background image

C

ONFIGURING

 

THE

 S

WITCH

3-60

Configuring 802.1x Port Authentication 

Network switches can provide open and easy access to network resources 
by simply attaching a client PC. Although this automatic configuration and 
access is a desirable feature, it also allows unauthorized personnel to easily 
intrude and possibly gain access to sensitive network data.

The IEEE 802.1x (dot1x) standard defines a port-based access control 
procedure that prevents unauthorized access to a network by requiring 
users to first submit credentials for authentication. Access to all switch 
ports in a network can be centrally controlled from a server, which means 
that authorized users can use the same credentials for authentication from 
any point within the network.

This switch uses the 
Extensible 
Authentication 
Protocol over LANs 
(EAPOL) to 
exchange 
authentication 
protocol messages 
with the client, and a 
remote RADIUS authentication server to verify user identity and access 
rights. When a client (i.e., Supplicant) connects to a switch port, the switch 
(i.e., Authenticator) responds with an EAPOL identity request. The client 
provides its identity (such as a user name) in an EAPOL response to the 
switch, which it forwards to the RADIUS server. The RADIUS server 
verifies the client identity and sends an access challenge back to the client. 
The EAP packet from the RADIUS server contains not only the challenge, 
but the authentication method to be used. The client can reject the 
authentication method and request another, depending on the 
configuration of the client software and the RADIUS server. The 
authentication method can be MD5, TLS (Transport Layer Security), 
TTLS (Tunneled Transport Layer Security), or other. The client responds 
to the appropriate method with its credentials, such as a password or 

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

Summary of Contents for 8612XL3

Page 1: ...ching architecture Support for a redundant power unit Spanning Tree Protocol Up to six LACP or static 4 port trunks Layer 2 3 4 CoS support through four priority queues Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Management Guide SMC8612XL3 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions October 2003 Pub 150200039900A ...

Page 4: ...ed by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2003 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of the initial warranty whichever is longer SMC is not responsible for any custom software or firmware configuration information or memory data of Customer contained in stored on...

Page 6: ...SS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS SO THE ABOVE LI...

Page 7: ...ion 2 4 Dynamic Configuration 2 5 Enabling SNMP Management Access 2 6 Community Strings 2 6 Trap Receivers 2 7 Saving Configuration Settings 2 7 Managing System Files 2 8 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 2 Home Page 3 2 Configuration Options 3 2 Panel Display 3 3 Main Menu 3 3 Basic Configuration 3 10 Displaying System Informat...

Page 8: ...ering Addresses for SNMP Client Access 3 29 User Authentication 3 30 Configuring the Logon Password 3 30 Configuring Local Remote Logon Authentication 3 31 Configuring HTTPS 3 34 Replacing the Default Secure site Certificate 3 35 Configuring the Secure Shell 3 35 Generating the Host Key Pair 3 37 Configuring the SSH Server 3 39 Configuring Port Security 3 40 Configuring 802 1x Port Authentication ...

Page 9: ...isplaying LACP Settings and Status for the Remote Side 3 77 Setting Broadcast Storm Thresholds 3 78 Configuring Port Mirroring 3 80 Configuring Rate Limits 3 81 Showing Port Statistics 3 82 Address Table Settings 3 86 Setting Static Addresses 3 86 Displaying the Address Table 3 87 Changing the Aging Time 3 88 Spanning Tree Algorithm Configuration 3 88 Displaying Global Settings 3 89 Configuring Gl...

Page 10: ...e Mode 3 128 Setting the Service Weight for Traffic Classes 3 128 Mapping Layer 3 4 Priorities to CoS Values 3 130 Selecting IP Precedence DSCP Priority 3 130 Mapping IP Precedence 3 131 Mapping DSCP Priority 3 132 Mapping IP Port Priority 3 134 Mapping CoS Values to ACLs 3 135 Changing Priorities Based on ACL Rules 3 136 Multicast Filtering 3 138 IGMP Protocol 3 138 Layer 2 IGMP Snooping and Quer...

Page 11: ... 3 168 Displaying VRRP Group Statistics 3 169 Hot Standby Router Protocol 3 170 Configuring HSRP Groups 3 170 IP Routing 3 176 Overview 3 176 Initial Configuration 3 176 IP Switching 3 177 Routing Path Management 3 178 Routing Protocols 3 178 Basic IP Interface Configuration 3 179 Configuring IP Routing Interfaces 3 180 Address Resolution Protocol 3 182 Proxy ARP 3 182 Basic ARP Configuration 3 18...

Page 12: ...or External AS Routes 3 223 Redistributing External Routes 3 224 Configuring NSSA Settings 3 225 Displaying Link State Database Information 3 227 Displaying Information on Border Routers 3 229 Displaying Information on Neighbor Routers 3 230 Multicast Routing 3 231 Configuring Global Settings for Multicast Routing 3 231 Displaying the Multicast Routing Table 3 232 Configuring DVMRP 3 234 Configuri...

Page 13: ...e Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 6 Exec Commands 4 6 Configuration Commands 4 7 Command Line Processing 4 9 Command Groups 4 10 Line Commands 4 11 line 4 11 login 4 12 password 4 13 exec timeout 4 14 password thresh 4 14 silent time 4 15 databits 4 16 parity 4 16 speed 4 17 stopbits 4 17 disconnect 4 18 show line 4 18 General Commands 4 19 enable 4 1...

Page 14: ...30 ip http secure server 4 30 ip http secure port 4 31 Secure Shell Commands 4 32 ip ssh server 4 34 ip ssh timeout 4 35 ip ssh authentication retries 4 36 ip ssh server key size 4 36 delete public key 4 37 ip ssh crypto host key generate 4 37 ip ssh crypto zeroize 4 38 ip ssh save host key 4 38 show ip ssh 4 39 show ssh 4 39 show public key 4 40 Event Logging Commands 4 41 logging on 4 41 logging...

Page 15: ... 52 show sntp 4 53 clock timezone 4 53 calendar set 4 54 show calendar 4 54 System Status Commands 4 55 show startup config 4 55 show running config 4 56 show system 4 58 show users 4 59 show version 4 59 Frame Size Commands 4 60 jumbo frame 4 60 Flash File Commands 4 61 copy 4 61 delete 4 63 dir 4 64 whichboot 4 65 boot system 4 65 Authentication Commands 4 66 Authentication Sequence 4 66 authent...

Page 16: ...6 dot1x operation mode 4 76 dot1x re authenticate 4 77 dot1x re authentication 4 77 dot1x timeout quiet period 4 78 dot1x timeout re authperiod 4 78 dot1x timeout tx period 4 79 show dot1x 4 79 Access Control List Commands 4 82 IP ACLs 4 83 access list ip 4 84 permit deny Standard ACL 4 85 permit deny Extended ACL 4 86 show ip access list 4 88 access list ip mask precedence 4 88 mask IP ACL 4 89 s...

Page 17: ... 106 show access list 4 106 show access group 4 107 SNMP Commands 4 107 snmp server community 4 108 snmp server contact 4 108 snmp server location 4 109 snmp server host 4 109 snmp server enable traps 4 110 snmp ip filter 4 111 show snmp 4 112 DHCP Commands 4 113 DHCP Client 4 113 ip dhcp client identifier 4 113 ip dhcp restart client 4 114 DHCP Relay 4 115 ip dhcp restart relay 4 115 ip dhcp rela...

Page 18: ...name 4 130 ip domain list 4 130 ip name server 4 131 ip domain lookup 4 132 show hosts 4 133 show dns 4 133 show dns cache 4 134 clear dns cache 4 135 Interface Commands 4 136 interface 4 136 description 4 137 speed duplex 4 137 negotiation 4 138 capabilities 4 139 flowcontrol 4 140 combo forced mode 4 141 shutdown 4 141 switchport broadcast packet rate 4 142 clear counters 4 143 show interfaces s...

Page 19: ...mac address table 4 160 mac address table aging time 4 161 show mac address table aging time 4 162 Spanning Tree Commands 4 162 spanning tree 4 163 spanning tree mode 4 164 spanning tree forward time 4 165 spanning tree hello time 4 166 spanning tree max age 4 166 spanning tree priority 4 167 spanning tree pathcost method 4 167 spanning tree transmission limit 4 168 spanning tree mst configuration...

Page 20: ...filtering 4 185 switchport native vlan 4 186 switchport allowed vlan 4 187 switchport forbidden vlan 4 188 Displaying VLAN Information 4 188 show vlan 4 189 Configuring Protocol based VLANs 4 189 protocol vlan protocol group Configuring Groups 4 190 protocol vlan protocol group Configuring Interfaces 4 191 show protocol vlan protocol group 4 191 show interfaces protocol vlan protocol group 4 192 C...

Page 21: ... show map ip port 4 208 show map ip precedence 4 209 show map ip dscp 4 210 Multicast Filtering Commands 4 211 IGMP Snooping Commands 4 211 ip igmp snooping 4 211 ip igmp snooping vlan static 4 212 ip igmp snooping version 4 212 show ip igmp snooping 4 213 show mac address table multicast 4 213 IGMP Query Commands Layer 2 4 214 ip igmp snooping querier 4 214 ip igmp snooping query count 4 215 ip i...

Page 22: ... show ip redirects 4 230 ping 4 230 Address Resolution Protocol ARP 4 232 arp 4 232 arp timeout 4 233 clear arp cache 4 233 show arp 4 233 ip proxy arp 4 234 IP Routing Commands 4 235 Global Routing Configuration 4 235 ip routing 4 235 ip route 4 236 clear ip route 4 237 show ip route 4 237 show ip traffic 4 238 Routing Information Protocol RIP 4 239 router rip 4 240 timers basic 4 240 network 4 2...

Page 23: ...f authentication 4 262 ip ospf authentication key 4 263 ip ospf message digest key 4 264 ip ospf cost 4 265 ip ospf dead interval 4 265 ip ospf hello interval 4 266 ip ospf priority 4 266 ip ospf retransmit interval 4 267 ip ospf transmit delay 4 268 show ip ospf 4 268 show ip ospf border routers 4 269 show ip ospf database 4 270 show ip ospf interface 4 277 show ip ospf neighbor 4 278 show ip osp...

Page 24: ...4 292 show ip dvmrp neighbor 4 292 show ip dvmrp interface 4 293 PIM DM Multicast Routing Commands 4 293 router pim 4 294 ip pim dense mode 4 294 ip pim hello interval 4 295 ip pim hello holdtime 4 296 ip pim trigger hello interval 4 296 ip pim join prune holdtime 4 297 ip pim graft retry interval 4 298 ip pim max graft retries 4 298 show router pim 4 299 show ip pim interface 4 299 show ip pim ne...

Page 25: ...tandby Router Protocol Commands 4 310 standby ip 4 310 standby priority 4 311 standby preempt 4 312 standby authentication 4 313 standby timers 4 314 standby track 4 315 show standby 4 316 show standby interface 4 318 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Index Appendix B Troubleshooting Inde 1 Glossary ...

Page 26: ...CONTENTS xxvi ...

Page 27: ...nfigure to maximize the switch s performance for your particular network environment Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP Community strings IP address filtering Port IEEE 802 1x MAC address filtering Access Control Lists Supports up to 32 IP or MAC ACLs Ac...

Page 28: ...bad frames Spanning Tree Protocol Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 255 using IEEE 802 1Q port based protocol based or private VLANs Traffic Prioritization Default port priority traffic class map queue scheduling IP Precedence or Differentiated Services Code Point DSCP Router Redundancy Router backup is provided with the Vir...

Page 29: ... restore the switch configuration settings Authentication This switch authenticates management access via the console port Telnet or web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1x protocol This protocol uses Extensible Authentication Protocol ov...

Page 30: ...ions Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded The switch supports flow control based on the IEEE 802 3x standard Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a...

Page 31: ...own host to a specific port IEEE 802 1D Bridge The switch supports IEEE 802 1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses Store and Forward Switching The switch copies each frame into its memory before forwarding them to another port This en...

Page 32: ...r different VLANs It simplifies network management provides for even faster convergence than RSTP by limiting the size of each region and prevents VLAN members from being segmented from the rest of the group as sometimes occurs with IEEE 802 1D STP Virtual LANs The switch supports up to 255 VLANs A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Page 33: ...on requirements Traffic can be prioritized based on the priority bits in the IP frame s Type of Service ToS octet When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue IP Routing The switch provides Layer 3 IP routing To maintain a high rate of throughput the switch forwards all traffic passin...

Page 34: ...are addresses This switch supports conventional ARP which locates the MAC address corresponding to a given IP address This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next You can configure either static or dynamic entries in the ARP cache Proxy ARP allows hosts that do not support routing to determine the M...

Page 35: ...s its own routing table but is gradually being replacing by most network managers with PIM Dense Mode and Sparse Mode PIM is a very simple protocol that uses the routing table of the unicast routing protocol enabled on an interface Dense Mode is designed for areas where the probability of multicast clients is relatively high and the overhead of frequent flooding is justified While Sparse mode is d...

Page 36: ...Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1x Port Authentication Disabled HTTPS Enabled SSH Enabled Port ...

Page 37: ...00 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled 1000BASE SX LX LH 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Prot...

Page 38: ... Round Robin Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Settings Management VLAN Any VLAN configured with an IP address IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled Relay Disabled Server Disabled DNS Server Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled...

Page 39: ...er 2 Snooping Enabled Querier Disabled IGMP Layer 3 Disabled Multicast Routing DVMRP Disabled PIM DM Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Disabled SNTP Clock Synchronization Disabled Function Parameter Default ...

Page 40: ...INTRODUCTION 1 14 ...

Page 41: ...TP web agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial console...

Page 42: ... by limiting input or output rates Configure up to 255 IEEE 802 1Q VLANs Enable GVRP automatic VLAN registration Configure IP routing for unicast or multicast traffic Configure router redundancy Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS pri...

Page 43: ...tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud if want to view all the system initialization messa...

Page 44: ... console configuration options 3 Once you have set up the terminal correctly the console login screen will be displayed For a description of how to use the CLI see Using the Command Line Interface on page 4 1 For a list of all the CLI commands and detailed information on using the CLI refer to Command Groups on page 4 13 ...

Page 45: ... switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network m...

Page 46: ...rompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in ...

Page 47: ...ual Configuration You can manually assign an IP address to the switch You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment if routing is not enabled on this switch Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI progr...

Page 48: ...ess of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip dhcp restart client command to start broadcasting...

Page 49: ...e prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To obtain IP settings via BOOTP type ip address bootp and press Enter 3 Type end to return to the Privileged Exec mode Press Enter 4 Type ip dhcp restart client to beg...

Page 50: ...igured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specified users...

Page 51: ...change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simply type no snmp server c...

Page 52: ...n Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt ty...

Page 53: ... the system See Saving or Restoring Configuration Settings on page 3 26 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces See Managing Firmware on page 3 24 for more information Diagnostic Code Software that is run during system boot up also known as ...

Page 54: ...iles should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 55: ...using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 7 2 Set user names and passwords using an out of band serial conn...

Page 56: ...ivileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management commands issued through the web interfac...

Page 57: ...ator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Configuration Options Configurable parameters have a dialo...

Page 58: ... refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Clicking on the image of a port opens the Port Configuration page as described on page 3 93 Main Menu Using the onboard web agent you can...

Page 59: ...o a logging process 3 28 System Logs Stores and displays error messages 3 32 Remote Logs Configures the logging of messages to a remote logging process 3 30 Reset Restarts the switch 3 33 SNTP 3 33 Configuration Configures SNTP client settings including broadcast mode or a specified list of servers 3 34 Clock Time Zone Sets the local time zone for the system clock 3 35 SNMP 3 36 Configuration Conf...

Page 60: ...es packet filtering based on IP or MAC addresses 3 72 Mask Configuration Controls the order in which ACL rules are checked 3 81 Port Binding Binds a port to the specified ACL 3 87 IP Filter Configures IP addresses that are allowed management access 3 69 Port 3 89 Port Information Displays port connection status 3 89 Trunk Information Displays trunk connection status 3 89 Port Configuration Configu...

Page 61: ...istics Lists Ethernet and RMON port statistics 3 116 Address Table 3 122 Static Addresses Displays entries for interface address or VLAN 3 122 Dynamic Addresses Displays or edits static entries in the Address Table 3 124 Address Aging Sets timeout for dynamically learned entries 3 125 Spanning Tree 3 126 STA Information Displays STA values used for the bridge 3 127 Configuration Configures global ...

Page 62: ... VLAN 3 159 Static Membership Configures membership type for interfaces including tagged untagged or forbidden 3 161 Port Configuration Specifies default PVID and VLAN attributes 3 163 Trunk Configuration Specifies default trunk VID and VLAN attributes 3 163 Private VLAN Status Enables or disables the private VLAN 3 167 Link Status Configures the private VLAN 3 168 Protocol VLAN Configuration Crea...

Page 63: ...ng the socket number and associated class of service value 3 185 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 186 ACL Marker Change traffic priorities for frames matching an ACL rule 3 188 IGMP Snooping 3 190 IGMP Configuration Enables multicast filtering configures parameters for multicast query 3 193 Multicast Router Port Information Displ...

Page 64: ...55 General Sets the protocol timeout and enables or disables proxy ARP for the specified VLAN 3 256 Static Addresses Statically maps a physical address to an IP address 3 257 Dynamic Addresses Shows dynamically learned entries in the IP routing table 3 258 Other Addresses Shows internal addresses used by the switch 3 260 Statistics Shows statistics on ARP requests sent and received 3 261 IGMP 3 20...

Page 65: ... Table Shows each multicast route this switch has learned 3 321 VRRP 3 226 Group Configuration Configures VRRP groups including virtual interface address advertisement interval preemption priority and authentication 3 227 Global Statistics Displays global statistics for VRRP protocol packet errors 3 234 Group Statistics Displays statistics for VRRP protocol events and errors on the specified VRRP ...

Page 66: ...ntication for each interface 3 297 Virtual Link Configuration Configures a virtual link through a transit area to the backbone 3 303 Network Area Address Configuration Defines OSPF areas and associated interfaces 3 305 Summary Address Configuration Aggregates routes learned from other protocols for advertising into other autonomous systems 3 308 Redistribute Configuration Redistributes routes from...

Page 67: ...nterface Settings Enables or disables PIM DM per interface configures protocol settings for hello prune and graft messages 3 336 Interface Information Displays summary information for each interface 3 339 Neighbor Information Displays neighboring PIM DM routers 3 340 DHCP 3 214 Relay Configuration Specifies DHCP relay servers enables or disables relay service 3 214 Server Configures DHCP server pa...

Page 68: ...These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface POST result Shows results of ...

Page 69: ...BASIC CONFIGURATION 3 15 ...

Page 70: ...wer Console config hostname R D 53 34 Console config snmp server location WC 93 149 Console config snmp server contact Ted3 148 Console config exit Console show system3 82 System description SMC Networks SMC8612XL3 System OID string 1 3 6 1 4 1 202 20 33 System information System Up time 0 days 14 hours 38 minutes and 0 42 seconds System Name NONE System Location NONE System Contact NONE MAC addre...

Page 71: ...er Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master i e operating stand alone Expansion Slots Expansion Slot Indicates any installed module type Web Click System Switch Information ...

Page 72: ...e traffic classes Refer to Class of Service Configuration on page 3 172 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 122 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the ...

Page 73: ...s This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension CLI Enter the following command Console show bridge ext Max support VLAN numbers 255 Max support VLAN ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local...

Page 74: ...ds Anything outside this format will not be accepted by the CLI program Command Usage This section describes how to configure a single local interface for initial access to the switch To configure multiple IP interfaces on this switch you must set up an IP interface for each VLAN page 3 252 To enable routing between the different interfaces on this switch you must enable IP routing page 3 250 To e...

Page 75: ...interface through which the management station is attached Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 0 0 0 0 Subnet Mask This mask identifies the host address bits used for routing to specific subnets Default 255 0 0 0 Default Gateway IP address of the gateway router between this device and management stations that exist on other network segments Default 0 0 ...

Page 76: ...CP BOOTP If your network provides DHCP BOOTP services you can configure the switch to be dynamically configured by these services Web Click IP General Routing Interface Specify the VLAN to which the management station is attached set the IP Address Mode to DHCP or Console config Console config interface vlan 1 Console config if ip address 10 1 28 150 255 255 252 0 Console config if exit Console co...

Page 77: ...and then enter the ip dhcp restart client command Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit a client request to restart DHCP service via the CLI Console config Console config int...

Page 78: ...le name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note Up to two copies of the system software i e the runtime firmware can be stored in the file directory on the switch The currently designated startup ver...

Page 79: ...rver To start the new firmware reboot the system via the System Reset menu If you download to a new destination file then select the file from the drop down box for the operation code used at startup and click Apply Changes To start the new firmware reboot the system via the System Reset menu ...

Page 80: ... maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of user defined configuration files is limited only by available flash memory space Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or yo...

Page 81: ...load to a new file name then select the new file from the drop down box for Startup Configuration File and press Apply Changes To use the new settings reboot the system via the System Reset menu CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch Console copy tftp startup config3 85 TFTP server ip add...

Page 82: ...itch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels ...

Page 83: ...Status set the level of event messages to be logged and click Apply Level Argument Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpected return errors 3 Error conditions e g invalid input default used critical 2 Critical conditions e g...

Page 84: ...priate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for...

Page 85: ... Click System Remote Logs To add an IP address to the Host IP List type the new IP address in the Host IP Address box and then click Add IP Host To delete an IP address click the entry in the Host IP List and then click Remove Host IP CLI Enter the syslog server host IP address choose the facility type and ...

Page 86: ...evel for flash memory is errors i e default level 3 0 the message level for RAM is debugging i e default level 7 0 and lists one sample Console config logging host 10 1 0 93 60 Console config logging facility 233 61 Console config logging trap 43 62 Console config Console show logging trap3 63 Syslog logging Enable REMOTELOG status enable REMOTELOG facility type local use 7 REMOTELOG level type Wa...

Page 87: ... the CLI See calendar set on page 3 76 If the clock is not set the switch will only record the time from the factory default set at the last bootup This switch acts as an SNTP client in two modes Unicast The switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP Console show logging flash3 63 Syslog logging Enable History logg...

Page 88: ... specified server s if a broadcast is not received within the polling interval Command Attributes SNTP Client Configures the switch to operate as an SNTP unicast client This mode requires at least one time server to be specified in the SNTP Server field SNTP Broadcast Client Configures the switch to operate as an SNTP broadcast client This mode requires no other configuration settings the switch w...

Page 89: ...responding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Con...

Page 90: ... well as to monitor them to evaluate performance or detect potential problems The switch includes an onboard SNMP agent that continuously monitors the status of its hardware as well as the traffic passing through its ports A network management station can access this information using software such as HP OpenView Access rights to the onboard agent are controlled by community strings To communicate...

Page 91: ...unity strings Community String A community string that acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Read Only Specifies read only access Authorized management stations are only able to retrieve MIB objects Read Write Specifies read write access Authorized management st...

Page 92: ...CONFIGURING THE SWITCH 3 38 CLI The following example adds the string spiderman with read write access Console config snmp server community spiderman rw3 147 Console config ...

Page 93: ...agers Trap Manager IP Address Internet address of the host the targeted recipient Trap Manager Community String Community string sent with the notification operation Range 1 32 characters case sensitive Trap Version Specifies whether to send notifications as SNMP v1 or v2c traps Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP acce...

Page 94: ...ITCH 3 40 CLI This example adds a trap manager and enables both authentication and link up link down traps Console config snmp server host 10 1 28 150 private version 2c3 150 Console config snmp server enable traps3 151 ...

Page 95: ... 0 to 192 168 1 254 IP filtering only restricts management access for clients running SNMP management software such as HP OpenView It does not affect management access to the switch using the web interface or Telnet The default setting is null which allows all IP groups SNMP access to the switch If one or more IP addresses are configured IP filtering is enabled and only addresses listed in this ta...

Page 96: ...estrict management access to this switch using the following options Passwords Manually configure access rights on the switch for specified users Authentication Settings Use remote authentication to configure access rights HTTPS Settings Provide a secure web connection SSH Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports Console...

Page 97: ... safe place The default guest name is guest with the password guest The default administrator name is admin with the password admin Note that user names can only be assigned via the CLI Command Attributes User Name The name of the user Maximum length 8 characters Access Level Specifies the user level Options Normal and Privileged Password Specifies the user password Range 0 8 characters plain text...

Page 98: ...s with associated privilege levels for each user that requires management access to the switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet Command Usage By defa...

Page 99: ... RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes Authentication Select the authentication or authentication sequence required Local User authentication is performed only locally by the switch Radius User authentication is performed using a RADIUS...

Page 100: ...ss Address of the TACACS server Default 10 11 12 13 Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and pa...

Page 101: ...onsole config radius server timeout 103 97 Console show radius server3 97 Server IP address 192 168 1 25 Communication key with radius server Server port number 181 Retransmit times 5 Request timeout 10 Console config authentication login tacacs3 93 Console config tacacs server host 10 20 30 403 98 Console config tacacs server port 2003 99 Console config tacacs server key green3 99 Console show ta...

Page 102: ...nt authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 4...

Page 103: ...e site Certificate When you log onto the web interface using HTTPS for secure access a Secure Sockets Layer SSL certificate appears for the switch By default the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you w...

Page 104: ...s such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch g...

Page 105: ...page create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the follo...

Page 106: ...e a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client u...

Page 107: ...ncryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA DSA Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either ...

Page 108: ...2168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 60325919683697053439336438445223335188287173896894511729290510813919642025 190932104328579045764891 DSA ssh dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE Re6hlasfEthIwmj hLY4O0jqJZpcEQUgCfYlum0Y2uoLka Py9ieGWQ8f2gobUZKIICuKg6vjO9XTs7XKc05xfzkBi KviDa 2OrIz6UK 6vFOgvUDFedlnix...

Page 109: ...n attempt Range 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies the SSH server key size Range 512 896 bits The server key is a private key that is never shared outside th...

Page 110: ...coming traffic with source addresses already stored in the dynamic or static address table will be accepted as authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the Console config ip ssh server3 48 Console config ip ssh timeout 1203 49 Console config ip ssh authentication retries 33 50 Console config ip ssh server key si...

Page 111: ...lly add secure addresses with the Static Address Table page 3 122 or turn off port security to reenable the learning function long enough for new VLAN members to be registered Learning may then be disabled again if desired for security Command Usage A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port It cannot be used as a member of a static or dynam...

Page 112: ...ax MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 20 Trunk Trunk number if port is a member page 3 97 and 3 99 Web Click Security Port Security Set the action to take when an invalid address is detected on a port mark the checkbox in the Status column to enable security for a port set the maximum number of MAC addresses allowed on a port and click Apply ...

Page 113: ... 5 sets the port security action to send a trap and disable the port and specifies a maximum address count Console config interface ethernet 1 5 Console config if port security action trap and shutdown3 101 Console config if port security max mac count 20 Console config if ...

Page 114: ...lient i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the c...

Page 115: ...d and properly configured The RADIUS server and 802 1x client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type MD5 TLS TTLS PEAP etc Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1x Global Settings The do...

Page 116: ...dicates the time period after which a connected client must be re authenticated Timeout for TX Period The time period during an authentication session that the switch waits before re transmitting an EAP packet Supplicant timeout The time the switch waits for a client response to an EAP request Server timeout The time the switch waits for a response from the authentication server RADIUS to an authe...

Page 117: ...s Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 23 disabled Single Host ForceAuthorized yes 1 24 enabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 24 Status Unauthorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 00 00 00 00 Current Ident...

Page 118: ... number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session Range 1 10 Default 2 Timeout for Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 seconds Timeout for Re authentication Period Sets the ti...

Page 119: ...s if authentication is enabled or disabled on the port Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Range Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 20 Console config dot1x re authentication3 108 Console config dot1x max req 53 10...

Page 120: ...ts either dot1x aware or otherwise Force Unauthorized Forces the port to deny access to all clients either dot1x aware or otherwise Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk port Web Click S...

Page 121: ...valid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id fram...

Page 122: ...AP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Parameter Description ...

Page 123: ...s You can specify the client IP addresses that are allowed management access to the switch through the web interface SNMP also see page 3 41 or Telnet Console show dot1x statistics interface ethernet 1 43 110 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total R...

Page 124: ...sses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specify...

Page 125: ...hat are allowed management access to an interface and click Add IP Filtering Entry CLI This example restricts management access for Telnet clients Console config management telnet client 192 168 1 193 38 Console config management telnet client 192 168 1 25 192 168 1 30 Console ...

Page 126: ...t matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 However due to resource restrictions the average number of rules bound to the ports should not exceed 20 Yo...

Page 127: ...to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum length 16 characters Type There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can ...

Page 128: ... and SubMask fields Options Any Host IP Default Any Address Source IP address SubMask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the address for each IP packet entering the port s to which this ACL has been assign...

Page 129: ...rmit rules or all deny rules Default Permit rules Src Dst IP Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any Src Dst Address Source or destination IP address Src Dst SubMask Subnet mask for so...

Page 130: ... Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Bitmask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The f...

Page 131: ...any other required criteria such as service type protocol type or TCP control code Then click Add CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 1...

Page 132: ...C Bitmask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4095 VID Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Mask Protocol bitmask Ra...

Page 133: ...ts Untagged 802 3 Untagged Ethernet 802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets Command Usage Egress MAC ACLs only work for destination mac known packets not for multicast broadcast or destination mac unknown packets ...

Page 134: ... 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 3 134 Cons...

Page 135: ...o up to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an ACL...

Page 136: ...P header Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes Command Attributes Src Dst IP Specifies the source or destination IP address Use Any to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any ...

Page 137: ...otocol Bitmask Check the protocol field Service Type Check the rule for the specified priority type Options Precedence TOS DSCP Default TOS Src Dst Port Bitmask Protocol port of rule must match this bitmask Range 0 65535 Control Bitmask Control flags of rule must match this bitmask Range 0 63 ...

Page 138: ...s range Include other criteria to search for in the rules such as a protocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add CLI This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because...

Page 139: ...VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format Bitmask A packet format must be specified in the rule Web Configure the mask to match the required rules in the MAC ingress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for Cons...

Page 140: ...CONFIGURING THE SWITCH 3 86 specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add ...

Page 141: ...can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL When an ACL is bound to an interface as an egress filter all entries in the ACL must be deny rules Otherwise the bind operation will fail Console config access list mac M43 133 Console config mac acl permit any any3 134 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 33 ...

Page 142: ... bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 12 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic select the required A...

Page 143: ...per Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Forced Mode1 Shows the forced preferred port type to use for combination ports 9 12 Copper Forced Cop...

Page 144: ...runk Information Field Attributes CLI Basic information Port type Indicates the port type 1000BASE T 1000BASE SX 1000BASE LX MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 20 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current spee...

Page 145: ...roadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 500 262143 packets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 20 addresses Port se...

Page 146: ...Eth 1 13 Basic information Port type 1000T Mac address 00 30 f1 47 58 46 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status Down Ope...

Page 147: ...omatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Su...

Page 148: ...BASE SX LX LH 1000full Forced Mode Shows the forced preferred port type to use for the combination ports 9 12 Copper Forced Always uses the built in RJ 45 port Copper Preferred Auto Uses the built in RJ 45 port if both combination types are functioning and the RJ 45 port has a valid link SFP Forced Always uses the SFP port even if module is not installed SFP Preferred Auto Uses SFP port if both co...

Page 149: ... RD SW 133 2 Console config if shutdown3 9 Console config if no shutdown Console config if no negotiation3 4 Console config if speed duplex 100half3 3 Console config if flowcontrol3 7 Console config if negotiation Console config if capabilities 100half3 5 Console config if capabilities 100full Console config if capabilities flowcontrol Console config if exit Console config interface ethernet 1 21 ...

Page 150: ...red as part of a static trunk If ports on another device are also configured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than four ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the lo...

Page 151: ...the entire trunk Statically Configuring a Trunk Command Usage When configuring static trunks you may not be able to link switches of different types depending on the manufacturer s implementation However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connectin...

Page 152: ...CONFIGURING THE SWITCH 3 98 and click Add After you have completed adding ports to the member list click Apply ...

Page 153: ...Console config if exit Console config interface ethernet 1 93 1 Console config if channel group 13 21 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Console show interfaces status port channel 13 11 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed dupl...

Page 154: ...laced in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply ...

Page 155: ... channel group Console config interface ethernet 1 13 1 Console config if lacp3 22 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 13 11 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port admin status Up Speed duplex Auto Capabilities 10h...

Page 156: ...ust be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 0 Port Priority If a li...

Page 157: ...the Port Actor You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply ...

Page 158: ... system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid3 28 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show lacp 1 internal3 28 Cha...

Page 159: ... value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show 1 lacp counters3 28 Channel group 1 Eth 1 1 LACPDUs Sent 21 LACPDUs Received 21 Marke...

Page 160: ...an link aggregation Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP system priority assigned to this port channel ...

Page 161: ...of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Ag...

Page 162: ...configuration settings and the operational state for the remote side of an link aggregation Console show 1 lacp internal3 28 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long ...

Page 163: ...ocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current ope...

Page 164: ...ghbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper State distributing collecting synchronization aggregation long timeout LACP activ...

Page 165: ...raffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Protect Status Shows whether or not broadcast storm control h...

Page 166: ...fig interface ethernet 1 2 Console config if switchport broadcast packet rate 6003 9 Console config if end Console show interfaces switchport ethernet 1 23 14 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acc...

Page 167: ... All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Target Port...

Page 168: ...he monitor port then use the port monitor command to specify the source port Note that default mirroring under the CLI is for both received and transmitted packets Console config interface ethernet 1 103 1 Console config if port monitor ethernet 1 133 16 Console config if ...

Page 169: ... the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Se...

Page 170: ...ernet like MIBs as well as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different...

Page 171: ...sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The nu...

Page 172: ... The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into the transmission of a packet FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include frames received with frame too long or frame ...

Page 173: ...abbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Received Bytes Total number of bytes of data received on the network This statistic can be used as a reasonable indication of Ethernet utilization Collisions The best estimate of the total number of collisions on this Ethernet segment...

Page 174: ...ess than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 By...

Page 175: ...PORT CONFIGURATION 3 121 ...

Page 176: ...tats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Te...

Page 177: ...able Lists all the static addresses Interface Port or trunk associated with the device assigned a static address MAC Address Physical address of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address ...

Page 178: ...associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Web Click Address Table Dynamic Addresses Specify the search type i e mark...

Page 179: ...ss table Command Attributes Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click Apply Console show mac address table interface ethernet 1 13 35 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 180: ...ng Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then...

Page 181: ...chieves must faster reconfiguration i e around one tenth of the time required by STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs Displaying Global Settings You can display a ...

Page 182: ...ing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Designated Root The priority and MAC address of the device...

Page 183: ...aximum time in seconds this device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected from among the device ports attached to the network References t...

Page 184: ...s for the MST region Remaining hops The remaining number of hop counts for the MST instance Transmission limit The minimum interval between the transmission of consecutive RSTP MSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Web Click Spanning Tree STA I...

Page 185: ... or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below Console show spanning tree3 51 Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 VLANs configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec ...

Page 186: ...led Spanning Tree Type Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority b...

Page 187: ...selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is requir...

Page 188: ...pecifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP ...

Page 189: ...SPANNING TREE ALGORITHM CONFIGURATION 3 135 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply ...

Page 190: ...nformation Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port ...

Page 191: ...pe The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 3 140 Oper Edge Port This parameter is initialized to the setting for Admin Edge Port in STA Port Configuration on page 3 140 i e true or false but will be set to false if ...

Page 192: ...takes precedence over port priority Internal path cost The path cost for the MST See the preceeding item Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as Alternate port receives more useful BPDUs from another bridge and is therefore not sel...

Page 193: ...he end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does...

Page 194: ...type to indicate a point to point connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 53 51 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5 Designated root 61440 0 0000E...

Page 195: ...ndicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as...

Page 196: ...if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports prov...

Page 197: ...STA Trunk Configuration Modify the required attributes then click Apply CLI This example sets STA attributes for port 7 VLANs in MST Instance VLANs assigned this instance MST ID VLAN ID VLAN to assign to this selected MST instance Range Console config interface ethernet 1 73 1 Console config if no no spanning tree spanning disabled3 45 Console config if spanning tree port priority 03 47 Console co...

Page 198: ...b Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add ...

Page 199: ...c 15 Max hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designate...

Page 200: ...e Field Attributes MST Instance ID Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values CLI This displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the Console config spanning tree mst configuration4 168 Console config mst mst...

Page 201: ...15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 ...

Page 202: ...rt address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch...

Page 203: ... 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Configuration or Trunk Configuration Enter the priority and path cost for an interface and click Apply CLI This example sets th...

Page 204: ...hout having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets...

Page 205: ...icipate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not supp...

Page 206: ...the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving port in the specified VLANs and then forward the message to all other ports Wh...

Page 207: ...gged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should...

Page 208: ...the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch F...

Page 209: ... want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Console show bridge ext3 73 Max support vlan numbers 255 Max support vlan ID 4094 Extended ...

Page 210: ...ll down list Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel groups Sho...

Page 211: ...formation can be displayed with the following command Console show vlan id 13 64 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Console ...

Page 212: ...t is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a ...

Page 213: ...ort index page 3 161 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 163 Command Attributes VLAN ID of configured VLAN 1 4094 no leading zeroes C...

Page 214: ... carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN R...

Page 215: ...dex Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tagged member Console config interface ethernet 1 13 1 Console config if switchport allowed vlan add 2 tagged3 62 Console config if exit Console config interface ethernet 1 2 Conso...

Page 216: ...CONFIGURING THE SWITCH 3 162 Non Member VLANs for which the selected interface is not a tagged member ...

Page 217: ...ring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces including the default VLAN identifier PVID accepted frame types ingress filtering GVRP status and GARP timers Command Usage GVRP GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group A...

Page 218: ...gged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Default Disabled Ingress filtering only affects tagged frames If ingress filtering is disabled and a port ...

Page 219: ...00 centiseconds Default 60 GARP LeaveAll Timer The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 Mode Indicates VLAN membership mode for an interface Defa...

Page 220: ...he native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 33 1 Console config if switchport acceptable frame types tagged 3 59 Console config if switchport ingress filtering3 60 Console config if switchport native vlan 33 61 Console config if switchport gvrp3 73 Console config if garp timer join 203 75 Console config if garp...

Page 221: ...e VLANs and normal VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply CLI This example enables private VLANs Console config pvlan3 70 Console config Uplink Ports Primary VLAN promiscuous ports x D...

Page 222: ...ports 3 and 4 as uplinks and ports 5 and 6 as downlinks Configuring Protocol Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic ...

Page 223: ...ign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page Configuring Protocol Groups Create a protocol group for one or more protocols Command Attributes Protocol Group ID Group identifier of this protocol group Range 1 2147483647 Frame Type Frame type used by this protocol Options Et...

Page 224: ...erfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is...

Page 225: ...is forwarded Range 1 4094 Web Click VLAN Protocol VLAN Port Configuration Select a a port or trunk enter a protocol group ID the corresponding VLAN ID and click Apply CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3 Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 33 67 Console conf...

Page 226: ...ed default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not ap...

Page 227: ...hernet 1 33 1 Console config if switchport priority default 53 78 Console config if end Console show interfaces switchport ethernet 1 53 14 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type ...

Page 228: ...ollowing table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 7 where 7 is the highest CoS priority queue CLI shows Queue ID Web Click Priority Traffic Classes Mark an interface and click S...

Page 229: ...ed as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 13 1 Console config queue cos map 0 0 3 81 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map ethernet 1 13 84 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7 Inf...

Page 230: ...ng Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower priority queues Web Click Priority Queue Mode Select Strict or WRR then...

Page 231: ...eight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class Range 1 15 CLI shows Queue ID Web Click Priority Queue Scheduling ...

Page 232: ...assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 153 81 Console config exit Console show queue bandwidth3 84 Information of Eth 1 1 Queue ID Weight 0 1 1 3 2 5 3 7 4 9 5 11 6 13 7 15 Information of Eth 1 2 Queue ID Weight ...

Page 233: ...mation may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be enabled Enabling one of these priority types will automatically disable the other Selecting IP Precedence DSCP Priorit...

Page 234: ...CONFIGURING THE SWITCH 3 180 CLI The following example enables IP Precedence service on the switch Console config map ip precedence3 88 Console config ...

Page 235: ...nce value 0 maps to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high prio...

Page 236: ...ays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip precedence3 88 Console config interface ethernet 1 13 1 Console config if map ip precedence 1 cos 03 88 Console config if end Console show map ip precedence ethernet 1 13 92 Precedence mapp...

Page 237: ...DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web ...

Page 238: ... is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp3 89 Console config interface ethernet 1 13 1 Console config if map ip dscp 1 cos 03 90 Console config if end Console show map ip dscp ethernet 1 13 93 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 E...

Page 239: ...ace to which the settings apply IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Priority IP Port Status Set IP Port Priority Status to Enabled Click Priority I...

Page 240: ...ority is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Mapping CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as shown in the following table Note that the specified CoS value is only used to map the matching packet to an output Console config map ip port3 85 Console config ...

Page 241: ...before you can map CoS values to the rule Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 For information on configuring ACLs see page 3 72 Web Click Priority ACL CoS Priority Select a port select an ACL rule specify a CoS priority then click Add Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 ...

Page 242: ...an ACL mask before you can change priorities based on a rule Traffic priorities may be included in the IEEE 802 1p priority tag This tag is also incorporated as part of the overall IEEE 802 1Q VLAN tag The 802 1p priority may be set for either Layer 2 or IP frames The IP frame header also includes priority bits in the Type of Service ToS octet The Type of Service octet may contain three bits for I...

Page 243: ...ange 0 63 802 1p Priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Web Click Priority ACL Marker Select a port and an ACL rule To specify a ToS priority mark the Precedence DSCP check box select Precedence or DSCP from the scroll down box and enter a priority To specify an 802 1p priority mark the 802 1p Priority check box and enter a priority Then...

Page 244: ...ned at every multicast switch router it passes through to ensure that traffic is only passed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then ...

Page 245: ...hosts and their immediately adjacent multicast router switch IGMP is a multicast host registration protocol that allows any host to inform its local router that it wants to receive transmissions addressed to a specific multicast group A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN pe...

Page 246: ...re the switch ports which need to forward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can manually designate a known IGMP querier i e a multicast router switch connected over the network to an interface on your switch page 3 196 This interface will then join all the current multicast groups supported by the attached router switch to ensure tha...

Page 247: ...st host groups to identify the IP multicast group members It simply monitors the IGMP packets passing through it picks out the group registration information and configures the multicast filters accordingly IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP mul...

Page 248: ...ing an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list Range 5 30 seconds Default 10 IGMP Query Timeout The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 seconds Default 300 I...

Page 249: ...tatically assigned to an interface on the switch Console config ip igmp snooping3 96 Console config ip igmp snooping querier3 100 Console config ip igmp snooping query count 103 101 Console config ip igmp snooping query interval 1003 102 Console config ip igmp snooping query max response time 203 102 Console config ip igmp snooping query time out 3003 104 Console config ip igmp snooping version 23...

Page 250: ...IGMP Snooping Multicast Router Port Information Select the required VLAN ID from the scroll down list to display the associated multicast routers CLI This example shows that Port 11 has been statically configured as a port attached to a multicast router Specifying Static Interfaces for a Multicast Router Depending on your network connections IGMP snooping may not always be able to locate the IGMP ...

Page 251: ...rom the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configuration Specify the interfaces attached to a multicast router indicate the VLAN which will forward all the corresponding multicast traffic and then click Add After you have finished adding interfaces to the list click Apply CLI This examp...

Page 252: ...Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service CLI This example displays al...

Page 253: ...Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Multicast IP The IP ...

Page 254: ...icast routing Note that IGMP Snooping can only be globally enabled IGMP Query Multicast query is used to poll each known multicast group for active members and dynamically configure the switch ports which need to forward multicast traffic Although the implementation differs slightly IGMP Query is used in conjunction with both Layer 2 IGMP Snooping and multicast routing Note that when using IGMP Sn...

Page 255: ...oups to which they already belong If a router does not receive a report message within a specified period of time it will prune that interface from the multicast tree A host can also submit a join message at any time without waiting for a query from the router Host can also signal when they no longer want to receive traffic for a specific group by sending a leave group message These IGMP messages ...

Page 256: ... the maximum response time advertised in IGMP queries Range 0 25 seconds Default 10 seconds The switch must be using IGMPv2 for this command to take effect This command defines how long any responder i e client or router still in the group has to respond to a query message before the router deletes the group By varying the Maximum Query Response Time you can tune the burstiness of IGMP messages pa...

Page 257: ...oss for this interface The robustness value is used in calculating the appropriate range for other IGMP variables such as the Group Membership Interval Last Member Query Interval as well as the Other Querier Present Interval and the Startup Query Count RFC 2236 Range 1 255 Default 2 Version Configures the IGMP version used on an interface Options Version 1 or 2 Default Version 2 All routers on the...

Page 258: ... 107 Console config if ip igmp last memb query interval 103 111 Console config if ip igmp max resp interval 203 110 Console config if ip igmp query interval 1003 110 Console config if ip igmp robustval 33 108 Console config if ip igmp version 13 112 Console config if end Console show ip igmp interface vlan 13 113 Vlan 1 is up IGMP is enable version is 2 Robustness variable is 2 Query interval is 1...

Page 259: ...he source of the last membership report received for this multicast group address on this interface If no membership report has been received this object has the value 0 0 0 0 Up time The time elapsed since this entry was created Expire The time remaining before this entry will be aged out Default 260 seconds V1 Timer The time remaining until the switch assumes that there are no longer any IGMP Ve...

Page 260: ...ing DNS queries to the switch and waiting for a response You can manually configure entries in the DNS table used for mapping domain names to IP addresses configure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Server Parameters Command Usage To enable DNS service on this switch first configure one or more name server...

Page 261: ...name server is specified the servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name Defines the default domain name appended to incomplete host nam...

Page 262: ... SWITCH 3 208 Web Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply ...

Page 263: ... IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host device that is mapped to one or more IP addresses Range 1 64 characters IP Address Internet address es associated with a host name Range 1 8 ad...

Page 264: ...ITCH 3 210 Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply ...

Page 265: ...wo address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 553 177 Console config ip host rd6 10 1 0 55 Console show host3 183 Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias 1 rd6 ...

Page 266: ...is always 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this...

Page 267: ...address or client identifier The DHCP server can provide the host s IP address domain name gateway router and DNS server information about the host s boot image including the TFTP server to access for download and the name of the boot file or boot information for NetBIOS Windows Internet Naming Service WINS Console show dns cache3 184 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207 46 134 222 51 www micr...

Page 268: ... client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcasts the DHCP response received from the server to the client Command Usage You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server Command Attributes ...

Page 269: ... assign temporary IP addresses to any attached host requesting service It can also provide other network settings such as the domain name default gateway Domain Name Servers DNS Windows Internet Naming Service WINS name servers or information on the bootup file for the host device to download Addresses can be assigned to clients from a common address pool configured for a specific IP interface on ...

Page 270: ...ure up to 32 fixed host addresses i e entering one address per pool Enabling the Server Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients Command Attributes DHCP Server Enables or disables the DHCP server on this switch Default Disabled Excluded Addresses Specifies IP addresses that the DHCP server should not assign to DHCP cli...

Page 271: ...Command Usage First configure address pools for the network interfaces Then you can manually bind an address to a specific client if required However note that any static host address must fall within the range of an existing network address pool You can configure up to 8 network address pools and up to 32 manually bound host address pools i e one address per host pool When a client request is rec...

Page 272: ... BOOTP clients cannot transmit a client identifier you must configure a hardware address for this host type If no manual binding has been specified for a host entry with a hardware address or client identifier the switch will assign an address from the first matching network pool If the subnet mask is not specified for network or host address pools the class A B or C natural mask is used see page ...

Page 273: ...must be configured for a DHCP client to map host names to IP addresses Netbios Server IP address of the primary and alternate NetBIOS Windows Internet Naming Service WINS name server used for Microsoft DHCP clients Netbios Type NetBIOS node type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the client Range 1 32 characters Boot...

Page 274: ... Creating a New Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add CLI This example adds an address pool and enters DHCP pool configuration mode Console config ip dhcp pool mgr3 162 Console config dhcp ...

Page 275: ...CLI This example configures a network address pool Console config ip dhcp pool tps3 162 Console config dhcp network 10 1 0 0 255 255 255 03 163 Console config dhcp default router 10 1 0 2533 164 Console config dhcp dns server 10 2 3 43 165 Console config dhcp netbios name server 10 1 0 333 167 Console config dhcp netbios node type hybrid3 168 Console config dhcp domain name example com3 165 Consol...

Page 276: ...k DHCP Server Pool Configuration Click the Configure button for any entry Click the radio button for Host Enter the IP address subnet mask and hardware address for the client device Configure the optional parameters such as gateway server and DNS server Then click Apply ...

Page 277: ...have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host In this case the host generally accepts the first address assigned by any DHCP server Console config ip dhcp pool mgr3 162 Console config dhcp host 10 1 0 19 255 255 255 03 170 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet3 173 Console config dhcp client identifier te...

Page 278: ... to clear an address from the DHCP server s database CLI This example displays the current binding and then clears all automatic binding Console show ip dhcp binding3 175 IP MAC Lease Time Start 10 1 0 20 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console clear ip dhcp binding 3 174 Console ...

Page 279: ...s participating in the virtual group as the address for the master virtual router while HSRP requires you to configure an arbitrary address for the virtual master router Both protocols then select the backup routers based on the specified virtual router priority HSRP also includes the ability to dynamically modify the virtual router priority based on the operational state of other interfaces on th...

Page 280: ...address that can be used as the default gateway for host devices on the attached network Master Router VRID 23 IP R1 192 168 1 3 IP VR23 192 168 1 3 VR Priority 255 Master Router VRID 25 IP R2 192 168 2 17 IP VR25 192 168 2 17 VR Priority 255 Backup Router VRID 23 IP R3 192 168 1 4 IP VR23 192 168 1 3 VR Priority 100 VRID 25 IP R3 192 168 2 18 IP VR23 192 168 2 17 VR Priority 100 Router 1 VRID 23 ...

Page 281: ...s is derived from the Owner The Owner will also assume the role of the Master virtual router in the group If you have multiple secondary addresses configured on the current VLAN interface you can add any of these addresses to the virtual router group The interfaces of all routers participating in a virtual router group must be within the same IP subnet VRRP creates a virtual MAC address for the ma...

Page 282: ...group master If preemption is enabled and this router has a higher priority than the current acting master when it comes on line it will take over as the acting group master You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control If the router attempting to become the master has just come on line this del...

Page 283: ...ER REDUNDANCY 3 229 Preemption Shows if this router is allowed to preempt the acting master Priority Priority of this router in the VRRP group AuthType Authentication mode used to verify VRRP packets from other routers ...

Page 284: ...ty and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be processed by network devices that are not part of the designated VRRP group If the master router stops sending advertisements backup routers will bid to become the master router based on priority The dead interval before attemptin...

Page 285: ...authentication string All routers in the same VRRP group must be set to the same authentication mode and be configured with the same authentication string Plain text authentication does not provide any real security It is supported only to prevent a misconfigured router from participating in VRRP Authentication String Key used to authenticate VRRP packets received from other routers Range 1 8 alph...

Page 286: ...r and click Add Click the Edit button for a group entry to open the detailed configuration window Enter the IP address of a real interface on this router to make it the master virtual router for the group Otherwise enter the virtual address for an existing group to make it a backup router Click Add IP to enter an ...

Page 287: ...en set any of the other parameters as required and click Apply CLI This example creates VRRP group 1 sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address It then adds a secondary IP address to the ...

Page 288: ...received with an invalid VRID for this virtual router Console config interface vlan 13 57 Console config if vrrp 1 ip 192 168 1 63 212 Console config if vrrp 1 ip 192 168 2 6 secondary Console config if vrrp 1 timers advertise 53 216 Console config if vrrp 1 preempt delay 103 217 Console config if vrrp 1 priority 13 215 Console config if vrrp 1 authentication bluebird3 214 Console config if end Co...

Page 289: ... IP interface Range 1 4094 Default 1 VRID VRRP group identifier Range 1 255 Times Become Master Number of times this router has transitioned to master Received Packets Number of VRRP advertisements received by this router Error Interval Packets Number of VRRP advertisements received for which the advertisement interval is different from the one configured for the local virtual router Authenticatio...

Page 290: ...der Invalid Type Packets Number of VRRP packets received by the virtual router with an invalid value in the type field Error Address List Packets Number of packets received for which the address list does not match the locally configured list for the virtual router Invalid Authentication Type Packets Number of packets received with an unknown authentication type Mismatch Authentication Type Packet...

Page 291: ...1 counters3 222 Total Number of Times Transitioned to MASTER 6 Total Number of Received Advertisements Packets 0 Total Number of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority 0 VRRP Packets 0 Total Number of Sent Priority 0 VRRP Packets 5 Total Number ...

Page 292: ...ess must be configured on at least one router in the virtual router group If an IP address is not specified the designated address is learned through the exchange of HSRP messages Note that the designated address cannot be the same as a physical address The subnet mask for the physical interface on which the designated address is configured is used as the subnet mask of the designated address The ...

Page 293: ...ter fails When the original master router recovers it will become the active master router again if the configured priorities have not been changed If two or more routers are configured with the same HSRP priority the router with the higher IP address is elected as the new master router if the current master fails The priority setting takes precedence over authentication In other words if a router...

Page 294: ...on VLAN ID ID of a VLAN configured with an IP interface Range 1 4094 Default 1 Group HSRP group identifier Range 1 255 State HSRP router role Values Master Backup Virtual Address Virtual IP address for this group Hellotime Interval at which the master and standby virtual routers send advertisements communicating their state Holdtime Time before the master or standby router is declared down Preempt...

Page 295: ...is declared down Range Hellotime 1 to 255 seconds Default 10 seconds If the master router stops sending advertisements backup routers will bid to become the master based on priority The hold time before declaring a router dead should be normally be set to a value 3 times or more than the hello time Preempt Mode Allows a backup router to take over as the master virtual router if it has a higher pri...

Page 296: ...ter will be changed whenever the interface goes down or comes back up by the corresponding tracking priority You can specify up to 32 IP interfaces to be tracked by this command If you specify a VLAN interface that has not been configured with an IP address tracking will not affect the HSRP router priority Tracking Priority Amount by which the HSRP router priority is decremented or incremented whe...

Page 297: ...figuration window Set the values for the advertisement interval preemption priority and authentication as required Enter the virtual IP address for the group You can also enter secondary IP addresses that will be supported by the group Enter any IP interfaces for which the status should be tracked and ...

Page 298: ...CONFIGURING THE SWITCH 3 244 the corresponding value by which to adjust the priority when the interface state changes Then click Apply ...

Page 299: ...lan 3 1003 232 Console config if standby 1 timers 2 53 231 Console config if standby 1 preempt delay 103 228 Console config if standby 1 priority 103 227 Console config if standby 1 authentication bluebird3 230 Console show standby3 234 Vlan 1 Group 1 Local State is Active priority 5 confgd 10 may preempt Preemption delayed for 10 secs Hellotime 6 sec holdtime 18 sec Next hello sent in 0 0 5 Host ...

Page 300: ...n all ports belong to the same VLAN and the switch provides only Layer 2 functionality Therefore you should first create VLANs for each unique user group or application traffic page 3 158 assign all ports that belong to the same group to these VLANs page 3 159 and then assign an IP interface to each VLAN page 3 252 By separating the network into different VLANs it can be partitioned into subnetwor...

Page 301: ...nation address Replacing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same subnetwork as the source network then the packet can be transmitted directly without the help of a router VLAN 1 VLAN 2 Inter subnet traffic Layer 3 switching Routing Unt Untagged Unt ...

Page 302: ... as an IP router either by setting it as the default gateway or by redirection from another router via the ICMP process When the switch receives an IP packet addressed to its own MAC address the packet follows the Layer 3 routing process The destination IP address is checked against the Layer 3 address table If the address is not already there the switch broadcasts an ARP packet to all the ports o...

Page 303: ...ing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch Dynamic routing uses a routing protocol to exchange routing information calculate routing tables and respond to changes in the status or loading of the network The switch supports RIP RIP 2 and OSPFv2 dynamic routing protocols RIP and RIP 2 Dynamic Routing...

Page 304: ...networks for non IP protocols must follow the same logical boundary as that of the IP subnetworks A separate multi protocol router can then be used to link the subnetworks by connecting to one port from each available VLAN on the network Basic IP Interface Configuration To allow routing between different IP subnets you must enable IP Routing as described in this section You also need to you define...

Page 305: ...dresses Default Gateway The routing device to which the switch will pass packets for all unknown subnets i e packets that do not match any routing table entry Valid IP addresses consist of four numbers 0 to 255 separated by periods Web Click IP General Global Settings Set IP Routing Status to Disabled to restrict operation to Layer 2 or Enabled to allow multilayer switching specify the default gat...

Page 306: ...e network and subnetwork numbers of the segment that is connected to that interface and allows you to send IP packets to or from the router Before you configure any network interfaces on this router you should first create a VLAN for each unique user group or for each network application and its associated users Then assign the ports associated with each of these VLANs Command Attributes VLAN ID I...

Page 307: ...s will be broadcast periodically by the router for an IP address DHCP BOOTP values include the IP address and subnet mask IP Address Address of the VLAN interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Subnet Mask This mask identifies the host address bits used for routing to specific subnets ...

Page 308: ...condary addresses enter these addresses one at a time and click Set IP Configuration after entering each address CLI This example sets a primary IP address for VLAN 1 and then adds a secondary IP address for a different subnet also attached to this router interface Console config interface vlan 1 Console config if ip address 10 1 0 253 255 255 255 03 116 Console config if ip address 10 1 9 253 255...

Page 309: ...acket is delivered to the final destination If there is no entry for an IP address in the ARP cache the router will broadcast an ARP request packet to all devices on the network The ARP request contains the following fields similar to that shown in this example When devices receive this request they discard it if their address does not match the destination IP address in the message However if it ...

Page 310: ...on You can use the ARP General configuration menu to specify the timeout for ARP cache entries or to enable Proxy ARP for specific VLAN interfaces Command Usage The aging time determines how long dynamic entries remain the cache If the timeout is too short the router may tie up resources by repeating ARP requests for addresses recently flushed from the table End stations that require Proxy ARP mus...

Page 311: ...sets the ARP cache timeout for 15 minutes i e 900 seconds and enables Proxy ARP for VLAN 3 Configuring Static ARP Addresses For devices that do not respond to ARP requests traffic will be dropped because the IP address cannot be mapped to a physical address If this occurs you can manually map an IP address to the corresponding physical address in the ARP Command Usage You can define up to 128 stat...

Page 312: ...atic entries in the ARP cache Web Click IP ARP Static Addresses Enter the IP address the corresponding MAC address and click Apply CLI This example sets a static entry for the ARP cache Displaying Dynamically Learned ARP Entries The ARP cache contains entries that map IP addresses to the corresponding physical address Most of these entries will be dynamically learned through replies to broadcast m...

Page 313: ...mic to Static Changes a selected dynamic entry to a static entry Clear All Deletes all dynamic entries from the ARP cache Entry Count The number of dynamic entries in the ARP cache These buttons take effect immediately You are not prompted to confirm the action Web Click IP ARP Dynamic Addresses You can use the buttons provided to change a dynamic entry to a static entry or to clear all dynamic en...

Page 314: ...face associated with the address entry Entry Count The number of local entries in the ARP cache Console show arp3 124 Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff ...

Page 315: ...e show arp3 124 Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console Parameter Description Received Request Number of ARP Request packets rec...

Page 316: ...0 reassembled 0 timeouts 0 fragmented 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 tota...

Page 317: ...arded The number of input datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Output Requests The total number of datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Output Packet No Route The number of datagrams discarded because no route could be found to transm...

Page 318: ...d The total number of input datagrams successfully delivered to IP user protocols including ICMP Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Fragments Created The number of datagram fragments that have been generated as a result of fragmentati...

Page 319: ...not reach its destination when the gateway does not have the buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes i e the next hop router to use for a specific destination Statistical Values Parameter Description Messages The total number of ICMP messages...

Page 320: ...eceived sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply messages received sent Timestamps The number of ICMP Timestamp request messages received sent Timestamp Replies The number of ICMP Timestamp Reply messages received sent Address Masks The number of ICMP Address Mask Reques...

Page 321: ...nism providing access to IP like services UDP packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Statistical Values Parameter Description Datagrams Received The total number of UDP datagrams delivered to UDP users Datagrams Sent The total number of UDP data...

Page 322: ...lack of an application at the destination port No Ports The total number of received UDP datagrams for which there was no application at the destination port Parameter Description Segments Received The total number of segments received including those received in error This count includes segments received on currently established connections Segments Sent The total number of segments sent includi...

Page 323: ...a direct transition to the LISTEN state from the SYN RCVD state Current Connections The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT Receive Errors The total number of segments received in error e g bad TCP checksums Segments Retransmitted The total number of segments retransmitted that is the number of TCP segments transmitted containing one or more pr...

Page 324: ...able routes to ensure network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets Gateway IP address of the gateway used for this route Metric Cost for this interface This cost i...

Page 325: ...ailable through more than one of these methods the priority for route selection is local static and then dynamic Also note that the route for a local interface is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or...

Page 326: ...nerated this route information Options local static RIP OSPF Metric Cost for this interface Entry Count The number of table entries Web Click IP Routing Routing Table CLI This example shows routes obtained from various methods Console show ip route3 129 Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 1 0 254 static 1 1 10 1 0 0 255 255 255 0 10 1 0 253 local 1 1 10 1 1 0 2...

Page 327: ...would cause endless retransmission of data traffic RIP utilizes the following three methods to prevent loops from occurring Split horizon Never propagate routes back to an interface port from which they have been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Trig...

Page 328: ...P messages are received from other routers To communicate properly with other routers using RIP you need to specify the RIP version used globally by the router as well as the RIP send and receive versions used on specific interfaces page 3 277 Command Usage When you specify a Global RIP Version any VLAN interface not previously set to a specific Receive or Send Version page 3 277 is set to the fol...

Page 329: ...e and the garbage collection timer to 4 times the update time Range 15 60 seconds Default 30 seconds Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable However packets are still forwarded on this route Default 180 seconds Garbage Collection After the timeout...

Page 330: ...t will be included in the RIP routing process Command Usage RIP only sends updates to interfaces specified by this command Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class Console config router rip3 132 Console config router version 23 135 Conso...

Page 331: ...Network Addresses Add all interfaces that will participate in RIP and click Apply CLI This example includes network interface 10 1 0 0 in the RIP routing process Configuring Network Interfaces for RIP For each interface that participates in the RIP routing process you must specify the protocol message type accepted i e RIP version and the Console config router rip3 132 Console config router networ...

Page 332: ...ot want to add any dynamic entries to the routing table for an interface For example you may only want to allow static routes for a specific interface You can specify the Send Version based on these options Use RIPv1 or RIPv2 if all routers in the local network are based on RIPv1 or RIPv2 respectively Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the netwo...

Page 333: ... not a secure protocol Any device sending protocol messages from UDP port 520 will be considered a router by its neighbors Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required RIPv2 supports authentication via a simple password When a router is configured to exchange authentication messages it will insert the password into all tra...

Page 334: ...nfinity i e 16 before the route is deemed unreachable Split Horizon This method never propagates routes back to an interface from which they have been acquired Poision Reverse This method propagates routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Authentication Type Specifies whether or not authent...

Page 335: ...bility in the network topology to Split Horizon enables authentication via a simple password i e called text mode in the CLI Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP statistics about route changes and queries information about the interfaces on this router that are using RIP and information about known RIP p...

Page 336: ... RIPv2 rip1Compatible ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1Orv2 InstabilityPreventing Shows if split horizon poison reverse or no instability prevention method is in use AuthType Shows if authentication is set to simple password or none RcvBadPackets Number of bad RIP packets received RcvBadRoutes Number of bad routes received SendUpdates Number of route changes...

Page 337: ...IP ROUTING 3 283 Web Click Routing Protocol RIP Statistics ...

Page 338: ...ueries 0 Console show ip rip configuration3 143 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console show ip rip status3 143 Interface RcvBadPackets RcvBadRoutes SendUpdates 10 1 0 253 0 0 60 10 1 1 253 0 0 63 Console show ip rip peer3 143 Peer UpdateTime Vers...

Page 339: ...s IP multicast to propagate routing information A separate routing area scheme is also used to further reduce the amount of routing traffic Note The OSPF protocol implemented in this device is based on Version 2 RFC 2328 It also supports Version 1 RFC 1583 compatibility mode to ensure that the same method is used to calculate summary route costs throughout the network when older OSPF routers exist...

Page 340: ... allows OSPF to run over non broadcast networks as well as support for overlapping area ranges When using OSPF you must organize your network i e autonomous system into normal stub or not so stubby areas configure the ranges of subnet addresses that can be aggregated by link state advertisements and configure virtual links for areas that do not have direct physical access to the OSFP backbone To i...

Page 341: ...r basic protocol parameters Command Attributes General Information OSPF Routing Process Enables or disables OSPF routing for all IP interfaces on the router Default Disabled OSPF Router ID Assigns a unique router ID for this device within the autonomous system Default The lowest interface address Version Number 1 This router only supports OSPF Version 2 Area Border Router 1 Indicates if this route...

Page 342: ...se the OSP Interface Configuration screen Default 100 SPF Hold Time seconds The hold time between making two consecutive shortest path first SPF calculations Range 0 65535 Default 10 Area Numbers 1 The number of OSPF areas configured on this router Default Route Information Originate Default Route 2 Generates a default external route into an autonomous system Note that the AS Boundary Router field...

Page 343: ...ternal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a tie breaker if several Type 2 routes have the same cost Default Type 2 Default External Metric 2 The Metric assigned to the default route Range 1 65535 Default 10 1 These items are read only 2 CLI These items are configured with the default inf...

Page 344: ...his example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf3 146 Console config router router id 10 1 1 2533 147 Console config router no compatible rfc15833 148 Console config router default information originate always metric 10 metric type 23 149 Console config router timers spf 103 150 Console config router ...

Page 345: ...reduce the amount of routing traffic required through the use of route summaries that aggregate a range of addresses into a single route The backbone or any normal area can pass traffic between other areas and are therefore known as transit areas Each router in an area has identical routing tables These tables may include area links summarized links or external links that depict the topology of th...

Page 346: ...e NSSA By default these routes are not flooded onto the backbone or into any other area by area border routers However the NSSA s ABRs will convert NSSA external LSAs Type 7 into external LSAs Type 5 which are propagated into other areas within the AS Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF the default route static routes r...

Page 347: ... area or not so stubby area NSSA Area ID 0 0 0 0 is set to the backbone by default Default Normal area Default Cost Cost for the default summary route sent into a stub from an area border router ABR Range 0 16777215 Default 1 Note that if you set the default cost to 0 the router will not advertise a default route into the attached stub Summary Makes an ABR send a Type 3 summary link advertisement ...

Page 348: ...as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default route to 10 Console config router network 10 1 1 0 255 255 255 0 area 0 0 0 13 155 Console config router area 0 0 0 2 stub summary3 156 Console config router area 0 0 0 2 default cost 103 152 Console config router ar...

Page 349: ...y an IP address and network mask You therefore need to structure each area with a contiguous set of addresses so that all routes in the area fall within an easily specified range This router also supports Variable Length Subnet Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs imported into your autonomous system i e local rou...

Page 350: ...summary route If the summary is not sent the routes remain hidden from the rest of the network Default Advertise Note This router supports up 64 summary routes for area ranges Web Click Routing Protocol OSPF Area Range Configuration Specify the area identifier the base address and network mask select whether or not to advertise the summary route to other areas and then click Apply CLI This example...

Page 351: ...nfigure the interface specific parameters used by OSPF to select the designated router control the timing of link state advertisements set the cost used to select preferred paths and specify the method used to authenticate routing messages Field Attributes OSPF Interface List VLAN ID The VLAN to which an IP interface has been assigned Interface IP The IP interface associated with the selected VLAN...

Page 352: ... The router with the highest priority becomes the DR and the router with the next highest priority becomes the BDR If two or more routers are set to the same priority the router with the higher ID will be elected You can set the priority to zero to prevent a router from being elected as a DR or BDR If a DR already exists for an area when this interface comes up the new router will accept the curre...

Page 353: ...rip delay between any two routers on the attached network to avoid unnecessary retransmissions Hello Interval Sets the interval between sending hello packets on an interface Range 1 65535 seconds Default 10 This interval must be set to the same value for all routers on the network Using a smaller Hello interval allows changes in the network topology to be discovered more quickly but may result in ...

Page 354: ...ing a 128 bit message digest from the authentication key Without the proper key and key id it is nearly impossible to produce any message that matches the prespecified target message digest The Authentication Key and Message Digest Key id must be used consistently throughout the autonomous system Note that the Message Digest Key id field is disabled when this authentication type is selected Authen...

Page 355: ... the new key Once all the neighboring routers start sending protocol messages back to this router with the new key the router will stop using the old key This rollover process gives the network administrator time to update all the routers on the network without affecting the network connectivity Once all the network routers have been updated with the new key the old key should be removed for secur...

Page 356: ...nsole config if ip ospf priority 53 168 Console config if ip ospf transmit delay 63 169 Console config if ip ospf retransmit interval 73 169 Console config if ip ospf hello interval 53 167 Console config if ip ospf dead interval 503 166 Console config if ip ospf cost 103 166 Console config if ip ospf authentication message digest3 163 Console config if ip ospf message digest key 1 md5 aiebel3 165 ...

Page 357: ...ckbone itself Note that you cannot configure a virtual link that runs through a stub or NSSA area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitioning or to connect two existing backbone areas into a common backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IP...

Page 358: ...ing Protocol OSPF Virtual Link Configuration To create a new virtual link specify the Area ID and Neighbor Router ID configure the link attributes and click Add To modify the settings for an existing link click the Detail button for the required entry modify the link settings and click Set ...

Page 359: ... corresponding network address range Each area identifies a logical group of OSPF routers that actively exchange LSAs to ensure that they share an identical view of the network topology Each area must be connected to a backbone area This area passes routing information between other areas in the autonomous system The default value 0 0 0 0 is used as the Area ID for the backbone All routers must be...

Page 360: ...s IP Address Address of the interfaces to add to the area Netmask Network mask of the address range to add to the area Area ID Area to which the specified address or range is assigned An OSPF area identifies a group of routers that share common routing information The area ID must be in the form of an IP address Note This router supports up to 16 total areas either normal transit areas stubs or NS...

Page 361: ...IP ROUTING 3 307 other areas in your network configure an area for all of the other OSPF interfaces then click Apply ...

Page 362: ... summary addresses to reduce the size of the routing table and consolidate these external routes for advertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 3 295 Command Attributes IP Address Summary address covering a range of addresses Console config router network 10 0 0 0 255 0 0 0 area 0 0 0 03 155 Console config router netwo...

Page 363: ...outes Web Click Routing Protocol OSPF Summary Address Configuration Specify the base address and network mask then click Add CLI This example This example creates a summary address for all routes contained in 192 168 x x Console config router summary address 192 168 0 0 255 255 0 03 153 Console config router ...

Page 364: ...e even if an external route does not actually exist page 3 287 Metric type specifies the way to advertise routes to destinations outside the autonomous system AS via External LSAs Specify Type 1 to add the internal cost metric to the external route metric In other words the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR plus the c...

Page 365: ...edistribute Specify the protocol type to import the metric type and path cost then click Add CLI This example redistributes routes learned from RIP as Type 1 external routes Configuring NSSA Settings Use the OSPF NSSA Settings page to configure a not so stubby area NSSA and to control the use of default routes for ABRs and ASBRs or external routes learned from other routing domains and imported vi...

Page 366: ...igure an NSSA ASBR to generate a Type 7 default route to areas outside of the AS or an NSSA ABR to generate a Type 7 default route to other areas within the AS Default Disabled No Redistribution The Redistribute Configuration page page 3 310 is used to import information from other routing domains or protocols into the AS However when the router is an NSSA ABR you can choose whether or not to acce...

Page 367: ...te Advertisements LSAs The full collection of LSAs collected by a router interface from the attached area is known as a link state database Routers that are connected to multiple interfaces will have a separate database for each area Each router in the same area should have an identical database describing the topology for that area and the shortest path to external destinations Console config rou...

Page 368: ...pe 3 Area border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an autonomous system boundary router ASBR AS External Type 5 An ASBR can generate an AS External LSA for each known network destination outside the AS NSSA External Type 7 An ASBR within an NSSA gener...

Page 369: ...Type Options Type 1 5 7 See the preceding description Adv Router IP address of the advertising router If not entered information about all advertising routers is displayed Age Age of LSA in seconds Seq Sequence number of LSA used to detect older duplicate LSAs CheckSum Checksum of the complete contents of the LSA These items are read only ...

Page 370: ...s for viewing the Link State Database See show ip ospf database on page 3 172 Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers ABR and Autonomous System Boundary Routers ASBR known by this device Field Attributes Destination Identifier for the destination router Next Hop IP address of the next hop toward the destination Cost Link m...

Page 371: ...Protocol OSPF Border Router Information CLI This example shows one router that serves as both the ABR for the local area and the ASBR for the autonomous system Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area Field Attributes ID Neighbor s router ID Console show ip ospf border routers3 171 Destination Next Hop Cost Type RteT...

Page 372: ... Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic neighbor S Static neighbor DR Designated router BDR Backup designated router Address IP address of this interface Web Click Routing Protocol ...

Page 373: ...urce rooted multicast delivery tree for each multicast source but uses information from the router s unicast routing table instead of maintaining its own multicast routing table making it routing protocol independent Also note that the Dense Mode version of PIM is supported on this router because it is suitable for densely populated multicast groups which occur primarily in the LAN environment If ...

Page 374: ...r 3 336 Note that you can only enable one multicast routing protocol on any given interface Web Click IP Multicast Routing General Setting Set Multicast Forwarding Status to Enabled and click Apply CLI This example enables multicast routing globally for the router Console config ip multicast routing3 187 Console config ...

Page 375: ... directly attached subnetworks or on subnetworks attached to downstream routers Field Attributes Group Address IP group address for a multicast service Source Address Subnetwork containing the IP multicast source Netmask Network mask for the IP multicast source Interface Interface leading to the upstream neighbor Owner The associated multicast protocol i e DVMRP or PIM Flags The flags associated w...

Page 376: ...CONFIGURING THE SWITCH 3 322 Web Click IP Multicast Routing Multicast Routing Table Click Detail to display additional information for any entry ...

Page 377: ...e routers then send a prune message back to the source to stop a data stream if the router is attached to a LAN which does not want to receive traffic from a particular multicast group However if a host attached to this router issues an IGMP message indicating that it wants to subscribe to the concerned multicast service this router will use DVMRP to build up a source rooted multicast delivery tre...

Page 378: ...t message on to adjacent routers except for the port through which the message arrived This process eliminates potential loops from the tree and ensures that the shortest path in terms of hop count is always used Configuring Global DVMRP Settings DVMRP is used to route multicast traffic to nodes which have requested a specific multicast service via IGMP This router uses Reverse Path Forwarding RPF...

Page 379: ...MULTICAST ROUTING 3 325 Command Usage ...

Page 380: ...CONFIGURING THE SWITCH 3 326 Broadcasting periodically floods the source flooding potential hosts pruning source grafting source ...

Page 381: ...iscovers a new group member on one of its connections it sends a graft message to the upstream router When an upstream router receives this message it cancels the prune message If necessary graft messages are propagated back toward the source until reaching the nearest live branch in the multicast tree The global settings that control the prune and graft messages i e prune lifetime should be confi...

Page 382: ...35 Default 7200 seconds Default Gateway Specifies the default DVMRP gateway for IP multicast traffic Default none The specified interface advertises itself as a default route to neighboring DVMRP routers It advertises the default route out through its other interfaces Neighboring routers on the other interfaces return Poison Reverse messages for the default route back to the router When the router...

Page 383: ...outing globally for the router page 3 319 enable DVMRP globally for the router Console config router dvmrp3 191 Console config router probe interval 303 192 Console config router nbr timeout 403 193 Console config router report interval 903 194 Console config router flash update interval 103 194 Console config router prune lifetime 50003 195 Console config router default gateway 10 1 0 2533 196 Co...

Page 384: ...face Settings VLAN Selects a VLAN interface on this router Metric Sets the metric for this interface used to calculate distance vectors Status Enables or disables DVMRP If DVMRP is enabled on any interface Layer 3 IGMP should also be enabled on the router page 3 200 If DVMRP is disabled the interface cannot propagate IP multicast routing information However as long as IGMP snooping is enabled the ...

Page 385: ...1 Displaying Neighbor Information You can display all the neighboring DVMRP routers Command Attributes Neighbor Address The IP address of the network device immediately upstream for this multicast delivery tree Interface The IP interface on this router that connects to the Console config interface vlan 13 1 Console config if ip dvmrp3 197 Console config if ip dvmrp metric 23 198 Console config if ...

Page 386: ...anges in neighbor capabilities Refer to DVMRP IETF Draft v3 10 section 3 2 1 for a detailed description of these bits These bits are described below Leaf bit 0 Neighbor has only one interface with neighbors Prune bit 1 Neighbor supports pruning Generation ID bit 2 Neighbor sends its Generation ID in probe messages Mtrace bit 3 Neighbor can handle multicast trace requests SNMP bit 4 Neighbor is SNM...

Page 387: ...ation learned via DVMRP route updates and is used to forward IP multicast traffic The routes listed in the table do not reflect actual multicast traffic flows For this information you should look at the IGMP Member Port Table page 3 199 or the IGMP Group Membership Table page 3 205 Command Attributes IP Address IP subnetwork that contains a multicast source an upstream router or an outgoing interf...

Page 388: ...l network PIM DM is a simple multicast routing protocol that uses flood and prune to build a source routed multicast delivery tree for each multicast source group pair It is simpler than DVMRP because it does not maintain it s own routing table Instead it uses the routing table provided by the unicast routing protocol enabled on the router interface When the router receives a multicast packet for ...

Page 389: ...nfiguring Global PIM DM Settings PIM DM is used to route multicast traffic to nodes which have requested a specific multicast service via IGMP It uses the router s unicast routing table to determine if the interface through which a packet is received provides the shortest path back to the source This is done on a per hop basis back toward the source of the multicast delivery tree PIM DM uses three...

Page 390: ... to determine if the interface through which a packet is received provides the shortest path back to the source Dense mode interfaces are subject to multicast flooding by default and are only removed from the multicast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a downstream router The interface settings th...

Page 391: ...ization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is received from a new neighbor the receiving router will send its own Hello message after a random delay between 0 and the Trigger Hello Interval Prune Holdtime Configures of the hold time for the prune state The multicast interface that first receives a multicast stream from ...

Page 392: ...t Retries Range 1 65535 seconds Default 3 Max Graft Retries Configures the maximum number of times to resend a graft message if it has not been acknowledged Range 1 65535 Default 2 Web Click Routing Protocol PIM DM Interface Settings Select a VLAN enable or disable PIM DM for the selected interface modify any of the protocol parameters as required and click Apply ...

Page 393: ...ed PIM router for this interface Console config interface vlan 23 57 Console config if ip pim dense mode3 204 Console config if ip pim hello interval 603 205 Console config if ip pim hello holdtime 2103 206 Console config if ip pim trigger hello interval 103 206 Console config if ip pim join prune holdtime 603 207 Console config if ip pim graft retry interval 93 208 Console config if ip pim max gr...

Page 394: ...ed to this neighbor Up time The duration this entry has been active Expire The time before this entry will be removed Mode PIM mode used on this interface Only Dense Mode is supported Console show ip pim interface 13 210 Vlan 1 is up PIM is enabled mode is Dense Internet address is 10 1 0 253 Hello time interval is 30 sec trigger hello time interval is 5 sec Hello holdtime is 105 sec Join Prune ho...

Page 395: ...Web Click Routing Protocol PIM DM Neighbor Information CLI This example displays the only neighboring PIM DM router Console show ip pim neighbor3 210 Address VLAN Interface Uptime Expire Mode 10 1 0 253 1 613 91 Dense Console ...

Page 396: ...CONFIGURING THE SWITCH 3 342 ...

Page 397: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 398: ...ch is unassigned by default To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an is...

Page 399: ...mpt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty 0 for the guest to show that you are using normal access mode i e Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessi...

Page 400: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 401: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 402: ...t information interfaces Information of interfaces ip IP information line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Show management ip filter map Map priority port Characteristics of the port protocol vlan Protocol vlan information public key Show information of public key pvlan Informa...

Page 403: ...system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified ...

Page 404: ...d associated modes are displayed in the following table Exec Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or admi...

Page 405: ...and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These comm...

Page 406: ...and databits Router Configuration These commands configure global settings for unicast and multicast routing protocols VLAN Configuration Includes the command to create VLAN groups Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance To enter the Global Configuration mode enter the command configure in Privileged Exec mode The syst...

Page 407: ... access list ip extended access list ip mask precedence access list mac access list mac mask precedence Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl 3 113 DHCP ip dhcp pool Console config dhcp 3 155 Interface interface ethernet port port channel id vlan id Console config if 3 1 VLAN vlan database Console config vlan 3 5...

Page 408: ...ts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters the last comma...

Page 409: ...ntrol 3 92 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 3 113 SNMP Activates authentication failure traps configures community access strings and trap managers also configures IP address filtering 3 147 DHCP Configures DHCP client relay and server functions 3 155 DNS Con...

Page 410: ...IB 3 71 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP traffic types IP precedence and DSCP 3 77 Multicast Filtering Configures IGMP multicast filtering query parameters and specifies ports attached to a multicast router 3 95 IP Interface Configures IP address for the switch interfac...

Page 411: ...tion and starts the line configuration mode GC 3 16 login Enables password checking at login LC 3 17 password Specifies a password on a line LC 3 18 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 3 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 3 20 silent time Sets the amount of time t...

Page 412: ...onfiguration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command disconnect Terminates a line connection PE 3 25 show line Displays a terminal line s parameters NE PE 3 26...

Page 413: ...uthentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the man...

Page 414: ...0 7 password no password 0 7 0 means plain password 7 means encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you e...

Page 415: ...ted passwords Example Related Commands login 3 17 password thresh 3 20 exec timeout This command sets the interval that the system waits until user input is detected Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode L...

Page 416: ...o password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When thi...

Page 417: ...ssword thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 3 20 Console confi...

Page 418: ...bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related...

Page 419: ... odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command Console config line parity none Console config line ...

Page 420: ...he speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly Example To specify 57600 bps ...

Page 421: ...or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Console config line stopbits 2 Console confi...

Page 422: ...rtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive timeout ...

Page 423: ... 15 to access Privileged Exec mode Default Setting Level 15 Command Function Mode Page enable Activates privileged mode NE 3 27 disable Returns to normal mode from privileged mode PE 3 28 configure Activates global configuration mode PE 3 29 show history Shows the command history buffer NE PE 3 29 reload Restarts the system PE 3 30 end Returns to Privileged Exec mode any config mode 3 31 exit Retu...

Page 424: ...Commands disable 3 28 enable password 3 37 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Command Usage T...

Page 425: ...ng some of the other configuration modes including Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Example Related Commands end 3 31 show history This command shows the contents of the command history buffer Default Setting None Console disab...

Page 426: ...onfiguration command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running confi...

Page 427: ...mmand returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console reload System will be restarted continue y n y Console config if end Console ...

Page 428: ... to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Console config exit Console exit Press ENTER to start session User Access Verification Username ...

Page 429: ... identifies this switch 3 34 User Access Configures the basic user names and passwords for management access 3 35 IP Filter Configures IP addresses that are allowed management access 3 38 Web Server Enables management access via a web browser 3 41 Secure Shell Provides secure replacement for Telnet 3 45 Event Logging Controls logging of error messages 3 58 SMTP Alerts Configures SMTP email alerts ...

Page 430: ...ting Console Command Mode Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore the default host name Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 3 34 hostname Specifies the host name for the switch GC 3 34 snmp server contact Sets the system contact string GC 3 148 snmp server locatio...

Page 431: ...user authentication via a remote authentication server page 3 92 and host access authentication for specific ports page 3 104 username This command adds named users requires authentication at login specifies or changes a user s password or specify that no password is required or specifies or changes a user s access level Use the no form to remove a user name Console config hostname RD 1 Console co...

Page 432: ...assword password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The factory defaults for the user names and passwords are Command Mode Global Configuration Command Usage The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted wh...

Page 433: ...means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged E...

Page 434: ...ent telnet client start address end address all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting address of a range end address The end address of a range Console config enable password lev...

Page 435: ...will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This ex...

Page 436: ... the Telnet group Command Mode Global Configuration Example Console show management all client Management Ip Filter Http Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 ...

Page 437: ...e 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 3 42 Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 3 41 ip http server Allows the switch to be monitored or configured from a browser GC 3 42 ip http secure server Enables HTTPS SSL for encrypted communications GC 3 42 ip http secure port Sp...

Page 438: ...nfiguration Example Related Commands ip http port 3 41 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Console con...

Page 439: ...eys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x and Netscape Navigator 4 x or later versions The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 49 Also ref...

Page 440: ...secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip...

Page 441: ...assword for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install a SSH client on the management station when using this protocol to configure the...

Page 442: ...enerate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a ip ssh crypto host key generate Generates the host key PE 3 52 ip ssh crypto zeroize Clear t...

Page 443: ... shown in the following example 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187721199696317 81366277414168985132049117204830339254324101637997592371449011938006090253948 40848271781943722884025331159521348610229029789827213532671316294325328189150 45306393916643 steve 192 168 1 19 4 Set the Optional Paramete...

Page 444: ... during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server Use this command to enable the Secure Shell SSH server on this switch Use the no form to disable this service Syntax ip ssh server no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four cli...

Page 445: ... timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Console ip ssh...

Page 446: ... the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 3 54 Console config ip ssh timeout 60 Console config Console config ip ssh authentication re...

Page 447: ...Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key Use this command to delete the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type...

Page 448: ...nd stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and e...

Page 449: ...ype Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 3 52 ip ssh save host key 3 54 no ip ssh s...

Page 450: ...ey Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 3 52 show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server k...

Page 451: ...tion Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client ...

Page 452: ...ifferent algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanc...

Page 453: ...505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp...

Page 454: ...o control the type of error messages that are stored Command Function Mode Page logging on Controls logging of error messages GC 3 58 logging history Limits syslog messages saved to switch memory based on severity GC 3 59 logging host Adds a syslog server host IP address that will receive logging messages GC 3 60 logging facility Sets the facility type for remote logging of syslog messages GC 3 61...

Page 455: ... to switch memory based on severity The no form returns the logging of syslog messages to the default level Syntax logging history flash ram level no logging history flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset Console config logging on Console config ...

Page 456: ...rver host IP address that will receive Level Argument Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpected return errors 3 Error conditions e g invalid input default used critical 2 Critical conditions e g memory allocation or free me...

Page 457: ... The maximum number of host IP addresses allowed is five Example logging facility This command sets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode...

Page 458: ...imits syslog messages saved to a remote server based on severity Use the no form to return the remote logging of syslog messages to the default level Syntax no logging trap level level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 3 59 Default Setting Level 3 0 Command Mode Global Configuration Example clear logging T...

Page 459: ...lated Commands show logging 3 63 show logging This command displays the logging configuration along with any system and event messages stored in memory Syntax show logging flash ram sendmail trap flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset sendmail Displays settings for the SMTP event handler page 3 70 ...

Page 460: ...PRI_MGR_InitDefault function fails level 3 module 13 function 0 and event no 0 Console show logging ram Syslog logging Enable History logging in RAM level debugging 0 0 0 5 1 1 1 PRI_MGR_InitDefault function fails level 3 module 13 function 0 and event no 0 Console Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The mess...

Page 461: ...0 0 REMOTELOG server IP address 0 0 0 0 Console Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity thres...

Page 462: ...ll the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in the list and tries to send mail again If it still fails the system will repeat the process a...

Page 463: ...vel down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through ...

Page 464: ...symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will send email alerts for system errors from level 3 through 0 logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email add...

Page 465: ...r a separate command to specify each recipient Example logging sendmail This command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Disabled Command Mode Global Configuration Example Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config ...

Page 466: ...SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enable Console Command Function Mode Page sntp client Accepts time from specified time servers GC 3 71 sntp server Specifies one or more time servers GC 3 72 sntp poll Sets the interval at which the client polls for time GC 3 73 sntp broadcast client Accep...

Page 467: ...me starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command The SNTP time query method is set to client mode when the first sntp client command is issued However if the sntp broadcast cli...

Page 468: ...his command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Command Mode Global Configuration Console config sntp server 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current time Dec 23 02 52 44 2002 Poll inte...

Page 469: ...ll command Example Related Commands sntp client 3 71 sntp poll 3 73 show sntp 3 75 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration ...

Page 470: ...itch s clock based on time broadcast from time servers using the multicast address 224 0 1 1 Use the no form to disable SNTP broadcast client mode Syntax no sntp broadcast client Default Setting Disabled Command Mode Global Configuration Example Console config sntp poll 60 Console Console config sntp broadcast client Console ...

Page 471: ...the current SNTP mode i e client or broadcast Example clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 1 12 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc S...

Page 472: ...nd minutes your time zone is east before or west after of UTC Example Related Commands show sntp 3 75 calendar set This command sets the system clock Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october no...

Page 473: ...w to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar set 15 12 34 1 February 2002 Console Console show calendar set 15 12 34 February 1 2002 Console ...

Page 474: ... separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 3 78 show running config Displays the configurati...

Page 475: ...ing config This command displays the configuration information currently in use Console show startup config building startup config please wait username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca snmp server commu...

Page 476: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs Rout...

Page 477: ...743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 lacp partner admin key 0 spanning tree edge port...

Page 478: ...Example Console show system System description SMC Networks SMC8612XL3 System OID string 1 3 6 1 4 1 202 20 33 System information System Up time 0 days 0 hours 12 minutes and 49 7 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 30 F1 8F D5 50 Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST result DUMMY Test 1 PASS UART ...

Page 479: ...his command is indicated by a symbol next to the Line i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None Online users Line Username Idle time h m s Remote IP addr 0 conso...

Page 480: ...Disabled Command Mode Global Configuration Command Usage This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes Compared Console show version Unit1 Serial number A322043872 Hardware version R01 Number of ports 12 Main power status up Redundant power status down Agent master Unit ID 1 Loader version 2 0 2 3 Boot ROM version 2 0...

Page 481: ...l to 64 packets per second See the switchport broadcast command on page 3 9 Example Flash File Commands These commands are used to manage the system code or configuration files copy This command moves upload download a code image or configuration file between the switch s flash memory and a TFTP server When you save the system code or configuration settings to a file on a TFTP server that file can...

Page 482: ... Keyword that allows you to copy to from a TFTP server https certificate Copies an HTTPS certificate from an TFTP server to the switch Default Setting None Command Mode Privileged Exec Command Usage The system prompts for data required to complete the copy command The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum leng...

Page 483: ...nostic image See Upgrading Firmware via the Serial Port on page B 1 for more details Example The following example shows how to upload the configuration settings to a file on the TFTP server The following example shows how to copy the running configuration to a startup file Console copy file tftp Choose file type 1 config 2 opcode 1 2 1 Source file name startup TFTP server ip address 10 1 0 99 Des...

Page 484: ...one Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1...

Page 485: ...opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on this file cannot be shown Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any...

Page 486: ...lumn Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte diag_0060 Boot Rom image Y 111360 run_01642 Operation Code N 1074304 run_0200 Operation Code Y 1083008 Factory_Default_Config cfg Conf...

Page 487: ...ype of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Console which...

Page 488: ...k client access using IEEE 802 1x Console config boot system config startup Console config Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 3 93 RADIUS Client Configures settings for authentication via a RADIUS server 3 94 TACACS Client Configures settings for authentication via a TACACS server 3 98 Port Security Configures secure addresses for...

Page 489: ...CP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication ser...

Page 490: ...access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication login radius Console config Command Function Mode Page radius server host Specifies the RADIUS server GC 3 95 radius server port Sets the RADIU...

Page 491: ...efault Setting 10 1 0 1 Command Mode Global Configuration Example radius server port This command sets the RADIUS server network port Use the no form to restore the default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Console config radius server h...

Page 492: ...ing Maximum length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Consol...

Page 493: ...tax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Console config radius server retransmit 5 Console config Con...

Page 494: ... a switch tacacs server host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Console show radius server Server IP address 10 1 0 1 Communication key with radius server Server port number 1812 Retransmit times 2 Request timeout 5 Console Command Function Mode...

Page 495: ...tax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Console config tacacs server host 192 168 1 25 Console config Console config tacacs server port 181...

Page 496: ...rs Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console config tacacs server key green Console config Console show tacacs server Remote TACACS server configuration Server IP address 10 11 12 13 Communication key with radius server green Ser...

Page 497: ... port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is violated shutdown Disable port only trap Issue SNMP ...

Page 498: ...ort security to stop address learning Be sure you enable the learning function long enough to ensure that all valid VLAN members have been registered on the selected port To add new VLAN members at a later time you can manually add secure addresses with the mac address table static command or turn off port security to re enable the learning function long enough for new VLAN members to be registere...

Page 499: ...es port security for port 5 and sets the response to a security violation to issue a trap message Related Commands shutdown 3 9 mac address table static 3 34 show mac address table 3 35 Console config interface ethernet 1 5 Console config if port security action trap ...

Page 500: ...s that the switch retransmits an EAP request identity packet to the client before it times out the authentication session GC 3 105 dot1x port control Sets dot1x mode for a port interface IC 3 106 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 3 107 dot1x re authenticate Forces re authentication on specific ports PE 3 107 dot1x re authentication Enables re authentication f...

Page 501: ...efault values Syntax dot1x default Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req Console config authentication dot1x default radius Conso...

Page 502: ...uires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example...

Page 503: ...ost max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Example dot1x re authenticate This command forces re authentication on all port...

Page 504: ...ion Command Mode Global Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Console dot1x r...

Page 505: ...ange 1 65535 Default 3600 seconds Command Mode Global Configuration Example dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Console config dot1x time...

Page 506: ...t This is device 1 port Port number Command Mode Privileged Exec Command Usage This command displays the following information Global 802 1X Parameters Displays the global port access control parameters that can be configured for this switch as described in the preceding pages including reauth enabled page 3 108 reauth period page 3 109 quiet period page 3 108 tx period page 3 109 and max req page...

Page 507: ... control Max request page 3 105 Quiet period page 3 108 Reauth period page 3 109 Tx period page 3 109 and Port control page 3 106 It also displays the following information Status Authorization status authorized or unauthorized Supplicant MAC address of authorized client Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborti...

Page 508: ...zed 1 disabled ForceAuthorized n a 2 disabled ForceAuthorized n a 11 disabled ForceAuthorized yes 12 enabled Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 12 Max request 2 Quiet period 350 Reauth period 300 Tx period 300 Status Unauthorized Port control Auto Supplicant 00 00 00 00 00 00 Authenticator State Machine State Connecting Reauth Count 3 Backend State ...

Page 509: ...opped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol ...

Page 510: ...work for destination mac known packets not for multicast broadcast or destination mac unknown packets The order in which active ACLs are checked is as follows 1 User defined rules in the Egress MAC ACL for egress ports 2 User defined rules in the Egress IP ACL for egress ports 3 User defined rules in the Ingress MAC ACL for ingress ports 4 User defined rules in the Ingress IP ACL for ingress ports...

Page 511: ...rs packets matching a specified source IP address STD A CL 3 11 7 permit deny Filters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT A CL 3 11 8 show ip access list Displays the rules for configured IP ACLs PE 3 12 1 access list ip mask precedence Changes to the mode for configuring access control masks ...

Page 512: ...6 characters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list show map access list ip Shows CoS value mapped to an access list for...

Page 513: ...nating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmas...

Page 514: ...ckets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol number udp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask no perm...

Page 515: ...senting a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Includes TCP UDP or other protocol types Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separate...

Page 516: ...t SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets ...

Page 517: ...ifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 3 117 ip access group 3 127 access list ip mask precedence This command changes to the IP Mask mode used to configure access control masks Use the no form to delete the mask table Console config ext acl permit 192 168 1 0 255 255 255 0 any tcp control cod...

Page 518: ...cket is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Example Related Commands mask IP ACL 3 122 ip access group 3 127 mask IP ACL This command...

Page 519: ...itmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the protocol destination port field port bitmask Protocol port of rule must match this bitmask Range 0 65535 control flag Check the field for control flags flag bitmask Control flags of rule must match this bitmask Range 0 63 Defa...

Page 520: ...his shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host any entry Console config access list ip mask precedence in Console config ip mask acl mask host any Console config ip ...

Page 521: ...Console config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list ...

Page 522: ...g access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask a...

Page 523: ... list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it t...

Page 524: ...g an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Console config int eth 1 2 Console config if ip access group standard david in Console...

Page 525: ...mation on mapping the CoS values to output queues see queue cos map on page 3 81 Example Related Commands queue cos map 3 81 show map access list ip 3 129 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface Priority 0 1 2 3...

Page 526: ...ket marking Use the no form to remove the ACL marker Syntax match access list ip acl_name set priority priority set tos tos_value set dscp dscp_value no match access list ip acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority tos_value IP Precedence value Range 0 7 dscp_value Differentiat...

Page 527: ...t may contain three bits for IP Precedence or six bits for Differentiated Services Code Point DSCP service To specify the IP precedence priority use the set tos keywords To specify the DSCP priority use the set dscp keywords Note that the IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority a...

Page 528: ...AND LINE INTERFACE 4 132 Example Related Commands match access list ip 3 130 Console show marking Interface ethernet 1 12 match access list IP bill set DSCP 0 match access list MAC a set priority 0 Console ...

Page 529: ... mode for configuring access control masks GC 3 13 7 mask Sets a precedence mask for the ACL rules MAC Ma sk 3 13 8 show access list mac mask precedence Shows the ingress or egress rule masks for MAC ACLs PE 3 14 1 mac access group Adds a port to a MAC ACL IC 3 14 2 show mac access group Shows port assignments for MAC ACLs PE 3 14 3 map access list mac Sets the CoS value and corresponding output q...

Page 530: ...e use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 3 134 mac access group 3 142 show mac access list 3 136 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address i e physical layer address or Etherne...

Page 531: ...dress bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source address bitmask any host destination destination address bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source or destination address host A specific MAC address source...

Page 532: ...ude the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 3 133 show mac access list This command displays the rules for configured MAC ACLs Syntax show mac access list acl_name acl_name Name of the ACL Maximum length 16 characters Command Mo...

Page 533: ...nd packets according to specified MAC ACLs Command Mode Global Configuration Command Usage You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule A mask can only be used by all ingress ACLs or all egress ACLs The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by th...

Page 534: ...this keyword must be used in the mask the packet format must be specified in ACL rule to match any Any address will be matched host The address must be for a single node source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask vid Check the VLAN ID field vid bitmask VLAN ID of rule must match this bitmask ethertype Check ...

Page 535: ...ackets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules were entered First create the required ACLs and inbound or outbound masks before mapping an ACL to an interface ...

Page 536: ...le config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 Console config access list mac mask precedence in Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 12 Console config if mac access group M4 in Console config if end Console show ac...

Page 537: ...e config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config if mac access group...

Page 538: ...tes that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show mac ...

Page 539: ...an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet mat...

Page 540: ...oS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Console config int eth 1 5 Console config if map access list mac M5 cos 0 Console config if Console show map access list mac Access list...

Page 541: ...t priority priority no match access list mac acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Related Comm...

Page 542: ...nction Mode Page show access list Show all ACLs and associated rules PE 3 14 6 show access group Shows the ACLs assigned to each port PE 3 14 6 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 0 0 0 255 any dport 80 permit 192 168 1 0 0 0 0 255 any protocol tcp cont...

Page 543: ...P standard access list david MAC access list jerry Console Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 3 147 snmp server contact Sets the system contact string GC 3 148 snmp server location Sets the system location string GC 3 149 snmp server host Specifies the recipient of an SNMP notification operation GC 3 150 snmp se...

Page 544: ...ns are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP SNMPv1 The no snmp ser...

Page 545: ...uration Example Related Commands snmp server location 3 149 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Console config snmp server contact Paul...

Page 546: ...ination IP address entries community string Password like community string sent with the notification operation Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP ...

Page 547: ...d For example some notification types are always enabled The switch can send SNMP version 1 or version 2c notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is to send SNMP version 1 notifications Example Related Commands snmp server enable traps 3 151 snmp server enable...

Page 548: ...e notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host command Use the snmp server host command to specify which host or hosts receive SNMP notifications In order to send notifications you must configure at least one snmp server host command Example Related Commands snmp server host 3 150 snmp ip filter This comm...

Page 549: ... address of a single management station the bitmask should be set to 255 255 255 255 Otherwise an IP address group is specified by the bitmask The default setting is null which allows all IP groups SNMP access to the switch If one IP address is configured IP filtering is enabled and only addresses in the specified IP group will have SNMP access IP filtering does not affect management access to the...

Page 550: ... Console show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next...

Page 551: ...ies the DCHP client identifier for the current interface Use the no form to remove this identifier Syntax ip dhcp client identifier text text hex hex no ip dhcp client identifier text A text string Range 1 15 characters Command Group Function Pag e DHCP Client Allows interfaces to dynamically acquire IP address information 3 15 5 DHCP Relay Relays DHCP requests from local hosts to a remote DHCP se...

Page 552: ...ed Commands ip dhcp restart client 3 156 ip dhcp restart client This command submits a BOOTP or DHCP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available Conso...

Page 553: ...nd to enable DHCP relay for the specified VLAN Use the no form to disable it Syntax ip dhcp relay no ip dhcp relay Default Setting Disabled Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode Dhcp Console Command Function Mod e P...

Page 554: ...d scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcasts the DHCP response received from the server to the client Example In the following example the device is reassigned the same address Related Commands ip dhcp relay server 3 158 ip dhcp relay server Use this command to specify the addresses of DHCP servers to be use...

Page 555: ...iguration VLAN Usage Guidelines You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server To start DHCP relay service enter the ip dhcp restart relay command Example Related Commands ip dhcp restart relay 3 157 Console config interface vlan 1 Console config if ip dhcp relay server 10 1 0 99 Console config ...

Page 556: ...a DHCP client DC 3 16 5 next server Configures the next server in the boot process of a DHCP client DC 3 16 6 bootfile Specifies a default boot image for a DHCP client DC 3 16 7 netbios name server Configures NetBIOS Windows Internet Naming Service WINS name servers available to Microsoft DHCP clients DC 3 16 7 netbios node type Configures NetBIOS node type for Microsoft DHCP clients DC 3 16 8 lea...

Page 557: ...DHCP server should not assign to DHCP clients Use the no form to remove the excluded IP addresses Syntax ip dhcp excluded address low address high address no ip dhcp excluded address low address high address low address An excluded IP address or the first IP address in an excluded address range show ip dhcp binding Displays address bindings on the DHCP server PE NE 3 17 5 These commands are used f...

Page 558: ...ss pools are not configured Command Mode Global Configuration Usage Guidelines After executing this command the switch changes to DHCP Pool Configuration mode identified by the config dhcp prompt From this mode first configure address pools for the network interfaces using the network command You can also manually bind an address to a specific client with the host command if required You can confi...

Page 559: ...lines When a client request is received the switch first checks for a network address pool matching the gateway where the request originated i e if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It ...

Page 560: ... remove the default routers Syntax default router address1 address2 no default router address1 Specifies the IP address of the primary router address2 Specifies the IP address of an alternate router Default Setting None Command Mode DHCP Pool Configuration Usage Guidelines The IP address of the router should be on the same subnet as the client You can specify up to two routers Routers are listed i...

Page 561: ...ing None Command Mode DHCP Pool Configuration Example dns server Use this command to specify the Domain Name System DNS IP servers available to a DHCP client Use the no form to remove the DNS server list Syntax dns server address1 address2 no dns server address1 Specifies the IP address of the primary DNS server address2 Specifies the IP address of the alternate DNS server Default Setting None Con...

Page 562: ...onfigure the next server in the boot process of a DHCP client Use the no form to remove the boot server list Syntax next server address no next server address address Specifies the IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server Default Setting None Command Mode DHCP Pool Configuration Example Related Commands bootfile 3 167 Console...

Page 563: ...hat is used as a default boot image Default Setting None Command Mode DHCP Pool Configuration Example Related Commands next server 3 166 netbios name server Use this command to configure NetBIOS Windows Internet Naming Service WINS name servers that are available to Microsoft DHCP clients Use the no form to remove the NetBIOS name server list Syntax netbios name server address1 address2 no netbios...

Page 564: ...t preferred server Example Related Commands netbios node type 3 168 netbios node type Use this command to configure the NetBIOS node type for Microsoft DHCP clients Use the no form to remove the NetBIOS node type Syntax netbios node type type no netbios node type type Specifies the NetBIOS node type broadcast hybrid recommended mixed peer to peer Default Setting None Console config dhcp netbios na...

Page 565: ...DHCP COMMANDS 4 169 Command Mode DHCP Pool Configuration Example Related Commands netbios name server 3 167 Console config dhcp netbios node type hybrid Console config dhcp ...

Page 566: ...ecifies the number of minutes in the lease A days and hours value must be supplied before you can configure minutes Range 0 59 infinite Specifies that the lease time is unlimited This option is normally used for addresses manually bound to a BOOTP client via the host command Default Setting One day Command Modes DHCP Pool Configuration Example The following example leases an address to clients usi...

Page 567: ...DHCP COMMANDS 4 171 Syntax host address mask no host address Specifies the IP address of a client mask Specifies the network mask of the client Default Setting None Command Mode DHCP Pool Configuration ...

Page 568: ...dentifier for DHCP clients and then compares the hardware address for DHCP or BOOTP clients If no manual binding has been specified for a host entry with the client identifier or hardware address commands then the switch will assign an address from the matching network pool If the mask is unspecified DHCP examines its address pools If no mask is found in the pool database the Class A B or C natura...

Page 569: ...ddress are configured for a host address the client identifier takes precedence over the hardware address in the search procedure BOOTP clients cannot transmit a client identifier To bind an address to a BOOTP client you must associate a hardware address with the host entry Example Related Commands host 3 170 hardware address Use this command to specify the hardware address of a DHCP client This c...

Page 570: ...ol Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bind an address to a BOOTP client you must associate a hardware address with the host entry Example Related Commands host 3 170 clear ip dhcp binding Use this command to delete an automatic address binding from the DH...

Page 571: ... bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after moving DHCP service to another device Example Related Commands show ip dhcp binding 3 175 show ip dhcp binding Use this command to display address bindings on the DHCP server Syntax show ip dhcp binding address address Specifies the IP address of the DHCP client for ...

Page 572: ...lookup is enabled with the ip domain lookup command Console show ip dhcp binding IP MAC Lease Time Start 192 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console Command Function Mod e Page ip host Creates a static host name to address mapping GC 3 17 7 clear host Deletes entries from the host name to address table PE 3 17 8 ip domain name Defines a default domain name for incomplete host n...

Page 573: ...onfiguration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device show hosts Displays the static host name to address mapping table PE 3 18 3 show dns Displays t...

Page 574: ... None Command Mode Privileged Exec Example This example clears all static entries from the DNS table ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted Console config ip host rd5 192 168 1 55 10 1 0 55 Console config end Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias Con...

Page 575: ...tion Example Related Commands ip domain list 3 179 ip name server 3 181 ip domain lookup 3 182 ip domain list This command defines a list of domain names that can be appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove a name from this list Console config ip domain name sample com Console config end Console show...

Page 576: ...list appending each domain name in the list to the host name and checking with the specified name servers for a match If there is no domain list the domain name specified with the ip domain name command is used If there is a domain list the default domain name is not used Example This example adds two domain names to the current list and then displays the list Console config ip domain list sample ...

Page 577: ...rom this list Syntax no ip name server server address1 server address2 server address6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is r...

Page 578: ... Syntax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain ...

Page 579: ... Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show hosts Hostname rd5 Inet ...

Page 580: ...t 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten accton com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www ya...

Page 581: ...s CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMAIN Con...

Page 582: ...COMMAND LINE INTERFACE 4 186 ...

Page 583: ...isabled IC 3 3 negotiation Enables autonegotiation of a given interface IC 3 4 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 3 5 flowcontrol Enables flow control on a given interface IC 3 7 combo forced mo de Force port type selected for combination ports IC 3 8 shutdown Disables an interface IC 3 9 switchport broadcast packet rate Configures the broad...

Page 584: ...Command Mode Global Configuration Example To specify port 4 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interface Range 1 64 characters Default Setting None Console config interface ethernet 1 4 ...

Page 585: ...s disabled Use the no form to restore the default Syntax speed duplex 1000full 100full 100half 10full 10half no speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Console config interface ethernet 1 4 Console c...

Page 586: ...ing the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 3 4 capabilities 3 5 negotiation Thi...

Page 587: ...rts Example The following example configures port 11 to use autonegotiation Related Commands capabilities 3 5 speed duplex 3 3 capabilities This command advertises the port capabilities of a given interface during autonegotiation Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Syntax no capabilities 1000full 100full...

Page 588: ...E SX LX LH 1000full Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled with the negotiation command the switch will negotiate the best settings for a link based on the capabilites command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands Example The following example ...

Page 589: ...and IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must b...

Page 590: ... Always uses the built in RJ 45 port copper preferred auto Uses the built in RJ 45 port if both combination types are functioning and the RJ 45 port has a valid link sfp forced Always uses the SFP port even if module not installed sfp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting sfp preferred auto Command Mode Interface Co...

Page 591: ...ws you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast packet rate This command configures broadcast storm control Use the no form to disable broadcast storm control Console config interface ethernet...

Page 592: ...shold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast storm control at 600 packets per second clear counters This command clears statistics on an interface Syntax clear counters interface inter...

Page 593: ...ession However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit This is device 1 port Port number...

Page 594: ...Basic information Port type 1000T Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status Up Port operation...

Page 595: ...port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows the counters for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Showing Port Statistics on page 3 116 ...

Page 596: ...t input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events ...

Page 597: ... VLAN 1 Priority for untagged traffic 0 Gvrp status Disabled Allowed Vlan 1 u Forbidden Vlan Console Field Description Broadcast threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 3 9 Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabled page 3 22 Ingress Egress rate limit Shows if rate limiting is e...

Page 598: ...ckets both Mirror both received and transmitted packets Priority for untagged traffic Indicates the default priority for untagged frames page 3 77 Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled page 3 73 Allowed Vlan Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged page 3 62 Forbidden Vlan Shows the VLANs this interface can no...

Page 599: ...specifying an Ethernet interface The mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor port You can create multiple mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror al...

Page 600: ...imiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored Console config interface...

Page 601: ...se the no form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate output Output rate rate Maximum value in Mbps Range 1 to 1000 Mbps Default Setting 1000 Mbps Command Mode Interface Configuration Ethernet Port Channel Example Command Function Mode Page rate limit Configures the maximum input or output rate for a port IC 3 19 Co...

Page 602: ...ish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 3 1 channel group Adds a port to a trunk IC Ethernet 3 21 Dynamic Configuration Command lacp Configures LACP for the curre...

Page 603: ...nel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined th...

Page 604: ...faces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Console config interface port channel 1 Console config if exit C...

Page 605: ...g shows LACP enabled on ports 10 12 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that Trunk1 has been established Console config interface ethernet 1 10 Console config if lacp Console config if exit Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface et...

Page 606: ...g 32768 Command Mode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings...

Page 607: ...orts that belong to the same link aggregation group LAG Range 0 65535 Default Setting 0 Command Mode Interface Configuration Ethernet Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channe...

Page 608: ...n key is used to identify a specific link aggregation group LAG during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key l...

Page 609: ...768 Command Mode Interface Configuration Ethernet Command Usage Setting a lower value indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote si...

Page 610: ...ier for a link aggregation group Range 1 6 counters Statistics for LACP protocol messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Console config interface ethernet 1...

Page 611: ...el group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Typ...

Page 612: ...ut LACP activity Oper State distributing collecting synchronization aggregation long timeout LACP activity Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP system priority assi...

Page 613: ...tocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a...

Page 614: ...ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value a...

Page 615: ... link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 3 34 clear mac address table dynamic Removes any learned entries...

Page 616: ...nel id Range 1 6 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static ad...

Page 617: ... forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privileged Exec Example show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address...

Page 618: ... be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx xx xx that is applied to the specified MAC address Enter hexadecimal numbers where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example ...

Page 619: ...lobal Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Console show mac address table aging time Aging time 300 se...

Page 620: ...ath cost method Configures the path cost method for RSTP GC 3 44 spanning tree transmission limit Configures the transmission limit for RSTP GC 3 45 spanning tree spanning disabled Disables spanning tree for an interface IC spanning tree cost Configures the spanning tree path cost of an interface IC 3 46 spanning tree port priority Configures the spanning tree priority of an interface IC 3 47 span...

Page 621: ...ters This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode Th...

Page 622: ...STP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts usin...

Page 623: ...ting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information th...

Page 624: ...iguration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimu...

Page 625: ...message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge...

Page 626: ...rm to restore the default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower valu...

Page 627: ...g 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example This commandspanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Interface Configuration Ethernet...

Page 628: ...00 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media an...

Page 629: ...nel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Rel...

Page 630: ...ying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember th...

Page 631: ...rough the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is ...

Page 632: ...d Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works o...

Page 633: ...ge Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible Example show spanning tree This command shows the configuration for the common spanning tree CST or for an...

Page 634: ...lay the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface For a description of the items displayed under Spanning tree information see Configuring Global Settings on page 3 131 For a description of the items displayed for specific interfaces see Displaying Interface...

Page 635: ... Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designa...

Page 636: ...d Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 3 54 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 3 57 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 3 64 Configuring Protocol VLANs Configures protocol based VLANs based on...

Page 637: ...nd you can display this file by entering the show running config command Example Related Commands show vlan 3 64 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed...

Page 638: ...e VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the switch Example The following example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Related Commands show vlan 3 64 Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console con...

Page 639: ...face configuration mode for a specified VLAN IC 3 57 switchport mode Configures VLAN membership mode for an interface IC 3 58 switchport acceptable frame types Configures frame types to be accepted by an interface IC 3 59 switchport ingress filtering Enables ingress filtering on an interface IC 3 60 switchport native vlan Configures the PVID native VLAN of an interface IC 3 61 switchportallowed vl...

Page 640: ...point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN i e associated with the PVID are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to V...

Page 641: ...ore the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the d...

Page 642: ...ffects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affec...

Page 643: ...mmand Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchpo...

Page 644: ...en to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting All ports are assigned to VLAN 1 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk t...

Page 645: ...ow to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove the list of forbidden VLANs Syntax switchport forbidden vlan add vlan list remove vlan list no switchport forbidden vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Sepa...

Page 646: ...ation Syntax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Command Function Mode Page show vlan Shows VLAN...

Page 647: ...Ns including security and easy accessibility To avoid these problems you can configure this switch with protocol based VLANs that divide the physical network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type in use by the inbound packets Console show vlan id 1 VLAN Type Name Status Ports Chan...

Page 648: ...iguring Groups This command creates a protocol group or to add specific protocols to a group Use the no form to remove a protocol group Syntax protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this protocol group Range 1 2147483647 frame Frame type used by this protocol Options ethernet rfc...

Page 649: ...ing for this interface Syntax protocol vlan protocol group group id vlan vlan id no protocol vlan protocol group group id vlan group id Group identifier of this protocol group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Console ...

Page 650: ...col type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol t...

Page 651: ...groups to VLANs for the selected interfaces Syntax show interfaces protocol vlan protocol group interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Console show protocol vlan protocol group ProtocolGroup ID Frame Type Protocol Type 1 ethernet 08 00 Co...

Page 652: ... or configures a private VLAN Use the no form to disable the private VLAN Syntax pvlan up link interface list down link interface list no pvlan up link Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Command Mode Global Configuration Console show interfaces protocol vlan protocol group Port ProtocolGroup ID Vlan ID Eth 1 1 1 vlan2...

Page 653: ...sets port 12 as the uplink and ports 1 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network This section describes how to enable GVR...

Page 654: ... enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 3 72 show bridge ext Shows the global bridge extension configuration PE 3 73 switchport gvrp Enables GVRP for an interface IC 3 73 switchport forbidden vlan Configures forbidden VLANs for an interface IC 3 63 sho...

Page 655: ...8 for a description of the displayed items Example switchport gvrp This command enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID taggin...

Page 656: ...interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console show gvrp configuration ethernet 1 7 Eth 1 7 Gvrp configuration Disabled Console...

Page 657: ...mmand Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or...

Page 658: ... This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 centiseconds...

Page 659: ...ou to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch supports CoS with eight priority queues for each port Data packets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority ...

Page 660: ... Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 3 85 Command Function Mod e Page switchport priority default Sets a port priority for incoming untagged frames IC 3 78 queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 3 80 queue bandwidth Assigns round robin weights to the priority queues GC 3 81 queue cos map Assigns class ...

Page 661: ... is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue ...

Page 662: ...Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that...

Page 663: ...hts 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues Related Commands show queue bandwidth 3 84 queue cos map This command assigns class of service CoS ...

Page 664: ...ng This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode Interface Configuration Ethernet Port Channel Command Usage CoS values assigned at the ingress p...

Page 665: ...Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7 Information of Eth 1 2 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7...

Page 666: ...and Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 Console ...

Page 667: ...Queue 2 0 1 3 4 5 6 7 Console Command Function Mod e Page map ip port Enables TCP UDP class of service mapping GC 3 85 map ip port Maps TCP UDP socket to a class of service IC 3 87 map ip precedence Enables IP precedence class of service mapping GC 3 88 map ip precedence Maps IP precedence value to a class of service IC 3 88 map ip dscp Enables IP DSCP class of service mapping GC 3 89 map ip dscp ...

Page 668: ...onfiguration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority Example The following example shows how to enable TCP UDP port mapping globally Console config map ip port Console config ...

Page 669: ...Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 Console conf...

Page 670: ...e and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally map ip precedence Interface Configuration This command sets IP precedence priority i e IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip precedence valu...

Page 671: ...E 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Example The following example shows how to map IP precedence value 1 to CoS value 0 map ip dscp Global Configuration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Syntax no map ip...

Page 672: ...p Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values...

Page 673: ...and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port Use this command to show the IP port priority map Syntax show map ip port interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Rang...

Page 674: ...on 3 85 map ip port Interface Configuration 3 87 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console ...

Page 675: ...and shows the IP DSCP priority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Console ...

Page 676: ...ds map ip dscp Global Configuration 3 89 map ip dscp Interface Configuration 3 90 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 677: ...service Note that IGMP query can be enabled globally at Layer 2 or enabled for specific VLAN interfaces at Layer 3 Layer 2 query is disabled if Layer 3 query is enabled Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 3...

Page 678: ... a port to a multicast group Use the no form to remove the port Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 3 96 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 3 96 ip igmp snooping version Configures the IGMP version for snooping GC 3 97 show ip igmp snooping Shows the IGMP snooping and query configuration PE 3 98 show mac address table...

Page 679: ...hannel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp snooping version 1 IGMP Version 1 2 IGMP Version 2 Console config ip igmp snoopi...

Page 680: ...ome commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Query Parameters on page 3 193 for a description of th...

Page 681: ...4 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query interval 125 sec Query max response time 10...

Page 682: ...w mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 3 100 ip igmp snooping query count Configures the query count GC 3 101 ip igmp snooping query interval Configures the query interval GC 3 102 ip igmp snooping query...

Page 683: ...esponse before the switch takes action to drop a client from the multicast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started...

Page 684: ...p snooping query interval seconds The frequency at which the switch sends IGMP host query messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This command configures the query report delay Use the no form to restore the default Console config ip ig...

Page 685: ...s expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure th...

Page 686: ...ous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snooping version 3 ...

Page 687: ...ault Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join al...

Page 688: ...lan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip igmp snooping m...

Page 689: ...ected packet loss IC 3 108 ip igmp query interval Configures frequency for sending host query messages IC 3 109 ip igmp max resp interval Configures the maximum host response time IC 3 110 ip igmp last memb query interv al Configures frequency for sending group specific host query messages IC 3 111 ip igmp version Configures IGMP version used on this interface IC 3 112 show ip igmp interface Displ...

Page 690: ...robustness i e expected packet loss for this interface Use the no form of this command to restore the default value Syntax ip igmp robustval robust value no ip igmp robustval robust value The robustness of this interface Range 1 255 Default Setting 2 Console config interface vlan 1 Console config if ip igmp Console config if end Console show ip igmp interface Vlan 1 is up IGMP is enable version is...

Page 691: ...o form to restore the default Syntax ip igmp query interval seconds no ip igmp query interval seconds The frequency at which the switch sends IGMP host query messages Range 1 255 Default Setting 125 seconds Command Mode Interface Configuration VLAN Command Usage Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multi...

Page 692: ...x resp interval seconds The report delay advertised in IGMP queries Range 1 255 Default Setting 10 seconds Command Mode Interface Configuration VLAN Command Usage The switch must be using IGMPv2 for this command to take effect This command defines how long any responder i e client or router still in the group has to respond to a query message before the router deletes the group By varying the Maxi...

Page 693: ...ault Syntax ip igmp last memb query interval seconds no ip igmp last memb query interval seconds The report delay for the last member query Range 1 255 Default Setting 1 second Command Mode Interface Configuration VLAN Command Usage A multicast client sends an IGMP leave message when it leaves a group The router then checks to see if this was the last host in the group by sending an IGMP query and...

Page 694: ...mand to restore the default Syntax ip igmp version 1 2 no ip igmp version 1 IGMP Version 1 2 IGMP Version 2 Default Setting IGMP Version 2 Command Mode Interface Configuration VLAN Command Usage All routers on the subnet must support the same version However the multicast hosts on the subnet may support either IGMP version 1 or 2 The switch must be set to version 2 to enable the ip igmp max resp i...

Page 695: ... Mode Normal Exec Privileged Exec Example The following example shows the IGMP configuration for VLAN 1 as well as the device currently serving as the IGMP querier for this multicast service clear ip igmp group Use this command to delete entries from the IGMP cache Console config if ip igmp version 1 Console config if Console show ip igmp interface vlan 1 Vlan 1 is up IGMP is enable version is 2 R...

Page 696: ...terface option to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache Example The following example clears all multicast group entries for VLAN 1 show ip igmp groups Use this command to display information on multicast groups active on this switch Syntax show ip igmp groups group address interface vlan vlan id group address IP addre...

Page 697: ... Lastreporter Uptime Expire V1Timer 234 5 6 8 1 10 1 5 19 7068 220 0 Console Field Description GroupAddres s IP multicast group address with subscribers directly attached or downstream from this switch InterfaceVlan The interface on this switch that has received traffic directed to the multicast group address Lastreporter The IP address of the source of the last membership report received for this...

Page 698: ...figuration ip address This command sets the IP address for the currently selected VLAN interface Use the no form to restore the default IP address Command Group Function Pag e Basic IP Configuration Configures the IP address for interfaces and the gateway router 3 11 6 Address Resolution Protocol ARP Configures static dynamic and proxy ARP service 3 12 2 Command Function Mod e Page ip address Sets...

Page 699: ...of an IP address and subnet mask This interface address defines both the network number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network and subnetwork numbers of the segment that is connected to that interface and allows you to send IP packets to or from the router Before you configure any network ...

Page 700: ...t broadcasting BOOTP or DHCP requests by entering an ip dhcp restart client command or by rebooting the router Notes 1 Each VLAN group can be assigned its own IP interface address Therefore if routing is enabled you can manage the router via any of these IP addresses 2 Before you can change the primary IP address on an interface you must first clear the current address with the no form of this com...

Page 701: ...and If IP routing is disabled you must define a gateway if the target device is located in a different subnet If routing is enabled you must define the gateway with the ip route command Example The following example defines a default gateway for this device Related Commands show ip redirects 3 120 ip routing 3 127 ip route 3 128 show ip interface This command displays the settings of an IP interfa...

Page 702: ... sends ICMP echo request packets to another node on the network Syntax ping host count count size size host IP address or IP alias of the host count Number of packets to send Range 1 16 default 5 Console show ip interface Vlan 1 is up addressing mode is User Interface address is 10 1 0 254 mask is 255 255 255 0 Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console Consol...

Page 703: ...c Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 3 1 Console ping 10 1 0 9 Type ESC to abort PING to 10 ...

Page 704: ...d Mode Global Configuration Command Usage The ARP cache is used to map 32 bit IP addresses into 48 bit hardware i e Media Access Control addresses This cache includes entries for hosts and other routers on local network interfaces defined on this router The maximum number of static entries allowed in the ARP cache is Command Function Mode Page arp Adds a static entry in the ARP cache GC 3 12 2 arp...

Page 705: ...ynamic entries in the Address Resolution Protocol ARP cache Use the no form to restore the default Syntax arp timeout seconds no arp timeout seconds The time a dynamic entry remains in the ARP cache Range 300 86400 86400 is one day Default Setting 1200 seconds 20 minutes Command Mode Global Configuration Command Usage Use the show arp command to display the current cache timeout value Example This...

Page 706: ...P cache Command Mode Normal Exec Privileged Exec Command Usage This command displays information about the ARP cache The first line shows the cache timeout It also shows each cache entry including the corresponding IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router Console clear arp cache This operation will dele...

Page 707: ...ommand Usage Proxy ARP allows a non routing device to determine the MAC address of a host on another subnet or network Example Console show arp Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 254 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 123 20 10 123 02 10 20 30 40 50 static 2 345 30 20 23 09 50 40 30 20 10 dynami...

Page 708: ...on the network to automatically determine the best path to any subnetwork This section includes commands for both static and dynamic routing These commands are used to connect between different local subnetworks or to connect the router to the enterprise network Command Group Function Page Global Routing Configuration Configures global parameters for static and dynamic routing displays the routing...

Page 709: ...RIP or OSPF and other packets for all non IP protocols e g NetBuei NetWare or AppleTalk are switched based on MAC addresses If IP routing is disabled all packets are switched with filtering and forwarding decisions based strictly on MAC addresses Command Function Mod e Page ip routing Enables static and dynamic IP routing GC 3 12 7 ip route Configures static routes GC 3 12 8 clear ip route Deletes...

Page 710: ...ay IP address of the gateway used for this route metric Selected RIP cost for this interface Range 1 5 default 1 Removes all static routing table entries Default Setting No static routes are configured Command Mode Global Configuration Command Usage You can configure up to 2000 static routes Static routes take precedence over dynamically learned routes Static routes are included in RIP updates per...

Page 711: ...ears dynamically learned routes Use the no ip address command to remove a local interface Use the no ip route command to remove a static route Example show ip route Use this command to display information in the IP routing table Syntax show ip route config address netmask config Displays all static routing entries address IP address of the destination network subnetwork or host for which routing i...

Page 712: ...l Metric Interface 0 0 0 0 0 0 0 0 10 2 48 102 static 0 1 10 2 48 2 255 255 252 0 10 2 48 16 local 0 1 10 2 5 6 255 255 255 0 10 2 8 12 RIP 1 2 10 3 9 1 255 255 255 0 10 2 9 254 OSPF intra 2 3 Total entry 4 Console Field Description Ip Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indicates the default gateway for this router Netmask Network mask fo...

Page 713: ...DP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 checksum errors Sent 0 total ARP statistics Rcvd 0 requests 1 replies Sent 1 requests 0 replies Console Command Function Mod e Page router rip Enables the RIP routing protocol GC 3 13 2 timers basic Sets basic timers including update timeout garbage collection RC 3 13 3 network Specifies the network i...

Page 714: ...end version Sets the RIP send version to use on a network interface IC 3 13 8 ip split horizon Enables split horizon or poison reverse loop prevention IC 3 13 9 ip rip authentication key Enables authentication for RIP2 packets and specifies keys IC 3 14 0 ip rip authentication mode Specifies the type of authentication used for RIP2 packets IC 3 14 1 show rip globals Displays global configuration s...

Page 715: ... update timer sets the rate at which updates are sent This is the fundamental timer used to control all basic RIP processes The timeout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable However packets are still forwarded on this route After the timeout interva...

Page 716: ... Command Mode Router Configuration Default Setting No networks are specified Command Usage RIP only sends updates to interfaces specified by this command Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field ...

Page 717: ...s to map to a specified hardware address Command Mode Router Configuration Default Setting No neighbors are defined Command Usage This command can be used to configure a static neighbor with which this router will exchange information rather than relying on broadcast messages generated by the RIP protocol Example version Use this command to specify a RIP version used globally by the router Use the...

Page 718: ...otocol messages and receive either RIPv1 or RIPv2 protocol messages RIP Version 2 configures the unset interfaces to use RIPv2 for both sending and receiving protocol messages When the no form of this command is used to restore the default value any VLAN interface not previously set by the ip rip receive version or ip rip send version command will be set to the default send or receive version Exam...

Page 719: ...s on the setting specified with the version command Global RIPv1 RIPv1 or RIPv2 packets Global RIPv2 RIPv2 packets Command Usage Use this command to override the global setting specified by the RIP version command You can specify the receive version based on these options Use none if you do not want to add any dynamic entries to the routing table for an interface For example you may only want to a...

Page 720: ...kets 2 Sends only RIPv2 packets v2 broadcast Route information is broadcast to other routers with RIPv2 Command Mode Interface Configuration VLAN Default Setting The default depends on the setting specified with the version command Global RIPv1 Route information is broadcast to other routers with RIPv2 Global RIPv2 RIPv2 packets Command Usage Use this command to override the global setting specifi...

Page 721: ...2 routers to receive the additional information provided by RIPv2 including subnet mask next hop and authentication information Example This example sets the interface version for VLAN 1 to send RIPv1 packets Related Commands version 3 135 ip split horizon Use this command to enable split horizon or poison reverse a variation on an interface Use the no form to disable split horizon Syntax ip split...

Page 722: ...at must be used on an interface Use the no form to prevent authentication Syntax ip rip authentication key key string no ip rip authentication key string A password used for authentication Range 1 16 characters case sensitive Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage This command can be used to restrict the interfaces that can exchange RIPv2 routing ...

Page 723: ...ip rip authentication mode text Indicates that a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentication key command page 3 140 This command requires the interface to exchange routing information with other routers based on an authorized password Note ...

Page 724: ...p authentication mode text Console config if Console show rip globals RIP Process Enabled Update Time in Seconds 30 Number of Route Change 0 Number of Queries 1 Console Field Description RIP Process Indicates if RIP has been enabled or disabled Update Time in Seconds The interval at which RIP advertises known route information Default 30 seconds Number of Route Changes Number of times routing info...

Page 725: ...and the status of routing messages received from this neighbor Command Mode Privileged Exec Example Console show ip rip configuration Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console show ip rip status Interface RcvBadPackets RcvBadRoutes SendUpdates 10 1 ...

Page 726: ...anges show ip rip peer Peer IP address of a neighboring RIP router UpdateTime Last time a route update was received from this peer Version Whether RIPv1 or RIPv2 packets were received from this peer RcvBadPackets Number of bad RIP packets received from this peer RcvBadRoutes Number of bad routes received from this peer Command Function Mod e Page General Configuration router ospf Enables or disabl...

Page 727: ... link Defines a virtual link from an area border routers to the backbone RC 3 16 0 Interface Configuration ip ospf authentication Specifies the authentication type for an interface IC 3 16 3 ip ospf authentication key Assigns a simple password to be used by neighboring routers IC 3 16 4 ip ospf message digest key Enables MD5 authentication and sets the key for an interface IC 3 16 5 ip ospf cost S...

Page 728: ...ation show ip ospf Displays general information about the routing processes PE 3 17 0 show ip ospf border routers Displays routing table entries for Area Border Routers ABR and Autonomous System Boundary Routers ASBR PE 3 17 1 show ip ospf database Shows information about different LSAs in the database PE 3 17 2 show ip ospf interface Displays interface information PE 3 18 1 show ip ospf neighbor ...

Page 729: ...no router id ip address Router ID formatted as an IP address Command Mode Router Configuration Default Setting Lowest interface address Command Usage The router ID must be unique for every router in the autonomous system Using the default setting based on the lowest interface address ensures that each router ID is unique Also note that you cannot set the router ID to 0 0 0 0 or 255 255 255 255 If ...

Page 730: ...ate summary route costs using RFC 1583 OSPFv1 Use the no form to calculate costs using RFC 2328 OSPFv2 Syntax compatible rfc1583 no compatible rfc1583 Command Mode Router Configuration Default Setting RFC 1583 compatible Command Usage All routers in an OSPF routing domain should use the same RFC for calculating summary routes Example Console config router router id 10 1 1 1 Console config router C...

Page 731: ...mand Mode Router Configuration Default Setting Disabled Command Usage The metric for the default external route is used to calculate the path cost for traffic passed from other routers within the AS out through the ASBR When you use this command to redistribute routes into a routing domain i e an Autonomous System this router automatically becomes an Autonomous System Boundary Router ASBR However ...

Page 732: ...ding it as a Type 2 external metric Related Commands ip route 3 128 redistribute 3 154 timers spf Use this command to configure the hold time between making two consecutive shortest path first SPF calculations Use the no form to restore the default value Syntax timers spf spf holdtime no timers spf spf holdtime Minimum time between two consecutive SPF calculations Range 0 65535 seconds Command Mod...

Page 733: ...The area ID must be in the form of an IP address ip address Base address for the routes to summarize netmask Network mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network Command Mode Router Configuration Default Setting Disabled Command Usage This command can be used to advertise ...

Page 734: ...ntifier for a stub or NSSA in the form of an IP address cost Cost for the default summary route sent to a stub or NSSA Range 0 65535 Command Mode Router Configuration Default Setting 1 Command Usage If you enter this command for a normal area it will changed to a stub If the default cost is set to 0 the router will not advertise a default route into the attached stub or NSSA Example Related Comman...

Page 735: ...mask for the summary route Command Mode Router Configuration Default Setting Disabled Command Usage An Autonomous System Boundary Router ASBR can redistribute routes learned from other protocols by advertising an aggregate route into all attached autonomous systems This router supports up 16 Type 5 summary routes Example This example creates a summary address for all routes contained in 192 168 x ...

Page 736: ...Range 1 65535 Default 10 type value 1 Type 1 external route 2 Type 2 external route default Routers do not add internal route metric to external route metric Command Mode Router Configuration Default Setting redistribution none protocol RIP and static metric value 0 type metric 2 Command Usage This router supports redistribution for both RIP and static routes When you redistribute external routes ...

Page 737: ...default information originate 3 149 network area Use this command to define an OSPF area and the interfaces that operate within this area Use the no form to disable OSPF for a specified interface Syntax network ip address netmask area area id no network ip address netmask area area id ip address Address of the interfaces to add to the area netmask Network mask of the address range to add to the ar...

Page 738: ...ore the overlapping ranges in subsequent commands However note that if a more specific address range is removed from an area the interface belonging to that range may still remain active if a less specific address range covering that area has been specified This router supports up to 64 OSPF router interfaces and up to 16 total areas either normal transit areas stubs or NSSAs Example This example ...

Page 739: ...ult setting for this command completely isolates the stub by blocking Type 3 summary LSAs that advertise the default route for destinations external to the local area or the autonomous system Use the area default cost command to specify the cost of a default summary route sent into a stub by an ABR This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This ex...

Page 740: ...events the NSSA ABR from advertising external routing information learned via routers in other areas into the NSSA default information originate When the router is an NSSA Area Border Router ABR or an NSSA Autonomous System Boundary Router ASBR this parameter causes it to generate Type 7 default LSA into the NSSA This default provides a route to other areas within the AS for an NSSA ABR or to area...

Page 741: ...t to the NSSA into external LSAs Type 5 and propagated into other areas within the AS Also note that unlike stub areas all Type 3 summary LSAs are always imported into NSSAs to ensure that internal routes are always chosen over Type 7 NSSA external routes This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 3 0 0 and assig...

Page 742: ...of the virtual link neighbor This must be an Area Border Router ABR that is adjacent to both the backbone and the transit area at the other end of the virtual link authentication Specifies the authentication mode If no optional parameters follow this keyword then plain text authentication is used along with the password specified by the authentication key If message digest authentication is specif...

Page 743: ...is value must be the same for all routers attached to an autonomous system Range 1 65535 seconds Default 4 x hello interval or 40 seconds authentication key key Sets a plain text password up to 8 characters that is used by neighboring routers on a virtual link to generate or verify the authentication field in protocol message headers A separate password can be assigned to each network interface Ho...

Page 744: ...nks on this router Any area disconnected from the backbone must include the transit area ID and the router ID for a virtual link neighbor that is adjacent to the backbone This router supports up 64 virtual links Example This example creates a virtual link using the defaults for all optional parameters This example creates a virtual link using MD5 authentication Related Commands show ip ospf virtua...

Page 745: ...ault Setting No authentication Command Usage Before specifying plain text password authentication for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command The plain text authentication key or the MD5 key id and key must be used consi...

Page 746: ...n interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command A different password can be assigned to each network interface basis but the password must be used consistently on all neighboring routers throughout a network i e autonomous system...

Page 747: ...ion information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new key Once all the neighboring routers start sending protocol messages back to this router with the new key the router will stop ...

Page 748: ...etting 1 Command Usage Interface cost reflects the port speed This router uses a default cost of 1 for all ports Therefore if you install a Gigabit module you may have to reset the cost for all of the 100 Mbps ports to a value greater than 1 Example ip ospf dead interval Use this command to set the interval at which hello packets are not seen before neighbors declare the router down Use the no for...

Page 749: ...ending hello packets on an interface Use the no form to restore the default value Syntax ip ospf hello interval seconds no ip ospf hello interval seconds Interval at which hello packets are sent from an interface This interval must be set to the same value for all routers on the network Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 10 seconds Command Usage Hello packets a...

Page 750: ...DR or BDR If set to any value other than zero the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR If two or more routers are tied with the same highest priority the router with the higher ID will be elected If a DR already exists for an area when this interface comes up the new router will accept the current DR regardless of its own...

Page 751: ...r if it receives no acknowledgment The retransmit interval should be set to a conservative value that provides an adequate flow of routing information but does not produce unnecessary protocol traffic Note that this value should be larger for virtual links Example ip ospf transmit delay Use this command to set the estimated time to send a link state update packet over an interface Use the no form ...

Page 752: ...p ospf Use this command to show basic information about the routing configuration Command Mode Privileged Exec Example Console config interface vlan 1 Console config if ip ospf transmit delay 6 Console config if Console show ip ospf Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route It is an area border and autonomous system boundary router Redistributing External Routes from r...

Page 753: ...f configured areas Area identifier The area address and area type if backbone NSSA or stub Number of interfaces The number of interfaces attached to this area SPF algorithm executed The number of times the shortest path first algorithm has been executed for this area Console show ip ospf border routers Destination Next Hop Cost Type RteType Area SPF No 10 1 1 252 10 1 1 253 0 ABR INTRA 10 1 0 0 3 ...

Page 754: ...dress show ip ospf area id database nssa external link state id self originate link state id show ip ospf area id database router link state id show ip ospf area id database router adv router ip address show ip ospf area id database router self originate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id...

Page 755: ...Shows information about NSSA external LSAs router Shows information about router LSAs summary Shows information about summary LSAs Command Mode Privileged Exec Examples The following shows output for the show ip ospf database command Console show ip ospf database Displaying Router Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 26 0X80000005 0X89A1 10 1 1 253 10...

Page 756: ...E2 Length 32 Network Mask 255 255 255 0 Metric 1 Console Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to AS boundary routers Link State ID Interface address of the autonomous system boundary router Advertising Router Advertising router ID LS Sequence Number Sequence number of...

Page 757: ... ASBR External AS External Nssa 2 1 1 0 0 0 Total LSA Counts 4 Console Field Description Area ID Area identifier Router Number of router LSAs Network Number of network LSAs Sum Net Number of summary LSAs Sum ASBR Number of summary ASBR LSAs External AS Number of autonomous system external LSAs External Nssa Number of NSSA external network LSAs Total LSA Counts Total number of LSAs ...

Page 758: ...0 External Route Tag 0 Console Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Number Advertising Router Advertising router ID LS Sequence Number Sequ...

Page 759: ...playing Net Link States Area 10 1 0 0 Link State Data Network Type 2 LS age 433 Options Support External routing capability LS Type Network Links Link State ID 10 1 1 252 IP interface address of the Designated Router Advertising Router 10 1 1 252 LS Sequence Number 80000002 LS Checksum 0x51E2 Length 32 Network Mask 255 255 255 0 Attached Router 10 1 1 252 Attached Router 10 1 1 253 Console Field D...

Page 760: ...er Link States Area 10 1 0 0 Link State Data Router Type 1 LS age 233 Options Support External routing capability LS Type Router Links Link State ID 10 1 1 252 Originating Router s Router ID Advertising Router 10 1 1 252 LS Sequence Number 80000011 LS Checksum 0x7287 Length 48 Router Role Area Border Router Number of Links 1 Link ID 10 1 7 0 IP Network Subnet Number Link Data 255 255 255 0 Network...

Page 761: ...er type including None AS Boundary Router Area Border Router or Virtual Link Number of Links Number of links described by the LSA Link ID Link type and corresponding Router ID or network address Link Data Router ID for transit network Network s IP address mask for stub network Neighbor Router ID for virtual link Link Type Link state type including transit network stub network or virtual link Numbe...

Page 762: ...000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to networks Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Number Sequence number o...

Page 763: ...it Delay is 1 sec State BDR Priority 1 Designated Router id 10 1 1 252 Interface address 10 1 1 252 Backup Designated router id 10 1 1 253 Interface addr 10 1 1 253 Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Field Description Vlan VLAN ID and Status of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which ...

Page 764: ...and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priority Router priority Designated Router Designated router ID and respective interface address Backup Designated Router Backup designated router ID and respective interface address Timer intervals Configuration settings for timer intervals including Hello Dead and Retr...

Page 765: ...own but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic neighbor ...

Page 766: ...each intermediate node between the multicast server and its hosts and also to filter traffic from all of the other interfaces that do not require these services Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit Delay is 1 sec Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Field Description Virtual Link to router OSPF neighbo...

Page 767: ...e configuration Syntax ip igmp snooping vlan vlan id mrouter interface no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 Command Groups Function Page Static Multicast Routing Configures static multicast router ports 3 185 General Multicast Routing Enables IP multicast routing globally also displays the IP multicast routing table created from static and dynamic routing...

Page 768: ...ticast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast r...

Page 769: ... General Multicast Routing Commands ip multicast routing Use this command to enable IP multicast routing Use the no form to disable IP multicast routing Syntax ip multicast routing no ip multicast routing Default Setting Disabled Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Command Function Mode Page ip multicast routing En...

Page 770: ... ip mroute group address source summary group address An IP multicast group address with subscribers directly attached or downstream from this router source The IP subnetwork at the root of the multicast delivery tree This subnetwork contains a known multicast source summary Displays summary information for each entry in the IP multicast routing table Command Mode Privileged Exec Command Usage Thi...

Page 771: ...Upstream Interface vlan1 Upstream Router 148 122 34 9 Downstream vlan2 P vlan3 F Console Field Description Source and netmask Subnetwork containing the IP multicast source Group address IP multicast group address for a requested service Owner The associated multicast protocol i e DVMRP or PIM DM Upstream Interface Interface leading to the upstream neighbor Upstream Router IP address of the multica...

Page 772: ...ry form Console show ip mroute summary IP Multicast Forwarding is enabled IP Multicast Routing Table Summary Flags P Prune UP Group Source Source Mask Interface Owner Flags 224 1 1 1 10 1 0 0 255 255 0 0 vlan1 DVMRP P 224 2 2 2 10 1 0 0 255 255 0 0 vlan1 DVMRP Console ...

Page 773: ...interval Sets the interval for sending updates about changes to network topology RC 3 194 prune lifetime Defines how long a prune state remains in effect for a source routed multicast tree RC 3 195 default gateway Configures the default gateway for IP multicast routing RC 3 196 ip dvmrp Enables DVMRP on the specified interface IC 3 197 ip dvmrp metric Sets the metric used when establishing reverse...

Page 774: ... each interface Example Related Commands ip dvmrp 3 197 show router dvmrp 3 199 probe interval Use this command to set the interval for sending neighbor probe messages to the multicast group address for all DVMRP routers Use the no form to restore the default value Syntax probe interval seconds Console config router dvmrp Console config router end Console show router dvmrp Admin Status enable Prob...

Page 775: ...e still active members of the multicast tree Example nbr timeout Use this command to set the interval to wait for messages from a DVMRP neighbor before declaring it dead Use the no form to restore the default value Syntax nbr timeout seconds seconds Interval before declaring a neighbor dead Range 1 65535 Default Setting 35 seconds Command Mode Router Configuration Command Usage This command is use...

Page 776: ...Default Setting 60 seconds Command Mode Router Configuration Example flash update interval Use this command to specify how often to send trigger updates which reflect changes in the network topology Use the no form to restore the default value Syntax flash update interval seconds seconds Interval between sending flash updates when network topology changes have occurred Range 1 65535 Console config...

Page 777: ...lue Syntax prune lifetime seconds seconds Prune state lifetime Range 1 65535 Default Setting 7200 seconds Command Mode Router Configuration Command Usage This command sets the prune state lifetime After the prune state expires the router will resume flooding multicast traffic from the multicast source device Example Console config router flash update interval 10 Console config router Console confi...

Page 778: ...interfaces return Poison Reverse messages for the default route back to the router When the router receives these messages it records all the downstream routers for the default route When multicast traffic with an unknown source address i e not found in the route table is received on the default upstream route interface the router forwards this traffic out through the other interfaces with known d...

Page 779: ...e DVMRP you need to enable multicast routing globally for the router with the ip multicast routing command page 3 187 enable DVMRP globally for the router with the router dvmrp command page 3 191 and also enable DVMRP for each interface that will participate in multicast routing with the ip dvmrp command Example Console config interface vlan 1 Console config if ip dvmrp Console config if end Conso...

Page 780: ...elect the best reverse path Range 1 31 Default Setting 1 Command Mode Interface Configuration VLAN Command Usage The DVMRP interface metric is used to choose the best reverse path when there are multiple paths to the same upstream destination The lower cost path is the preferred path Example clear ip dvmrp route Use this command to clear all dynamic routes learned by DVMRP Command Mode Privileged ...

Page 781: ...lobal DVMRP settings described in the preceding pages Admin Status router dvmrp page 3 191 Probe Interval page 3 192 Nbr Expire page 3 193 Minimum Flash Update Interval page 3 194 Prune Lifetime page 3 195 Route Report page 3 194 Default Gateway page 3 196 Metric of Default Gateway page 3 198 Example Console clear ip dvmrp route clear all ip dvmrp route Console show ip dvmrp route Source Mask Upst...

Page 782: ...Metric UpTime Expire 10 1 0 0 255 255 255 0 10 1 0 253 vlan1 1 84438 0 10 1 1 0 255 255 255 0 10 1 1 253 vlan2 1 84987 0 10 1 8 0 255 255 255 0 10 1 0 254 vlan1 2 19729 97 Console Field Description Source IP subnetwork that contains a multicast source an upstream router or an outgoing interface connected to multicast hosts Mask Subnet mask that is used for the source address This mask identifies t...

Page 783: ...ee Interface The IP interface on this router that connects to the upstream neighbor Uptime The time since this device last became a DVMRP neighbor Expire The time remaining before this entry will be aged out Capabilities The neighboring router s capabilities may include Leaf bit 0 Neighbor has only one interface with neighbors Prune bit 1 Neighbor supports pruning Generation ID bit 2 Neighbor send...

Page 784: ...n sending PIM hello messages IC 3 205 ip pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead IC 3 206 ip pim trigger hello interval Sets the maximum time before sending a triggered PIM Hello message IC 3 206 ip pim join prune holdtime Configures the hold time for the prune state IC 3 207 ip pim graft retry interval Configures the time ...

Page 785: ...age This command enables PIM DM globally for the router You also need to enable PIM DM for each interface that will support multicast routing using the ip pim dense mode command page 3 204 and make any changes necessary to the multicast protocol parameters Example show ip pim interface Displays information about interfaces configured for PIM NE PE 3 210 show ip pim neighbor Displays information ab...

Page 786: ... routing command page 3 187 enable PIM DM globally for the router with the router pim command page 3 203 and also enable PIM DM for each interface that will participate in multicast routing with the ip pim dense mode command If you enable PIM on an interface you should also enable IGMP on that interface Dense mode interfaces are subject to multicast flooding by default and are only removed from th...

Page 787: ...ing PIM routers from which this device has received probes and are used to verify whether or not these neighbors are still active members of the multicast tree Example Console config interface vlan 1 Console config if ip pim dense mode Console show ip pim interface Vlan 1 is up PIM is enabled mode is Dense Internet address is 10 1 0 253 Hello time interval is 30 sec trigger hello time interval is ...

Page 788: ...on VLAN Command Usage The ip pim hello holdtime should be 3 5 times the value of ip pim hello interval page 3 205 Example ip pim trigger hello interval Use this command to configure the maximum time before transmitting a triggered PIM Hello message after the router is rebooted or PIM is enabled on an interface Use the no form to restore the default value Syntax ip pim triggerr hello interval secon...

Page 789: ...o if a Hello message is received from a new neighbor the receiving router will send its own Hello message after a random delay between 0 and the trigger hello interval Example ip pim join prune holdtime Use this command to configure of the hold time for the prune state Use the no form to restore the default value Syntax ip pim join prune holdtime seconds no ip pim join prune holdtime seconds The h...

Page 790: ...ure the time to wait for a Graft acknowledgement before resending a Graft Use the no form to restore the default value Syntax ip pim graft retry interval seconds no ip pim graft retry interval seconds The time before resending a Graft Range 0 65535 Default Setting 3 seconds Command Mode Interface Configuration VLAN Command Usage A graft message is sent by a router to cancel a prune state When a ro...

Page 791: ...pim graft retry interval retries The maximum number of times to resend a Graft Range 0 65535 Default Setting 2 Command Mode Interface Configuration VLAN Example show router pim Use this command to display the global PIM configuration settings Command Mode Normal Exec Privileged Exec Example Console config if ip pim graft retry interval 9 Console config if Console config if ip pim max graft retries...

Page 792: ... neighboring PIM routers Example show ip pim neighbor Use this command to display information about PIM neighbors Syntax show ip pim neighbor ip address ip address IP address of a PIM neighbor Default Setting Displays information for all known PIM neighbors Console show ip pim interface 1 Vlan 1 is up PIM is enabled mode is Dense Internet address is 10 1 0 253 Hello time interval is 30 sec trigger...

Page 793: ...ateway to maintain network connectivity in case the primary gateway goes down Console show ip pim neighbor Address VLAN Interface Uptime Expire Mode 10 1 0 254 1 17 38 16 00 01 25 Dense Console Field Description Address IP address of the next hop router VLAN Interface Interface number that is attached to this neighbor Uptime The duration this entry has been active Expire The time before this entry...

Page 794: ... 212 vrrp authentication key Configures a key used to authenticate VRRP packets received from other routers IC 3 214 vrrp priority Sets the priority of this router in the VRRP group IC 3 215 vrrp timers advertise Sets the interval between successive advertisements by the master virtual router IC 3 216 vrrp preempt Configures the router to take over as master virtual router for a VRRP group if it h...

Page 795: ...t The IP address assigned to the virtual router must already be configured on the router that will be the Owner In other words the IP address specified in this command must already exist on one and only one router in the virtual router group and the network mask for the virtual router address is derived from the Owner The Owner will also assume the role of the Master virtual router in the group If...

Page 796: ...phanumeric characters Default Setting No key is defined Command Mode Interface VLAN Command Usage All routers in the same VRRP group must be configured with the same authentication key When a VRRP packet is received from another router in the group its authentication key is compared to the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded ...

Page 797: ...hest priority will become the master router if the current master fails When the original master router recovers it will take over as the active master router again If two or more routers are configured with the same VRRP priority the router with the higher IP address is elected as the new master router if the current master fails If the backup preempt function is enabled with the vrrp preempt com...

Page 798: ... router Range 1 255 seconds Default Setting 1 second Command Mode Interface VLAN Command Usage VRRP advertisements from the current master virtual router include information about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to processed by network devices that are not p...

Page 799: ...onds Default Setting Preempt Enabled Delay 0 seconds Command Mode Interface VLAN Command Usage If preempt is enabled and this backup router has a priority higher than the current acting master it will take over as the new master However note that if the original master i e the owner of the VRRP IP address comes back on line it will always resume control as the master The delay can give additional ...

Page 800: ...efaults None Command Mode Privileged Exec Command Usage Use this command without any keywords to display the full listing of status information for all VRRP groups configured on this router Use this command with the brief keyword to display a summary of status information for all VRRP groups configured on this router Specify a group number to display status information for a specific group Example...

Page 801: ...dress that identifies this VRRP group Virtual MAC address Virtual MAC address derived from the owner of the virtual IP address Advertisemen t interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the current acting master Min delay Delay before a router with a higher priority can preempt the curre...

Page 802: ...er down interval The down interval configured on the VRRP master This interval is used by all the routers in the group regardless of their local settings Console show vrrp brief Interface Grp State Virtual addr Int Pre Prio vlan 1 1 Master 192 168 1 6 5 E 1 Console Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Virtual addr...

Page 803: ...ption of the display items Console show vrrp interface vlan 1 Vlan 1 Group 1 state Master Virtual IP address 192 168 1 6 Virtual MAC address 00 00 5E 00 01 01 Advertisement interval 5 sec Preemption enabled Min delay 10 sec Priority 1 Authentication SimpleText Authentication key bluebird Master Router 192 168 1 6 Master priority 1 Master Advertisement interval 5 sec Master down interval 15 Console...

Page 804: ...isplay counters for VRRP protocol events and errors that have occurred for the specified group and interface show vrrp group interface vlan interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 Defaults None Command Mode Privileged Exec Console show vrrp router counters Total Number of VRRP Packets with Invalid Checksum 0 Total ...

Page 805: ...erface vlan 1 counters Total Number of Times Transitioned to MASTER 6 Total Number of Received Advertisements Packets 0 Total Number of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority 0 VRRP Packets 0 Total Number of Sent Priority 0 VRRP Packets 5 Total ...

Page 806: ... 224 Command Mode Privileged Exec Example Console clear vrrp 1 interface 1 counters Console ...

Page 807: ...uter Use the no Command Function Mode Page standby ip Enables HSRP IC 3 225 standby priority Sets the priority of this router in the HSRP group IC 3 227 standby preempt Configures the router to take over as master virtual router for an HSRP group if it has a higher priority than the current master virtual router IC 3 228 standby authentication Configures a key used to authenticate HSRP packets rec...

Page 808: ...ss is used as the designated address for the virtual group If an IP address is not specified the designated address is learned through the exchange of HSRP messages Note that the designated address cannot be the same as a physical address The subnet mask for the physical interface on which the designated address is configured is used as the subnet mask of the designated address The interfaces of a...

Page 809: ... in a HSRP group Use the no form to restore the default setting Syntax standby group priority level no standby group priority group Identifies the HSRP group Range 0 255 level Priority of this router in the HSRP group Range 1 255 Default Setting Group number 0 Priority 100 Command Mode Interface VLAN Command Usage The router with the highest priority is elected as the master virtual router The rou...

Page 810: ...active master The HSRP priority can change dynamically if an interface is configured with the standby track command and another interface on the router fails or comes back on line Example Related Commands standby authentication 3 230 standby track 3 232 standby preempt Use this command to configure the router to take over as the master virtual router for an HSRP group if it has higher priority tha...

Page 811: ...p and the current master stops sending hello messages or sends other messages indicating that it is no longer acting as the designated router The delay can give additional time to receive an advertisement message from the current master before taking control If the router attempting to become the master has just come on line this delay also gives it time to gather information for its routing table...

Page 812: ...en an HSRP packet is received from another router in the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded If the authentication strings do not match this router will not be able to learn the designated address for the group and timer values from other routers However even if authentica...

Page 813: ...timers group Identifies the HSRP group Range 0 255 hellotime Advertisement interval for the master and standby virtual router Range 1 254 seconds holdtime Time before the master or standby router is declared down Range hellotime 1 to 255 seconds Default Setting Group number 0 Hellotime 3 seconds Holdtime 10 seconds Command Mode Interface VLAN Command Usage HSRP advertisements from the master and s...

Page 814: ...ces the amount of traffic that has to processed by network devices that are not part of the designated HSRP group Example This example sets the timers for group 1 to 6 seconds for the hello time and 18 seconds for the hold time standby track Use this command to configure an interface so that the HSRP priority changes based on the availability of other IP interfaces on this router Use the no form t...

Page 815: ...IP address this command will not affect the HSRP router priority If you configure multiple tracked interfaces and also set the interface priority the effect on HSRP router priority is cumulative when one or more interfaces go up or down However if you configure multiple tracked interfaces but do not set the interface priority HSRP router priority will only be changed by the default interface prior...

Page 816: ...this router Defaults Displays detailed information for each group Command Mode Privileged Exec Example This example displays the full listing of status information for all groups Console show standby Vlan 1 Group 1 Local State is Active priority 5 confgd 10 may preempt Preemption delayed for 10 secs Hellotime 6 sec holdtime 18 sec Next hello sent in 0 0 5 Host standby IP address is 192 168 1 7 con...

Page 817: ...information to attempt to claim the master or standby roles priority Priority of this router may preempt Router will attempt to take over as the master router if its priority is higher Preemption delayed Delay before a router with higher priority can preempt the current acting master Hellotime Interval at which this router advertises when acting as the master or standby router Next hello sent Time...

Page 818: ...brief Interface Grp Prio P State Active addr Standby addr Group addr Vlan1 1 5 T Active Local 0 0 0 0 192 168 1 7 Console Field Description Interface VLAN interface Grp HSRP group Prio Priority of this router P Shows whether or not a higher priority router can preempt the current acting master State Local state as described in the preceeding table Active addr Address of the master router Standby a...

Page 819: ...configured VLAN interface Range 1 4094 group Identifies the HSRP group Range 0 255 active Displays HSRP groups in the active state init Displays HSRP groups in the initial state listen Displays HSRP groups in the listen or learn state standby Displays HSRP groups in the standby or speak state brief Displays summary information for all HSRP groups on this router Defaults Displays detailed informati...

Page 820: ...Preemption delayed for 10 secs Hellotime 6 sec holdtime 18 sec Next hello sent in 0 0 0 Host standby IP address is 192 168 1 7 configured Active router is local Standby router is unknown Standby virtual mac address is 0 0 C 7 AC 1 Authentication text bluebird Tracking interface states for 1 interfaces 0 up Down Vlan2 5 Console show standby interface vlan 1 group 1 brief Interface Grp Prio P State ...

Page 821: ...duplex 1000BASE SX LX 1000 Mbps full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protoc...

Page 822: ...tering IGMP Snooping Layer 2 IGMP Layer 3 Multicast Routing DVMRP PIM DM IP Routing ARP Proxy ARP Static routes RIP RIPv2 and OSPFv2 dynamic routing VRRP Virtual Router Redundancy Protocol HSRP Hot Standby Router Protocol Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3...

Page 823: ...N IEEE 802 1v Protocol based VLANs IEEE 802 3ad Link Aggregation Control Protocol IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1x Port Authentication ARP RFC 826 DHCP RFC 1541 DVMRP RFC 1075 HSRP RFC 2281 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2 RFC 2236 OSPF RFC 2328...

Page 824: ...C 2011 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 OSPF MIB RFC 1850 PIM MIB RFC 2934 Port Access Entity MIB IEEE 802 1x Private MIB Quality of Service MIB RADIUS Authentication Client MIB RFC 2621 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP framework MIB RFC 2571 SNMP MPD MIB RFC 2572 SNMP Target MI...

Page 825: ...MANAGEMENT INFORMATION BASES 5 TCP MIB RFC 2013 Trap RFC 1215 UDP MIB RFC 2012 VRRP MIB RFC 2787 ...

Page 826: ... 6 ...

Page 827: ... that the port you are using has not been disabled Check network cabling between the management station and the switch If you cannot connect using Telnet or SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emula...

Page 828: ...TROUBLESHOOTING B 2 ...

Page 829: ...and the name of the boot file Class of Service CoS CoS is supported by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority b...

Page 830: ...d to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1x Port Authentication standard GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generi...

Page 831: ...s and defines a standard way for VLANs to communicate across switched networks IEEE 802 1p An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides ...

Page 832: ...nt Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering ...

Page 833: ...at contains information about a specific device Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarch...

Page 834: ...on downlink ports can only be forwarded to and from uplink ports Protocol Independent Multicasting PIM This multicast routing protocol floods multicast traffic downstream and calculates the shortest path back to the multicast source network via reverse path forwarding PIM uses the router s IP routing table rather than maintaining a separate multicast routing table as with DVMRP PIM Sparse Mode is ...

Page 835: ...minimizing the distance vector or hop count which serves as a rough estimate of transmission cost RIP 2 is a compatible upgrade to RIP It adds useful capabilities for subnet routing authentication and multicast transmissions Simple Mail Transfer Protocol SMTP A standard host to host mail transport protocol that operates over TCP port 25 Simple Network Management Protocol SNMP The application proto...

Page 836: ...de for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like services UDP packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share th...

Page 837: ...e which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected ...

Page 838: ...GLOSSARY Glossary 10 ...

Page 839: ...equired connections 2 2 CoS configuring 3 124 4 198 DSCP 3 132 3 135 3 136 4 206 IP port priority 3 134 4 204 IP precedence 3 131 4 205 layer 3 4 priorities 3 130 4 204 queue mapping 3 126 4 201 queue mode 3 128 4 199 traffic class weights 3 128 4 200 D default gateway configuration 3 14 3 179 4 229 default priority ingress port 3 124 4 198 default settings system 1 7 DHCP 3 16 4 227 address pool ...

Page 840: ...n 3 173 4 313 configuration settings 3 170 4 310 interface tracking 3 173 4 315 preemption 3 171 3 172 4 312 priority 3 171 3 172 4 311 timers 3 172 4 314 virtual address 3 171 3 173 4 310 HTTPS 3 34 4 30 HTTPS secure server 3 34 4 30 I IEEE 802 1D 3 88 4 164 IEEE 802 1s 4 164 IEEE 802 1w 3 88 4 164 IEEE 802 1x 3 42 4 74 IGMP description of protocol 3 138 groups displaying 3 144 4 213 4 226 Layer ...

Page 841: ...tion Bases MIBs A 3 mirror port configuring 3 80 4 147 MSTP 4 164 global settings 3 101 4 162 interface settings 3 99 4 163 multicast filtering 3 138 4 211 multicast groups 3 144 3 149 4 213 displaying 3 149 4 213 static 3 144 4 212 4 213 multicast routing 3 231 4 280 description 3 231 DVMRP 3 234 4 285 enabling 3 231 4 282 general commands 4 282 global settings 3 231 4 282 PIM DM 3 241 4 293 rout...

Page 842: ...124 4 198 problems troubleshooting Inde 1 protocol migration 3 101 4 178 proxy ARP 3 182 4 234 Q queue weights 3 128 4 200 R RADIUS logon authentication 3 31 4 67 rate limits setting 3 81 4 149 remote logging 4 44 restarting the system 3 23 4 22 RIP configuring 3 196 4 240 4 248 description 3 178 global settings 3 197 4 240 interface protocol settings 3 200 4 241 4 246 specifying interfaces 3 199 ...

Page 843: ...em clock setting 3 24 4 50 system software downloading from server 3 17 4 61 T TACACS logon authentication 3 31 4 70 time setting 3 24 4 50 traffic class weights 3 128 4 200 trap manager 2 7 3 28 4 109 troubleshooting Inde 1 trunk configuration 3 67 4 150 LACP 3 69 4 150 4 151 static 3 68 4 151 U upgrading software 3 17 4 61 user password 3 30 4 25 4 26 V Virtual Router Redundancy Protocol See VRR...

Page 844: ...INDEX Index 6 W Web interface access requirements 3 1 configuration buttons 3 2 home page 3 2 menu list 3 3 panel display 3 3 ...

Page 845: ......

Page 846: ...ax 33 0 41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10...

Reviews: