manualshive.com logo in svg

SMC Networks 8648T - annexe 1, Management Manual

The SMC Networks 8648T - annexe 1 is a reliable network management switch designed for seamless operation. Ensure your network is running smoothly with the help of the comprehensive Management Manual available for free download on our website. Access vital information and optimize your network's performance effortlessly. (Please note that we do not include the website name as it is a user prompt for enhanced user experience.)

Share
Download
background image

C

OMMAND

 L

INE

 I

NTERFACE

4-116

6.

Explicit default rule (permit any any) in the ingress MAC ACL for 
ingress ports.

7.

If no explicit rule is matched, the implicit default is permit all.

Masks for Access Control Lists

You can specify optional masks that control the order in which ACL rules 
are checked. The switch includes two system default masks that pass/filter 
packets matching the permit/deny rules specified in an ingress ACL. You 
can also configure up to seven user-defined masks for an ACL. A mask 
must be bound exclusively to one of the basic ACL types (i.e., Ingress IP 
ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a 
mask can be bound to up to four ACLs of the same type.

  

IP ACLs

 

Table 4-26.  Access Control List Commands

Command Groups

Function

Page

IP ACLs

Configure ACLs based on IP addresses, TCP/
UDP port number, protocol type, and TCP control 
code

4-116

MAC ACLs

Configure ACLs based on hardware addresses, 
packet format, and Ethernet type

4-135

ACL Information

Display ACLs and associated rules; shows ACLs 
assigned to each port

4-148

Table 4-27.  IP ACL Commands

Command

Function

Mode

Page

access-list ip

Creates an IP ACL and enters 
configuration mode for standard or 
extended IP ACLs

GC

4-118

permit, deny

Filters packets matching a specified 
source or destination IP address

STD-ACL

4-119

Summary of Contents for 8648T - annexe 1

Page 1: ...undant power unit Spanning Tree Protocol Rapid STP and Multiple STP Up to six LACP or static 8 port trunks Layer 2 3 4 CoS support through 8 priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web and SNMP RMON Management Guide SMC8624 48T ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions April 2004 Pub 150200041000A ...

Page 4: ... is granted by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...ress 2 6 Manual Configuration 2 6 Dynamic Configuration 2 7 Enabling SNMP Management Access 2 9 Community Strings 2 9 Trap Receivers 2 11 Saving Configuration Settings 2 11 Managing System Files 2 12 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 Basic Configuration 3 12 Displ...

Page 8: ...n Authentication 3 34 Configuring HTTPS 3 38 Replacing the Default Secure site Certificate 3 40 Configuring the Secure Shell 3 41 Generating the Host Key Pair 3 43 Configuring the SSH Server 3 46 Configuring Port Security 3 48 Configuring 802 1x Port Authentication 3 51 Displaying 802 1x Global Settings 3 52 Configuring 802 1x Global Settings 3 55 Configuring Port Authorization Mode 3 56 Displayin...

Page 9: ...istics 3 106 Address Table Settings 3 112 Setting Static Addresses 3 112 Displaying the Address Table 3 114 Changing the Aging Time 3 115 Spanning Tree Algorithm Configuration 3 116 Displaying Global Settings 3 117 Configuring Global Settings 3 121 Displaying Interface Settings 3 126 Configuring Interface Settings 3 130 Configuring Multiple Spanning Trees 3 133 Displaying Interface Settings for MS...

Page 10: ...riority 3 170 Mapping IP Precedence 3 171 Mapping DSCP Priority 3 173 Mapping IP Port Priority 3 175 Mapping CoS Values to ACLs 3 177 Changing Priorities Based on ACL Rules 3 178 Multicast Filtering 3 181 Layer 2 IGMP Snooping and Query 3 182 Configuring IGMP Snooping and Query Parameters 3 182 Displaying Interfaces Attached to a Multicast Router 3 185 Specifying Static Interfaces for a Multicast ...

Page 11: ...y 4 7 Understanding Command Modes 4 8 Exec Commands 4 8 Configuration Commands 4 9 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 exec timeout 4 18 password thresh 4 19 silent time 4 20 databits 4 21 parity 4 22 speed 4 23 stopbits 4 24 disconnect 4 24 show line 4 25 General Commands 4 26 enable 4 26 disable 4 27 configure 4 28 show history 4...

Page 12: ... secure server 4 42 ip http secure port 4 44 Secure Shell Commands 4 45 ip ssh server 4 48 ip ssh timeout 4 49 ip ssh authentication retries 4 50 ip ssh server key size 4 51 delete public key 4 51 ip ssh crypto host key generate 4 52 ip ssh crypto zeroize 4 53 ip ssh save host key 4 54 show ip ssh 4 54 show ssh 4 55 show public key 4 56 Event Logging Commands 4 58 logging on 4 58 logging history 4...

Page 13: ... 74 show sntp 4 74 clock timezone 4 75 calendar set 4 76 show calendar 4 76 System Status Commands 4 77 show startup config 4 77 show running config 4 80 show system 4 82 show users 4 83 show version 4 83 Frame Size Commands 4 84 jumbo frame 4 84 Flash File Commands 4 85 copy 4 86 delete 4 89 dir 4 90 whichboot 4 91 boot system 4 92 Authentication Commands 4 93 Authentication Sequence 4 93 authent...

Page 14: ... operation mode 4 108 dot1x re authenticate 4 108 dot1x re authentication 4 109 dot1x timeout quiet period 4 109 dot1x timeout re authperiod 4 110 dot1x timeout tx period 4 110 show dot1x 4 111 Access Control List Commands 4 114 IP ACLs 4 116 access list ip 4 118 permit deny Standard ACL 4 119 permit deny Extended ACL 4 120 show ip access list 4 123 access list ip mask precedence 4 123 mask IP ACL...

Page 15: ...45 show map access list mac 4 146 match access list mac 4 147 ACL Information 4 148 show access list 4 148 show access group 4 149 SNMP Commands 4 149 snmp community 4 150 snmp contact 4 151 snmp location 4 151 snmp host 4 152 snmp enable traps 4 154 show snmp 4 155 DNS Commands 4 157 ip host 4 158 clear host 4 159 ip domain name 4 159 ip domain list 4 160 ip name server 4 162 ip domain lookup 4 1...

Page 16: ...ort 4 181 Mirror Port Commands 4 183 port monitor 4 183 show port monitor 4 184 Rate Limit Commands 4 185 rate limit 4 186 Link Aggregation Commands 4 187 channel group 4 189 lacp 4 190 lacp system priority 4 192 lacp admin key Ethernet Interface 4 193 lacp admin key Port Channel 4 194 lacp port priority 4 195 show lacp 4 196 Address Table Commands 4 200 mac address table static 4 201 clear mac ad...

Page 17: ...anning tree cost 4 219 spanning tree port priority 4 220 spanning tree edge port 4 221 spanning tree portfast 4 222 spanning tree link type 4 223 spanning tree mst cost 4 224 spanning tree mst port priority 4 226 spanning tree protocol migration 4 227 show spanning tree 4 228 show spanning tree mst configuration 4 230 VLAN Commands 4 231 Editing VLAN Groups 4 231 vlan database 4 232 vlan 4 233 Con...

Page 18: ...p 4 252 show gvrp configuration 4 252 garp timer 4 253 show garp timer 4 254 Priority Commands 4 255 Priority Commands Layer 2 4 256 switchport priority default 4 256 queue mode 4 258 queue bandwidth 4 259 queue cos map 4 260 show queue mode 4 261 show queue bandwidth 4 262 show queue cos map 4 262 Priority Commands Layer 3 and 4 4 263 map ip port Global Configuration 4 264 map ip port Interface C...

Page 19: ...terval 4 279 ip igmp snooping query max response time 4 280 ip igmp snooping router port expire time 4 281 Static Multicast Routing Commands 4 282 ip igmp snooping vlan mrouter 4 282 show ip igmp snooping mrouter 4 283 IP Interface Commands 4 284 Basic IP Configuration 4 284 ip address 4 285 ip dhcp restart 4 286 ip default gateway 4 287 show ip interface 4 288 show ip redirects 4 288 ping 4 289 A...

Page 20: ...Command Modes 4 8 Table 4 2 Configuration Commands 4 10 Table 4 3 Keystroke Commands 4 11 Table 4 4 Command Group Index 4 12 Table 4 5 Line Command Syntax 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Mangement Commands 4 32 Table 4 8 Device Designation Commands 4 33 Table 4 9 User Access Commands 4 34 Table 4 10 IP Filter Commands 4 37 Table 4 11 Web Server Command 4 40 Table 4 12 Secure ...

Page 21: ...Adress Table Commands 4 200 Table 4 37 Spanning Tree Commands 4 205 Table 4 38 VLAN Commands 4 231 Table 4 39 Editing VLAN Groups 4 231 Table 4 40 Configuring VLAN Interfaces 4 234 Table 4 41 Displaying VLAN Information 4 242 Table 4 42 Protocol based VLAN Commands 4 243 Table 4 43 Private VLAN Commands 4 248 Table 4 44 GVRP and Bridge Extension Commands 4 250 Table 4 45 Priority Commands 4 255 Ta...

Page 22: ...ers and Trap Types 3 32 Figure 3 17 Configuring the Logon Password 3 34 Figure 3 18 Setting Local RADIUS and TACACS Authentication 3 37 Figure 3 19 HTTPS Settings 3 39 Figure 3 20 SSH Host Key Settings 3 45 Figure 3 21 SSH Server Settings 3 47 Figure 3 22 Configuring Port Security 3 50 Figure 3 23 802 1x Information 3 53 Figure 3 24 802 1x Configuration 3 56 Figure 3 25 802 1x Port Configuration 3...

Page 23: ...g Tree Algorithm 3 125 Figure 3 54 Displaying STA Port Status Information 3 130 Figure 3 55 Configuring Spanning Tree Algorithm per Port 3 133 Figure 3 56 Configuring Multiple Spanning Trees 3 135 Figure 3 57 Displaying MSTP Interface Settings 3 137 Figure 3 58 MSTP Port Configuration 3 140 Figure 3 59 Enabling GVRP Status 3 146 Figure 3 60 Displaying Basic VLAN Information 3 147 Figure 3 61 Displ...

Page 24: ...Mapping 3 176 Figure 3 79 Changing Priorities Based on ACL Rules 3 180 Figure 3 80 Configuring Internet Group Management Protocol 3 184 Figure 3 81 Mapping Multicast Switch Ports to VLANs 3 185 Figure 3 82 Static Multicast Router Port Configuration 3 186 Figure 3 83 Displaying Port Members of Multicast Services 3 188 Figure 3 84 Specifying Multicast Port Membership 3 189 Figure 3 85 Configuring DN...

Page 25: ...nvironment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP Community strings IP address filtering Port IEEE 802 1x MAC address filtering Access Control Lists Supports up to 32 IP or MAC ACLs Port Configuration Speed duplex mode and flow control...

Page 26: ...ed below Configuration Backup and Restore You can save the current configuration settings to a file on a TFTP server and later download this file to restore the switch configuration settings Broadcast Storm Control Supported Static Address Up to 16K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported ...

Page 27: ...ber or TCP control code or any frames based on MAC address or Ethernet type ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols Port Configuration You can manually configure the speed duplex mode and flow control used on specific ports or use auto negotiation to detect the...

Page 28: ...d threshold it will be throttled until the level falls back beneath the threshold Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Static addresses can be used t...

Page 29: ...osen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standar...

Page 30: ...rts within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using four priority queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functi...

Page 31: ... 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1x Port Authentication Disabled HTTPS Enabled SSH Enabled Port Security Disabled Web Management HTTP Server En...

Page 32: ...SE SX LX LH 1000 Mbps full duplex Full duplex flow control disabled Symmetric flow control disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled MSTP Defaults All values based on IEEE 802 1s Fast Forwarding ...

Page 33: ... 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler D...

Page 34: ...INTRODUCTION 1 10 ...

Page 35: ...ent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial console port on ...

Page 36: ... via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 6 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS 232 serial port that enables a connection to a PC or termina...

Page 37: ...p bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www microsoft com f...

Page 38: ...ing Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a network computer using SNMP network management software Note The onboard program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SN...

Page 39: ... opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case sensitive To prevent...

Page 40: ...ic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Manual Configuration You can manually assign an IP address to the switch You may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything o...

Page 41: ...al configuration mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to...

Page 42: ...de prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To obtain IP settings via BOOTP type ip address bootp and press Enter 3 Type end to return to the Privileged Exec mode Press Enter 4 Type ip dhcp restart client to be...

Page 43: ...be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the switch You therefore need to assign community strings to specifie...

Page 44: ...event unauthorized access to the switch via SNMP it is recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default m...

Page 45: ...e is either authentication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration sett...

Page 46: ... the system See Saving or Restoring Configuration Settings on page 3 24 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 22 for more information Diagnostic Code Software that is run during system boot up also known as ...

Page 47: ...iles should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 48: ...INITIAL CONFIGURATION 2 14 ...

Page 49: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and password...

Page 50: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 51: ...rs and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and...

Page 52: ...Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Clicking on...

Page 53: ...ension Shows the bridge extension parameters 3 16 IP Configuration Sets the IP address for management access 3 17 File 3 22 Firmware Manages code image files 3 22 Configuration Manages switch configuration files 3 24 Reset Restarts the switch 3 26 SNTP 3 27 Configuration Configures SNTP client settings including broadcast mode or a specified list of servers 3 27 Clock Time Zone Sets the local time...

Page 54: ...56 Statistics Displays protocol statistics for the selected port 3 58 ACL 3 60 Configuration Configures packet filtering based on IP or MAC addresses 3 60 Mask Configuration Controls the order in which ACL rules are checked 3 70 Port Binding Binds a port to the specified ACL 3 76 IP Filter Sets IP addresses of clients allowed management access 3 78 Port 3 78 Port Information Displays port connecti...

Page 55: ...dcast Control Sets the broadcast storm threshold for each trunk 3 101 Mirror Port Configuration Sets the source and target ports for mirroring 3 103 Rate Limit 3 104 Input Port Configuration Sets the input rate limit for each port 3 104 Input Trunk Configuration Sets the input rate limit for each trunk 3 104 Output Port Configuration Sets the output rate limit for each port 3 104 Output Trunk Conf...

Page 56: ... Port Configuration Configures individual port settings for STA 3 130 Trunk Configuration Configures individual trunk settings for STA 3 130 MSTP VLAN Configuration Configures priority and VLANs for a spanning tree instance 3 133 Port Information Displays port settings for a specified MST instance 3 137 Trunk Information Displays trunk settings for a specified MST instance 3 137 Port Configuration...

Page 57: ...ding tagged untagged or forbidden 3 153 Port Configuration Specifies default PVID and VLAN attributes 3 154 Trunk Configuration Specifies default trunk VID and VLAN attributes 3 154 Private VLAN Status Enables or disables the private VLAN 3 158 Link Status Configures the private VLAN 3 159 Protocol VLAN Configuration Creates a protocol group specifying the supported protocols 3 160 Port Configurat...

Page 58: ...e value 3 173 IP Port Priority Status Globally enables or disables IP Port Priority 3 175 IP Port Priority Sets TCP UDP port priority defining the socket number and associated class of service value 3 175 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 177 ACL Marker Change traffic priorities for frames matching an ACL rule 3 178 IGMP Snooping ...

Page 59: ...tes multicast addresses associated with the selected VLAN 3 188 DNS General Configuration Enables DNS configures domain name and domain list and specifies IP address of name servers for dynamic lookup 3 190 Static Host Table Configures static entries for domain name to address mapping 3 193 Cache Displays cache entries discovered by designated name servers 3 195 Table 3 2 Main Menu Menu Descriptio...

Page 60: ...ocation Contact Administrator responsible for the system System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access ...

Page 61: ... server location WC 9 3 151 Console config snmp server contact Geoff 3 151 Console config exit Console show system 3 82 System description SMC Networks SMC8624T System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address 00 00 A3 42 00 80 Web server enable Web server port 80 Web secure server enable Web secure...

Page 62: ...orts Number of built in RJ 45 ports and expansion ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply CLI only Management Software Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operatio...

Page 63: ...the following command to display version information Console show version 3 83 Unit1 Serial number Hardware version Number of ports 48 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 1 0 0 1 Boot rom version 1 0 0 1 Operation code version 1 1 0 4 Console ...

Page 64: ...his switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 112 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Re...

Page 65: ... change the switch s default settings IP address 0 0 0 0 and netmask 255 0 0 0 to values that are compatible with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment Console show bridge ext 3 251 Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry ind...

Page 66: ...is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is a...

Page 67: ...tatic enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 3 168 Console config if ip address 10 1 0 254 255 255 255 0 3 285 Console config if exit Console config ip default gateway 192 168 1 254 3 286 Console config ...

Page 68: ...management station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to ...

Page 69: ...st to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 3 168 Console config if ip addr...

Page 70: ...tails see the Batch Upgrade document in this Batch Upgrade folder Command Attributes TFTP Server IP Address The IP address of a TFTP server File Name The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ ...

Page 71: ...me then click Transfer from Server To start the new firmware reboot the system via the System Reset menu Figure 3 8 Operation Code Image File Transfer If you download to a new destination file then select the file from the drop down box for the operation code used at startup and click Apply Changes To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Ope...

Page 72: ...e Name The configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Note The maximum number of user defined configuration files is limited only by available flash memory space Console copy tftp fil...

Page 73: ...er the IP address of the TFTP server enter the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Transfer from Server Figure 3 10 Downloading Configuration Settings from a Server If you download to a new file name then select the new file from the drop down box for Startup Configuration File and press Apply Changes To use the new settin...

Page 74: ... Use the reload command to restart the switch Note When restarting the system it will always run the Power On Self Test Console copy tftp startup config 3 86 TFTP server ip address 192 168 1 19 Source configuration file name config 1 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console reload Console config Console config boot system config start...

Page 75: ...e update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Broadcast The switch sets its clock from a time server in the same subnet that broadcasts time updates If there is more than one SNTP server the switch accepts the first broadcast it detects and ignores broadcasts from other servers Conf...

Page 76: ... for a time update from a time server when set to SNTP Client mode Range 16 16284 seconds Default 16 seconds SNTP Server In unicast mode sets the IP address for up to three time servers The switch attempts to update the time from the first server if this fails it attempts an update from the next server in the sequence Web Select SNTP Configuration Modify any of the required parameters and click Ap...

Page 77: ...TC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 14 Setting the Time ...

Page 78: ...s to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in the following sections Setting Community Access Strings You may configure up to five ...

Page 79: ...ure 3 15 Setting Community Access Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC EliteVi...

Page 80: ...ever an invalid community string is submitted during the SNMP access authentication process The default is enabled Enable Link up and Link down Traps Issues link up or link down traps The default is enabled Web Click SNMP Configuration Fill in the IP address and community string for each trap manager that will receive these messages specify the SNMP version mark the trap types required and then cl...

Page 81: ...cific ports Configuring the Logon Password The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest with the password guest The default administrator name is admin ...

Page 82: ...to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Console config username bob access level 15 3 35 Console config username bob password 0 smith Console config Web Telnet RADIUS TACACS server console 1 Client attempts management acce...

Page 83: ...and Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and TAC...

Page 84: ...nce RADIUS Settings Server IP Address Address of authentication server Default 10 1 0 1 Server Port Number Network UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Number of Server Transmits Number of times th...

Page 85: ... use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI See username on page 4 35 Web Click Security Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TAC...

Page 86: ...ient and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data Console config authentication login radius 3 94 Console config radius server host 192 168 1 25 3 95 Console config radius server port 181 3 96 Console config radius server key green 3 97 Console config radius server retransmit 5 3 97 Console...

Page 87: ...Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Default Port 443 Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply Figure 3 19 HTTPS Settings Table 3 3 HTTPS Support Web Browser Operating System Inter...

Page 88: ...from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and use the following command at the switch s command line interface to...

Page 89: ...between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered Notes 1 Note that you need to install an SSH client on the management station to access the switch for management via the SSH protocol 2 The switch supports both SSH Version 1 5 and 2 0 Command Usage The SSH server on this switch supports both password and public key aut...

Page 90: ...port Client s Public Key to the Switch Use the copy tftp public key command page 4 86 to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch via the User Accounts page as described on page 3 33 The clients are subsequently authenticated using these keys The current firmware only acce...

Page 91: ...e switch compares the decrypted bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is authenticated Notes 1 To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you ...

Page 92: ... i e public and private keys Range RSA DSA Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is...

Page 93: ...Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 20 SSH Host Key Settings ...

Page 94: ...host key 3 48 Console show public key host 3 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB3...

Page 95: ...ecifies the SSH server key size Range 512 896 bits The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page before yo...

Page 96: ...can automatically take action by disabling the port and sending a trap message To use port security first allow the switch to dynamically learn the source MAC address VLAN pair for frames received on a port for an initial training period and then enable port security to stop address learning Be sure you enable the learning function long enough to ensure that all valid VLAN members have been regist...

Page 97: ...etwork interconnection device If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 84 Command Attributes Port Port number Name Descriptive text page 4 168 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap messa...

Page 98: ...imum number of MAC addresses allowed on a port and click Apply Figure 3 22 Configuring Port Security CLI This example sets the command mode to Port 5 sets the port security action to send a trap and disable the port and then enables port security for the switch Console config interface ethernet 1 5 Console config if port security action trap and shutdown 3 102 Console config if port security Conso...

Page 99: ...authentication server to verify user identity and access rights When a client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to ...

Page 100: ...n of the firmware supports only the EAP MD5 authetication type Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1x Global Settings The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch i e authenticator as well as the client identity lookup process that runs betwe...

Page 101: ...ew client Timeout for Re authentication Period Indicates the time period after which a connected client must be re authenticated Timeout for TX Period The time period during an authentication session that the switch waits before re transmitting an EAP packet Supplicant timeout The time the switch waits for a client response to an EAP request Server timeout The time the switch waits for a response ...

Page 102: ...atus Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 23 disabled Single Host ForceAuthorized yes 1 24 enabled Single Host Auto yes 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 24 Status Unauthorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 00 00 00 00 Current Id...

Page 103: ...mber of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session Range 1 10 Default 2 Timeout for Quiet Period Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 seconds Timeout for Re authentication Period Sets the time ...

Page 104: ...thentication mode configured for each port Command Attributes Status Indicates if authentication is enabled or disabled on the port Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Range Single Host Multi Host Default Single Host Console config dot1x re authentication 3 109 Console config dot1x max req 5 3 106 Console config dot1x timeout quiet period ...

Page 105: ...ces the port to grant access to all clients either dot1x aware or otherwise Force Unauthorized Forces the port to deny access to all clients either dot1x aware or otherwise Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port ...

Page 106: ...goff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Res...

Page 107: ...stics Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Table 3 4 802 1x Statistics Parameter Descripton ...

Page 108: ...quential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules ma...

Page 109: ...e egress IP ACL or the egress MAC ACLs If these rules are included in ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail The order in which active ACLs are checked is as follows 1 User defined rules in the Egress MAC ACL for egress ports 2 User defined rules in the Egress IP ACL for egress ports 3 User defined rules in the Ingress MAC ACL for ingre...

Page 110: ...otocol is specified then you can also filter packets based on the TCP control code MAC MAC ACL mode that filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 Web Click Security ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3...

Page 111: ...ddress Source IP address SubMask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the address for each IP packet entering the port s to which this ACL has been assigned Web Specify the action i e Permit or Deny Select t...

Page 112: ... Subnet mask for source or destination address See the description for SubMask on page 3 63 Service Type Packet priority settings based on the following criteria Precedence IP precedence level Range 0 7 TOS Type of Service level Range 0 15 DSCP DSCP priority level Range 0 64 Protocol Specifies the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 O...

Page 113: ...t 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control code 2 control bitmask 2 Both SYN and ACK valid use control code 18 control bitmask 18 SYN va...

Page 114: ...riteria such as service type protocol type or TCP control code Then click Add Figure 3 29 Configuring Extended IP ACLs CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from cl...

Page 115: ... destination MAC address Source Destination MAC Bitmask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4095 VID Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8...

Page 116: ...et type Untagged eth2 Untagged Ethernet II packets Untagged 802 3 Untagged Ethernet 802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets Command Usage Egress MAC ACLs only work for destination mac known packets not for multicast broadcast or destination mac unknown packets ...

Page 117: ...ect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 30 Configuring MAC ACLs CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype...

Page 118: ...to up to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before mapping an AC...

Page 119: ... packet Configuring an IP ACL Mask This mask defines the fields to check in the IP header Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes Command Attributes Src Dst IP Specifies the source or destination IP address Use Any to match any address Host to specify a host address no...

Page 120: ...must match this bitmask See the description for SubMask on page 3 63 Protocol Bitmask Check the protocol field Service Type Check the rule for the specified priority type Options Precedence TOS DSCP Default TOS Src Dst Port Bitmask Protocol port of rule must match this bitmask Range 0 65535 Control Bitmask Control flags of rule must match this bitmask Range 0 63 ...

Page 121: ...a protocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add Figure 3 32 Configuring an IP based ACL CLI This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255...

Page 122: ...ation MAC Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format Bitmask A packet format must be specified in the rule Console config access list ip standard A2 3 118 Console config std acl permit 10 1 1 0 255 255 255 0 3 119 Console config std acl deny 10 1 1 1 255 255 25...

Page 123: ...gress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 3 33 Configuring a MAC based ACL ...

Page 124: ...L to any port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console config access list mac M4 3 136 Console config mac acl permit any any 3 137 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 3 137 Console config mac acl end Console show access list 3 148 MAC acce...

Page 125: ...to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 24 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ACL for ingress ...

Page 126: ...nfigured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot del...

Page 127: ...this interface Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range Web Click Security IP Filter Enter the addresses that are allowed management access to an interface and click Add IP Filtering Entry Figure 3 35 Filtering Management Access CLI This example restricts management access for Telnet clients Console config management telnet c...

Page 128: ...led Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Forced Mode1 Shows the forced preferred port type to use for combination ports 21 24 Copper Forc...

Page 129: ...he port type 1000BASE T 1000BASE SX 1000BASE LX or 100BASE FX MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice ...

Page 130: ...st storm limit Shows the broadcast storm threshold 500 262143 packets per second Flow control Shows if flow control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 20 addresses Port security action Shows the response to take when a secur...

Page 131: ...0 30 f1 47 58 46 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status Down Operation speed duplex 100full Flow control type None Conso...

Page 132: ... duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported 10half Supports 10 ...

Page 133: ...l 100half 100full 1000full 1000BASE SX LX LH 1000full Forced Mode Shows the forced preferred port type to use for the combination ports 21 24 Copper Forced Always uses the built in RJ 45 port Copper Preferred Auto Uses the built in RJ 45 port if both combination types are functioning and the RJ 45 port has a valid link SFP Forced Always uses the SFP port even if module is not installed SFP Preferr...

Page 134: ... providing a fault tolerant link between two devices You can create up to six trunks at a time Console config interface ethernet 1 13 3 168 Console config if description RD SW 13 3 168 Console config if shutdown 3 175 Console config if no shutdown Console config if no negotiation 3 170 Console config if speed duplex 100half 3 169 Console config if flowcontrol 3 173 Console config if negotiation Co...

Page 135: ...g the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding netw...

Page 136: ...ating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Web Click Port Trunk Membership Enter a trunk ID of 1 6 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports...

Page 137: ...ig interface ethernet 1 1 3 168 Console config if channel group 1 3 189 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 3 178 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 1...

Page 138: ... ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3...

Page 139: ...nnel group Console config interface ethernet 1 1 3 168 Console config if lacp 3 190 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 3 178 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port admin status Up Speed duplex Auto Capabilities ...

Page 140: ...must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 0 Port Priority If a l...

Page 141: ...tionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 40 LACP Aggregation Port Configuration ...

Page 142: ...le config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 3 196 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console show ...

Page 143: ...p LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subty...

Page 144: ...LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 6 LACP Settings Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP Sy...

Page 145: ...n this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregat...

Page 146: ...CP configuration settings and operational state for the local side of port channel 1 Console show 1 lacp internal 3 196 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeo...

Page 147: ...rative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key f...

Page 148: ...ote side of port channel 1 Console show 1 lacp neighbors 3 196 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper...

Page 149: ... by setting a threshold for broadcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Protect Status Shows w...

Page 150: ...switchport broadcast 3 176 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 3 176 Console config if end Console show interfaces switchport ethernet 1 2 3 181 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bit...

Page 151: ...ed otherwise traffic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to t...

Page 152: ...he maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming out of the switch Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with ...

Page 153: ...t the Input Rate Limit Status or Output Rate Limit Status then set the rate limit for the individual interfaces and click Apply Figure 3 46 Configuring Output Port Rate Limiting CLI This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps Console config interface ethernet 1 1 3 168 Console config if rate limit input 600 3 186 Console config if rate limit out...

Page 154: ...e the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default Note RMON groups 2 3 and 9 can only be accessed using SNMP management software such as SMC EliteView or HP OpenView Statistical Values Table 3 8 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including fram...

Page 155: ... requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level...

Page 156: ...itted frames for which transmission is inhibited by exactly one collision Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that...

Page 157: ...mber of collisions on this Ethernet segment Received Frames The total number of frames bad broadcast and multicast received Broadcast Frames The total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors ...

Page 158: ... and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and tran...

Page 159: ...PORT CONFIGURATION 3 111 Figure 3 48 Displaying Etherlike and RMON Statistics ...

Page 160: ...stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE T...

Page 161: ... of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 49 Mapping Ports to Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table static 00 ...

Page 162: ...wise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Web Click Address Table Dynamic Addresses Specify the search type i e mark the Interface MAC Ad...

Page 163: ...discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click Apply Figure 3 51 Setting the Aging Time CLI This example sets the aging time to 400 seconds Console show mac address table interface ethernet 1 1 3 202 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console Console...

Page 164: ...panning Tree Protocol IEEE 802 1s STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device It selects a designated bridging device from ...

Page 165: ...edefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs When using STP or RSTP it may be difficult to maintain a stable path between all VLAN members Frequent changes in the tree structure can easily isolate some of the group members MSTP an extension of RSTP is ...

Page 166: ...hich includes both ports and trunks Hello Time Interval in seconds at which the root device transmits a configuration message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition eac...

Page 167: ...vice with the lowest MAC address will then become the root device Root Hello Time Interval in seconds at which this device transmits a configuration message Root Maximum Age The maximum time in seconds this device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular interval...

Page 168: ...x number of hop counts for the MST region Remaining hops The remaining number of hop counts for the MST instance Transmission limit The minimum interval between the transmission of consecutive RSTP MSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Web Clic...

Page 169: ... the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Console show spanning tree 3 228 Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max ...

Page 170: ... operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tree instances A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode ...

Page 171: ...hich the root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information pr...

Page 172: ...is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval...

Page 173: ...ed in the MST region before a BPDU is discarded Range 1 40 Default 20 The MST name and revision number are both required to uniquely identify an MST region Web Click Spanning Tree STA Configration Modify the required attributes and click Apply Figure 3 53 Configuring the Spanning Tree Algorithm ...

Page 174: ...al set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Console config spanning tree 3 206 Console config spanning tree mode mst 3 207 Console config spanning tree priority 40000 3 211 Console config spanning tree hello time 5 3 210 Consol...

Page 175: ...urrent Spanning Tree configuration The slower the media the higher the cost Designated Bridge The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree Designated Port The port priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Li...

Page 176: ... of a trunk STA Port Information only These additional parameters are only displayed for the CLI Admin status Shows if this interface is enabled External path cost The path cost for the IST This parameter is used by the STA to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Pat...

Page 177: ...rd compatibility with earlier products Admin Edge Port You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains t...

Page 178: ...cate the preferred path link type to indicate a point to point connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 5 3 228 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 ...

Page 179: ...ing Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the por...

Page 180: ... other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loo...

Page 181: ...ithm per Port CLI This example sets STA attributes for port 7 Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance Con...

Page 182: ...ees 1 Set the spanning tree type to MSTP STA Configuration page 3 121 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the VLANs that will share this MSTI MSTP VLAN Configuration Note All VLANs are automatically added to the IST Instance 0 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with...

Page 183: ...ributes displayed by the CLI for individual interfaces are described under Displaying Interface Settings page 3 126 Web Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 56 Configuring Multiple Spanning ...

Page 184: ...ax hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designated root...

Page 185: ...utes MST Instance ID Instance identifier to configure Range 0 57 Default 0 Note The other attributes are described under Displaying Interface Settings page 3 126 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 57 Displaying MSTP Interface Settings Console config spanning tree mst configuration ...

Page 186: ...5 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost...

Page 187: ...ormation Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 57 Default 0 Priority Defines the priority used for this port in the ...

Page 188: ...t Method is set to short page 3 63 the maximum path cost is 65 535 Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Configuration...

Page 189: ...long to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network effic...

Page 190: ... ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to part...

Page 191: ...te that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded on...

Page 192: ... network This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in ...

Page 193: ...n forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the ...

Page 194: ...local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 59 Enabling GVRP Status CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number The VLAN version used by this switch as spe...

Page 195: ...n disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Console show bridge ext 3 251 ...

Page 196: ...VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Ports Channel groups Shows the VLAN interface members ...

Page 197: ... only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspe...

Page 198: ... click Add Figure 3 62 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 3 232 Console config vlan vlan 2 name R D media ethernet state active 3 233 Console config vlan end Console show vlan 3 242 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Eth1 13 ...

Page 199: ... Port page to configure VLAN groups based on the port index page 3 153 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 154 Command Attributes VLA...

Page 200: ...east one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 144 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the la...

Page 201: ...N Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Console config interface ethernet 1 1 3 168 Console config if switchport all...

Page 202: ... way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed ...

Page 203: ...which the ingress port is not a member Default Disabled Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it...

Page 204: ...nsiderably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 Mode Indicates VLAN membership mode for an interface Default 1Q Trunk 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Howeve...

Page 205: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 3 168 Console config if switchport acceptable frame types tagged 3 237 Console config if switchport ingress filtering 3 238 Console config if switchport native vlan 3 3 239 Console config if switchport gvrp 3 252 Console config if garp timer join 20 3 253 Console config if garp timer leave 90 Con...

Page 206: ...l VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 66 Enabling Private VLANS CLI This example enables private VLANs Console config pvlan 3 248 Console config Uplink Ports Primary VLAN p...

Page 207: ...downlinks for the private VLAN then click Apply Figure 3 67 PVLAN Uplink Downlink Port Configuration CLI This configures ports 3 and 4 as uplinks and ports 5 and 6 as downlinks Configuring Protocol Based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order ...

Page 208: ...VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page Configuring Protocol Groups Create a protocol group for one or more pro...

Page 209: ...erface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces using any of the other VLAN commands such as VLAN Static Table page 3 151 or VLAN Static Membership page 3 153 these interfaces will admit traffic of any protocol type into the associated VLAN Console config protocol vlan protoc...

Page 210: ...appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Command Attributes Interface Port or trunk identifier Protocol Group ID Group identifier of this protocol group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Web Click VLAN Protocol VLAN Port Configuration Select...

Page 211: ...ault port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame ...

Page 212: ... 3 70 Configuring Class of Service per Port CLI This example assigns a default priority of 5 to port 3 Console config interface ethernet 1 3 3 168 Console config if switchport priority default 5 3 256 Console config if end Console show interfaces switchport ethernet 1 5 3 181 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M...

Page 213: ...etwork applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class Output queue buffer Range 0 7 where 7 is the highest CoS priority queue CLI shows Queue ID Table 3 9 Egress Queue Pri...

Page 214: ...assignments to a one to one mapping Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 3 168 Console config queue cos map 0 0 3 260 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map ethe...

Page 215: ...ents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower...

Page 216: ...reby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class Range 1 15 CLI ...

Page 217: ...hen these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and t...

Page 218: ... the default setting IP Precedence Maps layer 3 4 priorities using IP Precedence IP DSCP Maps layer 3 4 priorities using Differentiated Services Code Point Mapping Web Click Priority IP Precedence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu Figure 3 74 Setting IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on t...

Page 219: ... to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Table 3 11 ...

Page 220: ...0 on port 1 and then displays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip precedence 3 265 Console config interface ethernet 1 1 3 168 Console config if map ip precedence 1 cos 0 3 266 Console config if end Console show map ip precedence...

Page 221: ... can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priori...

Page 222: ...ue 1 on port 1 and then displays the DSCP Priority settings Note Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 3 267 Console config interface ethernet 1 1 3 168 Console config if map ip dscp 1 cos 0 3 268 Console config if end Console show map ip dscp ethernet 1 1 3 ...

Page 223: ...tus Enables or disables the IP port priority Interface Selects the port or trunk interface to which the settings apply IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces We...

Page 224: ...t Priority service on the switch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Note Mapping specific values for IP Port Priority is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip port 3 94 Console config interface ethernet 1 1 3 168 Console config if map ip port 80 c...

Page 225: ...s not written to the packet itself For information on mapping the CoS values to output queues see page 3 165 Command Usage You must configure an ACL mask before you can map CoS values to the rule Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 For information on configuring ACLs see page 3...

Page 226: ... You can change traffic priorities for frames matching the defined ACL rule This feature is commonly referred to as ACL packet marking This switch can change the IEEE 802 1p priority IP Precedence or DSCP Priority of IP frames or change the IEEE 802 1p priority of Layer 2 frames This feature is commonly referred to as ACL packet marking Use the no form to remove the ACL marker Console config inter...

Page 227: ... may contain three bits for IP Precedence or six bits for Differentiated Services Code Point DSCP service Note that the IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC Precedence ...

Page 228: ...ick Add Figure 3 79 Changing Priorities Based on ACL Rules CLI This example changes the DSCP priority for packets matching an IP ACL rule and the 802 1p priority for packets matching a MAC ACL rule Console config interface ethernet 1 1 3 168 Console config if match access list ip bill set dscp 0 3 133 Console config if match access list mac mike set priority 0 3 147 Console config if end Console s...

Page 229: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure t...

Page 230: ... appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 188 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switc...

Page 231: ... is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 D...

Page 232: ... This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 3 273 Console config ip igmp snooping querier 3 278 Console config ip igmp snooping query count 10 3 278 Console config ip igmp snooping query interval 100 3 279 Console config ip igmp snooping query max response time 20 3 280 Console config ip igmp snooping query time o...

Page 233: ...n the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping Mu...

Page 234: ... ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configura...

Page 235: ... VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 3 282 Console config exit Console show ip igmp snooping mrouter vlan...

Page 236: ...ws if this entry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping and Query Parameters on page 3 182 For certain applications that require tighter control you may need to statically configure a multicast service on the swi...

Page 237: ...fic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the multicast service sp...

Page 238: ...nfigure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Server Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notation you ...

Page 239: ...ched with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List Defines define a list of domain names that can be appended to incomplete host ...

Page 240: ...Web Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 3 85 Configuring DNS ...

Page 241: ... network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Console config ip domain name sample com 3 187 Console config ip domain list sample com uk...

Page 242: ...st name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 3 86 Mapping IP Addresses to a Host Name CLI This example maps two address to a host name and then configures an alias host name for the same addresses ...

Page 243: ...eld includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip host rd5 192 168 1 55 10 1 0 55 3 158 Console co...

Page 244: ...1 4 CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POIN...

Page 245: ...ry similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged acc...

Page 246: ...Note The IP address for this switch is unassigned by default To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address How...

Page 247: ...mpt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty 0 for the guest to show that you are using normal access mode i e Normal Exec 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessi...

Page 248: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 249: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 250: ...interfaces ip IP information lacp Show lacp statistic line TTY line information logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Show management ip filter map Map priority marking Specify marker port Characteristics of the port protocol vlan Protocol vlan information public key Show information of public key pvlan...

Page 251: ...ng command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed agai...

Page 252: ...Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new conso...

Page 253: ...running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Username admin Password ...

Page 254: ...mpt will change to Console config which gives you access privilege to all Global Configuration commands To enter the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 14 Acce...

Page 255: ...g editing keystrokes for command line processing VLAN vlan database Console config vlan 4 231 MSTP spanning tree mst configuration Console config mstp 4 213 Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the curr...

Page 256: ...for the serial port and Telnet including baud rate and console time out 4 14 General Basic commands for entering privileged access mode restarting the system or quitting the CLI 4 26 System Management Controls system logs system passwords user name browser management options and a variety of other system information 4 32 Flash File Manages code image or switch configuration files 4 85 Authenticati...

Page 257: ...g specified addresses displays current entries clears the table or sets the aging time 4 200 Spanning Tree Configures Spanning Tree settings for the switch 4 205 VLANs Configures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs and protocol VLANs 4 231 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the ...

Page 258: ...a specific line for configuration and starts the line configuration mode GC 4 15 login Enables password checking at login LC 4 16 password Specifies a password on a line LC 4 17 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19 silent t...

Page 259: ...al terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command stopbits Sets the number of the stop bits transmitted per byte LC 4 24 disconnect Terminates a line connection PE 4 24 show line Displays a terminal line s param...

Page 260: ...ee authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the...

Page 261: ...eans encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You...

Page 262: ...the interval that the system waits until user input is detected Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is k...

Page 263: ...ue is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Tel...

Page 264: ...ord thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 19 Console config l...

Page 265: ...per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Comm...

Page 266: ...even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command Console config line parity none Console config line ...

Page 267: ... auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and a...

Page 268: ... stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will discon...

Page 269: ...for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console disconnect 1 Console Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Intera...

Page 270: ...ess Privileged Exec mode Default Setting Level 15 Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 28 reload Restarts the system PE 4 29 end Returns to Privileged Exec mode any config mo...

Page 271: ...mands disable 4 27 enable password 4 36 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Command Usage The ...

Page 272: ...bling some of the other configuration modes including Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 30 show history This command shows the contents of the command history buffer Default Setting None Console di...

Page 273: ...ation command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config start...

Page 274: ...mand returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console reload System will be restarted continue y n y Console config if end Console ...

Page 275: ...urn to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example Console config exit Console exit Press ENTER to start session User Access Verification Username ...

Page 276: ...hat uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a Web browser 4 40 Secure Shell Provides secure replacement for Telnet 4 45 Event Logging Controls logging of error messages 4 58 SMTP Alerts Configures SMTP e...

Page 277: ...pt Maximum length 255 characters Default Setting Console Command Mode Global Configuration Example Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 151 snmp server location Sets the system location string GC 4 15...

Page 278: ... for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 93 and host access authentication for specific ports page 4 104 Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Function Mode Page username Es...

Page 279: ...cters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive...

Page 280: ...ged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password passw...

Page 281: ... reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 26 IP Filter Commands Console config enable password level 15 0 admin Console config Table 4 10 IP Filter Commands Command Function Mode Page management Configures IP addresses that ar...

Page 282: ...starting address of a range end address The end address of a range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP Web and...

Page 283: ...ement This command displays the client IP addresses that are allowed management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP Web and Telnet groups http client Adds IP address es to the Web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the ...

Page 284: ...25 192 168 1 30 Telnet Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 11 Web Server Command Command Function Mode Page ip http port Specifies the port to be used by the Web browser interface GC 4 41 ip http server Allows the switch to be monitored or configured from a browser GC 4 41 ip http secure server Enables HTTPS SSL for encrypt...

Page 285: ...The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 41 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 286: ... the switch s Web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in y...

Page 287: ...rnet Explorer 5 x and Netscape Navigator 4 x or later versions The following Web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 40 Also refer to the copy command on page 4 86 Example Related Commands ip http secure port 4 44 copy tftp https certificate 4 86 Web Browser Operating System Internet...

Page 288: ..._number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure ser...

Page 289: ...s authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install an SSH client on the management station when using this protocol to configure the switch Note The...

Page 290: ...e switch and enable the SSH server To use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair ip ssh crypto host key generate Generates the host key PE 4 52 ip ssh crypto zeroize Clear the host key from RAM PE 4 53 ip ssh save host key Saves the host key from RAM to flash memory PE 4 54 disconnect T...

Page 291: ...ing these keys The current firmware only accepts public key files based on standard UNIX format as shown in the following example 1024 35 1341081685609893921040944920155425347631641921872958921143173880 055536161631051775940838686311092912322268285192543746031009371877211996963178 136627741416898513204911720483033925432410163799759237144901193800609025394840 848271781943722884025331159521348610229...

Page 292: ...r during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server Use this command to enable the Secure Shell SSH server on this switch Use the no form to disable this service Syntax ip ssh server no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four cl...

Page 293: ... during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Console ip ssh crypto host key gen...

Page 294: ...henticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 54 Console config ip ssh authentication retires 2 Console config ...

Page 295: ...Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key Use this command to delete the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type...

Page 296: ...nd stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and e...

Page 297: ...ype Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 52 ip ssh save host key 4 54 no ip ssh s...

Page 298: ...ey Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 52 show ip ssh Use this command to display the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server k...

Page 299: ...State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 4 13 SSH Information Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client ...

Page 300: ...server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Encryption Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 160 ...

Page 301: ...018676692593339467750546173253136748908365472541502024559319986854435 836165199992332978176606583095861082591321289023376546801726272571413428762941 301196195566782595664104869574278881462065194174677298486546861571773939016477 935594230357741309802273708779454524083971752646358058176716709574804776117 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8...

Page 302: ...e of error messages that are stored Table 4 14 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 58 logging history Limits syslog messages saved to switch memory based on severity GC 4 59 logging host Adds a syslog server host IP address that will receive logging messages GC 4 60 logging facility Sets the facility type for remote logging of syslog...

Page 303: ...i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Name Level Description debugging 7 Debugging messages informational 6 Informational messages only notifications 5 Normal but significant condition such as cold start warnings 4 Warning conditions e g return false unexpect...

Page 304: ...command adds a syslog server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration alerts 1 Immediate action needed emergencies 0 System unusable Console config logging history ram 0 Console config Name Level Des...

Page 305: ...pe A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort ...

Page 306: ...ogging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 59 Default Setting Level 3 0 Command Mode Global Configuration Example clear logging This command clears messages from the log buffer Syntax clear logging flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored...

Page 307: ...y i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset sendmail Displays settings for the SMTP event handler page 4 69 trap Displays settings for the trap function Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the mess...

Page 308: ...the logging history command History logging in RAM The message level s reported based on the logging history command Messages Any system and event messages stored in memory Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTE...

Page 309: ... specified in the logging host command Table 4 15 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4 66 logging sendmail level Sets the severity threshold used to trigger alert messages GC 4 67 logging sendmail source email Sets the email address used for From field of alert messages GC 4 67 logging sendmail destination e...

Page 310: ...and to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in t...

Page 311: ...d level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging...

Page 312: ...ination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must ...

Page 313: ...x no logging sendmail Default Setting Disabled Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config ...

Page 314: ...TP status Enable Console Table 4 16 Time Commands Command Function Mode Page sntp server Specifies one or more time servers GC 4 71 sntp poll Sets the interval at which the client polls for time GC 4 72 sntp client Accepts time from specified time servers GC 4 72 sntp broadcast client Accepts time from any time broadcast server GC 4 74 show sntp Shows current SNTP configuration settings NE PE 4 74...

Page 315: ...SNTP Range 1 3 addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Re...

Page 316: ...16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration Command Usage This command is only applicable when the switch is set to SNTP client mode Example Related Commands Related Commands 4 73 sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command Use the no form to disable SNTP clien...

Page 317: ...time synchronization requests based on the interval set via the sntp poll command The SNTP time query method is set to client mode when the first sntp client command is issued However if the sntp broadcast client command is issued then the no sntp broadcast client command must be used to return the switch to SNTP client mode Example Related Commands sntp server 4 71 sntp poll 4 72 sntp broadcast c...

Page 318: ...and displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchronization requests when the switch is set to SNTP client mode and the current SNTP mode i e client or broadcast E...

Page 319: ...e zone before east of UTC after utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the...

Page 320: ...ge 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2101 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Defaul...

Page 321: ... System Status Commands Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 77 show running config Displays the configuration data currently in use PE 4 80 show system Displays system information NE PE 4 82 show users Shows all active console and Telnet sessions including user name idle time ...

Page 322: ...eparated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs Routing protocol configuration settings...

Page 323: ...el 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 lacp partner admin key 0 spanning tree edge port interface vlan 1 ip address dhc...

Page 324: ...memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree i...

Page 325: ...743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 lacp partner admin key 0 spanning tree edge port...

Page 326: ...ssistance Example Console show system System description SMC Networks SMC8648T System OID string 1 3 6 1 4 1 202 20 37 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address 00 00 A3 42 00 80 Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST result DUMMY Test 1 ...

Page 327: ...his command is indicated by a symbol next to the Line i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None Online users Line Username Idle time h m s Remote IP addr 0 conso...

Page 328: ...the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Console show version Unit1 Serial number Hardware version Number of ports 48 Main power status up Redundant power status not present Agent master Unit id 1 Loader version 1 0 0 1 Boot rom version 1 0 0 1 Operation code version 1 1 0 4 Console Table 4 18 Frame Size Commands Command Function Mo...

Page 329: ...extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 176 Example Flash File Commands These commands are used to manage the system code or configuration files Console config jumb...

Page 330: ...e file running config startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system init...

Page 331: ...sh memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination For information on specifyi...

Page 332: ...p Choose file type 1 config 2 opcode 1 2 1 Source file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01...

Page 333: ...letes a file or image Syntax delete filename filename Name of the configuration file or image name Default Setting None Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y Console copy tftp public key TFTP server IP address...

Page 334: ...y Related Commands dir 4 90 delete public key 4 51 dir This command displays a list of files in flash memory Syntax dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors informati...

Page 335: ...wered up Default Setting None Command Mode Privileged Exec Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte diag_0060 Boot Rom image Y 111360 run_01642 Operation Code N 1074304 run_...

Page 336: ...e of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Console whichbo...

Page 337: ...Console config Table 4 20 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 93 RADIUS Client Configures settings for authentication via a RADIUS server 4 95 TACACS Client Configures settings for authentication via a TACACS server 4 99 Port Security Configures secure addresses for a port 4 102 Port Authentication Configu...

Page 338: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command t...

Page 339: ...adius server host This command specifies the RADIUS server Use the no form to restore the default Syntax radius server host host_ip_address no radius server host host_ip_address IP address of server Console config authentication login radius Console config Table 4 22 RADIUS Client Commands Command Function Mode Page radius server host Specifies the RADIUS server GC 4 95 radius server port Sets the...

Page 340: ...rt Use the no form to restore the default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Example Console config radius server host 192 168 1 25 Console config Console config radius server port 181 Console config ...

Page 341: ...ces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Ran...

Page 342: ...t number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Console config radius server retransmit 5 Console confi...

Page 343: ...ifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Console show radius server Server IP address 10 1 0 1 Communication key with radius server Server port number 1812 Retransmit times 2 Request timeout 5 Console Table 4 23 TACACS Client Commands Comma...

Page 344: ...he no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example Console config tacacs server host 192 168 1 25 Console config Console config tacacs server port 181 Console config ...

Page 345: ...ank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console config tacacs server key green Console config Console show tacacs server Remote TACACS server configuration Server IP address 10 11 1...

Page 346: ... the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only ...

Page 347: ...port security to stop address learning Be sure you enable the learning function long enough to ensure that all valid VLAN members have been registered on the selected port To add new VLAN members at a later time you can manually add secure addresses with the mac address table static command or turn off port security to re enable the learning function long enough for new VLAN members to be register...

Page 348: ...tensible Authentication Protocol Console config interface ethernet 1 5 Console config if port security action trap Table 4 25 802 1x Port Authentication Commands Command Function Mode Page authentication dot1x default Sets the default authentication server type GC 4 105 dot1x default Resets all dot1x parameters to their default values GC 4 106 dot1x max req Sets the maximum number of times that th...

Page 349: ...ets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client GC 4 109 dot1x timeout re authperiod Sets the time period after which a connected client must be re authenticated GC 4 110 dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet GC 4 110 show ...

Page 350: ...ts the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Default 2 Command Mode Global Configuration Example Console config dot1x default Console config Console config dot...

Page 351: ...ed client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config interface e...

Page 352: ... host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Example dot1x re authenticate This command forces re authentication on all ports or a specific inte...

Page 353: ...obal Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Console dot1x re authenticate Cons...

Page 354: ...nge 1 65535 Default 3600 seconds Command Mode Global Configuration Example dot1x timeout tx period This command sets the time that the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds The number of seconds Range 1 65535 Console config dot1x timeo...

Page 355: ...he following information Global 802 1X Parameters Displays the global port access control parameters that can be configured for this switch as described in the preceding pages including reauth enabled page 4 109 reauth period page 4 110 quiet period page 4 109 tx period page 4 110 and max req page 4 106 It also displays the following global parameters which are set to a fixed value including the f...

Page 356: ...nd Port control page 4 107 It also displays the following information Status Authorization status authorized or unauthorized Supplicant MAC address of authorized client Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered...

Page 357: ... a 1 2 enabled Single Host Auto n a 1 25 disabled Single Host ForceAuthorized n a 1 26 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 802 1X is enabled on port 1 2 Status Unauthorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 00 00 00 00 Current Identifier 0 Authenticator State Machine State Connecting Reauth Count 3 Backen...

Page 358: ...ch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters ...

Page 359: ...rts should not exceed 20 You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule The switch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail...

Page 360: ...pes i e Ingress IP ACL Egress IP ACL Ingress MAC ACL or Egress MAC ACL but a mask can be bound to up to four ACLs of the same type IP ACLs Table 4 26 Access Control List Commands Command Groups Function Page IP ACLs Configure ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 116 MAC ACLs Configure ACLs based on hardware addresses packet format and Ethernet type 4 ...

Page 361: ...cedence Shows the ingress or egress rule masks for IP ACLs PE 4 128 ip access group Adds a port to an IP ACL IC 4 129 show ip access group Shows port assignments for IP ACLs PE 4 129 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 130 show map access list ip Shows CoS value mapped to an access list for an interface PE 4 132 match access li...

Page 362: ...r more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To...

Page 363: ...rce IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits ...

Page 364: ...tocol number udp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port source port bitmask destination port destination port port bitmask no permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port source port bitma...

Page 365: ...byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Includes TCP UDP or other protocol types Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indi...

Page 366: ...d use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP ...

Page 367: ...mum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 119 ip access group 4 129 access list ip mask precedence This command accesses the IP Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Console show ip ac...

Page 368: ...pplied to a packet is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Example Related Commands mask IP ACL 4 125 ip access group 4 129 Console co...

Page 369: ...st The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the protocol destination port field port bitm...

Page 370: ...recedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host any...

Page 371: ...Console config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list ...

Page 372: ...g access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask a...

Page 373: ... list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it t...

Page 374: ... an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Console config int eth 1 25 Console config if ip access group standard david in Console...

Page 375: ...ule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map on 4 260 Example Related Commands queue cos map 4 260 show map access list ip 4 132 Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Console config interface ethernet 1 25 Console config if map access list ip bill cos 0 Consol...

Page 376: ...ue determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Related Commands map access list ip 4 130 Console show map access list ip Access list to COS of Eth 1 24 Access list ALS1 cos 0 Console ...

Page 377: ...one Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Traffic priorities may be included in the IEEE 802 1p priority tag This tag is also incorporated as part of the overall IEEE 802 1Q VLAN tag To specify this priority use the set priority keywords The IP frame header also includes priority bits i...

Page 378: ...r packet marking Command Mode Privileged Exec Example Related Commands match access list ip 4 133 Console config interface ethernet 1 12 Console config if match access list ip bill set dscp 0 Console config if Console show marking Interface ethernet 1 12 match access list IP bill set DSCP 0 match access list MAC a set priority 0 Console ...

Page 379: ...recedence mask for the ACL rules MAC Mask 4 140 show access list mac mask precedence Shows the ingress or egress rule masks for MAC ACLs PE 4 143 mac access group Adds a port to a MAC ACL IC 4 144 show mac access group Shows port assignments for MAC ACLs PE 4 145 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 145 show map access list mac...

Page 380: ... must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related ...

Page 381: ...ocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source address bitmask any host destination destinat...

Page 382: ...end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands ...

Page 383: ...44 access list mac mask precedence This command accesses MAC Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mode Global Configuration Console sho...

Page 384: ...sk MAC ACL This command defines a mask for MAC ACLs This mask defines the fields to check in the packet header Use the no form to remove a mask Syntax no mask pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype bitmask pktformat Check the packet format field If this keyword must be used in the mask the packet format must be specified in ACL rule to ma...

Page 385: ...Command Mode MAC Mask Command Usage Up to seven masks can be assigned to an ingress or egress ACL Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules were entered First create the required ACLs and inbound or outbound masks before mapping an ACL to...

Page 386: ...le config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 Console config access list mac mask precedence in Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 12 Console config if mac access group M4 in Console config if end Console show ac...

Page 387: ...e config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config if mac access group...

Page 388: ...applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac access list 4 139 Console config inter...

Page 389: ...n ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Console show mac acce...

Page 390: ...cess list mac 4 146 show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Priority 0 1 2 3 4 5 6 7 Queue 1 2 0 3 4 5 6 7 Console config ...

Page 391: ...atch access list mac acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Console show map access list mac Acc...

Page 392: ...ction Mode Page show access list Shows all ACLs and associated rules PE 4 148 show access group Shows the ACLs assigned to each port PE 4 149 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 0 0 0 255 any dport 80 permit 192 168 1 0 0 0 0 255 any protocol tcp contro...

Page 393: ...5 IP standard access list david MAC access list jerry Console Table 4 30 SNMP Commands Command Function Mode Page snmp community Sets up the community access string to permit access to SNMP commands GC 4 150 snmp contact Sets the system contact string GC 4 151 snmp location Sets the system location string GC 4 151 snmp host Specifies the recipient of an SNMP notification operation GC 4 152 snmp en...

Page 394: ... read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify...

Page 395: ... Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp location 4 151 snmp location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Console c...

Page 396: ...he targeted recipient Maximum host addresses 5 trap destination IP address entries community string Password like community string sent with the notification operation Although you can set this string using the snmp host command by itself we recommend that you define this string using the snmp community command prior to using the snmp host command Maximum length 32 characters version Specifies whe...

Page 397: ...sent globally For a host to receive notifications at least one snmp enable traps command and the snmp host command for that host must be enabled Some notification types cannot be controlled with the snmp enable traps command For example some notification types are always enabled The switch can send SNMP version 1 or version 2c notifications to a host IP address depending on the SNMP version that t...

Page 398: ... you do not enter an snmp enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to th...

Page 399: ...ommunications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp enable traps command ...

Page 400: ...ge is read only 328 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 557 Number of requested variables 0 Number of altered variables 99 Get request PDUs 229 Get next PDUs 0 Set request PDUs 328 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 328 Response PDUs 0 Tra...

Page 401: ...t Creates a static host name to address mapping GC 4 158 clear host Deletes entries from the host name to address table PE 4 159 ip domain name Defines a default domain name for incomplete host names GC 4 159 ip domain list Defines a list of default domain names for incomplete host names GC 4 160 ip name server Specifies the address of one or more name servers to use for host name to address trans...

Page 402: ... Setting No static entries Command Mode Global Configuration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device Example This example maps two address to a host...

Page 403: ...the DNS table ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name Syntax ip domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 cha...

Page 404: ...ient that are not formatted with dotted notation Use the no form to remove a name from this list Syntax no ip domain list name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Console config ip domain name sample com Console config end Console show dns Domain Lookup St...

Page 405: ... no domain list the domain name specified with the ip domain name command is used If there is a domain list the default domain name is not used Example This example adds two domain names to the current list and then displays the list Related Commands ip domain name 4 159 Console config ip domain list sample com jp Console config ip domain list sample com uk Console config end Console show dns Doma...

Page 406: ...additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Example This example adds two domain name servers to the list and then displays the list Console config ip name server 192 168 1 55 10 1 0 55 Console config e...

Page 407: ... Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sam...

Page 408: ...mand displays the static host name to address mapping table Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias 1 rd6 Console ...

Page 409: ...mple com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten accton com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CN...

Page 410: ... therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear dns cache Console ...

Page 411: ...DNS COMMANDS 4 167 ...

Page 412: ...on of a given interface IC 4 170 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 172 flowcontrol Enables flow control on a given interface IC 4 173 combo forced mode Force port type selected for combination ports IC 4 174 shutdown Disables an interface IC 4 175 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 176 c...

Page 413: ...r port channel channel id Range 1 6 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interfa...

Page 414: ...speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1...

Page 415: ...uto negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 4 170 capabilities 4 172 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mo...

Page 416: ...manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the RJ 45 ports Example The following example configures port 11 to use autonegotiation Related Commands capabilities 4 172 speed duplex 4 169 Console config interface ethernet 1 11 Console config if negotiation Console...

Page 417: ...ion flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000ful...

Page 418: ...annel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiat...

Page 419: ...ted Commands negotiation 4 170 capabilities flowcontrol symmetric 4 172 combo forced mode This command forces the port type selected for combination ports 21 24 or 45 48 Use the no form to restore the default mode Syntax combo forced mode mode no combo forced mode mode copper forced Always uses the built in RJ 45 port copper preferred auto Uses the built in RJ 45 port if both combination types are...

Page 420: ...terfaces are enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 21 Console config ...

Page 421: ...limit 500 packets per second Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast s...

Page 422: ...ommand Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on p...

Page 423: ...his is device 1 port Port number port channel channel id Range 1 6 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 80 ...

Page 424: ...1 5 Basic information Port type 1000T Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Combo forced mode None Current status Link status Up Port opera...

Page 425: ... Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets ...

Page 426: ...eged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress rate limit disable 1000M bits per second VLAN membership mode Hybr...

Page 427: ... page 4 236 Ingress rule Shows if ingress filtering is enabled or disabled page 4 238 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 237 Native VLAN Indicates the default Port VLAN ID page 4 239 Priority for untagged traffic Indicates the default priority for untagged frames page 4 255 Gvrp status Shows if GARP VLAN Registration Protocol is ena...

Page 428: ...t source port unit Switch unit 1 port Port number rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 4 33 Mirror Port Commands Command Function Mode P...

Page 429: ...the monitor port You can create multiple mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface in...

Page 430: ...s transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Console config interface ethernet 1 11 Console c...

Page 431: ...form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate output Output rate rate Maximum value in Mbps Range 1 to 1000 Mbps Default Setting 1000 Mbps Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 432: ...operating at full duplex Table 4 35 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode for the trunk GC 4 168 channel group Adds a port to a trunk IC Ethernet 4 189 Dynamic Configuration Command lacp Configures LACP for the current interface IC Ethernet 4 190 lacp system priority Config...

Page 433: ...t channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a chan...

Page 434: ...unk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 Console config interface port channel 1 Console confi...

Page 435: ...ACP trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than four ports attached to the same target switch have LACP enabled the additional p...

Page 436: ...if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 e8 00 00 0b Configuration Name Port admin status Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control status D...

Page 437: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 438: ...only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the i...

Page 439: ...annel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet...

Page 440: ...ndicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that ...

Page 441: ... and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console config interface ethernet 1 5 Console config if lacp actor port priority 128 Console show lacp 1 counters Channel group 1 Eth 1 1 LACPDUs Se...

Page 442: ...s group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp internal Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key ...

Page 443: ... be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been alloc...

Page 444: ... Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Pri...

Page 445: ... group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 36 Adress Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 201 clear mac address table dynamic Removes an...

Page 446: ...nt Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses will not be removed from the address tabl...

Page 447: ...s of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Console c...

Page 448: ... Enter hexadecimal numbers where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address table aging time This command sets the aging time for entries in the address table Use the no form to restore the default ...

Page 449: ...dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Console show mac address table aging time Aging time 300 sec Console ...

Page 450: ...ax age Configures the spanning tree bridge maximum age GC 4 210 spanning tree priority Configures the spanning tree bridge priority GC 4 211 spanning tree path cost method Configures the path cost method for RSTP MSTP GC 4 212 spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC 4 213 spanning tree mst configuration Accesses MSTP configuration mode GC 4 213 mst vlan ...

Page 451: ...4 221 spanning tree portfast Sets an interface to fast forwarding IC 4 222 spanning tree link type Configures the link type for RSTP MSTP IC 4 223 spanning tree mst cost Configures the path cost of an instance in the MST IC 4 224 spanning tree mst port priority Configures the priority of an instance in the MST IC 4 226 spanning tree protocol migration Re checks the appropriate BPDU format PE 4 227...

Page 452: ...two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command selects the spanning tree mode for this switch Use the no form to restore the default Syntax spanning tree mode stp rstp mstp no spanning tree mode stp Spanning Tree Proto...

Page 453: ...ives an 802 1D BPDU after a port s migration delay timer expires the switch assumes that it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple...

Page 454: ... 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting ...

Page 455: ...guration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum...

Page 456: ...d port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range 0 61440 ...

Page 457: ...he no form to restore the default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lo...

Page 458: ...ission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration Use this command to change to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Console config span...

Page 459: ...a spanning tree instance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 57 vlan range Range of VLANs Range 1 4094 Default Setting none Command Mode MST Configuration Console config spanning tree mst configuration Console config mstp...

Page 460: ...e general area of your network However remember that you must configure all bridges within the same MSTI Region page 4 216 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example mst priority This command configures the priority of a spannin...

Page 461: ...ice with the lowest MAC address will then become the root device You can set this switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate device by specifying a priority of 16384 Example name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name Name of the ...

Page 462: ...es the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Configuration Command Usage The MST region name page 4 216 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant dev...

Page 463: ...gion is treated as a single node by the STP and RSTP protocols Therefore the message age for BPDUs inside a MSTI region is never changed However each spanning tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on ...

Page 464: ...annel Example This example disables the spanning tree algorithm for port 5 spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost cost cost The path cost for the port Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 0...

Page 465: ...to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 212 is set to short the maximum value for path cost is 65 535 Example spanning tree port priority This command configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree...

Page 466: ...as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 219 spanning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface ...

Page 467: ...tion events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device This command has the same effect as the spanning tree portfast Example Related Commands spanning tree portfast 4 222 spanning tree portfast Thi...

Page 468: ...ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future software versions Example Related Commands spanning tree edge port 4 221 spanning tree link type This command configures the link type...

Page 469: ...tween two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restriction applies Example spanning tree mst cost This command configures the path cost on a spanning instance in the Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id cost cost no spanning tree mst instance_id cost instance_id ...

Page 470: ...instance is associated with a unique set of VLAN IDs This command is used by the multiple spanning tree algorithm to determine the best path between devices Therefore lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slower media Path cost takes precedence over interface priority Example Related Commands spanning tree mst port prio...

Page 471: ...ault Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one interface is assig...

Page 472: ...nge 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interface...

Page 473: ...show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning tree config...

Page 474: ...d Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External path cost 100000 Internal path cost 100000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Design...

Page 475: ...shows the multiple spanning tree configuration Syntax show spanning tree mst configuration Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configuration name XSTP REGION 0 Revision level 0 Instance Vlans 1 2 Console ...

Page 476: ...oups including name VID and state 4 231 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 234 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 242 Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol 4 243 Configuring Private VLAN...

Page 477: ...VLANs After finishing configuration changes you can display the VLAN settings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show v...

Page 478: ...ame vlan name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes t...

Page 479: ...iguration mode for a specified VLAN IC 4 235 switchport mode Configures VLAN membership mode for an interface IC 4 236 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 237 switchport ingress filtering Enables ingress filtering on an interface IC 4 238 switchport native vlan Configures the PVID native VLAN of an interface IC 4 239 switchport allowed vlan ...

Page 480: ...an id vlan id ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Related Commands shutdown 4 175 Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if ...

Page 481: ...rames belonging to the port s default VLAN i e associated with the PVID are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and then set the ...

Page 482: ...gged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 236 Console...

Page 483: ... it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames such a...

Page 484: ...ace is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames enterin...

Page 485: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a...

Page 486: ...st of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VL...

Page 487: ...owed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 41 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 242 show interfaces status vlan Displays stat...

Page 488: ...ol When a frame is received at a port its VLAN membership can then be determined based on the protocol type in use by the inbound packets Console show vlan id 1 VLAN Type Name Status Ports Channel groups 1 Static DefaultVlan Active Eth1 1 Eth1 2 Eth1 3 Eth1 4 Eth1 5 Eth1 6 Eth1 7 Eth1 8 Eth1 9 Eth1 10 Eth1 11 Eth1 12 Eth1 13 Eth1 14 Eth1 15 Eth1 16 Eth1 17 Eth1 18 Eth1 19 Eth1 20 Eth1 21 Eth1 22 E...

Page 489: ... protocol group command Interface Configuration mode protocol vlan protocol group Configuring Groups This command creates a protocol group adds specific protocols to a group Use the no form to remove a protocol group Syntax protocol vlan protocol group group id add remove frame_type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this protocol gro...

Page 490: ...l group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 233...

Page 491: ...is forwarded to the default VLAN for this interface Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax show protocol vlan protocol group group id group id Group identifier for a protocol group Ran...

Page 492: ...unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show protocol vlan protocol group ProtocolGroup ID Frame Type Protocol Type 1 ethernet 08 00 C...

Page 493: ...Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Command Mode Global Configuration Command Usage A private VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs can exist simultaneously within ...

Page 494: ...ts port 24 as the uplink and ports 1 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 24 down link ethernet 1 5 8 Console config Console show pvlan Private VLAN status Enabled Up link port Ethernet 1 24 Down link port Ethernet 1 5 Ethernet 1 6 Ethernet 1 7 Ethernet 1 8 C...

Page 495: ...ally for the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 44 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 250 show bridge ext Shows the global bridge extension configuration PE 4 251 switchport gvrp Enables GVRP for an interface IC 4 252 switchport forbidden vlan Configures...

Page 496: ...r bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 4 146 and Displaying Bridge Extension Capabilities on page 4 16 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filter...

Page 497: ...rt Channel Example show gvrp configuration This command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchpo...

Page 498: ...s Default Setting join 20 centiseconds leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rat...

Page 499: ...s Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 254 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Console config ...

Page 500: ...s You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 centiseconds Console Table 4 45 Priority Commands Command Groups Function Page Priority Layer 2 Configu...

Page 501: ...face is zero Table 4 46 Priority Commands Layer 2 Command Function Mode Page switchport priority default Sets a port priority for incoming untagged frames IC 4 256 queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 258 queue bandwidth Assigns round robin weights to the priority queues GC 4 259 queue cos map Assigns class of service values to the priority queues IC 4...

Page 502: ...ueues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priori...

Page 503: ...y Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each ...

Page 504: ...hts used by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues for port 5 Related Commands show queue...

Page 505: ... of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Command Mode I...

Page 506: ...Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 5 6 7 Information of Eth 1 2 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3 4 ...

Page 507: ... None Command Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 Console ...

Page 508: ...es TCP UDP class of service mapping GC 4 264 map ip port Maps TCP UDP socket to a class of service IC 4 264 map ip precedence Enables IP precedence class of service mapping GC 4 265 map ip precedence Maps IP precedence value to a class of service IC 4 266 map ip dscp Enables IP DSCP class of service mapping GC 4 267 map ip dscp Maps IP DSCP value to a class of service IC 4 268 show map ip port Sho...

Page 509: ...riority mapping is IP Port IP Precedence or IP DSCP and default switchport priority Example The following example shows how to enable TCP UDP port mapping globally map ip port Interface Configuration Use this command to set IP port priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 b...

Page 510: ...cedence Global Configuration This command enables IP precedence mapping i e IP Type of Service Use the no form to disable IP precedence mapping Syntax no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled En...

Page 511: ...Range 0 7 Default Setting The list below shows the default priority mapping Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard a...

Page 512: ...ing Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally Console config interface etherne...

Page 513: ...ote that all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently...

Page 514: ...rface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Console config interface ethernet 1 5 Console config if map ip dscp 1 cos 0 Console config if Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 ...

Page 515: ...ntax show map ip precedence interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show map ip precedence ethernet 1 5 Precedence mapping status enabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Console ...

Page 516: ...CP priority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 517: ...cast service IGMP Snooping Commands Table 4 48 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 272 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 277 Sta...

Page 518: ...ng Enabled Command Mode Global Configuration Example The following example enables IGMP snooping show ip igmp snooping Shows the IGMP snooping and query configuration PE 4 276 show mac address table multicast Shows the IGMP snooping MAC multicast list PE 4 276 Console config ip igmp snooping Console config Table 4 49 IGMP Snooping Commands Command Function Mode Page ...

Page 519: ...nterface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet 1 5 Console c...

Page 520: ...2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use ...

Page 521: ...ing configuration show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Console show ip igmp snooping Service status Enabled Querier status Enabled Query cou...

Page 522: ...igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 50 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 278 ip igmp snooping query count Configures the query count GC 4 278 ip igmp snooping query interval Configures the query interval GC 4 279 ip igmp snooping que...

Page 523: ...rier is responsible for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client fro...

Page 524: ...s and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 280 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ...

Page 525: ...e 5 30 Default Setting 10 seconds Command Mode Global Configuration Command Usage The switch must be using IGMPv2 for this command to take effect This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started usin...

Page 526: ...p igmp snooping router port expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to ...

Page 527: ...oping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting No static multicast router ports are configured Command Mode Global Configuration Table 4 51 Static Multicast Routing Commands Command Function Mode Page ip igmp snooping vlan mrouter Adds a multicast router port GC ...

Page 528: ... Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Priv...

Page 529: ...ic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4 52 Basic IP Configuration commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 285 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 286 ip default gateway Defines the default gateway through which...

Page 530: ...s to this device to gain management access over the network or to connect the switch to existing IP subnets You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the boo...

Page 531: ...lt Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client wil...

Page 532: ...P address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restar...

Page 533: ...leged Exec Example Related Commands show ip redirects 4 288 show ip redirects This command shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode User specified Console Console show ip redirects ip default gateway 10 1 0 254 Console ...

Page 534: ... bytes larger than the size specified because the switch adds header information Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network ...

Page 535: ... 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console ...

Page 536: ...COMMAND LINE INTERFACE 4 291 ...

Page 537: ...100 100BASE T Ports 1 24 1000BASE T 10 100 Mbps half full duplex 1000 Mbps full duplex SFP Ports 21 24 1000BASE X 1000 Mbps full duplex SMC8648T 10 100 100BASE T Ports 1 48 1000BASE T 10 100 Mbps half full duplex 1000 Mbps full duplex SFP Ports 45 48 1000BASE X 1000 Mbps full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a cri...

Page 538: ...anning Tree Protocol MSTP IEEE 802 1s VLAN Support Up to 255 groups port based protocol based or tagged 802 1Q GVRP for automatic VLAN learning private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BO...

Page 539: ...s History Alarm Event Standards IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 3ad Link Aggregation Control Protocol IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1...

Page 540: ... Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1x Private MIB Quality of Service MIB RADIUS Authentication Client MIB RFC 2618 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 20...

Page 541: ...has not been disabled Check network cabling between the management station and the switch If you cannot connect using Telnet or SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot access the on board configuration program via a serial port connection Ensure that you have set the terminal emulator program to VT100 comp...

Page 542: ...TROUBLESHOOTING B 2 ...

Page 543: ...ervice to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of...

Page 544: ...automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registrati...

Page 545: ...based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame...

Page 546: ...mbership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control pack...

Page 547: ...d or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio Out of Band Management Management of the network...

Page 548: ...o RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older...

Page 549: ...icated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network Telnet Defines a re...

Page 550: ... targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same...

Page 551: ...177 3 178 4 267 IP port priority 3 175 4 264 IP precedence 3 171 4 265 layer 3 4 priorities 3 169 4 263 queue mapping 3 165 4 260 queue mode 3 167 4 258 traffic class weights 3 168 4 259 D default gateway configuration 3 18 4 287 default priority ingress port 3 163 4 256 default settings system 1 7 DHCP 3 20 4 285 client 3 18 4 157 dynamic configuration 2 7 Differentiated Code Point Service See DS...

Page 552: ...2 4 273 snooping configuring 3 182 4 272 ingress filtering 3 155 4 238 IP address BOOTP DHCP 3 20 4 285 setting 2 6 3 17 4 285 IP port priority enabling 3 175 4 264 mapping priorities 3 175 4 264 IP precedence enabling 3 170 4 265 mapping priorities 3 171 4 266 J jumbo frame 4 84 L link type STA 3 129 3 132 4 223 logging syslog traps 4 62 to syslog servers 4 60 log in Web interface 3 3 logon authe...

Page 553: ...peed 3 84 4 169 ports configuring 3 80 4 167 ports mirroring 3 103 4 183 priority default port ingress 3 163 4 256 problems troubleshooting B 1 protocol migration 3 133 4 227 Q queue weights 3 168 4 259 R RADIUS logon authentication 3 34 4 95 rate limits setting 3 104 4 185 remote logging 4 62 restarting the system 3 26 4 29 RSTP 3 116 4 207 global configuration 3 117 4 207 S secure shell 3 41 4 4...

Page 554: ...erver 3 22 4 86 T TACACS logon authentication 3 35 4 99 time setting 3 27 4 70 traffic class weights 3 168 4 259 trap manager 2 11 3 31 4 152 troubleshooting B 1 trunk configuration 3 86 4 187 LACP 3 89 4 190 static 3 88 4 189 U upgrading software 3 22 4 86 user password 3 33 4 35 4 36 V VLANs 3 141 3 159 4 231 4 249 adding static members 3 151 3 153 4 240 creating 3 149 4 233 description 3 141 di...

Page 555: ......

Page 556: ...3 0 41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 623...

Reviews:

No comments

Related manuals for 8648T - annexe 1

3Com 4210 Series Datasheet preview
4210 Series
Brand: 3Com Pages: 8
3Com PathBuilder S200 Series Feature Manual preview
PathBuilder S200 Series
Brand: 3Com Pages: 11
3Com 4400 Datasheet preview
4400
Brand: 3Com Pages: 8
3Com CoreBuilder 3500 Getting Started Manual preview
CoreBuilder 3500
Brand: 3Com Pages: 96
Xantech D5SH Installation Instructions Manual preview
D5SH
Brand: Xantech Pages: 20
Cable Electronics Celabs Distribution Hub and Receiver Installation & Operation Instructions preview
Celabs Distribution Hub and Receiver
Brand: Cable Electronics Pages: 2
Delta Electronics SK1027 Specifications preview
SK1027
Brand: Delta Electronics Pages: 1
Cablematic HUB-1230i User Manual preview
HUB-1230i
Brand: Cablematic Pages: 8
Erbe 20186-007 Manual preview
20186-007
Brand: Erbe Pages: 118
3Com 3C17205 - SuperStack 3 Switch 4400 PWR Getting Started Manual preview
3C17205 - SuperStack 3 Switch 4400 PWR
Brand: 3Com Pages: 90
Balluff BNI EIP-950-000-Z009 User Manual preview
BNI EIP-950-000-Z009
Brand: Balluff Pages: 12
Waeco PerfectView GPS300 Installation And Operating Manual preview
PerfectView GPS300
Brand: Waeco Pages: 72
Pilz PSEN 1.2p-25 Operating Instructions Manual preview
PSEN 1.2p-25
Brand: Pilz Pages: 8
DX Engineering RR8B-HP Manual preview
RR8B-HP
Brand: DX Engineering Pages: 4
Belkin F1DF102P Quick Installation Manual preview
F1DF102P
Brand: Belkin Pages: 40
NTI UNIMUX-DVI-2 Installation And Operation Manual preview
UNIMUX-DVI-2
Brand: NTI Pages: 15
Kramer VS-24xl User Manual preview
VS-24xl
Brand: Kramer Pages: 11
Uponor Smatrix Wave Plus Uahome Module R-167 Installation And Operation Manual preview
Smatrix Wave Plus Uahome Module R-167
Brand: Uponor Pages: 48

Brands by name

Popular brands

Load more brands