SMC Networks 8612T - annexe 1 Management Manual Download Page 49 | Manualshive

Page: 49 / 366

background image

S

ECURITY

2-17

•

RADIUS uses UDP while uses TCP. UDP only offers
best effort delivery, while TCP offers a connection-oriented
transport. Also, note that RADIUS encrypts only the password
in the access-request packet from the client to the server, while
encrypts the entire body of the packet.

•

RADIUS and logon authentication control
management access via the console port, Web browser, or
Telnet.

•

RADIUS and logon authentication assign a specific
privilege level for each user name/password pair. The user
name, password, and privilege level must be configured on the
authentication server.

•

You can specify up to three authentication methods for any
user to indicate the authentication sequence. For example, if
you select (1) RADIUS, (2) TACACS and (3) Local, the user
name and password on the RADIUS server is verified first. If the
RADIUS server is not available, then authentication is attempted
using the server, and finally the local user name and
password is checked.

b_mgmt.book Page 17 Tuesday, July 8, 2003 5:24 PM

«
...
47
48
49
50
51
...
»

Summary of Contents for 8612T - annexe 1

Page 1: ...ng switching architecture Support for a redundant power unit Spanning Tree Protocol Up to six LACP or static 4 port trunks Layer 2 3 4 CoS support through four priority queues Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Management Guide SMC8612T ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions July 2003 Pub 150200034800A ...

Page 4: ...ted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2003 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of...

Page 6: ...IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBI...

Page 7: ...guring the Switch 2 1 Using the Web Interface 2 1 Navigating the Web Browser Interface 2 2 Home Page 2 3 Configuration Options 2 3 Panel Display 2 4 Main Menu 2 5 Basic Configuration 2 8 Displaying System Information 2 8 Setting the IP Address 2 11 Security 2 14 Configuring the Logon Password 2 14 Configuring RADIUS TACACS Logon Authentication 2 16 Configuring HTTPS 2 21 Replacing the Default Secu...

Page 8: ...k Information 2 61 STP Port and Trunk Configuration 2 65 VLAN Configuration 2 70 Assigning Ports to VLANs 2 71 Forwarding Tagged Untagged Frames 2 73 Displaying Basic VLAN Information 2 74 Displaying Current VLANs 2 75 Creating VLANs 2 77 Adding Interfaces Based on Membership Type 2 79 Adding Interfaces Based on Static Membership 2 82 Configuring VLAN Behavior for Interfaces 2 83 Class of Service ...

Page 9: ...ort Authentication 2 129 802 1x Port Configuration 2 131 802 1x Statistics 2 134 Statistical Values 2 134 3 Command Line Interface 3 1 Using the Command Line Interface 3 1 Accessing the CLI 3 1 Console Connection 3 1 Telnet Connection 3 2 Entering Commands 3 4 Keywords and Arguments 3 4 Minimum Abbreviation 3 4 Command Completion 3 5 Getting Help on Commands 3 5 Partial Keyword Lookup 3 6 Negating...

Page 10: ... 3 29 username 3 30 enable password 3 31 jumbo frame 3 32 ip http port 3 33 ip http server 3 34 ip http secure server 3 35 ip http secure port 3 36 ip ssh 3 37 ip ssh server 3 38 disconnect ssh 3 39 show ssh 3 40 show ip ssh 3 40 logging on 3 41 logging history 3 42 logging host 3 44 logging facility 3 45 logging trap 3 45 clear logging 3 47 show logging 3 47 show startup config 3 48 show running ...

Page 11: ...t 3 62 tacacs server key 3 63 show tacacs server 3 63 SNMP Commands 3 64 snmp server community 3 65 snmp server contact 3 66 snmp server location 3 66 snmp server host 3 67 snmp server enable traps 3 69 snmp ip filter 3 70 show snmp 3 71 IP Commands 3 73 ip address 3 74 ip dhcp restart 3 75 ip default gateway 3 76 show ip interface 3 77 show ip redirects 3 78 ping 3 78 Line Commands 3 80 line 3 81...

Page 12: ...le Commands 3 107 mac address table static 3 108 show mac address table 3 109 clear mac address table dynamic 3 111 mac address table aging time 3 111 show mac address table aging time 3 112 Spanning Tree Commands 3 113 spanning tree 3 114 spanning tree mode 3 115 spanning tree forward time 3 116 spanning tree hello time 3 117 spanning tree max age 3 118 spanning tree priority 3 119 spanning tree ...

Page 13: ... show gvrp configuration 3 143 garp timer 3 144 show garp timer 3 145 bridge ext gvrp 3 146 show bridge ext 3 147 IGMP Snooping Commands 3 148 ip igmp snooping 3 149 ip igmp snooping vlan static 3 150 ip igmp snooping version 3 151 show ip igmp snooping 3 152 show mac address table multicast 3 152 ip igmp snooping querier 3 153 ip igmp snooping query count 3 154 ip igmp snooping query interval 3 1...

Page 14: ... 167 map ip dscp Global Configuration 3 169 map ip dscp Interface Configuration 3 170 show map ip precedence 3 171 show map ip dscp 3 172 Mirror Port Commands 3 174 port monitor 3 174 show port monitor 3 175 Port Trunking Commands 3 177 channel group 3 178 lacp 3 179 A Troubleshooting A 1 Troubleshooting Chart A 1 B Upgrading Firmware via the Serial Port B 1 Glossary Index ...

Page 15: ...1 7 The switch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics graphically using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The switch s management agent is based on SNMP Simpl...

Page 16: ... duplex mode for any port Configure up to 255 IEEE 802 1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download of system firmware via TFTP Upload and download of switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to six static or LACP trunks Enable jumbo frame support En...

Page 17: ...in Appendix C To connect a terminal to the console port complete the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select t...

Page 18: ... detailed information on using the CLI refer to Command Groups on page 3 12 Remote Connections Prior to accessing the switch s onboard agent via a network connection you must first configure it with a valid IP address subnet mask and default gateway using a console connection DHCP or BOOTP protocol The IP address for this switch is assigned via DHCP by default To manually configure this address or...

Page 19: ...vailable at the Privileged Exec level and allow you to only display information and use basic utilities To fully configure switch parameters you must access the CLI at the Privileged Exec level Access to both CLI levels are controlled by user names and passwords The switch has a default user name and password for each level To log into the CLI at the Privileged Exec level using the default user na...

Page 20: ...console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type username guest password 0 password for the Normal Exec level where password is your new password Press Enter 4 Type username admin password 0 password for the Privileged Exec level where password is your new password Press Enter Username admin Password CLI ses...

Page 21: ...terface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP address to any other VLAN the new IP address overrides the original IP address and this becomes the new management VLAN Manual Configuration You can manually assign an IP address to the switch You may also need to ...

Page 22: ... address and netmask is the network mask for the network Press Enter 3 Type exit to return to the global configuration mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP wil...

Page 23: ...s on the network complete the following steps 1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings through DHCP type ip address dhcp and press Enter To obtain IP settings through BOOTP type ip address bootp an...

Page 24: ... be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specifi...

Page 25: ...witch is disabled To prevent unauthorized access to the switch via SNMP it is recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter ...

Page 26: ...t enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in non volatile storage you must copy the running configuration fi...

Page 27: ...ackup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restoring Configuration Settings on page 2 28 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI Web and SNMP management interfaces See Managin...

Page 28: ... a file namethat reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startu...

Page 29: ...ps Enabled Link up Down Traps Enabled Security Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super Authentication local Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Function Parameter Default ...

Page 30: ...ex Full duplex flow control disabled Symmetric flow control disabled Link Aggregation Static Trunks none LACP all ports Disabled Spanning Tree Protocol Status Enabled Defaults All parameters based on IEEE 802 1w Fast Forwarding Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled GVRP global Disabled GVRP port interfa...

Page 31: ...rity Disabled IP DSCP Priority Disabled Multicast Filtering IGMP Snooping Enabled Act as Querier Enabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 256 packets per second System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 Jumbo Frames Status Disabled Function Parameter Default ...

Page 32: ...SWITCH MANAGEMENT 1 18 ...

Page 33: ...t For more information on using the CLI refer to Chapter 3 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting the IP Address on page 2 11 2 Set user names and passwords usin...

Page 34: ...ement station and this switch does not pass through any device that uses the Spanning Tree Protocol then you can set the switch port attached to your management station to fast forwarding to improve the switch s response time to management commands issued through the Web interface See STP Port and Trunk Configuration on page 2 65 Navigating the Web Browser Interface To access the Web browser inter...

Page 35: ...nu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Configuration Options Configurable parameters have a dialog box or a drop down list Once a configuration change has been made on a page be sure to click on the Apply or Apply Changes button to confirm the ...

Page 36: ...et Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The Web agent displays an image of the switch s ports indicating whether each link is up or down Clicking on the image of a port opens the Port Configuration page as described on page 2 38 Button Action Revert Cancels specified values and restores cu...

Page 37: ...cation Settings Configures RADIUS and TACACS authentication parameters 2 16 HTTPS Settings Configures secure HTTP settings 2 21 SSH Settings Configures Secure Shell settings 2 24 Firmware Manages code image files 2 26 Configuration Manages switch configuration files 2 28 Reset Restarts the switch Bridge Extension Shows the configuration for bridge extension commands enables GVRP multicast protocol...

Page 38: ... Addresses Displays or edits static entries in the Address Table 2 49 Address Aging Sets timeout for dynamically learned entries 2 51 Spanning Tree STP Information Displays STP values used for the bridge 2 53 STP Configuration Configures global bridge settings for STP 2 57 STP Port Information Configures individual port settings for STP 2 61 STP Trunk Information Configures individual trunk settin...

Page 39: ...Sets the default priority for each port 2 87 Default Trunk Priority Sets the default priority for each trunk 2 87 Traffic Class Maps IEEE 802 1p priority tags to output queues 2 89 Queue Scheduling Configures Weighted Round Robin queueing 2 92 IP Precedence DSCP Priority Status Globally selects IP Precedence or DSCP Priority or disables both 2 93 IP Precedence Priority Sets IP Type of Service prio...

Page 40: ...rts that are attached to a neighboring multicast router switch for each VLAN ID 2 117 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router switch 2 118 IP Multicast Registration Table Displays all multicast groups active on this switch including multicast IP addresses and VLAN ID 2 121 IGMP Member Port Table Indicates multicast addresses asso...

Page 41: ...Length of time the management agent has been up MAC Address The physical layer address for the switch Web server Shows if management access via HTTP is enabled or disabled Web server port Shows the TCP port number used by the Web interface Web secure server Shows if management access via secure HTTP HTTPS is enabled or disabled Web secure server port Shows the TCP port number used by the HTTPS ser...

Page 42: ...ick System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet ...

Page 43: ...nt Console config hostname Test Switch 3 29 Console config snmp server location TPS 3rd Floor 3 66 Console config snmp server contact Chris 3 66 Console show system 3 52 System description SMC Networks SMC8612T System OID string 1 3 6 1 4 1 1991 1 5 1 1 4 1 1 System information System Up time 0 days 2 hours 4 minutes and 7 13 seconds System Name Test Switch System Location TPS 3rd Floor System Con...

Page 44: ...t the management station to a port that is a member of the Management VLAN IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address D...

Page 45: ...y configured by these services Web Click System IP Specify the Management VLAN set the IP Address Mode to DHCP or BOOTP Then click Apply to save your changes The switch will broadcast a request for IP configuration settings on the next power reset Otherwise you can click Restart DHCP to immediately request a new address Console config Console config interface vlan 1 3 92 Console config if ip addre...

Page 46: ...gned by DHCP is no longer functioning you will not be able to renew the IP settings via the Web interface You can only restart DHCP service via the Web interface if the current address is still available CLI Enter the following command to restart DHCP service Security Configuring the Logon Password The guest only has read access for most configuration parameters However the administrator has write...

Page 47: ...is admin with the password admin Note that user names can only be assigned via the CLI Command Attributes User Name The name of the user Maximum length 8 characters case sensitive maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Password Specifies the user password Range 0 8 characters plain text case sensitive CLI only Web Click System Passwords To c...

Page 48: ...ch Like RADIUS Terminal Access Controller Access Control System Plus TACACS is a system that uses a central server to control authentication for access to switches on the network RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to ...

Page 49: ...rowser or Telnet RADIUS and TACACS logon authentication assign a specific privilege level for each user name password pair The user name password and privilege level must be configured on the authentication server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password...

Page 50: ...equence RADIUS Settings Server IP Address Address of the RADIUS server Default 10 1 0 1 Server Port Number Network UDP port of the RADIUS server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Number of Server Transmits Number of times the sw...

Page 51: ... TACACS server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI ...

Page 52: ...ck System Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and click Apply ...

Page 53: ...le HTTPS you must indicate this in the URL For example https device port_number Console config authentication login radius 3 56 Console config radius server host 192 168 1 25 3 58 Console config radius server port 181 3 58 Console config radius server key green 3 59 Console config radius server retransmit 5 3 60 Console config radius server timeout 10 3 60 Console show radius server 3 61 Server IP...

Page 54: ...mand Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used for HTTPS SSL connection to the switch s Web interface The default is port 443 Web Click System HTTPS Settings Select Enabled for the HTTPS Status and specify the port number then click Apply Web Browser Operating System Internet Explorer 5 ...

Page 55: ...t obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and use the f...

Page 56: ...1 x and SSH v2 x The switch supports only SSH v1 5 Command Attributes SSH Server Status Allows you to enable disable the SSH server feature on the switch Default enabled SSH authentication timeout Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt Range 1 to 120 seconds Default 120 seconds SSH authentication retries Specif...

Page 57: ...nfig ip ssh server 3 38 Console config ip ssh timeout 100 3 37 Console config ip ssh authentication retries 5 3 37 Console config Console show ip ssh 3 40 Information of secure shell SSH status enable SSH authentication timeout 100 SSH authentication retries 5 Console show ssh 3 40 Information of secure shell Session Username Version Encrypt method Negotiation state 0 admin 1 5 cipher 3des session...

Page 58: ...me File names are case sensitive The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of runtime code files is 2 Downloading System Software from a Server When downloading runtime...

Page 59: ... file on the switch to overwrite or specify a new file name then click Transfer from Server When you download a file using a different name from the current runtime code file you need to select the new file name from the drop down box for the operation code used at startup and then click Apply Changes To start the new firmware reboot the system ...

Page 60: ...TFTP server Destination File Name File names are case sensitive The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of user defined configuration files is limited only by availab...

Page 61: ...nation file name on the switch Web Click System Configuration Enter the IP address of the TFTP server enter the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Transfer from Server When you download a file using a different name from the current startup configuration file you need to select the new file name from from the drop down bo...

Page 62: ...ning Configuration to a File You can save the current running configuration to a new file name and then set it as the startup file Enter a name for the new configuration file and then click Copy to File Console copy tftp startup config 3 21 TFTP server ip address 192 168 1 19 Source configuration file name startup2 0 Startup configuration file name startup startup2 0 Write to FLASH Programming Wri...

Page 63: ...g Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 2 87 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Settin...

Page 64: ...Spanning Trees GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering GVRP GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information in order to register necessary VLAN members ...

Page 65: ...le show bridge ext 3 147 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GVRP status Enabled GMRP Disabled Console ...

Page 66: ...e version of the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply CLI only Management Software Loader Version Version number of loader code Boot ROM Version Version number of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch...

Page 67: ... version information Console show version 3 54 Unit1 Serial number A217056372 Service tag NONE Hardware version R0C Number of ports 12 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 1 0 0 0 Boot rom version 1 0 0 0 Operation code version 2 0 0 19 Console ...

Page 68: ...of port type 1000Base TX or 1000Base SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Flow Control Status Indicates the type of flow control currently in use Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member Shows if port is a trunk member Port Infor...

Page 69: ...03 Information of Eth 1 13 Basic information Port type 1000T Mac address 00 00 11 11 22 2F Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 256 packets second Flow control Disabled Lacp Disabled Port security Disabled Port security action None Current status Link status Down Operation speed duplex 1...

Page 70: ...ble it after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows manual selection of port speed and duplex mode i e with auto negotiation disabled Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled Specifies the capabilities to be advertised for a por...

Page 71: ...r full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX L...

Page 72: ...onfig interface ethernet 1 13 3 92 Console config if description RD SW 13 3 93 Console config if shutdown 3 99 Console config if no shutdown Console config if no negotiation 3 95 Console config if speed duplex 100half 3 94 Console config if flowcontrol 3 97 Console config if negotiation Console config if capabilities 100half 3 96 Console config if capabilities 100full Console config if capabilitie...

Page 73: ...ing a threshold for broadcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 256 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Threshold Threshold as percent...

Page 74: ...on at 128 packets per second on port 1 Configuring Port Mirroring You can mirror traffic from any source port to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Console config interface ethernet 1 1 3 92 Console config if switchport broadcast packet rate 128 ...

Page 75: ...t and monitor port speeds must match otherwise traffic may be dropped from the monitor port The switch supports only one port mirror session Web Click Port Mirror Specify the source port the traffic type to be mirrored and the target port then click Add ...

Page 76: ...o access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security first allow the switch to dynamically learn the source MAC address VLAN pair for frames received on a port for an initial period and then ...

Page 77: ...u to set the security action to be taken when a port intrusion is detected This setting applies to all ports on the switch Shutdown and Trap Indicates the action to be taken when a port security violation is detected None Indicates that no action should be taken This is the default Trap and Shutdown Indicates that the port is to be disabled and an SNMP trap message sent Web Click Port Port Securit...

Page 78: ...it must be manually re enabled from the Port Port Configuration page Web Click Port Port Security Status Check the checkbox in the Security Status column to enable security for a port then click Apply CLI Use the interface command to select the target port then use the port security action command to configure the port intrusion action applies to all ports Use the port security command to enable s...

Page 79: ...gure static addresses that are bound to a specific port Setting Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Usage Entries specified via the Web inte...

Page 80: ...face the MAC address and VLAN then click Add Static Address CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table address 00 e0 29 94 34 de ethernet 1 1 vlan 1 delete on reset 3 108 Console config ...

Page 81: ...ddress for inbound traffic is found in the database the packets intended for that address is forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Usage You can display entries in the dynamic address table by selecting an interface either port or trunk MAC address or VLAN You can sort the information displayed based on interface port or trunk MAC address o...

Page 82: ... method of sorting the displayed addresses then click Query For example the following screen shows the dynamic addresses for port 5 CLI This example displays the address table entries for port 11 Console show mac address table interface ethernet 1 11 3 109 Interface Mac Address Vlan Type Eth 1 11 00 10 b5 62 03 74 1 Learned Console ...

Page 83: ... 400 seconds Spanning Tree Protocol Configuration The Spanning Tree Protocol STP can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices i e an STP compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and pr...

Page 84: ...oot ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Max...

Page 85: ... except for designated ports should receive configuration messages at regular intervals If the root port ages out STP information provided in the last configuration message a new root port is selected from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Hello Time Specifies the time interval in seconds at whic...

Page 86: ...t without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected from among the device ports attached to the network References to ports in this section means interfaces w...

Page 87: ...ion protocol data units shall be transmitted by this node Configuration Changes Specifies the number of times the Spanning Tree has been reconfigured Last Topology Change Identifies the time since the Spanning Tree was last reconfigured CLI only Web Click Spanning Tree STP Information to display current Spanning Tree information ...

Page 88: ... Current root port 0 Current root cost 0 Number of topology changes 1 Last topology changes time sec 10811 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role disable State discarding Path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 000011112222 Designated bridge 32768 000011112222 Fast forwarding disable Forward transit...

Page 89: ...2 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Command Attributes Spanning Tree State Enables or disables the Spanning Tree If you enable the Spanning Tree you must complete the other fields Default enabled Sp...

Page 90: ...e Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds the switch can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes th...

Page 91: ...erwise temporary data loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 Short Specifies 16 bit based values that r...

Page 92: ...es Console config spanning tree mode rstp 3 115 Console config spanning tree 3 114 Console config spanning tree forward time 15 3 116 Console config spanning tree hello time 2 3 117 Console config spanning tree max age 20 3 118 Console config spanning tree priority 40000 3 119 Console config spanning tree pathcost method long 3 120 Console config spanning tree transmission limit 5 3 121 Console co...

Page 93: ...earning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discardi...

Page 94: ...per Edge Port This parameter is initialized to the setting for Admin Edge Port in the STP Port Trunk Configuration page i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active Spanning Tree topology Root The port is connecting the bridge to the root brid...

Page 95: ...red as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Designated root The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the...

Page 96: ...des quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enable...

Page 97: ...ction or shared media connection and edge port to indicate if the attached device can support fast forwarding References to ports in this section means interfaces which includes both ports and trunks Console show spanning tree ethernet 1 5 3 128 Eth 1 5 information Admin status enable Role designate State forwarding Path cost 100000 Priority 128 Designated cost 0 Designated port 128 5 Designated r...

Page 98: ...arning addresses Forwarding Port forwards packets and continues learning addresses Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the S...

Page 99: ...t Ethernet 2 000 200 000 Defaults Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Note When the Path Cost Method is set to short the maximum path cost is 65 535 Admin Link Type The link type attached to this interface Default Auto Point to Point A connection to exac...

Page 100: ...nts does not cause the Spanning Tree to initiate reconfiguration when the interface changes state and also overcomes other STP related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Migration Re checks the appropriate BPDU format to send on the selected interface If at any time the switch detects STP BPDUs including Configuration o...

Page 101: ...ly CLI This example sets STP attributes for port 5 Console config interface ethernet 1 5 Console config if spanning tree port priority 128 3 123 Console config if spanning tree cost 19 3 122 Console config if spanning tree link type auto 3 127 Console config if no spanning tree edge port 3 125 Console spanning tree protocol migration ethernet 1 5 3 126 Console ...

Page 102: ...l segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadc...

Page 103: ...me VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices ...

Page 104: ...egistration Protocol defines a system whereby the switch can automatically learn the VLANs to which each endstation should be assigned If an endstation or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving...

Page 105: ...ver to participate in a VLAN group that crosses several switches you need to create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN...

Page 106: ...mum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Click VLAN VLAN Basic Information CLI Enter the following command Console show bridge ext 3 147 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic cl...

Page 107: ...st want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes for Web Interface VLAN ID ID of configured VLAN 1 4094 no leading zeroes Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Tagged Ports Shows the ...

Page 108: ...D from the scroll down list Command Attributes for CLI Interface VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters ...

Page 109: ...cify a VLAN ID for each of these groups Command Attributes Current Lists all the current VLAN groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 40...

Page 110: ...ets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged Web Click VLAN VLAN Static List Enter the VLAN ID and VLAN name mark the Enable checkbox to activate the VLAN and then click Add CLI This example creates a new VLAN Console config vlan database 3 131 ...

Page 111: ...an use the VLAN Static Table to assign ports to the specified VLAN group as an IEEE 802 1Q tagged port Assign ports as tagged if they are connected to 802 1Q VLAN compliant devices If the port is connected to VLAN unaware devices frames will be passed to the untagged VLAN group this port has been assigned to under the VLAN Port Configuration page Command Attributes Port Port identifier Trunk Trunk...

Page 112: ...itted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface s forbidden from automatically joining the VLAN via GVRP For more information see GVRP on page 81 None Interface is not a member of the VLAN Packets associated with this VLAN will not be tran...

Page 113: ...trunks Click Apply CLI The following example shows how to add tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 3 92 Console config if switchport allowed vlan add 2 tagged 3 138 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Console config interface ethernet 1 13 Console config if ...

Page 114: ...ber VLANs for which the selected interface is a tagged member Non Member VLANs for which the selected interface is not a tagged member Web Open VLAN VLAN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display VLAN membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remov...

Page 115: ...ent attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN...

Page 116: ...in their member set except for those VLANs explicitly forbidden on this port If ingress filtering is enabled the interface will discard incoming frames tagged for VLANs which do not include this ingress port in their member set Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However it does affect VLAN dependent BPDU frames such as GMRP GVRP Status Enables disabl...

Page 117: ...enerated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 GARP timer settings must follow this rule 2 x join timer leave timer leaveAll timer Mode Indicates VLAN membership mode for a port Configure via CLI see page 3 134 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify t...

Page 118: ...then sets the switchport mode to hybrid Console config interface ethernet 1 1 3 92 Console config if switchport acceptable frame types tagged 3 135 Console config if switchport ingress filtering 3 136 Console config if switchport native vlan 3 3 137 Console config if switchport gvrp 3 142 Console config if garp timer join 10 3 144 Console config if garp timer leave 90 3 144 Console config if garp ...

Page 119: ...the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies if the incoming...

Page 120: ...mber of Egress Traffic Classes The number of queue buffers provided for each port Web Click Priority Default Port Priority or Default Trunk Priority Modify the default priority for any interface then click Apply CLI This example assigns a default priority or 5 to port 3 Console config interface ethernet 1 3 3 92 Console config if switchport priority default 5 3 161 ...

Page 121: ... priorities are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table The priority levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits applicatio...

Page 122: ...s Output queue buffer Range 0 3 where 3 is the highest CoS priority queue Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 10 milliseconds latency and jitter 7 Network Control ...

Page 123: ...priority queue 1 values 4 and 5 to CoS priority queue 2 and values 6 and 7 to CoS priority queue 3 Console config interface ethernet 1 1 3 92 Console config queue cos map 0 0 1 2 3 163 Console config queue cos map 1 3 Console config queue cos map 2 4 5 Console config queue cos map 3 6 7 Console config exit Console show queue cos map ethernet 1 1 3 166 Information of Eth 1 1 Queue ID Traffic class ...

Page 124: ...ign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue Weight Value Set a new weight fo...

Page 125: ...ces are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Precedence or DSCP Priority and then Default Port Priority IP Pre...

Page 126: ...CP from the IP Precedence DSCP Priority Status menu CLI The following example globally enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The default IP Precedence val...

Page 127: ...Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precendence value Note that 0 represents low priority and 7 represent high priority Priority Level Traffic Type 7 Network Control 6 Internetwork Control 5 Critical 4 Flash Override 3 Flash 2 Immediate 1 Priority 0 Routine ...

Page 128: ...ority Select an IP Precedence value from the IP Precedence Priority Table by clicking on it with your cursor enter a value in the Class of Service Value field and then click Apply Be sure to also select IP Precedence from the IP Precedence DSCP Priority Status menu ...

Page 129: ...rd compatibility with the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note Console config map ip precedence 3 166 Console config interface ethernet 1 5 3 92 Console config if ...

Page 130: ...Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 ...

Page 131: ... DSCP Priority Select a DSCP priority value from the DSCP Priority Table by clicking on it with your cursor enter a value in the Class of Service Value field and then click Apply Be sure to also select IP DSCP from the IP Precedence DSCP Priority Status menu ...

Page 132: ...nking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any number of ports on the switch as LACP as long as they are...

Page 133: ...I to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop You can create up to six trunks on the switch with up to four ports per trunk The ports at both ends of a connection must be configured as trunk ports When configurin...

Page 134: ...sconnect the ports before disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be ...

Page 135: ... TRUNK CONFIGURATION 2 103 Web Click Trunk LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply ...

Page 136: ...d also disconnect the ports before removing a static trunk via the configuration interface Console config interface ethernet 1 10 3 92 Console config if lacp 3 179 Console config if exit Console config interface ethernet 1 11 Console config if lacp Console config if end Console show interfaces status port channel 1 3 103 Information of Trunk 1 Basic information Port type 1000t Mac address 22 22 22...

Page 137: ... 105 Web Click Trunk Trunk Configuration Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply ...

Page 138: ... station must first Console config interface port channel 1 3 92 Console config if exit Console config interface ethernet 1 11 3 92 Console config if channel group 1 3 178 Console config if exit Console config interface ethernet 1 12 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 3 103 Information of Trunk 1 Basic information Port type 1000t M...

Page 139: ...gement access For security reasons you should consider removing the default strings Command Attributes Community String A community string that acts like a password and permits access to the SNMP protocol Access Mode Sets the access rights for a community string Read Only Specifies read only access Authorized management stations are only able to retrieve MIB objects Read Write Specifies read write...

Page 140: ...er a new string in the Community String box and select the access rights from the Access Mode drop down list then click Add CLI The following example adds the string spiderman with read write access Console config snmp server community spiderman rw 3 65 Console config ...

Page 141: ...o configure the switch to send SNMP notifications you must enter at least one host IP address The switch can send SNMP version 1 or version 2c traps to a host IP address depending on the SNMP version that the management station supports The default is to send SNMP version 1 traps You can enable or disable authentication messages and link up down messages via the Web interface You can enable or dis...

Page 142: ... to create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software IP addresses that are permitted SNMP access are specified by an IP address together with a subnet mask that identifies the range of valid addresses For example IP address 192 168 1 1 and mask 255 255 255 0 Specifies a valid IP address group from 192 168 1 0 to 192 168 ...

Page 143: ...ly configured for SNMP access IP address Specifies a new IP address to add to the IP Filter List Subnet Mask Specifies a single IP address or group of addresses If the IP is the address of a single management station the mask should be set to 255 255 255 255 Otherwise the IP address group is specified by the mask Note The default setting is null which allows all IP groups SNMP access to the switch...

Page 144: ...e the appropriate subnet mask in the Subnet Mask box and then click Add IP Filtering Entry To delete an IP address click the entry in the IP Filter List and then click Remove IP Filtering Entry CLI The following is an example of configuring an SNMP IP filter Console config snmp ip filter 10 1 2 3 255 255 255 255 3 70 Console config ...

Page 145: ...nt to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service This procedure is called multicast filtering The purpose of IP multicast filtering is to optimiz...

Page 146: ...multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any adjacent multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across t...

Page 147: ...IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list Default 10 Range 5 30 Query Timeout The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Default 300 seconds Range 300 500 IGMP Version Sets the protocol version f...

Page 148: ...sole config ip igmp snooping query count 10 3 154 Console config ip igmp snooping query interval 100 3 155 Console config ip igmp snooping query max response time 20 3 156 Console config ip igmp snooping router port expire time 300 3 157 Console config ip igmp snooping version 2 3 151 Console config exit Console show ip igmp snooping 3 152 Igmp Snooping Configuration Service status Enabled Querier...

Page 149: ...n use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Displaying Interfaces Attached to a Multicast Router Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this...

Page 150: ...ork to an interface port or trunk on your switch you can manually configure that interface to join all the current multicast groups This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicas...

Page 151: ...onfigures port 11 as a multicast router port within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast IP address Command Attribute VLAN ID Selects the VLAN in which to display port members Multicast IP Address The IP address for a specific multicast service Console config ip igmp snooping vlan 1 mrouter ethernet 1 1...

Page 152: ...ill display all the ports that are propagating this multicast service CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding services The type field shows if this entry was learned dynamically or was statically configured Console show mac address table multicast vlan 1 3 152 VLAN M cast IP addr Member ports Type 1 224 0 0 1...

Page 153: ...pating hosts to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast ...

Page 154: ... 1 and then displays all the known multicast services supported on VLAN 1 Showing Device Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet like MIBs as well as a detailed breakdown of traffic based on the RMOM MIB Interfaces and Ethernet like statistics display errors on the traffic passing through Console config ip igmp snooping vlan 1 static...

Page 155: ...nterface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer...

Page 156: ...e that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent t...

Page 157: ...r interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR message i...

Page 158: ... total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets lo...

Page 159: ...framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets Parameter Description ...

Page 160: ...CONFIGURING THE SWITCH 2 128 Web Click Statistics Port Statistics Select the required interface and then click Query You can also use the Refresh button at the bottom of the page to update the screen ...

Page 161: ...os input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carr...

Page 162: ...r responds with an identity request The client provides its identity to the switch which it forwards to the authentication server The authentication server verifies the client identity and sends this information back to the switch The switch then issues an MD5 access challenge to the client and the client returns an MD5 response to the switch based on its user ID and password If authentication is ...

Page 163: ...g editable fields Mode Sets a port s authentication mode to one of the following options Auto Requires a 802 1x aware client to be authorized by the authentication server Clients that are not 802 1x aware will be denied access Force Authorized Forces the port to grant access to all clients either 802 1x aware or otherwise This is the default setting Force Unauthorized Forces the port to deny acces...

Page 164: ...ch a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds The Switch 802 1x 802 1x Port Configuration page also displays the following information for each port Status Indicates if authentication is enabled or di...

Page 165: ... the changes click Refresh CLI This example shows configurable features for port 13 Console config interface ethernet 1 13 Console config if dot1x port control auto Console config if dot1x re authentication Console config if dot1x max req 10 Console config if dot1x timeout quiet period 5 Console config if dot1x timeout re authperiod 5 Console config if dot1x timeout tx period 1 ...

Page 166: ...P Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most recent...

Page 167: ...801 1X PORT AUTHENTICATION 2 135 ...

Page 168: ...CONFIGURING THE SWITCH 2 136 ...

Page 169: ...ry similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged acc...

Page 170: ...on 10 1 0 and a host portion 1 To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an...

Page 171: ...ompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty 0 for the guest to show that you are using normal access mode i e Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sess...

Page 172: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 173: ...nfigure Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters Showing Commands If you enter a at the command prompt the system will display the first level of keywords for the current command class Normal Exec or Privileged Exec or configuration class Glo...

Page 174: ...gging Show the contents of logging buffers mac address table Set configuration of the address table map Map priority port Characteristics of the port queue Information of priority queue radius server Radius server information running config The system configuration of running snmp SNMP statistics spanning tree Specify spanning tree ssh Secure shell startup config The system configuration of starti...

Page 175: ... can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands generally display information on ...

Page 176: ...nistrator mode To access Privilege Exec mode open a new console session with the user name admin or enter the enable command followed by the privileged level password if so configured The command prompt displays as Console for Normal Exec mode and Console for Privileged Exec mode To enter Privileged Exec mode enter the following commands and passwords Class Mode Exec Normal Privileged Configuratio...

Page 177: ...Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Interface Configuration These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port configuration and include command such as parity and databits VLAN Configuration Includes the command to ...

Page 178: ...Console config line or Console config vlan indicating that you have access privileges to the associated commands You can use the end command to return to the Privileged Exec mode Command Line Processing Commands are not case sensitive You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You...

Page 179: ... Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl P Shows the last command Ctrl U Deletes the entire line Ctrl W Deletes the last word typed Delete key or backspace key Erases a mistake when entering a command ...

Page 180: ... configures community access strings and trap managers 3 64 IP Configures the IP address and gateway for management access displays the default gateway or pings a specified device 3 73 Line Sets communication parameters for the serial port including baud rate and console time out 3 80 Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 3 91 Address Tabl...

Page 181: ...ameters and specifies ports attached to a multicast router 3 148 Priority Sets port priority for untagged frames relative weight for each priority queue also sets priority for IP precedence and DSCP 3 160 Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 3 174 Port Trunking and LACP Statically groups multiple p...

Page 182: ...l Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Function Mode Page enable Activates privileged mode NE 3 14 disable Returns to normal mode from privileged mode PE 3 15 configure Activates global configuration mode PE 3 16 reload Restarts the system PE 3 18 end Returns to Privileged Exec mode GC IC LC VC 3 18 exit Returns to the previous conf...

Page 183: ...g the password for Level 0 has no effect You cannot set a null password with the enable password command You will have to enter a password to access the Privileged Exec mode Example Related Commands disable 3 15 enable password 3 31 disable Use this command to return to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration ...

Page 184: ...bal Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See Understanding Command Modes on page 3 7 Default Setting None Command Mode Privileged Exec Example Related Commands end 3 18 ...

Page 185: ... The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console show history Execution command history 2 config 1 show history Con...

Page 186: ...he copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end Use this command to return to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration Console reload Syste...

Page 187: ...it the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit Use this command to exit the configuration program Default Setting None Console config if end Console Console config exit Console exit Press ENTER to start session User Access Verification Usern...

Page 188: ...e system code and configuration files Console quit Press ENTER to start session User Access Verification Username Command Function Mode Page copy Copies a code image or a switch configuration to or from Flash memory or a TFTP server PE 3 21 delete Deletes a file or code image PE 3 23 dir Displays a list of files in Flash memory PE 3 24 whichboot Displays the files booted PE 3 25 boot system Specif...

Page 189: ...network connection Syntax copy file file running config startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configurati...

Page 190: ...rce to copy from the factory default configuration file but you cannot use Factory_Default_Config cfg as the destination To replace the startup configuration you must use startup config as the destination The Boot ROM image cannot be uploaded or downloaded from the TFTP server You must use a direct console connection and access the download menu during a boot up to download the Boot ROM or diagnos...

Page 191: ...e Syntax delete filename filename Name of the configuration file or image name Default Setting None Console copy running config file destination file name startup Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Sour...

Page 192: ...sh memory Related Commands dir 3 24 dir Use this command to display a list of files in Flash memory Syntax dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on thi...

Page 193: ...les booted Default Setting None Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte diag_0060 Boot Rom image Y 111360 run_01642 Operation Code N 1074304 run_0200 Operation Code Y 10830...

Page 194: ...used to start up the system Syntax boot system boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Console whichboot file name file type startup size byte diag...

Page 195: ...variety of other system information Console config boot system config startup Console config Command Function Mode Page Device Description Command hostname Specifies or modifies the host name for the device GC 3 29 User Access Commands username Sets user name authentication at login GC 3 30 enable password Sets a password to control access to various privilege levels GC 3 31 Jumbo Frame Command ju...

Page 196: ...isplays the status of the SSH server and the configured values for authentication timeout and retries PE 3 40 show ssh Displays the status of current SSH sessions PE 3 40 Event Logging Commands logging on Controls logging of error messages GC 3 41 logging history Limits syslog messages sent to the SNMP network management station based on severity GC 3 42 logging host Adds a syslog server host IP a...

Page 197: ... show startup config Displays the contents of the configuration file stored in Flash memory that is used to start up the system PE 3 48 show running config Displays the configuration data currently in use PE 3 51 show system Displays system information NE PE 3 52 show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client NE PE 3 53 show ve...

Page 198: ...s the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fact...

Page 199: ...rator Privileged Exec and guest Normal Exec passwords Remember to record them in a safe place Use the enable password command to set the password for access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level for which the password applies The device ha...

Page 200: ...ion file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 3 14 jumbo frame Use this command to enable jumbo frames through the switch Use the no form to disable jumbo frames Syntax jumbo frame no jumbo frame Default Setting Disabled Command Mode Global Configuration ...

Page 201: ...erating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the broadcast command on page 3 100 Example ip http port Use ...

Page 202: ... to allow this device to be monitored or configured from a browser Use the no form to disable this function Syntax ip http server no ip http server Default Setting Enabled Command Mode Global Configuration Example Related Commands ip http port 3 33 Console config ip http port 769 Console config Console config ip http server Console config ...

Page 203: ...sage Both HTTP and HTTPS service can be enabled independently If you enable HTTPS you must indicate this in the URL https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate sess...

Page 204: ...d for HTTPS SSL connection to the switch s Web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows X...

Page 205: ...mand to configure authentication control parameters for the Secure Shell SSH server on this switch Use the no form to restore the default settings Syntax ip ssh timeout seconds authentication retries count no ip ssh timeout authentication retries seconds The timeout for client response during SSH negotiation Range 1 120 count The number of authentication attempts permitted after which the interfac...

Page 206: ...ted Commands show ip ssh 3 40 ip ssh server Use this command to enable the Secure Shell SSH server on this switch Use the no form to disable this service Syntax ip ssh server no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH ...

Page 207: ...168 bit for data encryption Example Related Commands show ssh 3 40 disconnect ssh Use this command to terminate a Secure Shell SSH client connection Syntax disconnect ssh connection id connection id The session identifier as displayed in the show ip ssh command Command Mode Privileged Exec Example Related Commands show ip ssh 3 40 Console config ip ssh server Console config Console disconnect ssh ...

Page 208: ...ion The Secure Shell version number Encrypt method The encryption method Options cipher des cipher 3des Negotiation state The authentication negotiation state Example show ip ssh Use this command to display the connection settings used when authenticating client access to the Secure Shell SSH server Command Mode Privileged Exec Console show ssh Information of secure shell Session Username Version ...

Page 209: ...ne Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory or sent to remote syslog servers You can use the logging history command to control the type of error messages that are stored in memory The logging trap command controls the type of error messages that are sent to specified syslog servers Console show ip ssh Information of secure ...

Page 210: ...tory flash ram flash Event history stored in Flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the level arguments listed below Messages sent include the selected level up through level 0 Console config logging on Console config Level Argument Level Description Syslog Definition emergencies 0 System unusable LOG_EMERG alerts ...

Page 211: ...priority i e numerically lower than that specified for RAM Example errors 3 Error conditions e g invalid input default used LOG_ERR warnings 4 Warning conditions e g return false unexpected return LOG_WARNING notifications 5 Normal but significant condition such as cold start LOG_NOTICE informational 6 Informational messages only LOG_INFO debugging 7 Debugging messages LOG_DEBUG Console config log...

Page 212: ...ntax logging host host_ip_address no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example Console config logging host 10 1 0 3 Console config ...

Page 213: ...used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Example logging trap Use this command to limit syslog messages saved to a remote server based on severity Use the no form to return the remote logging of syslog messages to the default level Syntax logging trap level no logging trap level level One of the le...

Page 214: ...eded LOG_ALERT critical 2 Critical conditions e g memory allocation or free memory error resource exhausted LOG_CRIT errors 3 Error conditions e g invalid input default used LOG_ERR warnings 4 Warning conditions e g return false unexpected return LOG_WARNING notifications 5 Normal but significant condition such as cold start LOG_NOTICE informational 6 Informational messages only LOG_INFO debugging...

Page 215: ...ed on power reset Default Setting None Command Mode Privileged Exec Example Related Commands show logging 3 47 show logging Use this command to display the logging configuration for system and event messages Syntax show logging flash ram trap flash Event history stored in Flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset trap Messages sen...

Page 216: ...type Warning conditions REMOTELOG server ip address 10 1 0 3 REMOTELOG server ip address 10 1 0 4 REMOTELOG server ip address 0 0 0 0 REMOTELOG server ip address 0 0 0 0 REMOTELOG server ip address 0 0 0 0 Console show logging ram Syslog logging Enable History logging in RAM level debugging 3 0 0 41 1 1 1 VLAN 1 link up notification level 6 module 6 function 1 and event no 1 2 0 0 41 1 1 1 STP top...

Page 217: ... for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address configured for VLANs Routing protocol configuration settings Spanning ...

Page 218: ...a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface ethernet 1 12 switchport allowed vlan add 1 untagged switchport native vlan ...

Page 219: ...n volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address co...

Page 220: ...information Default Setting None Command Mode Normal Exec Privileged Exec Console show running config building running config please wait snmp server community private rw snmp server community public ro ip http port interface vlan 1 ip address 10 1 0 1 255 255 255 0 no bridge 1 spanning tree line console line vty end Console ...

Page 221: ...and Mode Normal Exec Privileged Exec Console show system System description SMC8612T System OID string 1 3 6 1 4 1 202 20 25 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name SMC8612T switch System Location Boston System Contact Charles MAC address 00 30 f1 47 58 3a Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST...

Page 222: ...are version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying System Information on page 2 8 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege guest 0 admin 15 Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 00 00 1 vty 0 admin 0 04 3...

Page 223: ...aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console show version Unit1 Serial number A217056372 Service tag NONE Hardware version R0C Number of ports 12 Main power status up Redundant power status not present Agent mas...

Page 224: ... server GC 3 58 radius server port Sets the RADIUS server network port GC 3 58 radius server key Sets the RADIUS encryption key GC 3 59 radius server retransmit Sets the number of retries GC 3 60 radius server timeout Sets the interval between sending authentication requests GC 3 60 show radius server Shows the current RADIUS settings PE 3 61 TACACS Client tacacs server host Specifies the TACACS s...

Page 225: ...cation assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequence For example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified...

Page 226: ...er Default Setting 10 1 0 1 Command Mode Global Configuration Example radius server port Use this command to set the RADIUS server network port Use the no form to restore the default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Console config radiu...

Page 227: ...dius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example Console config radius server port 181 Console config Console config radius server key green Console config ...

Page 228: ...the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout Use this command to set the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before res...

Page 229: ...cs server host Use this command to specify the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Console config radius server timeout 10 Console config Console show radius server Server IP address 10 1 0 99 Communication key with radius server Server port number 1812 Retransmit times 2 ...

Page 230: ...twork port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example Console config tacacs server host 192 168 1 25 Console config Console config tacacs server port 181 Console config ...

Page 231: ...y_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server Use this command to display the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Console config tacacs server key green Console config ...

Page 232: ...ver community Sets up the community access string to permit access to SNMP commands GC 3 65 snmp server contact Sets the system contact string GC 3 66 snmp server location Sets the system location string GC 3 66 snmp server host Specifies the recipient of an SNMP notification operation GC 3 67 snmp server enable traps Enables the device to send SNMP notifications i e SNMP traps GC 3 69 snmp ip fil...

Page 233: ...ss Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Co...

Page 234: ...act information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 3 66 snmp server location Use this command to set the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 charact...

Page 235: ... addr host addr Name or Internet address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries community string Password like community string sent with the notification operation Though you can set this string using the snmp server host command by itself we recommend you define this string using the snmp server community command prior to using the snmp se...

Page 236: ...le traps command to specify which SNMP notifications are sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled The switch can send SNMP version 1 or version 2c traps to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not ...

Page 237: ... Configuration Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords all notification types are enabled If you enter the command with a keyword only the notification t...

Page 238: ...re allowed SNMP access to the switch subnet_mask An address bitmask of decimal numbers that represent the address bits to match Default Setting None Command Mode Global Configuration Command Usage You can create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software Address bitmasks are similar to a subnet mask containing four decima...

Page 239: ...e SNMP access IP filtering does not affect management access to the switch using the Web interface or Telnet Example The following example enables SNMP IP filtering on the switch and allows SNMP management access to client IP 10 1 2 3 and client IP group 10 1 3 0 to 10 1 3 255 Related Commands show snmp 3 71 show snmp Use this command to check the status of SNMP communications Default Setting None...

Page 240: ...n enable SNMP communities 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap...

Page 241: ...establish a default gateway between the switch and management stations that exist on another network segment Command Function Mode Page ip address Sets the IP address for this device IC 3 74 ip dhcp restart Submits a BOOTP or DCHP client request PE 3 75 ip default gateway Defines the default gateway through which an in band management station can reach this device GC 3 76 show ip interface Display...

Page 242: ...rface Configuration VLAN Command Usage You must assign an IP address to this device to gain management access over the network You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration pr...

Page 243: ...s to any other VLAN the new IP address overrides the original IP address and this becomes the new management VLAN Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 3 75 ip dhcp restart Use this command to submit a BOOTP or DCHP client request Default Setting None Command Mode Privileged Exec Command Usage DHCP requires the server to reass...

Page 244: ...route between this device and management stations that exist on another network segment Use the no form to remove the static route Syntax ip default gateway gateway no ip default gateway gateway IP address of the default gateway Default Setting No static route is established Command Mode Global Configuration Console config interface vlan 1 Console config if ip address dhcp Console config if exit C...

Page 245: ... this command to display the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address This address is used for managing the switch Example Related Commands show ip redirects 3 78 Console config ip default gateway 10 1 0 254 Console config Console show ip interface IP address and netmask 10 1 0 54 255 255 2...

Page 246: ... packets to another node on the network Syntax ping host count count size size host IP address or IP alias of the host count Number of packets to send Range 1 16 Default 5 size Number of bytes in a packet Range 32 512 Default 32 The actual packet size will be eight bytes larger than the size specified because the switch adds header information Default Setting This command has no default for the ho...

Page 247: ...gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 3 92 Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms...

Page 248: ...sword Specifies a password on a line LC 3 83 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 3 84 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 3 85 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the thresh...

Page 249: ...ult Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 3 90 show users 3 53 ...

Page 250: ...ion Command Usage There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e Default set...

Page 251: ...assword 3 83 password Use this command to specify the password for a line Use the no form to remove the password Syntax password 0 7 password no password 0 7 0 means plain password 7 means encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configu...

Page 252: ...iblity with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands login 3 82 password thresh 3 85 exec timeout Use this command to set the interval that the system waits until user input is ...

Page 253: ...and Telnet connections The timeout for Telnet cannot be disabled Example To set the timeout to two minutes enter this command password thresh Use this command to set the password intrusion threshold which limits the number of failed logon attempts Use the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Rang...

Page 254: ...the local console and Telnet connections Example To set the password threshold to five attempts enter this command Related Commands silent time 3 86 silent time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Synt...

Page 255: ...xample To set the silent time to 60 seconds enter this command Related Commands password thresh 3 85 databits Use this command to set the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databits 7 8 no databits 7 Seven data bits per character 8 Eight data bits per character Default Setting 8 data bits per ...

Page 256: ...racter If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 3 88 parity Use this command to define generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Cons...

Page 257: ... from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Options 9600 57600 38400 19200 115200 bps Default Setting 9600 bps Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be support...

Page 258: ... 1 2 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command show line Use this command to display the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access Console config line speed 57600 Console config line Console config line stopbits...

Page 259: ...Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive timeout 65535 Console Command Function Mode Page interface Configures an interface type and enters interface configuration mode GC 3 92 description Adds a description to an interface configuration IC 3 93 speed duplex Configures the speed and du...

Page 260: ...or use in autonegotiation IC 3 96 flowcontrol Enables flow control on a given interface IC 3 97 shutdown Disables an interface IC 3 99 switchport broadcast Configures broadcast storm control IC 3 100 port security Enables port security on an interface IC 3 101 clear counters Clears statistics on an interface PE 3 102 show interfaces status Displays status for the specified interface NE PE 3 103 sh...

Page 261: ... Syntax description string no description string Comment or a description to help you remember what is attached to this interface Range 1 64 characters Default Setting None Command Mode Interface Configuration Ethernet Port Channel Example The following example adds a description to Ethernet port 15 Console config interface ethernet 1 25 Console config if Console config interface ethernet 1 15 Con...

Page 262: ...uplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force operation to the speed and duplex mode specified in a speed duplex command use the no negotiation command to disable auto negotiation on the ...

Page 263: ... Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabl...

Page 264: ...abilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits ...

Page 265: ...mand When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control flowcontrol Use this command to enable flow control Use the no form to disable flow control Syntax flowcontrol no flowcontrol Default Setting Flow control enabled...

Page 266: ...ny port To force flow control on or off with the flowcontrol or no flowcontrol comm and use the no negotiation command to disable auto negotiation on the selected interface Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Due to a hardwa...

Page 267: ...d Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 5 Console config if shutdown Console config i...

Page 268: ... Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all ports on the switch Enabling jumbo frames for the switch will limit the maximum threshold for broadcast storm control to 64 packets per secon...

Page 269: ...amically learning new addresses on the specified port Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted To use port security first allow the switch to dynamically learn the source MAC address VLAN pair for frames received on a port for an initial training period and then enable port security to stop address learning Be sure you enabl...

Page 270: ...lly re enabled by using the no shutdown command Although the port security action command is an Interface Configuration command it applies globally to all switch ports Example This example sets the port security action for the switch and enables port security for port 5 clear counters Use this command to clear statistics on an interface Syntax clear counters interface interface ethernet unit port ...

Page 271: ...ill show the absolute value accumulated since the last power reset Example The following example clears statistics on port 5 show interfaces status Use this command to display the status for an interface Syntax show interfaces status interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 vlan vlan id Range 1 4094 Default Setting Shows the st...

Page 272: ...ort unit This is device 1 port Port number port channel channel id Range 1 6 Console show interface status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 00 11 11 22 27 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 256 packets second Flow control Disabled Lac...

Page 273: ...ble stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON...

Page 274: ...rmation on all interfaces is displayed The items displayed by this command include Broadcast threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 3 100 Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabled page 3 179 VLAN membership mode Indicates membership mode as Trunk or Hybrid page 3 134 Ingress r...

Page 275: ...ddress Table Commands These commands are used to configure the address table for filtering specified addresses displaying current entries clearing the table or setting the aging time Console show interfaces switchport ethernet 1 15 Information of Eth 1 15 broadcast threshold Enabled 256 packets second Lacp status Disabled VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All ...

Page 276: ...is device 1 port Port number port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent clear mac address table dynamic Removes any learned entries from the forwarding database PE 3 111 mac address table aging time Sets th...

Page 277: ...ot be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example show mac address table Use this command to view classes of entries in the bridge forwarding database Syntax show mac address table address mac ...

Page 278: ...field may include the following types Learned dynamic address entries Permanent static entry Delete on reset static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx xx xx that is applied to the specified MAC address Enter hexadecimal numbers where an equivalent binary bit 0 means to match a bit and 1 means t...

Page 279: ...ged Exec Example mac address table aging time Use this command to set the aging time for entries in the address table Use the no form to restore the default aging time Syntax mac address table aging time seconds no mac address table aging time seconds Time is number of seconds 17 2184 Default Setting 300 seconds Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 e0 29 94 34 ...

Page 280: ...ed forwarding information Example show mac address table aging time Use this command to show the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Console show mac address table aging time Aging time 300 sec Console ...

Page 281: ...7 spanning tree max age Configures the spanning tree bridge maximum age GC 3 118 spanning tree priority Configures the spanning tree bridge priority GC 3 119 spanning tree path cost method Configures the path cost method for RSTP GC 3 120 spanning tree transmission limit Configures the transmission limit for RSTP GC 3 121 spanning tree cost Configures the spanning tree path cost of an interface IC...

Page 282: ...hes bridges or routers This allows the switch to interact with other bridging devices that is an STP compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example The following example enables the Spanning Tree Protocol for this switch spanni...

Page 283: ... sends only 802 1D BPDUs Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge a...

Page 284: ...value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port ...

Page 285: ...me no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example Console config spanning tree forward time 20 Console config Console config spanning tree ...

Page 286: ...ult Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message beco...

Page 287: ... Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STP root device However if all devices have the same priority the device with the lowest MAC addres...

Page 288: ... from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting short method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 3 122 takes prec...

Page 289: ...e the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limit the maximum transmission rate for BPDUs Example Console config spanning tree transmission limit 4 Console config ...

Page 290: ...alf duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Protocol to determine the best path between devices Therefore lower values should be assigned to interfaces attac...

Page 291: ...Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the Spanning Tree Protocol If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the Spanning Tree Where more than one interface is assigned t...

Page 292: ...erface In this mode interfaces skip the Learning state and proceed straight to Forwarding Since end nodes cannot cause forwarding loops they can be passed through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STP related timeout problems Remember th...

Page 293: ...g Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the Spanning Tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workst...

Page 294: ...124 spanning tree protocol migration Use this command to re check the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port number unit This is device 1 port number port channel channel id Range 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topo...

Page 295: ...omatically derived from the duplex mode setting point to point Point to point link shared Shared medium Default Setting auto Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the s...

Page 296: ...s is device 1 port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the Spanning Tree configuration for the Spanning Tree and for every interface in the tree Use the show spanning tree interface command to display the Spanning Tree configuration for an interface within the Spann...

Page 297: ...ge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 000011112222 Current root port 0 Current root cost 0 Number of topology changes 1 Last topology changes time sec 25067 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role disable State discarding Path cost 10000 Priority 128 Designated cost 0 Designa...

Page 298: ...a VLAN including VID name and state VC 3 132 Configure VLAN Interfaces interface vlan Enters interface configuration mode for specified VLAN IC 3 133 switchport mode Configures VLAN membership mode for an interface IC 3 134 switchport acceptable frame types Configures frame types to be accepted by an interface IC 3 135 switchport ingress filtering Enables ingress filtering on an interface IC 3 136...

Page 299: ...ace vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Display VLAN Information show vlan Shows VLAN information NE PE 3 140 show interfaces status vlan Displays status for the specified VLAN interface NE...

Page 300: ...ollowed by the VLAN name vlan name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage When no vlan vlan id is used the VLAN is d...

Page 301: ...ctivated by default Related Commands show vlan 3 140 interface vlan Use this command to enter interface configuration mode for VLANs and configure a physical interface Syntax interface vlan vlan id vlan id ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Console config vlan database Console config vlan vlan 105 name RD5 media ethernet ...

Page 302: ...a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN i e associated with the PVID are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with ...

Page 303: ...restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port passes all frames tagged or untagged tagged The port only passes tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the ...

Page 304: ...abled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged...

Page 305: ...yntax switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an...

Page 306: ...chport allowed vlan add vlan list tagged untagged remove vlan list no switchport allowed vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting All ports are assigned to VLAN 1 ...

Page 307: ...d and this should correspond to the native VLAN for the interface If a VLAN on the forbidden list for an interface is manually added to that interface the VLAN is automatically removed from the forbidden list for that interface Example The following example shows how to add VLANs 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan Use this command to configure forbid...

Page 308: ...LAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbidden VLANs for that same interface Example The following example shows how to prevent port 1 from being added to VLAN 3 show vlan Use this command to show VLAN information Syntax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Rang...

Page 309: ...l interfaces and globally for the switch as well as how to display default configuration settings for the Bridge Extension MIB Console show vlan id 1 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Console Command Function Mode Page Interface Commands switchport gvrp Enables GVRP for an in...

Page 310: ...d Mode Interface Configuration Ethernet Port Channel Example show garp timer Shows the GARP timer for the selected function NE PE 3 145 Global Commands bridge ext gvrp Enables GVRP globally for the switch GC 3 146 show bridge ext Shows bridge extension configuration PE 3 147 Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Command Function Mode Page ...

Page 311: ...figuration interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console show gvrp configuration ethernet 1 7 Eth 1 7 Gvrp configuration Disabled Console ...

Page 312: ...tiseconds leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be ...

Page 313: ... garp timer 3 145 show garp timer Use this command to show the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if garp timer join 100 Console ...

Page 314: ... GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 ce...

Page 315: ...ormation on page 2 74 and Displaying Bridge Extension Capabilities on page 2 31 for a description of the displayed items Example Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GVRP status Disabl...

Page 316: ...static Adds an interface as a member of a multicast group GC 3 150 ip igmp snooping version Configures the IGMP version for snooping GC 3 151 show ip igmp snooping Shows the IGMP snooping configuration PE 3 152 show bridge multicast Shows the IGMP snooping MAC multicast list PE 3 152 show ip igmp snooping Shows the IGMP snooping configuration PE 3 152 IGMP Querier Commands ip igmp snooping querier...

Page 317: ...p igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping Mulitcast Router Commands ip igmp snooping vlan mrouter Adds a multicast router port GC 3 158 show ip igmp snooping mrouter Shows multicast router ports PE 3 159 Console config ip igmp snooping Console config Command Function Mode Page ...

Page 318: ...n vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 ...

Page 319: ...Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp router port expire time Example The following configures the switch...

Page 320: ...iguration show mac address table multicast Use this command to show known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Console show ip igmp snooping Service status Enabled Querier status Enabled Query count...

Page 321: ...es learned through IGMP snooping for VLAN 1 ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier Use the no form to disable it Syntax ip igmp snooping querier no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 ...

Page 322: ...has been no response before the switch takes action to solicit reports Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the...

Page 323: ...x ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds Console config ip igmp snooping query count 10 Console config Console config ip igmp snooping qu...

Page 324: ...ust be using IGMPv2 for this command to take effect This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not ...

Page 325: ...ime seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must be using IGMPv2 for this command to take effect Example The following shows how to configure the default timeout t...

Page 326: ...6 Default Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure that interface to jo...

Page 327: ... id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows the port in VLAN 1 that is attached to a multicast router Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 ...

Page 328: ...itchport priority default Sets a port priority for incoming untagged frames IC 3 161 queue bandwidth Assigns round robin weights to the priority queues GC 3 162 queue cos map Assigns class of service values to the priority queues IC 3 163 show queue bandwidth Shows round robin weights assigned to the priority queues PE 3 165 show queue cos map Shows the class of service map PE 3 166 show interface...

Page 329: ... not set and the default value for untagged frames received on the interface is zero Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames T...

Page 330: ...f the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 queue bandwidth Use this command to assign Weighted Round Robin WRR weights to the four class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwi...

Page 331: ...mmand to assign class of service CoS values to the priority queues i e hardware output queues 0 3 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The queue ID of the CoS priority queue Ranges are 0 to 3 where 3 is the highest CoS priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated li...

Page 332: ...traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table Command Mode Interface Configuration Ethernet Port Channel Command Usage CoS assigned at the ingress port is used to select a CoS priority at the egress port Queue 1 2 3 4 Priority 0 1 2 3 4 5 6 7 ...

Page 333: ...ueue bandwidth Use this command to display the Weighted Round Robin WRR bandwidth allocation for the four class of service CoS priority queues Default Setting None Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 1 2 Console config if queue cos map 1 3 Console config if queue cos map 2 4 5 Console config if queue cos map 3 6 7 Console c...

Page 334: ...rt channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example map ip precedence Global Configuration Use this command to enable IP precedence mapping i e IP Type of Service Use the no form to disable IP precedence mapping Syntax map ip precedence no map ip precedence Console show queue cos map ethernet 1 11 Information of Eth 1 11 Queue ID Traffic class 0 1 2 1 0 3 2 4 ...

Page 335: ...ally disable the other type Example The following example shows how to enable IP precedence mapping globally map ip precedence Interface Configuration Use this command to set IP precedence priority i e IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip precedence value cos cos value no map ip precedence precedence value 3 bit precedence value Range...

Page 336: ...ence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then mapped to the queue defaults This command sets the IP Precedence for all interfaces Example The following example shows how to map IP precedence value 1 to CoS value 0 IP Precedence Value CoS Value 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Console config interface...

Page 337: ... dscp Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally Console config map ip ...

Page 338: ...value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The list below shows the default priority mapping Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 ...

Page 339: ...lts This command sets the DSCP Priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip precedence Use this command to show the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileg...

Page 340: ... priority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Conso...

Page 341: ...nds map ip dscp Global Configuration 3 169 map ip dscp Interface Configuration 3 170 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 342: ... unit port source port unit Switch unit 1 port Port number rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Command Function Mode Page port monitor Config...

Page 343: ...affic may be dropped from the source port You can create only one port mirror session The source and destination ports have to be either both in the port range 1 12 or both in the port range 13 24 Example The following example configures the switch to mirror all packets from port 6 to port 11 Related Commands show port monitor 3 175 show port monitor Use this command to display mirror information ...

Page 344: ...port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from port 6 to port 11 Related Commands port monitor 3 174 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Console show port monitor Port Mirroring Destination port listen port Eth1 1 Source port monitored port Eth1 6 Mode RX TX Console ...

Page 345: ...ps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Guidelines for Creating Trunks Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop A trunk can contain up to four 10 100 Mbps ports or up to two 1000 Mbps ports The ports at both ends of a connection must be configured as trunk ports Command F...

Page 346: ...annel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel channel group Use this command to add a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 6 Default Setting A new trunk contains no ports Command Mode Interface Configuration Ethernet Command Usage When con...

Page 347: ...otocol LACP for the current interface Use the no form to disable it Syntax lacp no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel I...

Page 348: ...Console config interface ethernet 1 10 Console config if lacp Console config if exit Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 9 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 11 11...

Page 349: ...eway Be sure that your management station has management VLAN access to the switch default is VLAN 1 Check that you have a valid network connection to the switch and that the port you are using has not been disabled Check network cabling between the management station and the switch If you cannot connect using Telnet you may have exceeded the maximum number of concurrent Telnet sessions permitted ...

Page 350: ... null modem serial cable conforms to the pin out connections provided in Appendix B Forgot or lost the password Set the switch to its default configuration Make a direct connection to the switch s console port and power cycle the switch Immediately after powering on press Ctrl u to access the system file menu Select D to delete all user defined configuration files Press Q to boot the switch Troubl...

Page 351: ...b interface to download runtime code via TFTP Downloading large runtime code files via TFTP is normally much faster than downloading via the switch s serial port You can upgrade switch firmware by connecting a PC directly to the serial Console port on the switch s front panel and using VT100 terminal emulation software that supports the XModem protocol See Required Connections on page 1 3 1 Connec...

Page 352: ...uired to download firmware code files 7 Set your PC s terminal emulation software to match the 115200 baud rate Press Enter to reset communications with the switch 8 Check that the switch has sufficient flash memory space for the new code file before starting the download File Name S Up Type Size Create Time certificate 0 7 20480 00 38 34 logfile_1 0 3 64 00 00 02 Factory_Default_Config cfg 0 5 25...

Page 353: ... download file must be a SMC8612T binary software file from SMC 10 After the file has been downloaded you are prompted with Update Image File to specify the type of code file Press R for runtime code D for diagnostic code or L for loader code Caution If you select L for loader code be sure the file is a valid loader code file for the switch If you download an invalid file the switch will not be ab...

Page 354: ...n to change the baud rate of the switch s serial connection back to 9600 baud 14 Set your PC s terminal emulation software baud rate back to 9600 baud Press Enter to reset communications with the switch 15 Press Q to quit the firmware download mode and boot the switch Select Xmodem Receiving Start Image downloaded to buffer R untime D iagnostic L oader Warning you sure what you are doing Update Im...

Page 355: ...ling Auto negotiation Signalling method allowing each node to select its optimum operational mode e g 10 100 or 1000 Mbps and half or full duplex based on the capabilities of the node to which it is connected Bandwidth The difference between the highest and lowest frequencies available for network signals Also synonymous with wire speed the actual speed of the data transmission along the cable BOO...

Page 356: ...r or other device that does not act as a network interconnection Ethernet A network communication system developed and standardized by DEC Intel and Xerox using baseband transmission CSMA CD access logical bus topology and coaxial cable The successor IEEE 802 3 standard provides for integration into the OSI model and extends the physical layer and media with repeaters and implementations that oper...

Page 357: ...Formerly called Group Address Registration Protocol Generic Multicast Registration Protocol GMRP GMRP allows network devices to register endstations with multicast groups GMRP requires that any participating network devices or endstations comply with the IEEE 802 1p standard Gigabit Ethernet A 1000 Mbps network communication system based on Ethernet and the CSMA CD access method Group Attribute Re...

Page 358: ...and physical layer specifications for 1000BASE T Gigabit Ethernet IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3u Defines CSMA CD access method and physical layer specifications for 100BASE TX and 100BASE FX Fast Ethernet IEEE 802 3x Defines Ethernet frame start stop requests and timers used for flow control on full duplex links IEEE 802 3z Defines CSMA CD access method and phys...

Page 359: ...from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts Layer 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses Layer 3 Network layer in the ISO 7 Layer Data Communica...

Page 360: ... the network from a station not attached to the network Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that comb...

Page 361: ...ocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a ...

Page 362: ...GLOSSARY Glossary 8 ...

Page 363: ...6 dynamic addresses displaying 3 109 E edge port STP 3 125 F firmware version displaying 2 34 firmware upgrading 2 26 H hardware version displaying 2 34 HTTP secure server 3 35 HTTPS 3 35 I IEEE 802 1D 3 115 IEEE 802 1w 3 115 IGMP configuring 2 113 ingress filtering 2 84 IP address BOOTP DHCP service 2 13 setting 2 11 L link type STP 3 127 log in CLI 3 1 Web interface 2 2 logon authentication RADI...

Page 364: ...ng 2 107 enabling traps 2 109 trap manager 2 109 software downloads 2 26 software version displaying 2 34 Spanning Tree Protocol 2 51 SSL 3 35 startup files displaying 2 26 setting 2 26 statistics switch 2 122 STP 3 113 3 114 3 115 configuring interfaces 3 113 edge port 3 125 interface settings 3 128 link type 3 127 priority 3 123 protocol migration 3 126 system software downloading from server 2 ...

Page 365: ......

Page 366: ...33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 8701 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 11 314 1133 Fax 27 11 314 9133 North Africa 34 93 477 4920 Fax 34 93 477 3774 Russia 7 095 290 29 9...

Reviews:

No comments

Related manuals for 8612T - annexe 1

Brand: Daxten Pages: 2

Brand: eao Pages: 2

Brand: eao Pages: 2

Brand: KanexPro Pages: 16

SANbox 5000 Series

Brand: Qlogic Pages: 8

Brand: I-Tech Pages: 27

Brand: K-Dyne Pages: 10

Brand: Inline Pages: 26

Brand: netvox Pages: 14

Brand: AsGa Pages: 23

IPS-800CE-D16, IPS-1600CE-D16

Brand: Western Telematic Pages: 58

Centerpoint 2x16

Brand: Epicenter Pages: 25

Brand: Edimax Pages: 2

Brand: Allen-Bradley Pages: 2

Brand: Cabletron Systems Pages: 56

Brand: Intellinet Pages: 48

Brand: UHPPOTE Pages: 10

Emulation Pod M306V2T-RPD-E

Brand: Renesas Pages: 74

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands