manualshive.com logo in svg

SMC Networks 8612T2 - annexe 1, Management Manual

Share
Download
SMC Networks 8612T2 - annexe 1 Management Manual Download Page 373

A

CCESS

 C

ONTROL

 L

IST

 C

OMMANDS

4-125

Example 

Related Commands

mask (IP ACL) (4-125)
ip access-group (4-129)

mask 

(IP ACL)

This command defines a mask for IP ACLs. This mask defines the fields to 
check in the IP header. Use the 

no

 form to remove a mask.

Syntax

[

no

mask 

[

protocol

{

any

 | 

host

 | 

source-bitmask

{

any

 | 

host

 | 

destination-bitmask

[

precedence

] [

tos

] [

dscp

[

source-port

 [

port-bitmask

]] [

destination-port

 [

port-bitmask]

[

control-flag

 [

flag-bitmask

]]

protocol

 – Check the protocol field.

any

 – Any address will be matched. 

host

 – The address must be for a host device, not a subnetwork.

source-bitmask

 – Source address of rule must match this bitmask.

destination-bitmask

 – Destination address of rule must match this 

bitmask.

precedence 

– Check the IP precedence field.

tos

 – Check the TOS field.

dscp

 – Check the DSCP field.

source-port

 – Check the protocol source port field.

destination-port 

– Check the protocol destination port field.

port-bitmask

 – Protocol port of rule must match this bitmask. 

(Range: 0-65535)

control-flag

 – Check the field for control flags.

flag-bitmask

 – Control flags of rule must match this bitmask. 

(Range: 0-63)

Default Setting

None

Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#

Summary of Contents for 8612T2 - annexe 1

Page 1: ...undant power unit Spanning Tree Protocol Rapid STP and Multiple STP Up to six LACP or static 8 port trunks Layer 2 3 4 CoS support through 8 priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web and SNMP RMON Management Guide SMC8612T2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions May 2005 Pub 149100006500H ...

Page 4: ... is granted by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...ress 2 6 Manual Configuration 2 6 Dynamic Configuration 2 7 Enabling SNMP Management Access 2 9 Community Strings 2 9 Trap Receivers 2 11 Saving Configuration Settings 2 11 Managing System Files 2 12 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 Basic Configuration 3 12 Displ...

Page 8: ...word 3 33 Configuring Local Remote Logon Authentication 3 34 Configuring HTTPS 3 38 Replacing the Default Secure site Certificate 3 40 Configuring the Secure Shell 3 41 Generating the Host Key Pair 3 44 Configuring the SSH Server 3 46 Configuring Port Security 3 48 Configuring 802 1X Port Authentication 3 51 Displaying 802 1X Global Settings 3 52 Configuring 802 1X Global Settings 3 54 Configuring...

Page 9: ...ort Mirroring 3 103 Configuring Rate Limits 3 104 Showing Port Statistics 3 106 Address Table Settings 3 112 Setting Static Addresses 3 112 Displaying the Address Table 3 114 Changing the Aging Time 3 115 Spanning Tree Algorithm Configuration 3 116 Displaying Global Settings 3 118 Configuring Global Settings 3 122 Displaying Interface Settings 3 127 Configuring Interface Settings 3 131 Configuring...

Page 10: ...es 3 169 Layer 3 4 Priority Settings 3 170 Mapping Layer 3 4 Priorities to CoS Values 3 170 Selecting IP Precedence DSCP Priority 3 171 Mapping IP Precedence 3 172 Mapping DSCP Priority 3 174 Mapping IP Port Priority 3 176 Mapping CoS Values to ACLs 3 178 Changing Priorities Based on ACL Rules 3 179 Multicast Filtering 3 182 Layer 2 IGMP Snooping and Query 3 183 Configuring IGMP Snooping and Query...

Page 11: ...4 6 Partial Keyword Lookup 4 7 Negating the Effect of Commands 4 7 Using Command History 4 7 Understanding Command Modes 4 8 Exec Commands 4 8 Configuration Commands 4 9 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 exec timeout 4 18 password thresh 4 19 silent time 4 20 databits 4 21 parity 4 22 speed 4 23 stopbits 4 24 disconnect 4 24 show...

Page 12: ...p port 4 41 ip http server 4 41 ip http secure server 4 42 ip http secure port 4 44 Secure Shell Commands 4 45 ip ssh server 4 48 ip ssh timeout 4 49 ip ssh authentication retries 4 50 ip ssh server key size 4 51 delete public key 4 51 ip ssh crypto host key generate 4 52 ip ssh crypto zeroize 4 53 ip ssh save host key 4 54 show ip ssh 4 54 show ssh 4 55 show public key 4 56 Event Logging Commands...

Page 13: ... 72 sntp client 4 72 show sntp 4 73 clock timezone 4 74 calendar set 4 75 show calendar 4 76 System Status Commands 4 77 show startup config 4 77 show running config 4 79 show system 4 82 show users 4 83 show version 4 83 Frame Size Commands 4 84 jumbo frame 4 84 Flash File Commands 4 85 copy 4 86 delete 4 89 dir 4 90 whichboot 4 91 boot system 4 92 Authentication Commands 4 93 Authentication Sequ...

Page 14: ...dot1x max req 4 107 dot1x port control 4 107 dot1x operation mode 4 108 dot1x re authenticate 4 109 dot1x re authentication 4 109 dot1x timeout quiet period 4 110 dot1x timeout re authperiod 4 110 dot1x timeout tx period 4 111 show dot1x 4 112 Access Control List Commands 4 115 IP ACLs 4 117 access list ip 4 118 permit deny Standard ACL 4 119 permit deny Extended ACL 4 121 show ip access list 4 12...

Page 15: ...ess list mac 4 146 match access list mac 4 147 ACL Information 4 148 show access list 4 148 show access group 4 149 SNMP Commands 4 149 snmp server community 4 150 snmp server contact 4 151 snmp server location 4 151 snmp server host 4 152 snmp server enable traps 4 154 show snmp 4 155 DNS Commands 4 157 ip host 4 158 clear host 4 159 ip domain name 4 159 ip domain list 4 160 ip name server 4 162 ...

Page 16: ...84 rate limit 4 185 Link Aggregation Commands 4 186 channel group 4 188 lacp 4 188 lacp system priority 4 191 lacp admin key Ethernet Interface 4 192 lacp admin key Port Channel 4 193 lacp port priority 4 194 show lacp 4 195 Address Table Commands 4 200 mac address table static 4 201 clear mac address table dynamic 4 202 show mac address table 4 203 mac address table aging time 4 204 show mac addr...

Page 17: ...tree mst port priority 4 226 spanning tree protocol migration 4 227 show spanning tree 4 228 show spanning tree mst configuration 4 230 VLAN Commands 4 231 Editing VLAN Groups 4 231 vlan database 4 232 vlan 4 233 Configuring VLAN Interfaces 4 234 interface vlan 4 234 switchport mode 4 235 switchport acceptable frame types 4 236 switchport ingress filtering 4 237 switchport native vlan 4 238 switch...

Page 18: ...andwidth 4 258 queue cos map 4 259 show queue mode 4 260 show queue bandwidth 4 260 show queue cos map 4 261 Priority Commands Layer 3 and 4 4 262 map ip port Global Configuration 4 262 map ip port Interface Configuration 4 263 map ip precedence Global Configuration 4 264 map ip precedence Interface Configuration 4 265 map ip dscp Global Configuration 4 266 map ip dscp Interface Configuration 4 26...

Page 19: ...xpire time 4 279 Static Multicast Routing Commands 4 280 ip igmp snooping vlan mrouter 4 280 show ip igmp snooping mrouter 4 281 IP Interface Commands 4 282 Basic IP Configuration 4 282 ip address 4 283 ip dhcp restart 4 284 ip default gateway 4 285 show ip interface 4 285 show ip redirects 4 286 ping 4 287 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 M...

Page 20: ...ity 3 174 Table 3 13 Egress Queue Priority Mapping 3 178 Table 4 1 Command Modes 4 8 Table 4 2 Configuration Commands 4 10 Table 4 3 Keystroke Commands 4 11 Table 4 4 Command Group Index 4 12 Table 4 5 Line Command Syntax 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Management Commands 4 32 Table 4 8 Device Designation Commands 4 33 Table 4 9 User Access Commands 4 34 Table 4 10 Default L...

Page 21: ...Commands 4 135 Table 4 36 Egress Queue Priority Mapping 4 146 Table 4 37 ACL Information 4 148 Table 4 38 SNMP Commands 4 149 Table 4 39 DNS Commands 4 157 Table 4 40 Show DNS Cache Field Description 4 166 Table 4 41 Interface Commands 4 167 Table 4 42 show interfaces switchport display description 4 181 Table 4 43 Mirror Port Commands 4 182 Table 4 44 Rate Limit Commands 4 184 Table 4 45 Link Agg...

Page 22: ... Default CoS Priority Levels 4 259 Table 4 62 Priority Commands Layer 3 and 4 4 262 Table 4 63 Mapping IP Precedence to CoS Values 4 265 Table 4 64 Mapping IP DSCP to CoS Values 4 267 Table 4 65 Multicast Filtering Commands 4 271 Table 4 66 IGMP Snooping Commands 4 271 Table 4 67 IGMP Query Commands Layer 2 4 275 Table 4 68 Static Multicast Routing Commands 4 280 Table 4 69 IP Interface Commands 4...

Page 23: ...TABLES xix ...

Page 24: ...etting Community Access Strings 3 31 Figure 3 16 Specifying Trap Managers and Trap Types 3 32 Figure 3 17 Configuring the Logon Password 3 34 Figure 3 18 Authentication Server Settings 3 37 Figure 3 19 HTTPS Settings 3 40 Figure 3 20 SSH Host Key Settings 3 45 Figure 3 21 SSH Server Settings 3 47 Figure 3 22 Configuring Port Security 3 50 Figure 3 23 802 1X Global Information 3 53 Figure 3 24 802 ...

Page 25: ... 113 Figure 3 50 Dynamic Addresses 3 115 Figure 3 51 Address Aging 3 116 Figure 3 52 STA Information 3 121 Figure 3 53 STA Configuration 3 126 Figure 3 54 STA Port Information 3 130 Figure 3 55 STA Port Configuration 3 134 Figure 3 56 MSTP VLAN Configuration 3 136 Figure 3 57 MSTP Port Information 3 138 Figure 3 58 MSTP Port Configuration 3 141 Figure 3 59 GVRP Status 3 147 Figure 3 60 VLAN Basic ...

Page 26: ...6 Figure 3 78 IP Port Priority 3 177 Figure 3 79 ACL CoS Priority 3 179 Figure 3 80 Changing Priorities Based on ACL Rules 3 181 Figure 3 81 IGMP Configuration 3 185 Figure 3 82 Multicast Router Port Information 3 186 Figure 3 83 Static Multicast Router Port Configuration 3 188 Figure 3 84 IP Multicast Registration Table 3 189 Figure 3 85 IGMP Member Port Table 3 190 Figure 3 86 DNS General Config...

Page 27: ...nvironment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP Community strings IP address filtering Port IEEE 802 1X MAC address filtering Access Control Lists Supports up to 32 IP or MAC ACLs Port Configuration Speed duplex mode and flow control...

Page 28: ...ed below Configuration Backup and Restore You can save the current configuration settings to a file on a TFTP server and later download this file to restore the switch configuration settings Broadcast Storm Control Supported Static Address Up to 16K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported ...

Page 29: ...ber or TCP control code or any frames based on MAC address or Ethernet type ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols Port Configuration You can manually configure the speed duplex mode and flow control used on specific ports or use auto negotiation to detect the...

Page 30: ...d threshold it will be throttled until the level falls back beneath the threshold Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Static addresses can be used t...

Page 31: ...osen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standar...

Page 32: ...rts within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using eight priority queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These funct...

Page 33: ... 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Port Authentication Disabled HTTPS Enabled SSH Enabled Port Security Disabled Web Management HTTP Server En...

Page 34: ... LX LH 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled MSTP Defaults All values based on IEEE 802 1s Fast Forwarding Edge ...

Page 35: ...5 6 7 Priority 2 0 1 3 4 5 6 7 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Disabl...

Page 36: ...INTRODUCTION 1 10 ...

Page 37: ...P Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial console ...

Page 38: ... via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 6 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS 232 serial port that enables a connection to a PC or termina...

Page 39: ...p bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www microsoft com f...

Page 40: ...ing Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SN...

Page 41: ... opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case sensitive To prevent...

Page 42: ...tch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Manual Configuration You can manually assign an IP address to the switch You may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside thi...

Page 43: ...al configuration mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to...

Page 44: ...de prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To obtain IP settings via BOOTP type ip address bootp and press Enter 3 Type end to return to the Privileged Exec mode Press Enter 4 Type ip dhcp restart client to be...

Page 45: ...configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified u...

Page 46: ...event unauthorized access to the switch via SNMP it is recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default m...

Page 47: ...e is either authentication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration sett...

Page 48: ... the system See Saving or Restoring Configuration Settings on page 3 24 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 22 for more information Diagnostic Code Software that is run during system boot up also known as ...

Page 49: ...iles should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 50: ...INITIAL CONFIGURATION 2 14 ...

Page 51: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and password...

Page 52: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 53: ...rs and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and...

Page 54: ... Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e wi...

Page 55: ...tension Shows the bridge extension parameters 3 16 IP Configuration Sets the IP address for management access 3 17 File 3 22 Firmware Manages code image files 3 22 Configuration Manages switch configuration files 3 24 Reset Restarts the switch 3 26 SNTP 3 27 Configuration Configures SNTP client settings including broadcast mode or a specified list of servers 3 27 Clock Time Zone Sets the local tim...

Page 56: ...atistics Displays protocol statistics for the selected port 3 58 ACL 3 60 Configuration Configures packet filtering based on IP or MAC addresses 3 60 Mask Configuration Controls the order in which ACL rules are checked 3 69 Port Binding Binds a port to the specified ACL 3 75 IP Filter Sets IP addresses of clients allowed management access 3 77 Port 3 77 Port Information Displays port connection st...

Page 57: ... Control Sets the broadcast storm threshold for each trunk 3 101 Mirror Port Configuration Sets the source and target ports for mirroring 3 103 Rate Limit 3 104 Input Port Configuration Sets the input rate limit for each port 3 104 Input Trunk Configuration Sets the input rate limit for each trunk 3 104 Output Port Configuration Sets the output rate limit for each port 3 104 Output Trunk Configura...

Page 58: ... Configuration Configures individual port settings for STA 3 131 Trunk Configuration Configures individual trunk settings for STA 3 131 MSTP VLAN Configuration Configures priority and VLANs for a spanning tree instance 3 134 Port Information Displays port settings for a specified MST instance 3 138 Trunk Information Displays trunk settings for a specified MST instance 3 138 Port Configuration Conf...

Page 59: ...tagged untagged or forbidden 3 154 Port Configuration Specifies default PVID and VLAN attributes 3 155 Trunk Configuration Specifies default trunk VID and VLAN attributes 3 155 Private VLAN Status Enables or disables the private VLAN 3 159 Link Status Configures the private VLAN 3 160 Protocol VLAN Configuration Creates a protocol group specifying the supported protocols 3 161 Port Configuration M...

Page 60: ...ue 3 174 IP Port Priority Status Globally enables or disables IP Port Priority 3 176 IP Port Priority Sets TCP UDP port priority defining the socket number and associated class of service value 3 176 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 178 ACL Marker Change traffic priorities for frames matching an ACL rule 3 179 IGMP Snooping 3 182...

Page 61: ...ulticast addresses associated with the selected VLAN 3 189 DNS General Configuration Enables DNS configures domain name and domain list and specifies IP address of name servers for dynamic lookup 3 191 Static Host Table Configures static entries for domain name to address mapping 3 194 Cache Displays cache entries discovered by designated name servers 3 196 Table 3 2 Main Menu Continued Menu Descr...

Page 62: ...p Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port us...

Page 63: ... location WC 9 4 151 Console config snmp server contact Geoff 4 151 Console config exit Console show system 4 82 System description SMC Networks SMC8612T2 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address 00 00 A3 42 00 80 Web server enable Web server port 80 Web secure server enable Web secure serve...

Page 64: ...ts Number of built in RJ 45 ports and expansion ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status1 Displays the status of the redundant power supply Management Software Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Ver...

Page 65: ...owing command to display version information Console show version 4 83 Unit1 Serial number S505008850 Hardware version R01A Number of ports 12 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 2 2 0 3 Boot rom version 2 1 0 4 Operation code version 1 4 0 6 Console ...

Page 66: ...his switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 112 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Re...

Page 67: ... need to change the switch s default settings IP address 0 0 0 0 and netmask 255 0 0 0 to values that are compatible with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment Console show bridge ext 4 250 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static e...

Page 68: ...is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is a...

Page 69: ...tatic enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 168 Console config if ip address 10 1 0 254 255 255 255 0 4 283 Console config if exit Console config ip default gateway 192 168 1 254 4 284 Console config ...

Page 70: ...adcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart client command Console config Console config inter...

Page 71: ...he switch In this case you can reboot the switch or submit a client request to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Conso...

Page 72: ...tails see the Batch Upgrade document in this Batch Upgrade folder Command Attributes TFTP Server IP Address The IP address of a TFTP server File Name The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ ...

Page 73: ...me then click Transfer from Server To start the new firmware reboot the system via the System Reset menu Figure 3 8 Operation Code Image File Transfer If you download to a new destination file then select the file from the drop down box for the operation code used at startup and click Apply Changes To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Ope...

Page 74: ...e Name The configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of user defined configuration files is limited only by available flash memory space Console copy tftp fil...

Page 75: ...ed as the destination on the switch Web Click System File Configuration Enter the IP address of the TFTP server enter the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Transfer from Server Figure 3 10 Downloading Configuration Settings from a Server If you download to a new file name then select the new file from the drop down box f...

Page 76: ...he Reset button to restart the switch Figure 3 12 Resetting the System CLI Use the reload command to restart the switch Note When restarting the system it will always run the Power On Self Test Console copy tftp startup config 4 86 TFTP server ip address 192 168 1 19 Source configuration file name config 1 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Suc...

Page 77: ...update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This mode requires at least one time server to be specifi...

Page 78: ... display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Hours 0 13 The number of hours before after UTC Console config sntp client 4 73 Console config sntp poll 16 4 72 Console config sntp server 10 1 0 19 137 8...

Page 79: ... be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 14 Clock Time Zone CLI This example shows how to set the time zone for the system clock Console config clock timezone Dhaka hours 6 minute 0 after UTC 4 74 Console config ...

Page 80: ... onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in the following sections Setting Community Access Strings You may configure up to five communit...

Page 81: ...Add Figure 3 15 Setting Community Access Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC ...

Page 82: ...ever an invalid community string is submitted during the SNMP access authentication process The default is enabled Enable Link up and Link down Traps Issues link up or link down traps The default is enabled Web Click SNMP Configuration Fill in the IP address and community string for each trap manager that will receive these messages specify the SNMP version mark the trap types required and then cl...

Page 83: ... specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring the Logon Password The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest na...

Page 84: ...tion Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Console config username bob access level 15 4 35 Console config username bob password 0 smith Console config Web Telnet RADIUS TACACS server...

Page 85: ...and Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and TAC...

Page 86: ...e RADIUS Settings Server IP Address Address of authentication server Default 10 1 0 1 Server Port Number Network UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Number of Server Transmits Number of times the ...

Page 87: ...t Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI See username on page 4 35 Web Click Security Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIU...

Page 88: ... s digital certificate Console config authentication login radius 4 94 Console config radius server host 192 168 1 25 4 95 Console config radius server port 181 4 96 Console config radius server key green 4 97 Console config radius server retransmit 5 4 97 Console config radius server timeout 10 4 98 Console config end Console show radius server 4 98 Remote radius server configuration Server IP ad...

Page 89: ...tly support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 40 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Default Port 443 Table 3 3 HTTPS Support Web Browse...

Page 90: ... a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we re...

Page 91: ... intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfers passing bet...

Page 92: ...ublic Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 1568499540186766925933394677...

Page 93: ... uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses the public k...

Page 94: ...modulus DSA Version 2 The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a co...

Page 95: ...Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 20 SSH Host Key Settings ...

Page 96: ...host key 4 48 Console show public key host 4 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB3...

Page 97: ...ecifies the SSH server key size Range 512 896 bits The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page before yo...

Page 98: ...rusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table...

Page 99: ...due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 83 Command Attributes Port Port number Name Descriptive text page 4 168 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP tr...

Page 100: ... allowed on a port and click Apply Figure 3 22 Configuring Port Security CLI This example sets the command mode to Port 5 sets the port security action to send a trap and disable the port and then enables port security for the switch Console config interface ethernet 1 5 Console config if port security action trap and shutdown 4 102 Console config if port security max mac count 20 4 102 Console co...

Page 101: ...authentication server to verify user identity and access rights When a client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to ...

Page 102: ...lient also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authentication type Some clients have native support in Windows otherwise the dot1X client must support it Displaying 802 1X Global Settings The 802 1X protocol provides port authentication The 802 1X protocol must be enabled globally for the switch system before port settings ...

Page 103: ...bal settings for 802 1X Console show dot1x 4 111 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 disabled Single Host ForceAuthorized n a 1 12 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is disabled on port 1 2 802 1X is dis...

Page 104: ...figuration Enable dot1X globally for the switch and click Apply Figure 3 24 802 1X Configuration CLI This example enables 802 1X globally for the switch Configuring Port Settings for 802 1X When 802 1X is enabled you need to configure the parameters for the authentication process that runs between the client and the switch i e authenticator as well as the client identity lookup process that runs b...

Page 105: ... port to deny access to all clients either dot1x aware or otherwise Re authen Sets the client to be re authenticated after the interval specified by the Re authentication Period Re authentication can be used to detect if a new device is plugged into a switch port Default Disabled Max Request Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before...

Page 106: ...rized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk port Web Click Security 802 1X Port Configuration Modify the parameters required and click Apply Figure 3 25 802 1X Port Configuration ...

Page 107: ...uth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 12 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 5 quiet period 40 tx period 40 supplicant timeout 30 server timeout 10 r...

Page 108: ... of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most ...

Page 109: ...2 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 111 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 110: ...t rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 However due to resource restrictions the average number of rules bound to the...

Page 111: ... explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum length 16 characters Type There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source ...

Page 112: ...fies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any Address Source IP address SubMask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits ...

Page 113: ...nge 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules deny rules or a combination of both Default Permit rules Src Dst IP Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses ...

Page 114: ...ult TCP Src Dst Port Source destination port number for the specified protocol type Range 0 65535 Src Dst Port Bitmask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Bitmask Decimal number representing the code bits to match The control bitmask is a decim...

Page 115: ...and ACK invalid use control code 2 control bitmask 18 Web Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click A...

Page 116: ...ACL can contain all permit rules deny rules or a combination of both Default Permit rules Source Destination MAC Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the Address and Bitmask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination MAC Bitmask Hexid...

Page 117: ...IPX Ethernet Type Mask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet types Any Any Ethernet packet type Untagged eth2 Untagged Ethernet II packets Untagged 802 3 Untagged Ethernet 802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets Command Usage Egress MAC ACLs only work for destination mac known packets no...

Page 118: ...ect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 30 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertyp...

Page 119: ... to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an ACL to ...

Page 120: ...in the ACL entries The first entry matching a mask is applied to the inbound packet Configuring an IP ACL Mask This mask defines the fields to check in the IP header Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes Console config access list ip mask precedence in 4 124 Console ...

Page 121: ... Default Any Src Dst IP Bitmask Source or destination address of rule must match this bitmask See the description for SubMask on page 3 62 Protocol Bitmask Check the protocol field Service Type Check the rule for the specified priority type Options Precedence TOS DSCP Default TOS Src Dst Port Bitmask Protocol port of rule must match this bitmask Range 0 65535 Control Bitmask Control flags of rule ...

Page 122: ...k to check for any source or destination address a specific host address or an address range Include other criteria to search for in the rules such as a protocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add Figure 3 32 ACL Mask Configuration IP ...

Page 123: ...ny address Host to specify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any Source Destination MAC Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format Bitmask A packet format must be specified in the rule Console...

Page 124: ...ingress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 3 33 ACL Mask Configuration MAC ...

Page 125: ... port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console config access list mac M4 4 136 Console config mac acl permit any any 4 137 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 4 137 Console config mac acl end Console show access list 4 148 MAC access list ...

Page 126: ... bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 12 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an AC...

Page 127: ... IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ...

Page 128: ...ss es for the Telnet group IP Filter List IP address which are allowed management access to this interface Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range Web Click Security IP Filter Enter the IP addresses or range of addresses that are allowed management access to an interface and click Add IP Filtering Entry Figure 3 35 IP Filter...

Page 129: ... if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Console config management telnet client 192 168 1 19 4 38 Console config management telnet client 192 168 1 25 192 168 1 ...

Page 130: ...cally set via LACP Web Click Port Port Information or Trunk Information Figure 3 36 Port Port Information Field Attributes CLI Basic information Port type Indicates the port type 1000BASE T or SFP MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface i...

Page 131: ...its and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 500 262143 packets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC ...

Page 132: ...ole show interfaces status ethernet 1 5 4 177 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 f1 47 58 46 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action Non...

Page 133: ... speed and duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Su...

Page 134: ...000BASE T 10half 10full 100half 100full 1000full SFP 1000full Forced Mode Shows the forced preferred port type to use for the combination ports 9 12 Copper Forced Always uses the built in RJ 45 port Copper Preferred Auto Uses the built in RJ 45 port if both combination types are functioning and the RJ 45 port has a valid link SFP Forced Always uses the SFP port even if module is not installed SFP ...

Page 135: ...viding a fault tolerant link between two devices You can create up to six trunks at a time Console config interface ethernet 1 8 4 168 Console config if description RD SW 13 4 168 Console config if shutdown 4 174 Console config if no shutdown Console config if no negotiation 4 170 Console config if speed duplex 100half 4 169 Console config if flowcontrol 4 172 Console config if negotiation Console...

Page 136: ...ing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding ne...

Page 137: ...rChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range ...

Page 138: ... Trunk Membership Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 38 Static Trunk Configuration ...

Page 139: ...ole config interface port channel 2 4 168 Console config if exit Console config interface ethernet 1 1 4 168 Console config if channel group 2 4 188 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 2 4 177 Information of Trunk 2 Basic information Port type 1000T Mac address 00 00 E8 AA A...

Page 140: ...e enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 39 LACP Port Configuration ...

Page 141: ...annel group Console config interface ethernet 1 1 4 168 Console config if lacp 4 188 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 177 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port admin status Up Speed duplex Auto Capabilities...

Page 142: ...must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 0 Port Priority If a l...

Page 143: ... can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 40 LACP Aggregation Port ...

Page 144: ...onsole config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 195 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 195 Port Channel 1 Oper...

Page 145: ...ceived that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Table 3 5 LACP Port Counters Continued ...

Page 146: ...d 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 6 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System ...

Page 147: ...bled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is consi...

Page 148: ...CP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 195 Port Channel 1 Oper Key 3 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeou...

Page 149: ...ue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the pro...

Page 150: ...side of port channel 1 Console show lacp 1 neighbors 4 195 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper Stat...

Page 151: ...dcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Port Port number Trunk Trunk number Type Indicates the...

Page 152: ...nterface ethernet 1 1 4 168 Console config if no switchport broadcast 4 175 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 175 Console config if end Console show interfaces switchport ethernet 1 2 4 180 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second Lacp status Disabled Ingress rate limit disable Egress r...

Page 153: ...ed otherwise traffic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to t...

Page 154: ...e maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with ...

Page 155: ...tion Set the Input Rate Limit Status or Output Rate Limit Status then set the rate limit for the individual interfaces and click Apply Figure 3 46 Rate Limit Configuration CLI This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps Console config interface ethernet 1 1 4 168 Console config if rate limit input 600 4 185 Console config if rate limit output 60...

Page 156: ...N groups 2 3 and 9 can only be accessed using SNMP management software such as SMC EliteView Table 3 8 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets The number...

Page 157: ... multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Transmit Discarded Packets The number of outbound packets which were chosen to be discarded e...

Page 158: ...ue to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR message is generated by the ...

Page 159: ...d frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing...

Page 160: ... packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but incl...

Page 161: ...PORT CONFIGURATION 3 111 Figure 3 48 Port Statistics Continued ...

Page 162: ...s Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test ...

Page 163: ...LAN ID of configured VLAN 1 4094 Permanent Assignment is permanent Delete on Reset Assignment lasts until the switch is reset Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 49 Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset 5 Web Only Cons...

Page 164: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 165: ...re 3 50 Dynamic Addresses CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table Command Attributes Aging Status Enables disables the aging function Console show mac address table interface ethernet 1 1 4 203 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C...

Page 166: ...de backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch incl...

Page 167: ...e therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This brid...

Page 168: ...ch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the switch system Max Age The maximum time in seconds a device can wait without receiving a configuration message before atte...

Page 169: ...this switch has been accepted as the root device of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanning tree mode Specifie...

Page 170: ... Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data ...

Page 171: ...spanning tree 4 228 Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root...

Page 172: ...ion Rapid Spanning Tree Protocol RSTP supports connections to either STA or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STA Mode If the switch receives an 802 1D BPDU i e STA BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and start...

Page 173: ...nning Tree State Enables disables STA on this switch Default Enabled Spanning Tree Type Specifies the type of spanning tree used on this switch STA Spanning Tree Algorithm IEEE 802 1D i e when this option is selected the switch will use RSTP set to STA forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default MSTP Multiple Spanning Tree IEEE 802 1s Priority Bridge priority...

Page 174: ...N If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to l...

Page 175: ...etting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Default 65 Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST R...

Page 176: ...panning tree mode mstp 4 208 Console config spanning tree priority 4096 4 212 Console config spanning tree hello time 5 4 211 Console config spanning tree max age 20 4 211 Console config spanning tree forward time 20 4 210 Console config spanning tree pathcost method long 4 213 Console config spanning tree transmission limit 4 4 214 Console config spanning tree mst configuration 4 214 Console conf...

Page 177: ...continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted t...

Page 178: ... false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is the MSTI regional root i e master port or is an alternate or bac...

Page 179: ...s port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with th...

Page 180: ...quired to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one other...

Page 181: ...nd edge port to indicate if the attached device can support fast forwarding References to ports in this section means interfaces which includes both ports and trunks Console show spanning tree ethernet 1 5 4 228 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5 Designated...

Page 182: ... forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with ...

Page 183: ...ctly one other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwar...

Page 184: ...ample sets STA attributes for port 7 Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance Console config interface eth...

Page 185: ...ning trees 1 Set the spanning tree type to MSTP STA Configuration page 3 122 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the VLANs that will share this MSTI MSTP VLAN Configuration Note All VLANs are automatically added to the IST Instance 0 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridg...

Page 186: ...butes displayed by the CLI for individual interfaces are described under Displaying Interface Settings page 3 127 Web Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 56 MSTP VLAN Configuration ...

Page 187: ...ec 15 Max hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designat...

Page 188: ...es MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Note The other attributes are described under Displaying Interface Settings page 3 127 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 57 MSTP Port Information Console config spanning tree mst configuration 4 214 Console...

Page 189: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal p...

Page 190: ... Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanni...

Page 191: ...Path Cost Method is set to short page 3 63 the maximum path cost is 65 535 Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Confi...

Page 192: ...ey belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network ...

Page 193: ...orts Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to partic...

Page 194: ...Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded ...

Page 195: ...etwork This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in th...

Page 196: ...hen forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto th...

Page 197: ...ion and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 59 GVRP Status CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number8 Th...

Page 198: ...rge VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Console show bridge ext 4 250 Max support vlan numbers 255 Max support vlan ID 4094 Extended multi...

Page 199: ...le Select any ID from the scroll down list Figure 3 61 VLAN Current Table Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is...

Page 200: ...c identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLA...

Page 201: ...rk the Enable checkbox to activate the VLAN and then click Add Figure 3 62 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 232 Console config vlan vlan 2 name R D media ethernet state active 4 233 Console config vlan end Console show vlan 4 241 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 E...

Page 202: ...by Port page to configure VLAN groups based on the port index page 3 154 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 155 Command Attributes V...

Page 203: ...ne group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 145 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last tab...

Page 204: ...nk identifier Member VLANs for which the selected interface is a tagged member Non Member VLANs for which the selected interface is not a tagged member Console config interface ethernet 1 1 4 168 Console config if switchport allowed vlan add 2 tagged 4 239 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Co...

Page 205: ...xample adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces including the default VLAN identifier PVID accepted frame types ingress filtering GVRP status and GARP timers Command Usage GVRP GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order ...

Page 206: ...to that group Acceptable Frame Type Sets the interface to accept all frame types including tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Default Disab...

Page 207: ...re the port actually leaves the group Range 60 3000 centiseconds Default 60 GARP LeaveAll Timer9 The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 Mode In...

Page 208: ...ly tagged frames assigns PVID 3 as the native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 168 Console config if switchport acceptable frame types tagged 4 236 Console config if switchport ingress filtering 4 237 Console config if switchport native vlan 3 4 238 Console config if switchport gvrp 4 251 Console config if...

Page 209: ...l VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 66 Private VLAN Status CLI This example enables private VLANs Console config pvlan 4 247 Console config Uplink Ports Primary VLAN prom...

Page 210: ... switch and with any designated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figure 3 67 Private VLAN Link Status CLI This configures ports 3 and 4 as uplinks and ports 5 and 6 as downlinks Console config pvlan up link ethernet 1 3 4 downlink ethernet 1 5 6 4 247 Console config end Console show ...

Page 211: ...n be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 3 150 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each...

Page 212: ...ping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces using any of the other VLAN commands such as VLAN Static Table page 3 152 or VLAN Static Membership page 3 154 these interfaces will admit traffic of any protoco...

Page 213: ...priate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Command Attributes Interface Port or trunk identifier Protocol Group ID Group identifier of this protocol group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Web Click VLAN Protocol VLAN Port Configuration Select a a ...

Page 214: ...the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagge...

Page 215: ...default priority of 5 to port 3 10 CLI displays this information as Priority for untagged traffic Console config interface ethernet 1 3 4 168 Console config if switchport priority default 5 4 255 Console config if end Console show interfaces switchport ethernet 1 3 4 180 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits...

Page 216: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class11 Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Table 3 9 Mapping CoS Values to Egress Queues Queue 0...

Page 217: ... Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 168 Console config queue cos map 0 0 4 259 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map ethernet 1 1 4 261 Information of Eth 1...

Page 218: ...events the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing low...

Page 219: ...hese queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table12 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic ...

Page 220: ...ervices are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default...

Page 221: ... This is the default setting IP Precedence Maps layer 3 4 priorities using IP Precedence IP DSCP Maps layer 3 4 priorities using Differentiated Services Code Point Mapping Web Click Priority IP Precedence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu Figure 3 74 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on t...

Page 222: ...CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Table 3 11 Mapp...

Page 223: ... 1 and then displays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip precedence 4 264 Console config interface ethernet 1 1 4 168 Console config if map ip precedence 1 cos 0 4 265 Console config if end Console show map ip precedence ethernet...

Page 224: ... be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority N...

Page 225: ...1 and then displays the DSCP Priority settings Note Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 4 266 Console config interface ethernet 1 1 4 168 Console config if map ip dscp 1 cos 0 4 266 Console config if end Console show map ip dscp ethernet 1 1 4 270 DSCP mapp...

Page 226: ...Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Priority IP Port Priority S...

Page 227: ...witch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Note Mapping specific values for IP Port Priority is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip port 4 262 Console config interface ethernet 1 1 4 168 Console config if map ip port 80 cos 0 4 263 Console config ...

Page 228: ...n to the packet itself For information on mapping the CoS values to output queues see page 3 166 Command Usage You must configure an ACL mask before you can map CoS values to the rule Command Attributes Port Port identifier Name13 Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 Table 3 13 Egress Queue Priority Mapping Priority 0 1 2 ...

Page 229: ...n the specified ACL on port 12 Changing Priorities Based on ACL Rules You can change traffic priorities for frames matching the defined ACL rule This feature is commonly referred to as ACL packet marking This switch can change the IEEE 802 1p priority IP Precedence or DSCP Priority of IP frames or change the IEEE 802 1p priority of Layer 2 frames Console config interface ethernet 1 12 4 168 Consol...

Page 230: ...ntain three bits for IP Precedence or six bits for Differentiated Services Code Point DSCP service Note that the IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Command Attributes Port Port identifier Name14 Name of ACL Type Type of ACL IP or MAC Precedence IP Pr...

Page 231: ...n click Add Figure 3 80 Changing Priorities Based on ACL Rules CLI This example changes the DSCP priority for packets matching an IP ACL rule and the 802 1p priority for packets matching a MAC ACL rule Console config interface ethernet 1 1 4 168 Console config if match access list ip bill set dscp 0 4 133 Console config if match access list mac mike set priority 0 4 147 Console config if end Conso...

Page 232: ...assed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure ...

Page 233: ...appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 189 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch...

Page 234: ...is is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10...

Page 235: ...es the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 272 Console config ip igmp snooping querier 4 276 Console config ip igmp snooping query count 10 4 276 Console config ip igmp snooping query interval 100 4 277 Console config ip igmp snooping query max response time 20 4 278 Console config ip igmp snooping router port expire time 300 4 27...

Page 236: ...ce on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snoopin...

Page 237: ...runk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming fr...

Page 238: ...t within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to p...

Page 239: ...try was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping and Query Parameters on page 3 183 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First add...

Page 240: ...cast traffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the multicast s...

Page 241: ...es configure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Server Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notation...

Page 242: ...h no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name15 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List15 Defines define a list of domain names that can be appended to incomplete host name...

Page 243: ...Web Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 3 86 DNS General Configuration ...

Page 244: ...es may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Console config ip domain name sample com 4 159 Console config ip domain list sample com uk 4 160 Console...

Page 245: ...1 64 characters IP Address Internet address es associated with a host name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 3 87 DNS Static Host Table ...

Page 246: ...and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip host rd5 19...

Page 247: ... CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POINTER...

Page 248: ...CONFIGURING THE SWITCH 3 198 ...

Page 249: ...ry similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged acc...

Page 250: ...ote The IP address for this switch is unassigned by default To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address Howe...

Page 251: ...ompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty 0 for the guest to show that you are using normal access mode i e Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sess...

Page 252: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 253: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 254: ...mation of interfaces ip IP information lacp Show lacp statistic line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Show management ip filter map Map priority marking Specify marker port Characteristics of the port protocol vlan Protocol vlan information public key Show information of public...

Page 255: ... to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then execut...

Page 256: ...Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new conso...

Page 257: ...ning configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Username admin Password adm...

Page 258: ...mpt will change to Console config which gives you access privilege to all Global Configuration commands To enter the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 14 Acce...

Page 259: ...ting keystrokes for command line processing VLAN vlan database Console config vlan 4 231 MSTP spanning tree mst configuration Console config mstp 4 214 Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current t...

Page 260: ...he serial port and Telnet including baud rate and console time out 4 14 General Basic commands for entering privileged access mode restarting the system or quitting the CLI 4 26 System Management Controls system logs system passwords user name browser management options and a variety of other system information 4 32 Flash File Manages code image or switch configuration files 4 85 Authentication Co...

Page 261: ...cified addresses displays current entries clears the table or sets the aging time 4 200 Spanning Tree Configures Spanning Tree settings for the switch 4 205 VLANs Configures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs and protocol VLANs 4 231 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the confi...

Page 262: ...a specific line for configuration and starts the line configuration mode GC 4 15 login Enables password checking at login LC 4 16 password Specifies a password on a line LC 4 17 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19 silent t...

Page 263: ...rminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command stopbits Sets the number of the stop bits transmitted per byte LC 4 24 disconnect Terminates a line connection PE 4 24 show line Displays a terminal line s parameters...

Page 264: ...ee authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the...

Page 265: ...eans encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You...

Page 266: ...the interval that the system waits until user input is detected Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is k...

Page 267: ...ue is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Tel...

Page 268: ...ord thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 19 Console config l...

Page 269: ...per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Comm...

Page 270: ...even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command Console config line parity none Console config line ...

Page 271: ... auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and a...

Page 272: ... stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will discon...

Page 273: ...emote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console disconnect 1 Console Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive...

Page 274: ...ess Privileged Exec mode Default Setting Level 15 Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 28 reload Restarts the system PE 4 29 end Returns to Privileged Exec mode any config mo...

Page 275: ...mands disable 4 27 enable password 4 36 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Command Usage The ...

Page 276: ...bling some of the other configuration modes including Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 30 show history This command shows the contents of the command history buffer Default Setting None Console di...

Page 277: ...ation command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config start...

Page 278: ...mand returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console reload System will be restarted continue y n y Console config if end Console ...

Page 279: ... return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Console config exit Console exit Press ENTER to start session User Access Verification Username ...

Page 280: ...ion that uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a Web browser 4 40 Secure Shell Provides secure replacement for Telnet 4 45 Event Logging Controls logging of error messages 4 58 SMTP Alerts Configures S...

Page 281: ...pt Maximum length 255 characters Default Setting Console Command Mode Global Configuration Example Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 151 snmp server location Sets the system location string GC 4 15...

Page 282: ... for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 93 and host access authentication for specific ports page 4 104 Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Function Mode Page username Es...

Page 283: ...ive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting ...

Page 284: ...ged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password passw...

Page 285: ... reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 26 IP Filter Commands Console config enable password level 15 0 admin Console config Table 4 11 IP Filter Commands Command Function Mode Page management Configures IP addresses that ar...

Page 286: ...starting address of a range end address The end address of a range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP Web and...

Page 287: ...t This command displays the client IP addresses that are allowed management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP Web and Telnet groups http client Adds IP address es to the Web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Teln...

Page 288: ...25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Command Command Function Mode Page ip http port Specifies the port to be used by the Web browser interface GC 4 41 ip http server Allows the switch to be monitored or configured from a browser GC 4 41 ip http secure server Enables HTTPS SSL for encrypt...

Page 289: ...The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 41 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 290: ... the switch s Web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in y...

Page 291: ... x and Netscape Navigator 6 2 or later versions The following Web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 40 Also refer to the copy command on page 4 86 Example Related Commands ip http secure port 4 44 copy tftp https certificate 4 86 Table 4 13 HTTPS System Support Web Browser Operatin...

Page 292: ..._number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure ser...

Page 293: ...pts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install an SSH client on the management station when using this protocol to configure the switch Note The switch supports both SSH Versi...

Page 294: ... authentication keys on the switch and enable the SSH server To use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair ip ssh crypto zeroize Clear the host key from RAM PE 4 53 ip ssh save host key Saves the host key from RAM to flash memory PE 4 54 disconnect Terminates a line connection PE 4 24 s...

Page 295: ...ing these keys The current firmware only accepts public key files based on standard UNIX format as shown in the following example 1024 35 1341081685609893921040944920155425347631641921872958921143173880 055536161631051775940838686311092912322268285192543746031009371877211996963178 136627741416898513204911720483033925432410163799759237144901193800609025394840 848271781943722884025331159521348610229...

Page 296: ...r during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server Use this command to enable the Secure Shell SSH server on this switch Use the no form to disable this service Syntax ip ssh server no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four cl...

Page 297: ... during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Console ip ssh crypto host key gen...

Page 298: ...henticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 54 Console config ip ssh authentication retires 2 Console config ...

Page 299: ...Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key Use this command to delete the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type...

Page 300: ...nd stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and e...

Page 301: ...ype Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 52 ip ssh save host key 4 54 no ip ssh s...

Page 302: ...ey Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 52 show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server k...

Page 303: ...State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 4 15 SSH Information Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client ...

Page 304: ...r ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Encryption Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 160 or 22...

Page 305: ...018676692593339467750546173253136748908365472541502024559319986854435 836165199992332978176606583095861082591321289023376546801726272571413428762941 301196195566782595664104869574278881462065194174677298486546861571773939016477 935594230357741309802273708779454524083971752646358058176716709574804776117 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8...

Page 306: ...e of error messages that are stored Table 4 16 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 58 logging history Limits syslog messages saved to switch memory based on severity GC 4 59 logging host Adds a syslog server host IP address that will receive logging messages GC 4 60 logging facility Sets the facility type for remote logging of syslog...

Page 307: ... history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 17 Logging Levels Name Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold st...

Page 308: ...t will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None critical 2 Critical conditions e g memory allocation or free memory error resource exhausted alerts 1 Immediate action needed emergencies 0 System unusable Console config logging history ram 0 Console config Tab...

Page 309: ... facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslo...

Page 310: ...ogging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 59 Default Setting Level 3 0 Command Mode Global Configuration Example clear logging This command clears messages from the log buffer Syntax clear logging flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored...

Page 311: ...messages stored in memory Syntax show logging flash ram sendmail trap flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset sendmail Displays settings for the SMTP event handler page 4 69 trap Displays settings for the trap function Default Setting None Command Mode Privileged Exec Console clear logging Console ...

Page 312: ...itDefault function fails level 3 module 13 function 0 and event no 0 Console Table 4 18 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging hist...

Page 313: ...command REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog servers as specified in the logging host command Table 4 20 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4 66 logging sendmail level...

Page 314: ...and to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in t...

Page 315: ...d level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging...

Page 316: ...ination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must ...

Page 317: ...x no logging sendmail Default Setting Disabled Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config ...

Page 318: ... 1 19 SMTP minimum severity level 3 SMTP destination email addresses 1 ted this company com SMTP source email address bill this company com SMTP status Enable Console Table 4 21 Time Commands Command Function Mode Page sntp server Specifies one or more time servers GC 4 71 sntp poll Sets the interval at which the client polls for time GC 4 72 sntp client Accepts time from specified time servers GC...

Page 319: ...P Range 1 3 addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Relat...

Page 320: ...al between time requests Range 16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration Example sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Conso...

Page 321: ...first sntp client command is issued However if the sntp broadcast client command is issued then the no sntp broadcast client command must be used to return the switch to SNTP client mode Example Related Commands sntp server 4 71 sntp poll 4 72 show sntp 4 73 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time h...

Page 322: ...mezone name hours hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 0 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configurat...

Page 323: ... 73 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april ma...

Page 324: ...ystem clock to 15 12 34 February 1st 2005 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar set 15 12 34 1 February 2005 Console Console show calendar 15 12 42 February 1 2005 Console ...

Page 325: ...Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 77 show running config Displays the configuration data currently in use PE 4 79 show system Displays system information NE PE 4 82 show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet clients...

Page 326: ...eparated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs Routing protocol configuration settings...

Page 327: ...c Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active interface vlan 1 ip address dhcp line console...

Page 328: ...group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs Spanning ...

Page 329: ... admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface vlan ...

Page 330: ...nce Example Console show system System description SMC Networks SMC8612T2 System OID string 1 3 6 1 4 1 202 20 52 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address 00 00 A3 42 00 80 Web server enable Web server port 80 Web secure server enable Web secure server port 443 Telnet server enable Telnet po...

Page 331: ...his command is indicated by a symbol next to the Line i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None Online users Line Username Idle time h m s Remote IP addr 0 conso...

Page 332: ...the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Console show version Unit1 Serial number Hardware version Number of ports 12 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 2 2 0 3 Boot rom version 2 1 0 4 Operation code version 1 4 0 6 Console Table 4 23 Frame Size Commands Command Function Mo...

Page 333: ...extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 175 Example Flash File Commands These commands are used to manage the system code or configuration files Console config jumb...

Page 334: ...e file running config startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system init...

Page 335: ...sh memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination For information on specifyi...

Page 336: ...p Choose file type 1 config 2 opcode 1 2 1 Source file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01...

Page 337: ...r image Syntax delete filename filename Name of the configuration file or image name Default Setting None Command Mode Privileged Exec Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y Console copy tftp public key TFTP se...

Page 338: ...elete public key 4 51 dir This command displays a list of files in flash memory Syntax dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on this file cannot be sho...

Page 339: ...mand Mode Privileged Exec Table 4 25 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte diag_0060 Boot Rom image Y 111360 run_01642 Operation Code N 1074304...

Page 340: ...e of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Console whichbo...

Page 341: ...Console config Table 4 26 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 93 RADIUS Client Configures settings for authentication via a RADIUS server 4 95 TACACS Client Configures settings for authentication via a TACACS server 4 99 Port Security Configures secure addresses for a port 4 102 Port Authentication Configu...

Page 342: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command t...

Page 343: ...adius server host This command specifies the RADIUS server Use the no form to restore the default Syntax radius server host host_ip_address no radius server host host_ip_address IP address of server Console config authentication login radius Console config Table 4 28 RADIUS Client Commands Command Function Mode Page radius server host Specifies the RADIUS server GC 4 95 radius server port Sets the...

Page 344: ...rt Use the no form to restore the default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Example Console config radius server host 192 168 1 25 Console config Console config radius server port 181 Console config ...

Page 345: ...ces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Ran...

Page 346: ...t number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Console config radius server retransmit 5 Console confi...

Page 347: ... TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Console show radius server Remote radius server configuration Server IP address 192 168 1 25 Communication key with radius server green Server port number 181 Retransmit times 5 Request timeout 10 Console Table 4 29 TACACS Client Comman...

Page 348: ...ork port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example Console config tacacs server host 192 168 1 26 Console config Console config tacacs server port 182 Console config ...

Page 349: ...ent Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console config tacacs server key green Console config Console show tacacs server Server IP address 192 168 1 26 Communicatio...

Page 350: ... the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only ...

Page 351: ...e security on the port Use the no port security max mac count command to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot ...

Page 352: ...authentication dot1x default Sets the default authentication server type GC 4 105 dot1x default Resets all dot1x parameters to their default values GC 4 106 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 106 dot1x port control Sets dot1x mode for a port interface IC 4 107 do...

Page 353: ...Use the no form to restore the default Syntax authentication dot1x default radius no authentication dot1x dot1x timeout re authperiod Sets the time period after which a connected client must be re authenticated IC 4 110 dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet IC 4 111 show dot1x Shows all dot1x related...

Page 354: ...figuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Console config authentication dot1x default radius Console config ...

Page 355: ...uthorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config interface ethernet 1 2 Conso...

Page 356: ... host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Example dot1x re authenticate This command forces re authentication on all ports or a specific inte...

Page 357: ... Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Console dot1x re authenticate Console Console config...

Page 358: ...ated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x timeout quiet period 350 Console config if Console config interface eth 1 2 Console config if dot1x timeout re authperiod 300 Console config if ...

Page 359: ...number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exe...

Page 360: ...period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 109 tx period Time a port waits during authentication session before re transmitting EAP packet page 4 111 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Maximum number of times a port will retransmit an EA...

Page 361: ...imes connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier packet received from the Authentication Server Reauthentication State Machine State Current state including initialize reauthenticate...

Page 362: ...st Auto yes 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 12 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Rea...

Page 363: ...witch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filte...

Page 364: ... can bind it to a port or set the queue or frame priorities associated with the rule The switch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail Egress MAC ACLs only work for destination mac known packets not for multicas...

Page 365: ...s Function Page IP ACLs Configure ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 117 MAC ACLs Configure ACLs based on hardware addresses packet format and Ethernet type 4 135 ACL Information Display ACLs and associated rules shows ACLs assigned to each port 4 148 Table 4 33 IP ACL Commands Command Function Mode Page access list ip Creates an IP ACL and enters c...

Page 366: ...ol mask GC 4 124 mask Sets a precedence mask for the ACL rules IP Mask 4 125 show access list ip mask precedence Shows the ingress or egress rule masks for IP ACLs PE 4 128 ip access group Adds a port to an IP ACL IC 4 129 show ip access group Shows port assignments for IP ACLs PE 4 129 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 130 s...

Page 367: ...t text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 119 ip access group 4 129 show ip access list 4 123 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host sourc...

Page 368: ...icate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Related Commands access list ip 4 118 Console con...

Page 369: ...t source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port source port bitmask destination port destination port port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to matc...

Page 370: ...th the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means ...

Page 371: ...s 192 168 1 0 with the TCP control code set to SYN Related Commands access list ip 4 118 show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Console config ext acl p...

Page 372: ...rding to specified IP ACLs Command Mode Global Configuration Command Usage A mask can only be used by all ingress ACLs or all egress ACLs The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule...

Page 373: ...ed host The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the protocol destination port field port...

Page 374: ...in order of precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the ...

Page 375: ... interface ethernet 1 1 Console config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list ...

Page 376: ... access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask ac...

Page 377: ... list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it t...

Page 378: ...matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Console config int eth 1 11 Console config if ip access group david in Console ...

Page 379: ...fied ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map on 4 259 Example Related Commands queue cos map 4 259 show map access list ip 4 132 Table 4 34 Egress Queue Priority Mapping Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Console config interface ethernet 1 10 Console config if map access list...

Page 380: ...e CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list ip 4 130 Console show map access list ip Eth 1 10 access list ip bill cos 0 Console ...

Page 381: ...one Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Traffic priorities may be included in the IEEE 802 1p priority tag This tag is also incorporated as part of the overall IEEE 802 1Q VLAN tag To specify this priority use the set priority keywords The IP frame header also includes priority bits i...

Page 382: ...nt configuration for packet marking Command Mode Privileged Exec Example Related Commands match access list ip 4 133 Console config interface ethernet 1 12 Console config if match access list ip bill set dscp 0 Console config if Console show marking Interface ethernet 1 12 match access list ip bill set dscp 0 Console ...

Page 383: ...recedence mask for the ACL rules MAC Mask 4 140 show access list mac mask precedence Shows the ingress or egress rule masks for MAC ACLs PE 4 143 mac access group Adds a port to a MAC ACL IC 4 144 show mac access group Shows port assignments for MAC ACLs PE 4 145 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 145 show map access list mac...

Page 384: ... must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related ...

Page 385: ...vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source ad...

Page 386: ...of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands acce...

Page 387: ...44 access list mac mask precedence This command accesses MAC Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mode Global Configuration Console sho...

Page 388: ...sk MAC ACL This command defines a mask for MAC ACLs This mask defines the fields to check in the packet header Use the no form to remove a mask Syntax no mask pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype bitmask pktformat Check the packet format field If this keyword must be used in the mask the packet format must be specified in ACL rule to ma...

Page 389: ...Command Mode MAC Mask Command Usage Up to seven masks can be assigned to an ingress or egress ACL Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules were entered First create the required ACLs and inbound or outbound masks before mapping an ACL to...

Page 390: ...le config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 Console config access list mac mask precedence in Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 12 Console config if mac access group M4 in Console config if end Console show ac...

Page 391: ...806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config if mac ac...

Page 392: ...applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac access list 4 139 Console config inter...

Page 393: ...n ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Console show mac acce...

Page 394: ...show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Table 4 36 Egress Queue Priority Mapping Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 ...

Page 395: ...atch access list mac acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Console show map access list mac Acc...

Page 396: ...ction Mode Page show access list Shows all ACLs and associated rules PE 4 148 show access group Shows the ACLs assigned to each port PE 4 149 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 0 0 0 255 any dport 80 permit 192 168 1 0 0 0 0 255 any protocol tcp contro...

Page 397: ...ess list david MAC access list jerry Console Table 4 38 SNMP Commands Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 4 150 snmp server contact Sets the system contact string GC 4 151 snmp server location Sets the system location string GC 4 151 snmp server host Specifies the recipient of an SNMP notification operation GC 4 ...

Page 398: ... characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access ...

Page 399: ... Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 151 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting ...

Page 400: ...he targeted recipient Maximum host addresses 5 trap destination IP address entries community string Password like community string sent with the notification operation Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters ...

Page 401: ...re sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP version 1 or version 2c notifications to a host IP address depending on...

Page 402: ... command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp ...

Page 403: ...P communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp enable traps command ...

Page 404: ...ge is read only 328 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 557 Number of requested variables 0 Number of altered variables 99 Get request PDUs 229 Get next PDUs 0 Set request PDUs 328 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 328 Response PDUs 0 Tra...

Page 405: ...t Creates a static host name to address mapping GC 4 158 clear host Deletes entries from the host name to address table PE 4 159 ip domain name Defines a default domain name for incomplete host names GC 4 159 ip domain list Defines a list of default domain names for incomplete host names GC 4 160 ip name server Specifies the address of one or more name servers to use for host name to address trans...

Page 406: ... Setting No static entries Command Mode Global Configuration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device Example This example maps two address to a host...

Page 407: ...the DNS table ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name Syntax ip domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 cha...

Page 408: ...ient that are not formatted with dotted notation Use the no form to remove a name from this list Syntax no ip domain list name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Console config ip domain name sample com Console config end Console show dns Domain Lookup St...

Page 409: ... no domain list the domain name specified with the ip domain name command is used If there is a domain list the default domain name is not used Example This example adds two domain names to the current list and then displays the list Related Commands ip domain name 4 159 Console config ip domain list sample com jp Console config ip domain list sample com uk Console config end Console show dns Doma...

Page 410: ...additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Example This example adds two domain name servers to the list and then displays the list Console config ip name server 192 168 1 55 10 1 0 55 Console config e...

Page 411: ... Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sam...

Page 412: ...command displays the static host name to address mapping table Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias Console ...

Page 413: ...mple com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten accton com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CN...

Page 414: ...ting a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console cl...

Page 415: ... of a given interface IC 4 170 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 171 flowcontrol Enables flow control on a given interface IC 4 172 combo forced mode Force port type selected for combination ports IC 4 174 shutdown Disables an interface IC 4 174 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 175 cle...

Page 416: ...hannel channel id Range 1 6 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 12 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interface Range...

Page 417: ... Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force operation to the speed and duplex mode specified in ...

Page 418: ... Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled ...

Page 419: ...ps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sende...

Page 420: ...l commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control Related Commands negotiation 4 170 speed duplex 4 169 flowcontrol 4 172 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration Ethernet Port Channel Console...

Page 421: ...mand to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the seg...

Page 422: ...as a valid link sfp forced Always uses the SFP port even if a module is not installed sfp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting sfp preferred auto Command Mode Interface Configuration Ethernet Example This forces the switch to use the built in RJ 45 port for the combination port 10 shutdown This command disables an ...

Page 423: ... 5 switchport broadcast packet rate This command configures broadcast storm control Use the no form to disable broadcast storm control Syntax switchport broadcast packet rate rate no switchport broadcast rate Threshold level as a rate i e packets per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit 500 packets per second Command Mode Interface Configuration Ethernet ...

Page 424: ...terface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displaye...

Page 425: ... unit This is device 1 port Port number port channel channel id Range 1 6 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 79 Console clear coun...

Page 426: ...ation of Eth 1 5 Basic information Port type 1000T Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status ...

Page 427: ... Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets ...

Page 428: ...ces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 12 Console show interfaces switchport ethernet 1 12 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable Egress rate limit disable VLAN membership mode Hybrid Ingres...

Page 429: ...rship mode as Trunk or Hybrid page 4 235 Ingress rule Shows if ingress filtering is enabled or disabled page 4 237 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 236 Native VLAN Indicates the default Port VLAN ID page 4 238 Priority for untagged traffic Indicates the default priority for untagged frames page 4 254 Gvrp status Shows if GARP VLAN...

Page 430: ...t source port unit Switch unit 1 port Port number rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 4 43 Mirror Port Commands Command Function Mode P...

Page 431: ...all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Switch unit 1 por...

Page 432: ...of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Conso...

Page 433: ...form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate output Output rate rate Maximum value in Mbps Range 1 to 1000 Mbps Default Setting 1000 Mbps Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 434: ...operating at full duplex Table 4 45 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode for the trunk GC 4 168 channel group Adds a port to a trunk IC Ethernet 4 188 Dynamic Configuration Command lacp Configures LACP for the current interface IC Ethernet 4 188 lacp system priority Config...

Page 435: ...t channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a chan...

Page 436: ...s the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no lacp De...

Page 437: ...n A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active lin...

Page 438: ...if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 e8 00 00 0b Configuration Name Port admin status Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control status D...

Page 439: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 440: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side ...

Page 441: ... Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inte...

Page 442: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side...

Page 443: ...essages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Port Channel 1 Eth 1 1 LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker ...

Page 444: ...ry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp internal Port Channel 1 Oper Key 4 Admin Key ...

Page 445: ...y for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP system priority assigned to this port channel LACP Port Priority LACP port priority assigned to this interface within the channel group ...

Page 446: ...enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is co...

Page 447: ...splay description Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port ...

Page 448: ...8F 2C A7 4 32768 00 30 F1 8F 2C A7 5 32768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 Console Table 4 49 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the ...

Page 449: ...rt channel channel id Range 1 6 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration show mac address table Displays entries in the bridge forwarding database PE 4 203 mac address table aging time Sets the aging ...

Page 450: ...ddress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system ...

Page 451: ... Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx xx xx tha...

Page 452: ...isable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 00 00 00 00 17 1 Learned Eth 1...

Page 453: ...anning tree forward time Configures the spanning tree bridge forward time GC 4 210 spanning tree hello time Configures the spanning tree bridge hello time GC 4 211 spanning tree max age Configures the spanning tree bridge maximum age GC 4 211 spanning tree priority Configures the spanning tree bridge priority GC 4 212 spanning tree path cost method Configures the path cost method for RSTP MSTP GC ...

Page 454: ... forwarding for edge ports IC 4 222 spanning tree portfast Sets an interface to fast forwarding IC 4 223 spanning tree link type Configures the link type for RSTP MSTP IC 4 224 spanning tree mst cost Configures the path cost of an instance in the MST IC 4 225 spanning tree mst port priority Configures the priority of an instance in the MST IC 4 226 spanning tree protocol migration Re checks the ap...

Page 455: ...ect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This exa...

Page 456: ...p Multiple Spanning Tree IEEE 802 1s Default Setting rstp Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loop...

Page 457: ...STP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tree instances A spanning tree instance can exist only on bridges that have compatible VLAN...

Page 458: ...tting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information t...

Page 459: ...guration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum...

Page 460: ...d port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range 0 61440 ...

Page 461: ...ntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to por...

Page 462: ...nge 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration Use this command to change to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Command Mode Global Configuration Example Con...

Page 463: ...Command Usage Use this command to group VLANs into spanning tree instances MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are a...

Page 464: ...Instance identifier of the spanning tree Range 0 4094 priority Priority of the a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The...

Page 465: ...e name name Name of the spanning tree Default Setting Switch s MAC address Command Mode MST Configuration Command Usage The MST region name and revision number page 4 218 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example...

Page 466: ...d revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands name 4 217 max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to rest...

Page 467: ... to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syn...

Page 468: ...200 000 Default Setting Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values sho...

Page 469: ...figuration Ethernet Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifie...

Page 470: ...state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However...

Page 471: ...through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command i...

Page 472: ...e Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on poin...

Page 473: ...2 000 000 Gigabit Ethernet 2 000 200 000 Default Setting Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage Each spanning tree instance is associated with a unique set of VLAN IDs This command is ...

Page 474: ...ult Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one interface is assign...

Page 475: ...hannel channel id Range 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on th...

Page 476: ... show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning tree confi...

Page 477: ...d Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Design...

Page 478: ...ration This command shows the multiple spanning tree configuration Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configuration name XSTP REGION 0 Revision level 0 Instance Vlans 1 1 4094 Console ...

Page 479: ...including name VID and state 4 231 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 234 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 241 Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol 4 242 Configuring Private VLANs Con...

Page 480: ...lete VLANs After finishing configuration changes you can display the VLAN settings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands s...

Page 481: ...llowed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to ...

Page 482: ...ace vlan Enters interface configuration mode for a specified VLAN IC 4 234 switchport mode Configures VLAN membership mode for an interface IC 4 235 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 236 switchport ingress filtering Enables ingress filtering on an interface IC 4 237 switchport native vlan Configures the PVID native VLAN of an interface IC ...

Page 483: ...pecifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN i e associated with the PVID are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid m...

Page 484: ...pes all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tag...

Page 485: ...for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent...

Page 486: ...ace is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames enterin...

Page 487: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a...

Page 488: ...st of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VL...

Page 489: ...owed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 55 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 241 show interfaces status vlan Displays stat...

Page 490: ...nto logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type in use by the inbound packets Console show vlan id 1 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Console Table 4 56 Protocol based...

Page 491: ...otocol vlan protocol group command Interface Configuration mode protocol vlan protocol group Configuring Groups This command creates a protocol group adds specific protocols to a group Use the no form to remove a protocol group Syntax protocol vlan protocol group group id add remove frame_type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this p...

Page 492: ...l group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 233...

Page 493: ...is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax show protocol vlan protocol group group id group id Group identifier for a protocol group Ran...

Page 494: ...unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show protocol vlan protocol group ProtocolGroup ID Frame Type Protocol Type 1 ethernet 08 00 C...

Page 495: ... interface Default Setting No private VLANs are defined Command Mode Global Configuration Command Usage A private VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs can exist simultaneously within the same switch Entering the pvlan command without any param...

Page 496: ...w pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 12 down link ethernet 1 5 8 Console config Console show pvlan Private VLAN status Enabled Up link port Ethernet 1 12 Down link port Ethernet 1 5 Ethernet 1 6 Ethernet 1 7 Ethernet 1 8 Console ...

Page 497: ...ally for the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 58 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 249 show bridge ext Shows the global bridge extension configuration PE 4 250 switchport gvrp Enables GVRP for an interface IC 4 251 switchport forbidden vlan Configures...

Page 498: ...r bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 4 147 and Displaying Bridge Extension Capabilities on page 4 16 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filter...

Page 499: ...command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console show g...

Page 500: ...Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP regis...

Page 501: ...s is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 252 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Le...

Page 502: ...ill be transmitted before those in the lower priority queues You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues Table 4 59 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardwa...

Page 503: ...rface Configuration Ethernet Port Channel Table 4 60 Priority Commands Layer 2 Command Function Mode Page switchport priority default Sets a port priority for incoming untagged frames IC 4 255 queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 257 queue bandwidth Assigns round robin weights to the priority queues GC 4 258 queue cos map Assigns class of service value...

Page 504: ...o use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priority tags will be placed in queue 0 of t...

Page 505: ...y Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each ...

Page 506: ... by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues for port 5 Related Commands show queue bandwid...

Page 507: ... value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface Configurat...

Page 508: ...ow queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if end Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 P...

Page 509: ...vice priority map Syntax show queue cos map interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 Console ...

Page 510: ...e 4 62 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping GC 4 262 map ip port Maps TCP UDP socket to a class of service IC 4 263 map ip precedence Enables IP precedence class of service mapping GC 4 264 map ip precedence Maps IP precedence value to a class of service IC 4 265 map ip dscp Enables IP DSCP class of service mapping GC 4 266...

Page 511: ... e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP D...

Page 512: ...bled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally Console config interface ethernet ...

Page 513: ...el Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Example The...

Page 514: ...switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally map ip dscp Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip...

Page 515: ... priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 Table 4 64 Mapping IP DSCP to CoS Values IP DSCP Value CoS Value 0 0 8 1 10 1...

Page 516: ...t number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Commands map ip port Global Configuration 4 262 map ip port Interface Configuration 4 263 Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 1 80 0 Eth 1 2 80 0 Eth 1 12 80 0 Console ...

Page 517: ...r port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Related Commands map ip precedence Global Configuration 4 264 map ip precedence Interface Configuration 4 265 Console show map ip precedence ethernet 1 5 Precedence mapping status enabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Co...

Page 518: ...t Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 266 map ip dscp Interface Configuration 4 266 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 519: ...ulticast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 271 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 275 Static Multicast Routing Configures static multicast router ports 4 280 Table 4 66 IGMP Snooping Commands Command Function Mode Page i...

Page 520: ... enables IGMP snooping ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Conso...

Page 521: ...etting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configure...

Page 522: ...ion show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Console show ip igmp snooping Service status Enabled Querier status Enabled Qu...

Page 523: ...oping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 67 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 276 ip igmp snooping query count Configures the query count GC 4 276 ip igmp snooping query interval Configures the query interval GC 4 277 ip igmp snooping query max r...

Page 524: ...for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast grou...

Page 525: ...responded then that client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 278 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval...

Page 526: ... using IGMPv2 for this command to take effect This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not respon...

Page 527: ... expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeo...

Page 528: ...ulticast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the current multicast ...

Page 529: ... vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip ...

Page 530: ...ent stations or other devices that exist on another network segment Basic IP Configuration Table 4 69 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 283 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 284 ip default gateway Defines the default gateway through which this switch can reach other subnetworks GC 4 284 show ip i...

Page 531: ...he switch to existing IP subnets You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP...

Page 532: ...es the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Console config interface vlan 1 Console config if ip address 192 168 1 5 255 255 255 0 Console config if...

Page 533: ...ay IP address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 286 show ip interface This command displays the settings of an IP inte...

Page 534: ...one Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain 4 284 Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode User specified Console Console show ip redirects IP default gateway 10 1 0 25...

Page 535: ...etting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten...

Page 536: ...0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console ...

Page 537: ...nfiguration 10 100 1000BASE T Ports 1 12 10 100 Mbps half full duplex 1000 Mbps full duplex SFP Ports 9 12 1000BASE X 1000 Mbps full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port ...

Page 538: ... learning private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote M...

Page 539: ... VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 3ad Link Aggregation Control Protocol ARP RFC 826 DHCP RFC...

Page 540: ... RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Private MIB Quality of Service MIB RADIUS Authentication Client MIB RFC 2618 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation TACACS Authentication...

Page 541: ...has not been disabled Check network cabling between the management station and the switch If you cannot connect using Telnet or SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot access the on board configuration program via a serial port connection Ensure that you have set the terminal emulator program to VT100 comp...

Page 542: ...TROUBLESHOOTING B 2 ...

Page 543: ...ervice to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of...

Page 544: ...automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registrati...

Page 545: ...based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame...

Page 546: ...mbership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control pack...

Page 547: ...d or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio Out of Band Management Management of the network...

Page 548: ...o RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older...

Page 549: ...icated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network Telnet Defines a re...

Page 550: ... targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same...

Page 551: ...178 3 179 4 266 IP port priority 3 176 4 262 IP precedence 3 172 4 264 layer 3 4 priorities 3 170 4 262 queue mapping 3 166 4 259 queue mode 3 168 4 257 traffic class weights 3 169 4 258 D default gateway configuration 3 18 4 285 default priority ingress port 3 164 4 255 default settings system 1 7 DHCP 3 20 4 283 client 3 18 4 157 dynamic configuration 2 7 Differentiated Code Point Service See DS...

Page 552: ...oping 3 183 4 272 snooping configuring 3 183 4 271 ingress filtering 3 156 4 237 IP address BOOTP DHCP 3 20 4 283 setting 2 6 3 17 4 283 IP port priority enabling 3 176 4 262 mapping priorities 3 176 4 263 IP precedence enabling 3 171 4 264 mapping priorities 3 172 4 265 J jumbo frame 4 84 L link type STA 3 130 3 133 4 224 logging syslog traps 4 62 to syslog servers 4 60 log in Web interface 3 3 l...

Page 553: ...low control 3 83 4 172 forced selection on combo ports 3 81 4 174 speed 3 83 4 169 ports configuring 3 79 4 167 ports mirroring 3 103 4 182 priority default port ingress 3 164 4 255 problems troubleshooting B 1 protocol migration 3 134 4 227 Q queue weights 3 169 4 258 R RADIUS logon authentication 4 95 rate limits setting 3 104 4 184 remote logging 4 62 restarting the system 3 26 4 29 RSTP 3 116 ...

Page 554: ...system clock setting 3 27 4 70 system software downloading from server 3 22 4 86 T TACACS logon authentication 3 35 4 99 time setting 3 27 4 70 traffic class weights 3 169 4 258 trap manager 2 11 3 31 4 152 troubleshooting B 1 trunk configuration 3 85 4 186 LACP 3 89 4 188 static 3 87 4 188 U upgrading software 3 22 4 86 user password 3 33 4 35 4 36 V VLANs 3 142 3 160 4 231 4 248 adding static me...

Page 555: ......

Page 556: ...33 0 41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 62...

Reviews:

No comments

Brands by name

Popular brands

Load more brands