch immediate...

Page 414: ...ow mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Console show ip igmp snooping Service status Enabled...

Page 415: ...query count This command configures the query count Use the no form to restore the default Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 67 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 182 ip igmp snooping ...

Page 416: ...countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 184 ip igmp snooping query interval This command c...

Page 417: ...This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have lef...

Page 418: ... switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snooping version 4 179 Static Multicast Routing Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter i...

Page 419: ...or trunk on your router you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ...

Page 420: ...Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 69 IGMP Filtering and Throttling Commands Command Function Mode Page ip igmp filter Enables IGMP filtering and throttling on the switch GC 4 187 ip igmp profile Sets a profile number and enters IGMP filter profile configuration mode GC 4 188 permit deny Sets a profile acc...

Page 421: ...ltering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups The IGMP filtering feature operates in the same manner when MVR is used to forward the multicast traffic Example ip igmp profile This command creates an IGMP filter profile number and enters IGMP profile configuration mode Use the no form to delete a profile number Syntax n...

Page 422: ...cess mode is set to deny IGMP join reports are only processed when a multicast group is not in the controlled range Example range This command specifies multicast group addresses for a profile Use the no form to delete addresses from a profile Syntax no range low ip address high ip address low ip address A valid IP address of a multicast group or start of a group range high ip address A valid IP a...

Page 423: ...tting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command before being able to assign it to an interface Only one profile can be assigned to an interface A profile can be assigned to a trunk interface When ports are configured as trunk members the trunk uses the filtering profile assigned to the first port member...

Page 424: ...y or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group IGMP throttling can also be set on a trunk interface When ports are configured as trunk members the trunk uses the throttling settings of the first port member in the trunk Example ip igmp max ...

Page 425: ...s command displays the global and interface settings for IGMP filtering Syntax show ip igmp filter interface interface ethernet unit port unit This is unit 1 port Port number Range 1 28 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if ip igmp max groups action replace Console config if Console show i...

Page 426: ...e This command displays the interface settings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit This is unit 1 port Port number Range 1 28 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface displays all interfaces Console show ip igmp profile IGMP ...

Page 427: ...o form of this command without any keywords to globally disable MVR Use the no form with the group keyword to remove a specific address or range of addresses Or use the no form with the vlan keyword restore the default MVR VLAN Syntax no mvr group ip address count vlan vlan id ip address IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 count The number of contiguous MVR group ...

Page 428: ...ssages Example The following example enables MVR globally and configures a range of MVR group addresses mvr Interface Configuration This command configures an interface as an MVR receiver or source port using the type keyword enables immediate leave capability using the immediate keyword or configures an interface as a static member of the MVR VLAN using the group keyword Use the no form to restor...

Page 429: ...tically assigned using the group keyword The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is ...

Page 430: ...el channel id Range 1 12 ip address IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default Setting Displays global configuration settings for MVR when no keywords are used Command Mode Privileged Exec Command Usage Enter this command without any keywords to display the global settings for MVR Use the interface keyword to display information about interfaces attached to the M...

Page 431: ...assigned to the MVR VLAN MVR current multicast groups Shows the number of multicast groups currently assigned to the MVR VLAN Console show mvr interface Port Type Status Immediate Leave eth1 1 SOURCE ACTIVE UP Disable eth1 2 RECEIVER ACTIVE UP Disable eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INACTIVE DOWN Disable Console Table 4 72 show mvr interf...

Page 432: ...5 0 0 1 ACTIVE eth1 1 d eth1 2 s 225 0 0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIVE None 225 0 0 8 INACTIVE None 225 0 0 9 INACTIVE None 225 0 0 10 INACTIVE None Console Table 4 73 show mvr members display description Field Description MVR Group IP Multicast groups assigned to the MVR VLAN Status Shows whether ...

Page 433: ...ications about LLDP changes IC 4 207 lldp dot1 tlv port vlan id Configures an LLDP enabled port to advertise its default VLAN ID IC 4 208 lldp dot1 tlv port protocol vlan id Configures an LLDP enabled port to advertise portrelated VLAN information IC 4 209 lldp dot1 tlv vlan name Configures an LLDP enabled port to advertise its VLAN name IC 4 209 lldp dot1 tlv protocol identity Configures an LLDP ...

Page 434: ...isements initiated by a change in local LLDP MIB variables Use the no form to restore the default setting Syntax lldp transmit delay auto seconds no lldp transmit delay auto Calculates the transmit delay in seconds based on 0 25 transmit interval see page 535 The range of the resulting values is 1 8192 seconds Specifies the transmit delay Range 5 3600 seconds Default Setting 2 seconds Command Mode...

Page 435: ...ld value no lldp transmit hold value Calculates the TTL in seconds based on transmit hold transmit interval Range 2 10 Default Setting 4 4 30 120 seconds Command Mode Global Configuration Command Usage The transmit hold tells the receiving LLDP agent how long to hold onto all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner Example lldp reinit del...

Page 436: ...erval seconds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds Default Setting 5 seconds Command Mode Global Configuration Command Usage This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occur betwe...

Page 437: ...DUs receive only Only receive LLDP PDUs Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example lldp basic tlv management address This command configures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature Syntax no lldp basic tlv management address Default Setting Disabled Command Mode Interface Confi...

Page 438: ...ssociated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Example lldp ba...

Page 439: ...d by this TLV is described in IEEE 802 1AB Example lldp basic tlv system description This command configures an LLDP enabled port to advertise the system description Use the no form to disable this feature Syntax no lldp basic tlv system description Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage The system description is taken from the sysDescr ob...

Page 440: ... object in RFC 3418 which contains the systemís administratively assigned name and is in turn based on the hostname command page 56 Example lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to restore the default setting Syntax no lldp notification Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel...

Page 441: ...ransmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss Example lldp dot1 tlv port vlan id This command configures an LLDP enabled port to advertise its default VLAN ID Use the no form to disable this feature Syntax no lldp dot1 tlv port vlan id Def...

Page 442: ...gured on this interface Example lldp dot1 tlv vlan name This command configures an LLDP enabled port to advertise its VLAN name Use the no form to disable this feature Syntax no lldp dot1 tlv vlan name Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises the name of all VLANs to which this interface has been assigned Example Conso...

Page 443: ...ot3 tlv mac phy This command configures an LLDP enabled port to advertise its MAC and physical layer capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv mac phy Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises MAC PHY configuration status which includes information about auto negotiation capabilities p...

Page 444: ...ink aggregation member Example lldp dot3 tlv power via mdi This command configures an LLDP enabled port to advertise its Power over Ethernet PoE capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv power via mdi Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises Power over Ethernet capabilities including ...

Page 445: ...Usage Refer to System MTU Commands on page 65 for information on configuring the maximum frame size for the ECN430 switch Example show lldp config This command shows LLDP configuration settings for all ports Syntax show lldp config detail detailed Shows detailed information Command Mode Privileged Exec Example switch show lldp config Console config interface ge1 1 Console config if lldp dot3 tlv p...

Page 446: ...d Exec Console show lldp config LLDP Global Configuation LLDP Transmit interval 30 LLDP Hold Time Multiplier 4 LLDP Delay Interval 2 LLDP Reinit Delay 2 LLDP Notification Interval 5 LLDP Port Configuration Port AdminStatus NotificationEnabled ge1 1 Rx False ge1 2 Rx False ge1 3 Rx False ge1 4 Rx False ge1 5 Rx False switch show lldp config detail LLDP Port Configuration Detail Port ge1 1 Admin Sta...

Page 447: ...bilities Enable Bridge Router Management Address 0 0 0 0 IPv4 LLDP Port Information Port PortID Type PortID PortDesc ge1 1 MAC Address 00 01 22 33 44 AC ge1 1 ge1 2 MAC Address 00 01 22 33 44 AD ge1 2 ge1 3 MAC Address 00 01 22 33 44 AE ge1 3 ge1 4 MAC Address 00 01 22 33 44 AF ge1 4 ge1 5 MAC Address 00 01 22 33 44 B0 ge1 5 Console show lldp info local device detail LLDP Port Information Detail P...

Page 448: ...tics Neighbor Entries List Last Updated 0 seconds New Neighbor Entries Count 0 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Port NumFramesRecvd NumFramesSent NumFramesDiscarded 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 switch sh lldp info statistics detail LLDP Port Statistics Detail PortName ge1 1 Frames Discarded 0 Frames Invalid 0 Frames Receiv...

Page 449: ...message After a control point has retrieved a description of the device the control point can send actions to a device s service To do this a control point sends a suitable control message to the control URL for the service provided in the device description The next step in UPnP networking is event notification or eventing A UPnP description for a service includes a list of actions the service re...

Page 450: ...e Related Commands upnp device ttl 4 217 upnp device advertise duration 4 218 upnp device ttl This command sets the time to live ttl value for receiving of UPnP messages on the device Syntax upnp device ttl value value A time out value expressed in seconds Range 1 255 seconds Default Setting 4 seconds Command Mode Global Configuration Command Usage You must set the ttl value before the device can ...

Page 451: ...conds Range 6 86400 seconds Default Setting 100 seconds Command Mode Global Configuration Command Usage You must set the time for which the attached devices advertise their status Example In the following example the device advertise duration is set to 200 seconds Related Commands upnp device ttl 4 217 show upnp This command displays the UPnP management status and time out settings Default Setting...

Page 452: ...ess netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Console show upnp UPnP global settings Status Enabled Advertise duration 200 TTL 20 Console Table 4 76 IP Interface Commands Command Function...

Page 453: ...d subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command or by rebooting the switch Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP address to any other VLAN the new IP address overrides the orig...

Page 454: ...orm to remove the static route Syntax ip default gateway gateway no ip default gateway gateway IP address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Command...

Page 455: ...n moved to a different domain the network portion of the address provided to the client will be based on this new domain 4 221 ping This command sends ICMP echo request packets to another node on the network Syntax ping host size size count count host IP address or IP alias of the host size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than t...

Page 456: ... Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 111 IP Source Guard Commands IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table or static and dynamic entries in the DHCP Snooping table when enabled...

Page 457: ...de to sip or sip mac enables this function on the selected port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC address Use the no source guard command to disable this function on the selected port When enabled traffic is filtered based upon dynamic entries l...

Page 458: ...c IP source guard binding the packet will be forwarded If the DHCP snooping is enabled IP source guard will check the VLAN ID source IP address port number and source MAC address for the sip mac option If a matching entry is found in the binding table and the entry type is static IP source guard binding static DHCP snooping binding or dynamic DHCP snooping binding the packet will be forwarded If I...

Page 459: ...ng static entries configured in the DHCP snooping table or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and MAC address and the type of entry i...

Page 460: ... source guard Interface Filter type Eth 1 1 DISABLED Eth 1 2 DISABLED Eth 1 3 DISABLED Eth 1 4 DISABLED Eth 1 5 SIP Eth 1 6 DISABLED Console show ip source guard binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console Table 4 78 DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DHCP snooping globally GC 4 228 ip ...

Page 461: ...s learned via DHCP snooping Table entries are only learned for untrusted interfaces Each entry includes a MAC address IP address lease time entry type Dynamic DHCP Binding Static DHCP Binding VLAN identifier and port identifier When DHCP snooping is enabled the rate limit for the number of DHCP messages that can be processed by the switch is 100 packets per second Any DHCP packets in excess of thi...

Page 462: ...ce MAC address in the Ethernet header If the DHCP packet is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally disabl...

Page 463: ...command page 4 230 When the DHCP snooping is globally disabled DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled configuration changes for specific VLANs have the following effects If DHCP snooping is disabled on a VLAN all dynamic bindings learned for this VLAN are removed...

Page 464: ... no ip dhcp snooping trust command When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Additional considerations when the switch itself is a DHCP client The port s through which it submits a client request to the DHCP server must be configured as trusted Example This example sets port 5 to untrusted Related Commands ip dh...

Page 465: ...abled Command Mode Global Configuration Command Usage DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DHCP Option 82 it allows compatible DHCP servers to use the information when assigning IP addresses or to set other services or policies for clients When the DHCP Snooping Information Option is enabled clients can be identif...

Page 466: ...lready include DHCP Option 82 information the switch can be configured to set the action policy for these packets Either the switch can drop the DHCP packets keep the existing information or replace it with the switch s relay information Example ip dhcp snooping database flash This command writes all dynamically learned snooping entries to flash memory Command Mode Global Configuration Command Usa...

Page 467: ...e Privileged Exec Example Console config ip dhcp snooping database flash Console config Console show ip dhcp snooping Global DHCP Snooping status disable DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enable Interface Trusted Eth 1 1 No Eth 1 2 No Eth 1 3 No Eth 1 4 No Eth 1 5 Yes Console show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interfa...

Page 468: ...n the switch the default is enabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to a single IP subnet Layer 2 domain A switch can only be a Mem...

Page 469: ...date switches only become cluster Members when manually selected by the administrator through the management station Cluster Member switches can be managed through only using a Telnet connection to the Commander From the Commander CLI prompt use the rcommand id command to connect to the Member switch Example cluster ip pool This command sets the cluster IP address pool Use the no form to reset to ...

Page 470: ...er switches and the Commander You cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled Example cluster member This command configures a Candidate switch as a cluster Member Use the no form to remove a Member switch from the cluster Syntax cluster member mac address mac address id member id no cluster member mac address member id mac...

Page 471: ... connection to the Commander switch Managing cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI Example show cluster This command shows the switch clustering configuration Command Mode Privileged Exec Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config Cons...

Page 472: ...eged Exec Example Console show cluster Role commander Interval heartbeat 30 Heartbeat loss count 3 Number of Members 1 Number of Candidates 2 Console Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 12 cf 23 49 c0 Description SMC8124PL2 Console Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 2...

Page 473: ...Command Line Interface 4 240 4 ...

Page 474: ...g One source ports one destination port Rate Limits Input Limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 802 1D Rapid Spanning Tree Protocol RSTP IEEE 802 1w VLAN Support Up to 255 groups port based protocol based or tagged 802 1Q GVRP for automatic VLAN learning private VLANs C...

Page 475: ...roups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEE...

Page 476: ... MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP Vie...

Page 477: ...Software Specifications A 4 A ...

Page 478: ...lnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Be sure the control parameters for the SSH server are properly configured on the switch and that the SSH client software is properly configured on ...

Page 479: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 480: ... Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues Domain Name Service DNS A system used for translating host names for network nodes into IP addresses Dynamic...

Page 481: ...stations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign endstations to different virtual LANs and defin...

Page 482: ...cast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts Layer 2 ...

Page 483: ... within the subnet and to national time standards via wire or radio Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1X Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructivel...

Page 484: ...ffers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers Spanning Tree Protocol STP A technology that checks your network for any loops A loop can often occur in complica...

Page 485: ...s that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share informatio...

Page 486: ... 170 traffic class weights 3 150 4 172 D default gateway configuration 3 14 4 221 default priority ingress port 3 146 4 171 default settings system 1 5 DHCP 3 16 4 217 4 218 4 219 client 3 14 dynamic configuration 2 5 Differentiated Code Point Service See DSCP downloading software 3 18 4 64 DSCP enabling 3 151 4 175 mapping priorities 3 152 4 176 dynamic addresses displaying 3 109 4 137 E edge por...

Page 487: ...81 displaying 4 181 static 3 166 4 179 4 181 multicast services configuring 3 167 3 169 3 170 3 172 4 179 displaying 3 166 4 181 multicast static router port 3 165 4 185 P password line 4 12 passwords 2 4 administrator setting 3 50 4 25 path cost 3 113 3 119 method 3 116 4 144 STA 3 113 3 119 4 144 port authentication 4 80 port power displaying status 3 106 inline 3 107 inline status 3 106 maximum...

Page 488: ...ority 3 119 4 146 protocol migration 3 122 4 149 transmission limit 3 116 4 144 standards IEEE A 2 startup files creating 3 21 4 64 displaying 3 18 4 57 setting 3 18 4 69 static addresses setting 3 108 4 135 statistics port 3 99 4 118 STP 3 115 4 140 STP Also see STA system clock setting 3 32 4 53 system software downloading from server 3 18 4 64 T TACACS logon authentication 3 51 3 52 4 76 time s...

Page 489: ...Index Index 4 menu list 3 3 panel display 3 3 ...

Page 490: ......

Page 491: ...hnischer Support und weitere Information unter www smc com SPANISH En www smc com Ud podrá encontrar la información relativa a servicios de soporte técnico DUTCH Technische ondersteuningsinformatie beschikbaar op www smc com PORTUGUES Informações sobre Suporte Técnico em www smc com SWEDISH Information om Teknisk Support finns tillgängligt på www smc com INTERNET E mail address techsupport smc com...

Reviews:

No comments

Related manuals for 8124PL2

Infinity IES-1881

Brand: LevelOne Pages: 2

Brand: Tripp Lite Pages: 80

Brand: Gefen Pages: 31

Brand: ORiNG Pages: 2

TIMEGUARD WF10COM

Brand: Theben Pages: 35

TigerAccess SMC7824M/FSW

Brand: SMC Networks Pages: 2

SI1P-SH-DVI-UCAC

Brand: Black Box Pages: 16

Brand: GeoVision Pages: 7

Brand: H3C Pages: 77

kontron KSwitch D1 UGPD

Brand: S&T Pages: 40

Brand: Xantech Pages: 12

IPES/IES-5416T Series

Brand: Lantech Pages: 27

Extricom AT-EXLS-3000

Brand: Allied Telesis Pages: 120

Brand: IPGARD Pages: 2

Brand: Parallax Power Supply Pages: 2

Brand: Dwyer Instruments Pages: 4

Brand: IOGear Pages: 12

Brand: ATEN Pages: 300

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands