SMC Networks 8700S-130 Management Manual Download Page 320 | Manualshive

Page: 320 / 592

background image

C

OMMAND

L

INE

I

NTERFACE

4-48

d.

The client uses its private key to decrypt the bytes, and sends the
decrypted bytes back to the switch.

e.

The switch compares the decrypted bytes to the original bytes it sent.
If the two sets match, this means that the client's private key
corresponds to an authorized public key, and the client is
authenticated.

Note:

To use SSH with only password authentication, the host public key
must still be given to the client, either during initial connection or
manually entered into the known host file. However, you do not
need to configure the client’s keys.

ip ssh server

This command enables the Secure Shell (SSH) server on this switch. Use
the

no

form to disable this service.

Syntax

[

no

]

ip ssh server

Default Setting

Disabled

Command Mode

Global Configuration

Command Usage

• The SSH server supports up to four client sessions. The maximum

number of client sessions includes both current Telnet sessions and

SSH sessions.

• The SSH server uses DSA or RSA for key exchange when the client

first establishes a connection with the switch, and then negotiates with

the client to select either DES (56-bit) or 3DES (168-bit) for data

encryption.

• You must generate the host key before enabling the SSH server.

«
...
318
319
320
321
322
...
»

Summary of Contents for 8700S-130

Page 1: ...dant power unit Spanning Tree Protocol RSTP and MSTP Up to 32 LACP or static 8 port trunks Layer 2 3 4 CoS support through eight priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web and SNMP RMON Management Guide SMC8724M SMC8748M ...

Page 2: ......

Page 3: ......

Page 4: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerStack 10G Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions October 2004 Pub 150200049000A ...

Page 5: ... is granted by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 6: ...incorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any ...

Page 7: ...CCIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTI...

Page 8: ...LIMITED WARRANTY iv ...

Page 9: ...ound Topologies 2 6 IP Interface for Stack Management 2 7 Resilient Configuration 2 8 Renumbering the Stack 2 8 Basic Configuration 2 8 Console Connection 2 8 Setting Passwords 2 9 Setting an IP Address 2 10 Manual Configuration 2 10 Dynamic Configuration 2 11 Enabling SNMP Management Access 2 12 Community Strings for SNMP version 1 and 2c clients 2 13 Trap Receivers 2 14 Configuring Access for SN...

Page 10: ...ettings 3 28 Telnet Settings 3 31 Configuring Event Logging 3 33 System Log Configuration 3 33 Remote Log Configuration 3 35 Displaying Log Messages 3 37 Sending Simple Mail Transfer Protocol Alerts 3 37 Renumbering the Stack 3 40 Resetting the System 3 41 Setting the System Clock 3 42 Configuring SNTP 3 42 Setting the Time Zone 3 43 Simple Network Management Protocol 3 45 Enabling the SNMP Agent ...

Page 11: ... 3 87 Setting the ACL Name and Type 3 88 Configuring a Standard IP ACL 3 89 Configuring an Extended IP ACL 3 90 Configuring a MAC ACL 3 93 Configuring ACL Masks 3 95 Specifying the Mask Type 3 95 Configuring an IP ACL Mask 3 96 Configuring a MAC ACL Mask 3 98 Binding a Port to an Access Control List 3 100 Port Configuration 3 102 Displaying Connection Status 3 102 Configuring Interface Connections...

Page 12: ...Global Setting 3 168 Displaying Basic VLAN Information 3 168 Displaying Current VLANs 3 169 Creating VLANs 3 171 Adding Static Members to VLANs VLAN Index 3 173 Adding Static Members to VLANs Port Index 3 175 Configuring VLAN Behavior for Interfaces 3 177 Configuring Private VLANs 3 180 Enabling Private VLANs 3 181 Configuring Uplink and Downlink Ports 3 181 Configuring Protocol Based VLANs 3 182 ...

Page 13: ...rvices 3 208 Configuring Domain Name Service 3 210 Configuring General DNS Server Parameters 3 210 Configuring Static DNS Host to Address Entries 3 213 Displaying the DNS Cache 3 215 4 Command Line Interface 4 1 Using the Command Line Interface 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 2 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4 4 Command Co...

Page 14: ...ds 4 25 enable 4 26 disable 4 27 configure 4 27 show history 4 28 reload 4 29 end 4 29 exit 4 30 quit 4 30 System Management Commands 4 31 Device Designation Commands 4 32 prompt 4 32 hostname 4 33 switch renumber 4 33 User Access Commands 4 34 username 4 34 enable password 4 36 IP Filter Commands 4 37 management 4 37 show management 4 38 Web Server Commands 4 39 ip http port 4 40 ip http server 4...

Page 15: ...p ssh save host key 4 53 show ip ssh 4 54 show ssh 4 54 show public key 4 55 Event Logging Commands 4 56 logging on 4 57 logging history 4 58 logging host 4 59 logging facility 4 60 logging trap 4 61 clear log 4 62 show logging 4 62 show log 4 64 SMTP Alert Commands 4 65 logging sendmail host 4 66 logging sendmail level 4 67 logging sendmail source email 4 67 logging sendmail destination email 4 6...

Page 16: ...em 4 90 Authentication Commands 4 91 Authentication Sequence 4 91 authentication login 4 92 authentication enable 4 93 RADIUS Client 4 94 radius server host 4 95 radius server port 4 96 radius server key 4 96 radius server retransmit 4 97 radius server timeout 4 97 show radius server 4 98 TACACS Client 4 98 tacacs server host 4 99 tacacs server port 4 100 tacacs server key 4 100 show tacacs server...

Page 17: ...4 120 show ip access list 4 122 access list ip mask precedence 4 123 mask IP ACL 4 124 show access list ip mask precedence 4 127 ip access group 4 128 show ip access group 4 129 map access list ip 4 129 show map access list ip 4 130 match access list ip 4 131 show marking 4 132 MAC ACLs 4 133 access list mac 4 134 permit deny MAC ACL 4 135 show mac access list 4 137 access list mac mask precedence...

Page 18: ...how snmp engine id 4 155 snmp server view 4 156 show snmp view 4 157 snmp server group 4 158 show snmp group 4 159 snmp server user 4 161 show snmp user 4 162 DNS Commands 4 163 ip host 4 164 clear host 4 165 ip domain name 4 166 ip domain list 4 167 ip name server 4 168 ip domain lookup 4 169 show hosts 4 170 show dns 4 171 show dns cache 4 171 clear dns cache 4 172 Interface Commands 4 173 inter...

Page 19: ...ernet Interface 4 198 lacp admin key Port Channel 4 199 lacp port priority 4 200 show lacp 4 201 Address Table Commands 4 206 mac address table static 4 206 clear mac address table dynamic 4 207 show mac address table 4 208 mac address table aging time 4 209 show mac address table aging time 4 210 Spanning Tree Commands 4 210 spanning tree 4 212 spanning tree mode 4 213 spanning tree forward time ...

Page 20: ... Editing VLAN Groups 4 236 vlan database 4 236 vlan 4 237 Configuring VLAN Interfaces 4 238 interface vlan 4 239 switchport mode 4 240 switchport acceptable frame types 4 241 switchport ingress filtering 4 242 switchport native vlan 4 243 switchport allowed vlan 4 244 switchport forbidden vlan 4 245 Displaying VLAN Information 4 246 show vlan 4 246 Configuring Private VLANs 4 247 pvlan 4 247 show ...

Page 21: ... Configuration 4 268 map ip port Interface Configuration 4 268 map ip precedence Global Configuration 4 269 map ip precedence Interface Configuration 4 270 map ip dscp Global Configuration 4 271 map ip dscp Interface Configuration 4 272 show map ip port 4 273 show map ip precedence 4 274 show map ip dscp 4 275 Multicast Filtering Commands 4 276 IGMP Snooping Commands 4 276 ip igmp snooping 4 277 i...

Page 22: ...4 286 IP Interface Commands 4 287 Basic IP Configuration 4 287 ip address 4 288 ip dhcp restart 4 289 ip default gateway 4 290 show ip interface 4 291 show ip redirects 4 291 ping 4 292 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 Management Information Bases A 4 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3...

Page 23: ...rity Levels 3 188 Table 3 13 Mapping IP Precedence 3 194 Table 3 14 Mapping DSCP Priority 3 195 Table 3 15 Egress Queue Priority Mapping 3 199 Table 4 1 Command Modes 4 7 Table 4 2 Configuration Commands 4 9 Table 4 3 Keystroke Commands 4 10 Table 4 4 Command Group Index 4 11 Table 4 5 Line Command Syntax 4 13 Table 4 6 General Commands 4 25 Table 4 7 System Management Commands 4 31 Table 4 8 Devi...

Page 24: ...16 Table 4 34 IP ACL Commands 4 116 Table 4 35 Egress Queue Priority Mapping 4 130 Table 4 36 MAC ACL Commands 4 133 Table 4 37 Egress Queue Priority Mapping 4 142 Table 4 38 ACL Information 4 144 Table 4 39 SNMP Commands 4 146 Table 4 40 show snmp engine id display description 4 155 Table 4 41 show snmp view display description 4 157 Table 4 42 show snmp group display description 4 160 Table 4 43...

Page 25: ...idge Extension Commands 4 254 Table 4 63 Priority Commands 4 259 Table 4 64 Priority Commands Layer 2 4 260 Table 4 65 Default CoS Priority Levels 4 264 Table 4 66 Priority Commands Layer 3 and 4 4 267 Table 4 67 Mapping IP Precedence to CoS Values 4 270 Table 4 68 Mapping IP DSCP to CoS Values 4 272 Table 4 69 Multicast Filtering Commands 4 276 Table 4 70 IGMP Snooping Commands 4 276 Table 4 71 I...

Page 26: ...3 32 Figure 3 15 System Logs 3 34 Figure 3 16 Remote Logs 3 36 Figure 3 17 Displaying Logs 3 37 Figure 3 18 Enabling and Configuring SMTP Alerts 3 39 Figure 3 19 Renumbering the Stack 3 41 Figure 3 20 Resetting the System 3 41 Figure 3 21 SNTP Configuration 3 43 Figure 3 22 Setting the Time Zone 3 44 Figure 3 23 Enabling the SNMP Agent 3 47 Figure 3 24 Setting Community Community Strings 3 48 Figu...

Page 27: ...e 3 50 Port Port Configuration 3 107 Figure 3 51 Static Trunk Configuration 3 110 Figure 3 52 LACP Trunk Configuration 3 112 Figure 3 53 LACP Aggregation Port 3 115 Figure 3 54 LACP Port Counters Information 3 117 Figure 3 55 LACP Port Internal Information 3 120 Figure 3 56 LACP Port Neighbors Information 3 122 Figure 3 57 Port Broadcast Control 3 124 Figure 3 58 Configuring a Mirror Port 3 126 Fi...

Page 28: ...185 Figure 3 83 Default Port Priority 3 187 Figure 3 84 Traffic Classes 3 189 Figure 3 85 Queue Mode 3 190 Figure 3 86 Queue Scheduling 3 191 Figure 3 87 IP Precedence DSCP Priority Status 3 193 Figure 3 88 IP Precedence Priority 3 194 Figure 3 89 IP DSCP Priority 3 196 Figure 3 90 IP Port Priority Status 3 198 Figure 3 91 IP Port Priority 3 198 Figure 3 92 ACL CoS Priority 3 200 Figure 3 93 IGMP ...

Page 29: ...h s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet Web User name password RADIUS TACACS Web SSL HTTPS Telnet SSH SNMP v1 2c Community strings IP address filtering SNMP v3 MD5 or SHA password Port IEEE 802 1X MAC address filtering Access Control Lists Sup...

Page 30: ...mirrored to single analysis port Port Trunking Supports up to 32 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Address Table Up to 16K MAC addresses in the forwarding table 1024 MAC addresses IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad fra...

Page 31: ... Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent connection SNMP v3 IP address filtering for SNMP Web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol TCP UDP port number or TCP control code or any...

Page 32: ...ically configured using IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 32 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port ...

Page 33: ...EEE 802 1D When there are multiple physical paths between segments this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RST...

Page 34: ...tricting all traffic to the originating VLAN except where a connection is explicitly defined via the switch s routing service Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs that need to be configured Use protocol based VLANs such as IP and IPX to res...

Page 35: ...d priority level for the designated VLAN The switch uses IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3 25 The following table lists some of the basic system defaults Table 1 2 Sy...

Page 36: ...02 1X Port Authentication Disabled HTTPS Enabled SSH Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP Community Strings public read only private read write Traps Authentication traps enabled Link up down events enabled SNMP v3 View defaultview Group public read only private read ...

Page 37: ...lts All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port interface Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight...

Page 38: ...ient Enabled DNS Server Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults Function Parameter Default ...

Page 39: ...witch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s Web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 seri...

Page 40: ...1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 6 static or LACP trunks per switch up to 32 per stack from 2 to 8 ports per trunk Enable port mirroring Set broadcas...

Page 41: ... Select the appropriate serial port COM port 1 or COM port 2 Set to any of these baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud to view all system initialization messages Set the data format to 8 data bits 1 stop bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with M...

Page 42: ...net sessions 2 Each VLAN group can be assigned its own IP interface address page 2 10 You can manage the stack via any IP interface in the stack In other words the Master unit does not have to include an active port member of a VLAN interface used for management access After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached ne...

Page 43: ...mbered from top to bottom with the first unit i e the unit with no connection on the Up port in the stack designated as unit 1 This unit identification number appears on the Stack Unit ID LED on the front panel of the switch It can also be selected on the front panel graphic of the web interface or from the CLI If more than one stack Master is selected using the Master Slave push button on the swi...

Page 44: ... directly beneath the Master unit in the stack Recovering from Stack Failure or Topology Change When a link or unit in the stack fails a trap message is sent and a failure event is logged The stack will reboot after any system failure or topology change It takes two to three minutes for the stack to reboot If the Master unit fails the backup unit will take over operations as the new Master unit re...

Page 45: ...logy a single point of failure in the stack will not cause the stack to fail It would take two or more points of failure to break the stack apart Note If a stack breaks apart the IP address will be the same for any common VLANs with active port connections that appear in both stack segments IP Interface for Stack Management The stack functions as one integral system for management and configuratio...

Page 46: ...a startup configuration file prior to powering off the stack Master Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privileged access level Privileged Exec The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and only allow you to display information and ...

Page 47: ...ers and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type username guest password 0 password for the Normal Exec level where password is your new password Press Enter 4 Type username admin password 0 passwo...

Page 48: ...s between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Note The IP address for this switch is obtained via DHCP by default Before you can assign an IP address to the switch you must obtain the following information from your network...

Page 49: ...OTP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it is powered on To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network complete the following steps 1 From the Global Co...

Page 50: ...MC EliteView You can configure the switch to 1 respond to SNMP requests or 2 generate SNMP traps When SNMP management stations send requests to the switch either to return information or to set a parameter the switch provides the requested data or sets the specified parameter The switch can also be configured to send information to SNMP managers without being requested by the managers through trap...

Page 51: ...stations to receive trap messages from the switch You therefore need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are able to both retrieve and modify MIB objects To prevent unauthorized ac...

Page 52: ...version indicates the SNMP client version and auth noauth priv means that authentication no authentication or authentication and privacy is used for v3 clients Then press Enter For a more detailed description of these parameters snmp server host on page 4 151 The following example creates a trap host for each type of SNMP client Configuring Access for SNMP Version 3 Clients To configure management...

Page 53: ... the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec level global configuration mode prompt type copy running config ...

Page 54: ... the system See Saving or Restoring Configuration Settings on page 3 25 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 22 for more information Diagnostic Code Software that is run during system boot up also known as ...

Page 55: ...iles should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 56: ...INITIAL CONFIGURATION 2 18 ...

Page 57: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 10 2 Set user names and passwor...

Page 58: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 59: ...n Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Note The examples in this chapter are based on th...

Page 60: ...o the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without ...

Page 61: ...dge Extension Shows the bridge extension parameters 3 16 IP Configuration Sets the IP address for management access 3 18 File Management 3 23 Copy Operation Allows the transfer and copying of files 3 23 Delete Allows deletion of files from the flash memory 3 24 Set Startup Set the startup file 3 27 Line 3 28 Console Sets console port connection parameters 3 28 Telnet Sets Telnet connection paramet...

Page 62: ...es SNMP v3 groups 3 54 Views Configures SNMP v3 views 3 56 Security 3 58 User Accounts Configures user names passwords and access levels 3 59 Authentication Settings Configures authentication sequence RADIUS and TACACS 3 60 HTTPS Settings Configures secure HTTP settings 3 65 SSH 3 67 Settings Configures Secure Shell server settings 3 72 Host Key Settings Generates the host key pair public and priv...

Page 63: ...n Displays port connection status 3 102 Trunk Information Displays trunk connection status 3 102 Port Configuration Configures port connection settings 3 105 Trunk Configuration Configures trunk connection settings 3 105 Trunk Membership Specifies ports to group into static trunks 3 109 LACP 3 111 Configuration Allows ports to dynamically join trunks 3 111 Aggregation Port Configures parameters fo...

Page 64: ...ut rate limit for each trunk 3 126 Port Statistics Lists Ethernet and RMON port statistics 3 127 Address Table 3 134 Static Addresses Displays entries for interface address or VLAN 3 134 Dynamic Addresses Displays or edits static entries in the Address Table 3 136 Address Aging Sets timeout for dynamically learned entries 3 137 Spanning Tree 3 138 STA Information Displays STA values used for the b...

Page 65: ...ce 3 162 VLAN 3 164 802 1Q VLAN GVRP Status Enables GVRP VLAN registration protocol 3 168 Basic Information Displays information on the VLAN type supported by this switch 3 168 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3 169 Static List Used to create or remove VLAN groups 3 171 Static Table Modifies the settings for an existing VLA...

Page 66: ...lass priorities not implemented NA Queue Mode Sets queue mode to strict priority or Weighted Round Robin 3 190 Queue Scheduling Configures Weighted Round Robin queueing 3 191 IP Precedence DSCP Priority Status Globally selects IP Precedence or DSCP Priority or disables both 3 193 IP Precedence Priority Sets IP Type of Service priority mapping the precedence tag to a class of service value 3 193 IP...

Page 67: ...ast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 3 206 IPMulticastRegistration Table Displays all multicast groups active on this switch including multicast IP addresses and VLAN ID 3 207 IGMP Member Port Table Indicates multicast addresses associated with the selected VLAN 3 208 DNS General Configuration Enables DNS configures domain name and domain ...

Page 68: ...he management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interfa...

Page 69: ...em Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet Figure 3 3 System Information ...

Page 70: ... 150 Console config snmp server contact Bill 4 150 Console config exit Console show system 4 80 System description SMC8748M SMC8724M System OID string 1 3 6 1 4 1 202 20 42 System information System Up time 0 days 19 hours 6 minutes and 1 43 seconds System Name R D 5 System Location WC 9 System Contact Bill MAC address unit1 00 30 F1 DF 9C A0 Web server enabled Web server port 80 Web secure server...

Page 71: ... loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave These additional parameters are displayed for the CLI Unit ID Unit number in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 3 4 Swit...

Page 72: ...s Refer to Class of Service Configuration on page 3 186 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 134 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLA...

Page 73: ...es the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Bridge Extension Configuration CLI Enter the following command Console show bridge ext 4 255 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Ye...

Page 74: ...d by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4093 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Ho...

Page 75: ...ration Select the VLAN through which the management station is attached set the IP Address Mode to Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 174 Console config if ip address 10 1 0 254 255 255 255 0 4 288 Console config i...

Page 76: ...management station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to ...

Page 77: ...uest to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 4 174 Console config if ip ad...

Page 78: ...ile from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain ...

Page 79: ...the startup file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new ...

Page 80: ...nd click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 9 Setting the Startup Code To delete a file select System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 10 Deleting Files ...

Page 81: ... switch s settings Command Attributes File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch to ...

Page 82: ...artup config Copies a file from a TFTP server to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify config configuration to copy configuration settings File Name The configuration file name should not contain slas...

Page 83: ...tp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Apply Figure 3 11 Downloading Configuration Settings for Start Up If you download to a new file name using tftp to startup config or tftp to file the file is automatically set as the start up con...

Page 84: ...figured via the Web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 0 300 seconds Default 0 Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within th...

Page 85: ...arity Defines the generation of a parity bit Communication protocols provided by some terminals can require a specific parity bit setting Specify Even Odd or None Default None Speed Sets the terminal line s baud rate for transmit to terminal and receive from terminal Set the speed to match the baud rate of the device connected to the serial port Range 9600 19200 38400 57600 or 115200 baud Auto Def...

Page 86: ...ine password 0 secret 4 16 Console config line timeout login response 0 4 17 Console config line exec timeout 0 4 18 Console config line password thresh 5 4 19 Console config line silent time 60 4 20 Console config line databits 8 4 20 Console config line parity none 4 21 Console config line speed auto 4 22 Console config line stopbits 1 4 23 Console config line end Console show line 4 24 Console ...

Page 87: ...s the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount...

Page 88: ... Exec level Console config line vty 4 14 Console config line login local 4 15 Console config line password 0 secret 4 16 Console config line timeout login response 300 4 17 Console config line exec timeout 600 4 18 Console config line password thresh 3 4 19 Console config line end Console show line 4 24 Console configuration Password threshold 5 times Interactive timeout Disabled Login timeout Dis...

Page 89: ...log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limi...

Page 90: ...Web Click System Log System Logs Specify System Log Status set the level of event messages to be logged to RAM and flash memory then click Apply Figure 3 15 System Logs 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert Immediate action needed 0 Emergency System unusable There are only Level 2...

Page 91: ...syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log mess...

Page 92: ...rver host IP address choose the facility type and set the logging trap Console config logging host 10 1 0 9 4 59 Console config logging facility 23 4 60 Console config logging trap 4 4 61 Console config logging trap Console config exit Console show logging trap 4 62 Syslog logging Enabled REMOTELOG status Disabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELO...

Page 93: ...ol Alerts To alert system administrators of problems the switch can use SMTP Simple Mail Transfer Protocol to send email messages when triggered by logging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients Console show logging ram 4 62 flash Event history stored in flash memory ram Event history stored in tempo...

Page 94: ...ll events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of up to three recipient SMTP servers The switch attempts to connect to the other listed servers if the first fails Use the New SMTP Server text field and the Add Remove buttons to configure the ...

Page 95: ...y level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 3 18 Enabling and Configuring SMTP Alerts ...

Page 96: ... the new configuration settings to a startup configuration file prior to powering off the stack Master Command Usage The startup configuration file maps configuration settings to each switch in the stack based on the unit identification number You should Console config logging sendmail host 192 168 1 4 4 66 Console config logging sendmail level 4 4 67 Console config logging sendmail source email b...

Page 97: ...ther units are numbered sequentially down through the ring Web Click System Renumbering Figure 3 19 Renumbering the Stack CLI Use the reload command to restart the switch Resetting the System Web Click System Reset Click the Reset button to restart the switch When prompted confirm that you want to reset the switch Figure 3 20 Resetting the System CLI Use the reload command to restart the switch No...

Page 98: ... a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP unicast client This mode requires at least one time server to be...

Page 99: ...o your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Console config sntp client 4 71 Console config sntp poll 16 4 72 Console config sntp server 10 1 0 19 137 82 140 80 ...

Page 100: ...be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 22 Setting the Time Zone CLI This example shows how to set the time zone for the system clock Console config clock timezone Dhaka hours 6 minute 0 after UTC 4 73 Console config ...

Page 101: ... specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as SMC EliteView Access to the onboard agent from...

Page 102: ...iew Write View Security v1 noAuthNoPriv public defaultview none Community string only v1 noAuthNoPriv private defaultview defaultview Community string only v1 noAuthNoPriv user defined user defined user defined Community string only v2c noAuthNoPriv public defaultview none Community string only v2c noAuthNoPriv private defaultview defaultview Community string only v2c noAuthNoPriv user defined use...

Page 103: ...o five community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configu...

Page 104: ...re 3 24 Setting Community Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC Elite...

Page 105: ...ers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Version Indicates if the user is running SNMP v1 v2c or v3 Default v1 Enable Authentication Trap...

Page 106: ...nk up link down traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default engine ID do so before configuring other SNMP parameters 2 Specify read and write access views for the switch MIB tree 3 Configure SNMP user groups with the required security model i e SNMP v1 v2c or v3 and security level i e authenti...

Page 107: ... or changed all SNMP users will be cleared You will need to reconfigure all existing users A new engine ID can be specified by entering 1 to 26 hexadecimal characters If less than 26 characters are specified trailing zeroes are added to the value For example the value 1234 is equivalent to 1234 followed by 22 zeroes Web Click SNMP SNMPv3 Engine ID Enter an ID of up to 26 hexadecimal characters and...

Page 108: ... Model The user security model SNMP v1 v2c or v3 Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 sec...

Page 109: ...name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 27 Configuring SNMPv3 Users ...

Page 110: ...v There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configur...

Page 111: ... a new group In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 3 28 Configuring SNMPv3 Groups ...

Page 112: ...e currently configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp ...

Page 113: ...tch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 3 29 Configuring SNMPv3 Views ...

Page 114: ...e a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 156 Console config exit Console show snmp view 4 157 View Name ifEntry a...

Page 115: ... password guest The default administrator name is admin with the password admin Command Attributes Account List Shows the list of users that are allowed management access Defaults admin and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters maximum number of users 5 Access Level Specifies the user level Options Normal and ...

Page 116: ...ng the Logon Password CLI Assign a user name to access level 15 i e administrator then specify the password Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS p...

Page 117: ...ACACS encrypts the entire body of the packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the ...

Page 118: ...S server only TACACS User authentication is performed using a TACACS server only authentication sequence User authentication is performed by up to three authentication methods in the indicated sequence RADIUS Settings Global Provides globally applicable RADIUS settings ServerIndex specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequen...

Page 119: ...1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to...

Page 120: ... 181 4 96 Console config radius server key green 4 96 Console config radius server retransmit 5 4 97 Console config radius server timeout 10 4 97 Console show radius server 4 98 Remote RADIUS server configuration Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Console config authentication login tacacs 4 92 Console config tacacs server host 10 20 3...

Page 121: ...ng the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web b...

Page 122: ...e Certificate When you log onto the web interface using HTTPS for secure access a Secure Sockets Layer SSL certificate appears for the switch By default the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want t...

Page 123: ...emote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public ...

Page 124: ...page create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the follo...

Page 125: ...contact the switch the SSH server uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is f...

Page 126: ...modulus DSA Version 2 The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a c...

Page 127: ...Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 33 SSH Host Key Settings ...

Page 128: ... key 4 48 Console show public key host 4 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB3NzaC...

Page 129: ...s the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page bef...

Page 130: ...rusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table...

Page 131: ...ount from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 105 Command Attributes Port Port number Name Descriptive text page 4 174 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send a...

Page 132: ... Network switches can provide open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data The IEEE 802 1X dot1x standard defines a port based access control procedure that prevents unauthorized access to a n...

Page 133: ...ontains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The current version of the firmware supports only the MD5 authentication method The client responds to the appropriate method with its credentials such as a password or certificate The...

Page 134: ... supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authentication type Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1X protocol provides port a...

Page 135: ...default Disabled Web Select Security 802 1X Configuration Enable dot1X globally for the switch and click Apply Figure 3 37 802 1X Configuration Console show dot1x 4 110 Global 802 1X Parameters system auth control disabled 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 disabled Single Host ForceAuthorized n a 1 47 disabled Singl...

Page 136: ...gle Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to al...

Page 137: ...er which a connected client must be re authenticated Range 1 65535 seconds Default 3600 Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 seconds Default 30 Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indic...

Page 138: ...auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 48 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 5 quiet period 40 tx period 40 supplicant timeout 30 server timeout 10 ...

Page 139: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most r...

Page 140: ...802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 110 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 141: ...access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a ...

Page 142: ... Entry Figure 3 40 IP Filter CLI This example restricts management access for Telnet clients Console config management telnet client 192 168 1 19 4 37 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management all client 4 38 Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address TELNET Client ...

Page 143: ...matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule This is done by specifying masks that control the order in which ACL rules are checked The switch ...

Page 144: ...ACL for ingress ports 5 Explicit default rule permit any any in the ingress IP ACL for ingress ports 6 Explicit default rule permit any any in the ingress MAC ACL for ingress ports 7 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum l...

Page 145: ...source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to...

Page 146: ...g a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask ...

Page 147: ...g the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 me...

Page 148: ...riteria such as service type protocol type or TCP control code Then click Add Figure 3 43 ACL Configuration Extended IP CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from c...

Page 149: ... or destination MAC address Source Destination MAC Bit Mask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4093 VID Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 08...

Page 150: ...C ACLs only work for destination mac known packets not for multicast broadcast or destination mac unknown packets Web Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or MAC If you select Host enter a specific address e g 11 22 33 44 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set ...

Page 151: ...an be bound to up to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before m...

Page 152: ... inbound packet Configuring an IP ACL Mask This mask defines the fields to check in the IP header Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes Command Attributes Source Destination Address Type Specifies the source or destination IP address Use Any to match any address Host...

Page 153: ...Default TOS Source Destination Port Bit Mask Protocol port of rule must match this bitmask Range 0 65535 Control Code Bit Mask Control flags of rule must match this bitmask Range 0 63 Web Configure the mask to match the required rules in the IP ingress or egress ACLs Set the mask to check for any source or destination address a specific host address or an address range Include other criteria to se...

Page 154: ...atch any address Host to specify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any Source Destination Bit Mask Address of rule must match this bitmask VID Bit Mask VLAN ID of rule must match this bitmask Ethernet Type Bit Mask Ethernet type of rule must match this bitmask Packet Format Bit Mask A packet format must be specified in the rule C...

Page 155: ...gress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 3 47 Configuring a MAC based ACL ...

Page 156: ...ny port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console config access list mac M4 4 134 Console config mac acl permit any any 4 135 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 4 135 Console config mac acl end Console show access list 4 145 MAC access lis...

Page 157: ...bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 24 48 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ...

Page 158: ...lex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type3 Shows the forced preferred port type to use for combination ports 21 24 45 48 Copper Forced Copper Preferred Auto SFP Forced SFP Preferred Auto Trunk Member3 Shows if port is a trunk memb...

Page 159: ...8 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring Interface Connections on page 3 48 The following capabilities are supported 10...

Page 160: ...mum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the response to take when a security violation is detected shutdown trap trap and shutdown Media type Shows the forced preferred port type to use for combination ports 21 24 45 48 copper forced copper preferred auto SFP forced SFP preferred auto Current status Link Status Indicates if the link is up...

Page 161: ...problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Flow Control Allows automatic or manual selection of flow control Console show interfaces status ethernet 1 5 4 183 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 DF 9C A5 Configurat...

Page 162: ...ion Default Autonegotiation enabled Advertised capabilities for RJ 45 1000BASE T 10half 10full 100half 100full 1000full SFP 1000BASE SX LX ZX 1000full Media Type Shows the forced preferred port type to use for the combination ports 21 24 45 48 Default SFP Preferred Auto Copper Forced Always uses the built in RJ 45 port SFP Forced Always uses the SFP port even if module is not installed SFP Preferr...

Page 163: ...g a fault tolerant link between two devices i e single switch or a stack You can create up to 32 trunks Console config interface ethernet 1 13 4 174 Console config if description RD SW 13 4 174 Console config if shutdown 4 180 Console config if no shutdown Console config if no negotiation 4 176 Console config if speed duplex 100half 4 175 Console config if flowcontrol 4 178 Console config if negot...

Page 164: ...the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding network cables between switches to ...

Page 165: ...ion However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Port New Includ...

Page 166: ... Trunk Membership Enter a trunk ID of 1 32 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 51 Static Trunk Configuration ...

Page 167: ...ig interface ethernet 1 9 4 174 Console config if channel group 1 4 194 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Console show interfaces status port channel 2 4 183 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half ...

Page 168: ...for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu See page 3 110 Command Attributes Member List Current Shows configured trunks Unit Port New Includes entry fields for creating new trunks Unit Stack unit Range 1 8 Port Port identifier Range 1 24 48 Web Click Port LACP Configuratio...

Page 169: ...annel group Console config interface ethernet 1 1 4 174 Console config if lacp 4 194 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 183 Information of Trunk 1 Basic information Port type 1000T Mac address 22 22 22 22 22 2d Configuration Name Port admin status Up Speed duplex Auto Capabilities...

Page 170: ...s must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a...

Page 171: ...u can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 53 LACP Aggregation Port ...

Page 172: ...Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 201 Channel Group System Priority System MAC Address 1 32768 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 5 32768 00 00 E9 31 31 31 6 32768 00 00 E9 31 31 31 Console ...

Page 173: ...CPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype T...

Page 174: ...d 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 8 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System ...

Page 175: ...abled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is cons...

Page 176: ...CP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 201 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeou...

Page 177: ...ue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the pro...

Page 178: ...side of port channel 1 Console show lacp 1 neighbors 4 201 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Admin Port Number 1 Partner Oper Port Number 1 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 4 Admin State defaulted distributing collecting synchronization long timeout Oper Stat...

Page 179: ...dcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Port Port number Trunk Trunk number Type Indicates the...

Page 180: ...4 174 Console config if no switchport broadcast 4 181 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 181 Console config if end Console show interfaces switchport ethernet 1 2 4 186 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second Lacp status Disabled Ingress rate limit disable 1000M bits per second Egress r...

Page 181: ...ame destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose port traffic will be monitored Range 1 8 Source Port The port whose traffic will be monitored Range 1 24 48 Type Allows you to select which traffic to mirror to the target port ...

Page 182: ...e maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with ...

Page 183: ...he rate limit for input and output traffic passing through port 1 to 600 Mbps Showing Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet like MIBs as well as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to i...

Page 184: ...ckets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even tho...

Page 185: ...h no errors had been detected to prevent their being transmitted One possible reason for discarding such a packet could be to free up buffer space Transmit Errors The number of outbound packets that could not be transmitted because of errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is dete...

Page 186: ...nterface Frames Too Long A count of frames received on a particular interface that exceed the maximum permitted frame size Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy Internal MAC Receive Errors A count of frames for which reception on a particular interface fails due to an internal MAC sublayer ...

Page 187: ... well formed Oversize Frames The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames incl...

Page 188: ...RING THE SWITCH 3 132 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 60 Port Statistics ...

Page 189: ...PORT CONFIGURATION 3 133 Figure 3 61 Port Statistics continued ...

Page 190: ...s Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test ...

Page 191: ... address of a device mapped to this interface VLAN ID of configured VLAN 1 4093 Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 62 Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset 5 Web Only Console config mac address table static 00 e0 29 9...

Page 192: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4093 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 193: ...re 3 63 Dynamic Addresses CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table Command Attributes Aging Status Enables disables the aging function Console show mac address table interface ethernet 1 1 4 208 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C...

Page 194: ...de backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch incl...

Page 195: ...arded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This bridge will then initiate...

Page 196: ...ch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC address where the address is taken from the switch system Max Age The maximum time in seconds a device can wait without receiving a configuration message before atte...

Page 197: ...this switch has been accepted as the root device of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additional parameters are only displayed for the CLI Spanning tree mode Specifie...

Page 198: ... Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data ...

Page 199: ...spanning tree 4 233 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Instance 0 Vlans configuration 1 4093 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current roo...

Page 200: ...protocol messages the RSTP node transmits as described below STA Mode If the switch receives an 802 1D BPDU i e STA BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay ...

Page 201: ...mpatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default MSTP Multiple Spanning Tree IEEE 802 1s Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that l...

Page 202: ...ard Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops...

Page 203: ...his switch can be assigned Default 65 Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision7 The revision for this MSTI Range 0 65535 Default 0 Region Name7 The name for this MSTI Maximum length 32 characters Max Hop Count The maximum number of hops allowed in the MST region before a...

Page 204: ...spanning tree mode mst 4 213 Console config spanning tree priority 4096 4 217 Console config spanning tree hello time 5 4 215 Console config spanning tree max age 20 4 216 Console config spanning tree forward time 20 4 214 Console config spanning tree pathcost method long 4 217 Console config spanning tree transmission limit 4 4 218 Console config spanning tree mst configuration 4 219 Console conf...

Page 205: ...continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted t...

Page 206: ...dge Port in STA Port Configuration on page 3 153 i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is the ...

Page 207: ...s port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with th...

Page 208: ...ired to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one other b...

Page 209: ...ollowing attributes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 149 for additional information Discarding Port receives STA configuration messages but does not forward packets Console show spanning tree ethernet 1 5 4 233 Eth 1 5 information Admin status enabled Role disable State discarding ...

Page 210: ...e the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path C...

Page 211: ...y can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state a...

Page 212: ... the failed instance By default all VLANs are assigned to the Internal Spanning Tree MST Instance 0 that connects all bridges and LANs within the MST region This switch supports up to 65 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region page 3 147 with the same set of instances ...

Page 213: ...y across the network you must configure a related set of bridges with the same MSTI settings Command Attributes MST Instance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs in MST Instance VLANs as...

Page 214: ... MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 69 MSTP VLAN Configuration ...

Page 215: ...sec 15 Max hops 20 Remaining hops 20 Designated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master State forwarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 0 Designated port 128 7 Designa...

Page 216: ...s MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Note The other attributes are described under Displaying Interface Settings page 3 149 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 70 MSTP Port Information Console config spanning tree mst configuration 4 219 Console ...

Page 217: ...ax Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 645 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role designate State forwarding External admin path cost 100000 Internal admin path cost 100000 Exte...

Page 218: ...Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spannin...

Page 219: ...00 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 Web Click Spanning Tree MSTP Port Configuration or Trunk Configuration Enter the priority and path cost for an interface and click Apply Figu...

Page 220: ...u to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having t...

Page 221: ... a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any en...

Page 222: ...he switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving port in the specified VLANs and then forward...

Page 223: ...all port based VLAN for devices attached directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames Wh...

Page 224: ... order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 72...

Page 225: ...Ns The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging 8 Web Only Console show bridge ext 4 255 Max support VLAN numbers 256 Max support ...

Page 226: ...ed as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 74 VLAN Current Table Command Attributes CLI VLAN ID of configured VLAN 1 4093 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static ...

Page 227: ...ed VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4093 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Console show vlan id 1 4 246 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth...

Page 228: ...uspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged Web Click VLAN 802 1Q VLAN Static List To create a new VLAN enter the VLAN ID and VLAN name mark the Enable checkbox to activate the VLAN and then click ...

Page 229: ...the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 177 Console config vlan database 4 236 Console config vlan vlan 2 name R D media ethernet state active 4 237 Console config vlan end Console show vlan 4 246 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S ...

Page 230: ...d that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For mo...

Page 231: ...d ports to VLAN 2 Adding Static Members to VLANs Port Index Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Console config interface ethernet 1 1 4 174 Console config if switchport allowed vlan add 2 tagged 4 244 Console config if exit Console config interface ethernet 1 2 Console c...

Page 232: ...mbership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 77 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a tagged port and removes Port 3 from VLAN 2 Console config interface ethernet 1 3 4 174 Consol...

Page 233: ...ed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untag...

Page 234: ...ved on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer9 The interval between transmitting requests queries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer9 The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that af...

Page 235: ...ng to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Port Configuration or VLAN Trunk Configuration...

Page 236: ...t private VLANs and normal VLANs can exist simultaneously within the same switch Console config interface ethernet 1 3 4 174 Console config if switchport acceptable frame types tagged 4 241 Console config if switchport ingress filtering 4 242 Console config if switchport native vlan 3 4 243 Console config if switchport gvrp 4 256 Console config if garp timer join 20 4 257 Console config if garp ti...

Page 237: ...us CLI This example enables private VLANs Configuring Uplink and Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports Uplink ports can communicate with any other ports on the switch and with any designated downlink ports Console config pvlan...

Page 238: ... easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility Console config pvlan up link ethernet 1 3 down link ethernet 1 5 4 247 Console config pvlan up li...

Page 239: ...separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page Configuring Protocol Groups Create a protocol group for one or...

Page 240: ...assign interfaces using any of the other VLAN commands such as VLAN Static Table page 3 173 or VLAN Static Membership page 3 175 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to the standard rules appl...

Page 241: ...LAN to which matching protocol traffic is forwarded Range 1 4093 Web Click VLAN Protocol VLAN Port Configuration Select a a port or trunk enter a protocol group ID the corresponding VLAN ID and click Apply Figure 3 82 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3 Console config interface e...

Page 242: ...ged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This p...

Page 243: ...sole config interface ethernet 1 3 4 174 Console config if switchport priority default 5 4 260 Console config if end Console show interfaces switchport ethernet 1 3 4 186 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mode Hybrid Ingress rule ...

Page 244: ...owing table The priority levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Table 3 11 Mapping CoS Values to Egress Queues Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Table 3 12 CoS Priority Levels P...

Page 245: ...ple shows how to change the CoS assignments to a one to one mapping Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch 11 CLI shows Queue ID Console config interface ethernet 1 1 4 174 Console config if queue cos map 0 0 4 263 Console config if queue cos map 1 1 Console config if queue ...

Page 246: ...events the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing low...

Page 247: ...hese queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table12 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic ...

Page 248: ...ervices are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default...

Page 249: ...ode Point Mapping Web Click Priority IP Precedence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu Figure 3 87 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels r...

Page 250: ...rvice Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 88 IP Precedence Priority Table 3 13 Mapping IP Precedence Priority Level Traffic Type Priori...

Page 251: ... bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence 4 269 Console config interface ethe...

Page 252: ...o all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 89 IP DSCP Priority CLI The following example globally enables DSCP Priority service on the switch maps DSCP value 0 to CoS value 1 on port 1 and then displays the DSCP Priority settings 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 ...

Page 253: ... the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Priority IP Port Priority Status Set IP Port Priority Status to Enabled Console config ma...

Page 254: ... 91 IP Port Priority CLI The following example globally enables IP Port Priority service on the switch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Console config map ip port 4 268 Console config interface ethernet 1 1 4 174 Console config if map ip port 80 cos 0 4 268 Console config if end Console show map ip port ethernet 1 1 4 273 TCP port mapping s...

Page 255: ...fied CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 188 Command Usage You must configure an ACL mask before you can map CoS values to the rule Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets ma...

Page 256: ...an ACL from the scroll down list then click Apply Figure 3 92 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24 Console config interface ethernet 1 24 4 174 Console config if map access list ip bill cos 0 4 129 Console config if ...

Page 257: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure t...

Page 258: ... appropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 208 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switc...

Page 259: ... is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 D...

Page 260: ...odifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 277 Console config ip igmp snooping querier 4 281 Console config ip igmp snooping query count 10 4 281 Console config ip igmp snooping query interval 100 4 282 Console config ip igmp snooping query max response time 20 4 283 Console config ip igmp snooping router port time 300 4 284 ...

Page 261: ...e on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping...

Page 262: ... switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attac...

Page 263: ...within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to pro...

Page 264: ...entry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping and Query Parameters on page 3 202 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First a...

Page 265: ...ming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Unit Stack unit Range 1 8 Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the ...

Page 266: ...nfigure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Server Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notation you ...

Page 267: ... with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name13 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List13 Defines define a list of domain names that can be appended to incomplete host ...

Page 268: ...elect DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 3 98 DNS General Configuration ...

Page 269: ...evices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Console config ip domain name sample com 4 166 Console config ip domain list sample com uk 4 167 Con...

Page 270: ...characters IP Address Internet address es associated with a host name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 3 99 DNS Static Host Table ...

Page 271: ...ntry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip host r...

Page 272: ...ME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POINTER TO ...

Page 273: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 274: ... address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to which you are at...

Page 275: ...net command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status ethernet 1 5 show interfaces and...

Page 276: ... CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the logging history example typing log foll...

Page 277: ...formation lacp LACP statistics line TTY line information log Login records logging Login setting mac MAC access list mac address table Configuration of the address table management Management IP filter map Maps priority marking Configuration for packet marking port Port characteristics protocol vlan Protocol VLAN information public key Public key information pvlan Private VLAN information queue Pr...

Page 278: ...m messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and t...

Page 279: ...n you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session w...

Page 280: ...ning config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed dup...

Page 281: ...er the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console config line 4 13 Access Control List access list ip standard access list ip extended access list ip mask precedence access list mac...

Page 282: ...le config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats curren...

Page 283: ...also configures port security and IEEE 802 1X port access control 4 91 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 114 SNMP Activates authentication failure traps configures community access strings and trap managers also configures IP address filtering 4 146 Interfac...

Page 284: ...gures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs and protocol VLANs 4 235 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 254 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each pri...

Page 285: ...Sets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19 silent time These commands only apply to the serial port Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by th...

Page 286: ...net Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 24 show use...

Page 287: ... by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respective...

Page 288: ...nection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility...

Page 289: ...ault Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Exa...

Page 290: ...tting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To s...

Page 291: ...s Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections Exa...

Page 292: ...e console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 19 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value...

Page 293: ...data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 21 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Con...

Page 294: ... speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If y...

Page 295: ... bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Console config line speed 57600 Console config line Console config...

Page 296: ...disconnect an SSH or Telnet connection Example Related Commands show ssh 4 54 show users 4 81 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Console disconnect 1 Console ...

Page 297: ...onsole Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuration mode PE 4 27 show history Shows the command history buffer NE PE 4 28 reload Restarts the system PE 4 29 end Returns to Privileged Exec mode any config mode 4 29 exit Returns to the previous config...

Page 298: ...ls 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 36 The character is appended to the end of the prompt to indicate that the system is in p...

Page 299: ...r is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 26 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configura...

Page 300: ...xec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 301: ...This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end This...

Page 302: ...tion mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Co...

Page 303: ... Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 32 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a web browser 4 39 Telnet Server Enables managemen...

Page 304: ...lays system configuration active managers and version information 4 76 Frame Size Enables support for jumbo frames 4 82 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 32 hostname Specifies the host name for the switch GC 4 33 snmp server contact Sets the system contact string GC 4 150 snmp server location Sets the system lo...

Page 305: ...nfiguration Example switch renumber This command resets the switch unit identification numbers in the stack All stack members are numbered sequentially starting from the top unit for a non loop stack or starting from the Master unit for a looped stack Syntax switch all renumber Default Setting For non loop stacking the top unit is unit 1 For loop stacking the master unit is unit 1 Command Mode Glo...

Page 306: ...uired or specifies or changes a user s access level Use the no form to remove a user name Syntax username name access level level no password password 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopasswor...

Page 307: ...required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user Table 4 10 Default Login Settings username access...

Page 308: ...vilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 4 26 The encrypted password is required for c...

Page 309: ...dds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting address of a range end address The end address of a range Default Setting All addresses Command Mode Global Configuration Table 4 11 IP Filter Comma...

Page 310: ...not delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This example restricts management access to the indicated addresses show management This command displays the client IP addresses that are allowed manag...

Page 311: ...1 19 2 192 168 1 25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Command Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 40 ip http server Allows the switch to be monitored or configured from a browser GC 4 40 ip http secure server Enables HTTP...

Page 312: ...e TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 40 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http po...

Page 313: ... Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital cer...

Page 314: ... secure port 4 42 copy tftp https certificate 4 84 ip http secure port This command specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Table 4 13 HTTPS System Support Web Browser Operating System I...

Page 315: ...t_number Example Related Commands ip http secure server 4 41 Telnet Server Commands ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Console config ip http secure port 1000 Console config Table 4 14 Telnet Server Commands Command Function Mode Page ip telnet server Allows the switch to be ...

Page 316: ...r interface Range 1 65535 Default Setting 23 Command Mode Global Configuration Example Secure Shell Commands The Berkley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implemented for Microsoft Windows and other environments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure f...

Page 317: ...need to install an SSH client on the management station when using this protocol to configure the switch Note The switch supports both SSH Version 1 5 and 2 0 Table 4 15 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4 48 ip ssh timeout Specifies the authentication timeout for the SSH server GC 4 49 ip ssh authentication retries Specifies the...

Page 318: ...se steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it A...

Page 319: ...641921872958921143173880 055536161631051775940838686311092912322268285192543746031009371877211996963178 136627741416898513204911720483033925432410163799759237144901193800609025394840 848271781943722884025331159521348610229029789827213532671316294325328189150453 06393916643 steve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number...

Page 320: ...e known host file However you do not need to configure the client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four client sessions The maximum number of client sessions includes both current T...

Page 321: ... 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 18 show ip ssh 4 54 Console ip ...

Page 322: ...n attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 54 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Default Sett...

Page 323: ...of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both th...

Page 324: ...manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 4 52 ip ssh save host key 4 53 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type...

Page 325: ...ted Commands ip ssh crypto host key generate 4 51 ip ssh save host key 4 53 no ip ssh server 4 48 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 51 Console ip ssh c...

Page 326: ...n 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 4 16 show ssh display description Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authenticatio...

Page 327: ...e client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 160...

Page 328: ...955667825956641048695742788814620651941746772984865468615717 739390164779355942303577413098022737087794545240839717526463580581767167095748 04776117 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjwbvwrN LaQ77isiwAAAIEAsy5YW...

Page 329: ...history command to control the type of error messages that are stored Example Related Commands logging history 4 58 clear log 4 62 logging facility Sets the facility type for remote logging of syslog messages GC 4 60 logging trap Limits syslog messages saved to a remote server based on severity GC 4 61 clear log Clears messages from the logging buffer PE 4 62 show logging Displays the state of log...

Page 330: ...he selected level down to level 0 Range 0 7 Default Setting Flash errors level 3 0 RAM warnings level 7 0 Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g return false unexpected return 3 errors Error conditions e ...

Page 331: ...l receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage By using this command more than once you can build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example Console config logging...

Page 332: ...og server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding datab...

Page 333: ... logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 58 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also en...

Page 334: ...show log 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power ...

Page 335: ...RAM level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logg...

Page 336: ...w logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sysl...

Page 337: ...notification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4 66 logging sendmail level Sets the severity threshold used to trigger alert messages GC 4 67 logging sendmail source email Sets the email address used for From field of alert messages GC 4 67 loggi...

Page 338: ...and to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in t...

Page 339: ...icates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging sendmail s...

Page 340: ...of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example...

Page 341: ...ration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabl...

Page 342: ...ervers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 70 sntp server Specifies one or more time servers GC 4 70 sntp poll Sets the interval at which the client polls fo...

Page 343: ...Related Commands sntp client 4 70 sntp poll 4 72 show sntp 4 73 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Console config sntp server 10 1 0 ...

Page 344: ...on the interval set via the sntp poll command Example Related Commands Related Commands 4 71 sntp poll 4 72 show sntp 4 73 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 se...

Page 345: ...xample clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 1 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC afte...

Page 346: ... after of UTC Example Related Commands show sntp 4 73 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of mont...

Page 347: ...mple shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar set 15 12 34 1 February 2002 Console Console show calendar 15 12 34 February 1 2002 Console ...

Page 348: ...eparated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Table 4 23 System Status Commands Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 76 show running config Displays the configura...

Page 349: ...unning config 4 77 show running config This command displays the configuration information currently in use Default Setting None Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server commu...

Page 350: ...s Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for the...

Page 351: ...0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c7...

Page 352: ...SMC8748M SMC8724M System OID string 1 3 6 1 4 1 202 20 42 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC address unit1 00 30 F1 DF 9C A0 Web server enable Web server port 80 Web secure server enable Web secure server port 443 Telnet server enable Telnet server port 23 Jumbo Frame Disabled POST result DUMM...

Page 353: ... i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Page 354: ...or jumbo frames Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number A429048179 Hardware version R01 EPLD version 15 15 Number of ports 48 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 1 0 1 3 Boot ROM version 1 0 1 4 Operation code version 1 0 0 4 Console Table 4 24 Frame Size Command...

Page 355: ...tination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast ...

Page 356: ... config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you...

Page 357: ...ch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must...

Page 358: ...e file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write t...

Page 359: ...iguration file or image name unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public key type 1 RSA 2 DSA 1 2 1 S...

Page 360: ...ax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on this file cannot be shown unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec ...

Page 361: ...hboot unit unit Stack unit Range 1 8 Default Setting None Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir file name file type startup size byte Unit1 diag_0060 Boot Rom image Y 111...

Page 362: ...pe of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the d...

Page 363: ...ommand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 91 RADIUS Client Configures settings for authentication via a RADIUS server 4 94 TACACS Client Configures settings for authentication via a TACACS server 4 98 Port Security Configures secure addresses for a port 4 101 Port Authentication Configures host authentication on specific ports using 802...

Page 364: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command t...

Page 365: ...IUS server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body o...

Page 366: ...entication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands Co...

Page 367: ...s of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authentica...

Page 368: ...65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode G...

Page 369: ... 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 6553...

Page 370: ...at uses software running on a central server to control access to TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration ...

Page 371: ...r Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 99 tacacs server port Specifies the TACACS server network port GC 4 100 tacacs server key Sets the TACACS encryption key GC 4 100 show tacacs server Shows the current TACACS settings GC 4 101 Console config tacacs s...

Page 372: ...1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mo...

Page 373: ...ready stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabli...

Page 374: ...ake when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Table...

Page 375: ...set the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled usin...

Page 376: ...t identity packet to the client before it times out the authentication session IC 4 106 dot1x port control Sets dot1x mode for a port interface IC 4 106 dot1x operation mode Allows single or multiple hosts on a dot1x port IC 4 107 dot1x re authenticate Forces re authentication on specific ports PE 4 108 dot1x re authentication Enables re authentication for all ports IC 4 108 dot1x timeout quiet pe...

Page 377: ...t Syntax no dot1x system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default values Syntax dot1x default Command Mode Global Configuration Example Console config dot1x system auth control Console config Console config dot1x default Console config ...

Page 378: ...control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients eithe...

Page 379: ...ost max count count no dot1x operation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max coun...

Page 380: ... on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Con...

Page 381: ... seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Console config interface eth 1 2 Console config if dot1x...

Page 382: ... period seconds The number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port Console config interface eth 1 2 Console config if dot1x timeout re authper...

Page 383: ...eters for each interface including the following items reauth enabled Periodic re authentication page 4 108 reauth period Time after which a connected client must be re authenticated page 4 109 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 109 tx period Time a port waits during authentication session before re transmitting EAP p...

Page 384: ...ng initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Ide...

Page 385: ...ost Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Rea...

Page 386: ...ch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters ...

Page 387: ...you can bind it to a port or set the queue or frame priorities associated with the rule The switch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail Egress MAC ACLs only work for destination mac known packets not for multi...

Page 388: ...Groups Function Page IP ACLs Configure ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 116 MAC ACLs Configure ACLs based on hardware addresses packet format and Ethernet type 4 133 ACL Information Display ACLs and associated rules shows ACLs assigned to each port 4 144 Table 4 34 IP ACL Commands Command Function Mode Page access list ip Creates an IP ACL and ent...

Page 389: ...ntrol masks GC 4 123 mask Sets a precedence mask for the ACL rules IP Mask 4 124 show access list ip mask precedence Shows the ingress or egress rule masks for IP ACLs PE 4 127 ip access group Adds a port to an IP ACL IC 4 128 show ip access group Shows port assignments for IP ACLs PE 4 128 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 1...

Page 390: ...ext of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 118 ip access group 4 128 show ip access list 4 122 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source a...

Page 391: ...indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Related Commands access list ip 4 117 Console ...

Page 392: ... source port sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precedence level Range 0 7 tos Type of Service leve...

Page 393: ...pecify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn S...

Page 394: ...92 168 1 0 with the TCP control code set to SYN Related Commands access list ip 4 117 show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Console config ext acl perm...

Page 395: ... Global Configuration Command Usage A mask can only be used by all ingress ACLs or all egress ACLs The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or se...

Page 396: ...address will be matched host The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the protocol destin...

Page 397: ...f precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host ...

Page 398: ...sole config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list A3 ...

Page 399: ...fig access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask...

Page 400: ...st applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a...

Page 401: ... rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Console config int eth 1 25 Console config if ip access group standard da...

Page 402: ...xample Related Commands queue cos map 4 263 show map access list ip 4 130 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 Table 4 35 Egress Que...

Page 403: ... priority set tos tos_value set dscp dscp_value no match access list ip acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority tos_value IP Precedence value Range 0 7 dscp_value Differentiated Services Code Point value Range 0 63 Default Setting None Command Mode Interface Configuration Ethe...

Page 404: ... To specify the DSCP priority use the set dscp keywords Note that the IP frame header can include either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Example Related Commands show marking 4 132 show marking This command displays the current configuration for packet marking Command Mode Privileg...

Page 405: ...ecedence mask for the ACL rules MAC Mask 4 138 show access list mac mask precedence Shows the ingress or egress rule masks for MAC ACLs PE 4 140 mac access group Adds a port to a MAC ACL IC 4 141 show mac access group Shows port assignments for MAC ACLs PE 4 141 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 142 show map access list mac ...

Page 406: ... must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related ...

Page 407: ...vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source ad...

Page 408: ...of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands acce...

Page 409: ...41 access list mac mask precedence This command accesses MAC Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mode Global Configuration Console sho...

Page 410: ...fines a mask for MAC ACLs This mask defines the fields to check in the packet header Use the no form to remove a mask Syntax no mask pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype bitmask pktformat Check the packet format field If this keyword must be used in the mask the packet format must be specified in ACL rule to match any Any address will b...

Page 411: ...ress MAC ACL and bind it to a port You can then see that the order of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit any any Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 Console config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vi...

Page 412: ...ype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config if m...

Page 413: ...Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show mac access list 4 137 show mac access group This command shows the por...

Page 414: ...ess list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a rule within the specified ACL is mapped to one of the output queues as shown below Console show mac access...

Page 415: ...the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Example Related Commands map access list mac 4 142 Console config int eth 1 5 Console config if map access list mac M5 cos 0 Console config if Console show map access list mac Access list to CO...

Page 416: ...of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Related Commands show marking 4 132 ACL Information Console config interface ethernet 1 12 Console config if match access list mac a se...

Page 417: ...e Example Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 0 0 15 255 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access li...

Page 418: ...s to these groups along with their specific authentication and privacy passwords Table 4 39 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 147 show snmp Displays the status of SNMP communications NE PE 4 148 snmp server community Sets up the community access string to permit access to SNMP commands GC 4 149 snmp server contact Sets the system contact string GC 4 1...

Page 419: ... Setting Enabled Command Mode Global Configuration Example snmp server group Adds an SNMP group mapping users to views GC 4 158 show snmp group Shows the SNMP groups PE 4 159 snmp server user Adds a user to an SNMP group GC 4 161 show snmp user Shows the SNMP users PE 4 162 Console config snmp server Console config Table 4 39 SNMP Commands Continued Command Function Mode Page ...

Page 420: ... Example Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 ...

Page 421: ...ensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized managem...

Page 422: ...tion Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 150 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Sett...

Page 423: ...5 trap destination IP address entries community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies wh...

Page 424: ... for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP Version 1 2c or 3 notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is t...

Page 425: ...r an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that...

Page 426: ... ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engine is an independent SNMP agent that resides on this switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets Tra...

Page 427: ...hows the SNMP engine ID Command Mode Privileged Exec Example This example shows the default engine ID Console config snmp server engine id local 12345 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Console Table 4 40 show snmp engine id display description Field Description Local SNMP engineID String identifying the engine ID Loca...

Page 428: ...es an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includ...

Page 429: ...ole show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type permanent Row Status active Console Table 4 41 show snmp view display description Field Description View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included...

Page 430: ...ntication and privacy readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters Default Setting Default groups Default groups public15 read only private16 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is defined Command Mode Global Configuration Command Usage A group sets the access policy ...

Page 431: ...p group Four default groups are provided SNMPv1 read only access and read write access and SNMPv2c read only access and read write access Command Mode Privileged Exec Console config snmp server group r d v3 auth write daily Console config ...

Page 432: ...el v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active console Table 4 42 ...

Page 433: ... 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with privacy with DES56 encryption priv password Privacy password Enter as...

Page 434: ...s command shows information on SNMP users Command Mode Privileged Exec Example Console config snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config Console show snmp user EngineId 800000ca030030f1df9ca00000 User Name steve Authentication Protocol md5 Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 43 show snmp user display desc...

Page 435: ... The storage type for this entry Row Status The row status of this entry Table 4 44 DNS Commands Command Function Mode Page ip host Creates a static host name to address mapping GC 4 164 clear host Deletes entries from the host name to address table PE 4 165 ip domain name Defines a default domain name for incomplete host names GC 4 166 ip domain list Defines a list of default domain names for inc...

Page 436: ...ntries Command Mode Global Configuration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device show dns Displays the configuration for DNS services PE 4 171 show ...

Page 437: ...e of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table Console config ip host rd5 192 168 1 55 10 1 0 55 Console config end Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias Console Console config clear host Console config ...

Page 438: ...name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Example Related Commands ip domain list 4 167 ip name server 4 168 ip domain lookup 4 169 Console config ip domain name sample com Console config end Console show dns Domain Lookup Status DNS disab...

Page 439: ...st name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS server on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a ma...

Page 440: ...dress6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Console config ip domain list sample com jp Console conf...

Page 441: ...tax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Console config ip name server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain Name L...

Page 442: ...leged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show hosts Hostname rd5 ...

Page 443: ...mple com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten accton com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CN...

Page 444: ... therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear dns cache Console ...

Page 445: ...tion of a given interface IC 4 176 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 177 flowcontrol Enables flow control on a given interface IC 4 178 media type Force port type selected for combination ports IC 4 179 shutdown Disables an interface IC 4 180 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 181 clear ...

Page 446: ...8 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interf...

Page 447: ...ll duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 1000full for Gigabit Ethernet ports Command Mode Interface Configuration Ethernet Port Channel Command Usage To force ope...

Page 448: ... for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the spee...

Page 449: ...n 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asym...

Page 450: ...peed duplex 4 175 flowcontrol 4 178 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled bac...

Page 451: ... pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands negotiation 4 176 capabilities flowcontrol symmetric 4 177 media type This command forces the port type selected for combination ports 21 24 45 48 Use the no form to restore the default mode Syntax media type mode no media type ...

Page 452: ...terfaces are enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 21 Console config ...

Page 453: ...limit 500 packets per second Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all ports on the switch Example The following shows how to configure broadcast s...

Page 454: ...ng None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statis...

Page 455: ...Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 102 ...

Page 456: ...s ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled Port security Disabled Max MAC count 0 Port security action None Media type None Current statu...

Page 457: ...064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 227208 Packets 3338 ...

Page 458: ...ec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership ...

Page 459: ...bership mode as Trunk or Hybrid page 4 240 Ingress rule Shows if ingress filtering is enabled or disabled page 4 242 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 241 Native VLAN Indicates the default Port VLAN ID page 4 243 Priority for untagged traffic Indicates the default priority for untagged frames page 4 259 GVRP status Shows if GARP VL...

Page 460: ...ort unit Stack unit Range 1 8 port Port number Range 1 24 48 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 4 47 Mirror Port Commands Command Func...

Page 461: ...s must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Range 1 8 port Po...

Page 462: ... of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Cons...

Page 463: ...form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate output Output rate rate Maximum value in Mbps Range 1 to 1000 Mbps Default Setting 1000 Mbps Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 464: ...perating at full duplex Table 4 49 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode for the trunk GC 4 174 channel group Adds a port to a trunk IC Ethernet 4 194 Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet 4 194 lacp system priority Config...

Page 465: ...channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channe...

Page 466: ...tic trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it Syntax n...

Page 467: ...n A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active lin...

Page 468: ...11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A4 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control Disabled Port secu...

Page 469: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 470: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side ...

Page 471: ... Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inte...

Page 472: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side...

Page 473: ...messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Channel group 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker ...

Page 474: ...s group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp internal Channel group 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key ...

Page 475: ...administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggre...

Page 476: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partn...

Page 477: ...8 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4 73 A0 9 32768 00 30 F1 D4 73 A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 53 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system pri...

Page 478: ...lan vlan id mac address MAC address interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 Table 4 54 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 206 clear mac address table dynamic Removes any learned entries from the forwardi...

Page 479: ...s table when a given interface link is down Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example clear mac address table dynamic This...

Page 480: ...Sort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers represe...

Page 481: ...ng time Syntax mac address table aging time seconds no mac address table aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 00 00 00 00 17 1 L...

Page 482: ...ng Tree Commands Command Function Mode Page spanning tree Enables the spanning tree protocol GC 4 212 spanning tree mode Configures STP RSTP or MSTP mode GC 4 213 spanning tree forward time Configures the spanning tree bridge forward time GC 4 214 spanning tree hello time Configures the spanning tree bridge hello time GC 4 215 spanning tree max age Configures the spanning tree bridge maximum age G...

Page 483: ...ree for an interface IC 4 224 spanning tree cost Configures the spanning tree path cost of an interface IC 4 225 spanning tree port priority Configures the spanning tree priority of an interface IC 4 226 spanning tree edge port Enables fast forwarding for edge ports IC 4 226 spanning tree portfast Sets an interface to fast forwarding IC 4 227 spanning tree link type Configures the link type for RS...

Page 484: ...compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch show spanning tree Shows spanning tree configuration for the common spanning tree i e overall bridge a s...

Page 485: ...tes one spanning tree instance for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incomi...

Page 486: ...LAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This command configures the spanning tree bridge forward time global...

Page 487: ...ry data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Global Configuration...

Page 488: ... Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes...

Page 489: ...y is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost method This command configures the path cost method used for Rapid Spanning Tree and Multiple Spanning Tree Use the n...

Page 490: ... 226 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RSTP MSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command li...

Page 491: ... Commands mst vlan 4 219 mst priority 4 221 name 4 222 revision 4 222 max hops 4 223 mst vlan This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 4094 vlan range Range of VLANs Range 1 ...

Page 492: ...led instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up to 58 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region page 4 222 with the same set of instances and the same ins...

Page 493: ...960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device with the lowest MAC address will then become the roo...

Page 494: ... 222 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision 4 222 revision This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to ...

Page 495: ... one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands name 4 222 max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default Syntax max hops hop number hop number Maximum hop number for multiple spanning tree Range 1 40 Default Setting 20 Command Mode...

Page 496: ...before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Setting Enabled Command Mode Interface Configuration Ethernet Port...

Page 497: ...00 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports wi...

Page 498: ...ority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 225 spannin...

Page 499: ...of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device This command has the same effect as the spanning tree portfast Example R...

Page 500: ...g should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future software versions Example Related Commands spanning tree edge port 4 226 spanning tree link type This com...

Page 501: ...tween two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restriction applies Example spanning tree mst cost This command configures the path cost on a spanning instance in the Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id cost cost no spanning tree mst instance_id cost instance_id ...

Page 502: ...trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage Each spanning tree instance is associated with a unique set of VLAN IDs This command is used by the multiple spanning tree algorithm to determine the best path between devices Therefore lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slower media...

Page 503: ...ault Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one interface is assig...

Page 504: ...el id Range 1 32 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected ...

Page 505: ...ge Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning ...

Page 506: ... Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 0...

Page 507: ...tagging is used and enable automatic VLAN registration for the selected interface Console show spanning tree mst configuration Mstp Configuration Information Configuration name XSTP REGION 0 Revision level 0 Instance Vlans 1 2 Console Table 4 56 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 236 Configuring VLAN Interfaces Configur...

Page 508: ...membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Configuring Private VLANs Configures private VLANs including uplink and downlink ports 4 247 Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol 4 247 Table 4...

Page 509: ... name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN ...

Page 510: ...4 239 switchport mode Configures VLAN membership mode for an interface IC 4 240 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 241 switchport ingress filtering Enables ingress filtering on an interface IC 4 242 switchport native vlan Configures the PVID native VLAN of an interface IC 4 243 switchport allowed vlan Configures the VLANs associated with an...

Page 511: ...d vlan id ID of the configured VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Related Commands shutdown 4 180 Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if ...

Page 512: ...nging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and the...

Page 513: ... The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 240 Console con...

Page 514: ...hich it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames su...

Page 515: ...is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering th...

Page 516: ...ntagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when addi...

Page 517: ...f VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN f...

Page 518: ...followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 59 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 246 show interfaces status vlan Displays ...

Page 519: ...t no pvlan up link Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 ...

Page 520: ... without any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables the private VLAN and then sets port 24 as the uplink and ports 5 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 24 down link ethernet 1 5 8 Console...

Page 521: ... by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 237 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protocol v...

Page 522: ...rotocol group Range 1 2147483647 frame17 Frame type used by this protocol Options ethernet rfc_1042 llc_other protocol Protocol type The only option for the llc_other frame type is ipx_raw The options for all other frames types include ip arp rarp Default Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Etherne...

Page 523: ...rface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 4 237 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the follo...

Page 524: ...ntax show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 2 Console config if Console show protocol vlan ...

Page 525: ...hernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID V...

Page 526: ...or the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 62 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 254 show bridge ext Shows the global bridge extension configuration PE 4 255 switchport gvrp Enables GVRP for an interface IC 4 256 switchport forbidden vlan Configures forbi...

Page 527: ...ion for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 4 168 and Displaying Bridge Extension Capabilities on page 4 16 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast ...

Page 528: ... GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console sho...

Page 529: ... Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP...

Page 530: ...8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 257 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds...

Page 531: ... be transmitted before those in the lower priority queues You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues Table 4 63 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware ...

Page 532: ... 12 14 for queues 0 7 respectively Table 4 64 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 260 switchport priority default Sets a port priority for incoming untagged frames IC 4 260 queue bandwidth Assigns round robin weights to the priority queues GC 4 262 queue cos map Assigns class of service values to th...

Page 533: ... This prevents the head of line blocking that can occur with strict priority queuing Example The following example sets the queue mode to strict priority service mode switchport priority default This command sets a priority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority...

Page 534: ...default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priority tags will be placed in queue 0 of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Exampl...

Page 535: ...ueue cos map This command assigns class of service CoS values to the priority queues i e hardware output queues 0 7 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The ID of the priority queue Ranges are 0 to 7 where 7 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separate...

Page 536: ... at the ingress port are also used at the egress port This command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 4 266 Table 4 65 Default CoS Priority Levels Queue 0 1 2 3 4 5 6 7 Priority 2 0 1 3 4 5 6 7 Console config interface ethernet 1 1 Console config if queue cos map ...

Page 537: ...mple show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Command Mode Privileged Exec Example Console sh queue mode Queue mode strict Console Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 ...

Page 538: ...s map interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console ...

Page 539: ...ce mapping GC 4 271 map ip dscp Maps IP DSCP value to a class of service IC 4 272 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 129 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 142 show map ip port Shows the IP port map PE 4 273 show map ip precedence Shows the IP precedence ...

Page 540: ...s IP Port IP Precedence or IP DSCP and default switchport priority Example The following example shows how to enable TCP UDP port mapping globally map ip port Interface Configuration Use this command to set IP port priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port n...

Page 541: ...l Configuration This command enables IP precedence mapping i e IP Type of Service Use the no form to disable IP precedence mapping Syntax no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of...

Page 542: ...ting The list below shows the default priority mapping Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently ...

Page 543: ... Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally Console config interface ethernet 1...

Page 544: ...SCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eig...

Page 545: ...number Range 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Commands map ip port Global Configuration 4 268 map ip port Interface Configuration 4 268 Console config interface ethernet 1 5 Console config if map ip dscp 1 cos 0 Console config if Console show map ip port ...

Page 546: ...ange 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Related Commands map ip precedence Global Configuration 4 269 map ip precedence Interface Configuration 4 270 Console show map ip precedence ethernet 1 5 Precedence mapping status enabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Et...

Page 547: ...umber Range 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 271 map ip dscp Interface Configuration 4 272 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 548: ...icast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 276 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 280 Static Multicast Routing Configures static multicast router ports 4 285 Table 4 70 IGMP Snooping Commands Command Function Mode Page ip i...

Page 549: ...es IGMP snooping ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setti...

Page 550: ...ing IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures t...

Page 551: ...ration show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Console show ip igmp snooping Service status Enabled Querier status Disable...

Page 552: ...ng VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 71 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 281 ip igmp snooping query count Configures the query count GC 4 281 ip igmp snooping query interval Configures the query interval GC 4 282 ip igmp snooping query max resp...

Page 553: ...le for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast g...

Page 554: ...ample The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 283 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Ra...

Page 555: ...command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the...

Page 556: ...er the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snoopin...

Page 557: ... No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the curren...

Page 558: ...an vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip igm...

Page 559: ...nt stations or other devices that exist on another network segment Basic IP Configuration Table 4 73 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 288 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 289 ip default gateway Defines the default gateway through which this switch can reach other subnetworks GC 4 289 show ip in...

Page 560: ...y configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been received Requests will be broadc...

Page 561: ...CP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address pro...

Page 562: ...P address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restar...

Page 563: ...d shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain 4 289 Console show ip interface IP address and netmask 192 168 1 54 255 255 255 0 on VLAN 1 and address mode User ...

Page 564: ...Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in te...

Page 565: ... 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console ...

Page 566: ...COMMAND LINE INTERFACE 4 294 ...

Page 567: ...tion 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX 1000 Mbps at full duplex SFP 1000BASE ZX 1000 Mbps at full duplex SFP Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configure...

Page 568: ... learning private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote M...

Page 569: ...N IEEE 802 1v Protocol based VLANs IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 3ad Link Aggregation Control Protocol ARP RFC 826 DHCP Client ...

Page 570: ...IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP framework MIB RFC 2571 SNMP MPD MIB RFC 2572 SNMP Target MIB SNMP Notification ...

Page 571: ...SOFTWARE SPECIFICATIONS A 5 Trap RFC 1215 UDP MIB RFC 2012 ...

Page 572: ...SOFTWARE SPECIFICATIONS A 6 ...

Page 573: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 574: ...p an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and the baud rate ...

Page 575: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 576: ...TROUBLESHOOTING B 4 ...

Page 577: ...ervice to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of...

Page 578: ...automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registrati...

Page 579: ...based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame...

Page 580: ...mbership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control pack...

Page 581: ...d or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio Out of Band Management Management of the network...

Page 582: ...o RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older...

Page 583: ...icated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network Telnet Defines a re...

Page 584: ... targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same...

Page 585: ... 3 199 4 271 IP port priority 3 197 4 268 IP precedence 3 193 4 269 layer 3 4 priorities 3 192 4 267 queue mapping 3 188 4 263 queue mode 3 190 4 260 traffic class weights 3 191 4 262 D default gateway configuration 3 19 4 290 default priority ingress port 3 186 4 261 default settings system 1 7 DHCP 3 20 4 288 client 3 18 4 163 dynamic configuration 2 11 Differentiated Code Point Service See DSCP...

Page 586: ...ng 3 202 4 277 snooping configuring 3 202 4 276 ingress filtering 3 177 4 242 IP address BOOTP DHCP 3 20 4 288 setting 2 10 3 18 4 288 IP port priority enabling 3 197 4 268 mapping priorities 3 197 4 268 IP precedence enabling 3 193 4 269 mapping priorities 3 193 4 270 J jumbo frame 4 82 L link type STA 3 152 3 155 4 228 logging syslog traps 4 61 to syslog servers 4 59 log in Web interface 3 3 log...

Page 587: ...79 speed 3 105 4 175 ports configuring 3 102 4 173 ports mirroring 3 125 4 188 priority default port ingress 3 186 4 261 problems troubleshooting B 1 protocol migration 3 155 4 232 Q queue weights 3 191 4 262 R RADIUS logon authentication 4 94 rate limits setting 3 126 4 190 remote logging 4 61 restarting the system 3 41 4 29 RSTP 3 138 4 213 global configuration 3 140 4 213 S secure shell 3 67 4 ...

Page 588: ...rver 3 23 4 84 T TACACS logon authentication 3 61 4 98 time setting 3 42 4 70 traffic class weights 3 191 4 262 trap manager 2 14 3 48 4 151 troubleshooting B 1 trunk configuration 3 107 4 192 LACP 3 111 4 194 static 3 109 4 194 U upgrading software 3 23 4 84 user password 3 59 4 34 4 36 V VLANs 3 164 3 181 4 235 4 248 adding static members 3 173 3 175 4 244 creating 3 171 4 237 description 3 164 ...

Page 589: ......

Page 590: ...41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 6235 49...

Page 591: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 ...

Page 592: ... 8 ...

Reviews:

No comments

Related manuals for 8700S-130

Brand: TAMS Pages: 28

Brand: D-Link Pages: 2

Brand: Woxcon Pages: 42

pro-trim PT1000

Brand: Seastar Solutions Pages: 2

Brand: Voith Pages: 98

Brand: Rackmount Pages: 16

Brand: UNIARCH Pages: 6

Brand: Lindy Pages: 16

Brand: Advantech Pages: 209

Brand: H-Tronic Pages: 20

Brand: TP-Link Pages: 2

Brand: H-Tronic Pages: 36

Brand: Woodward Pages: 20

MXV-0408-H2A v2

Brand: Wyrestorm Pages: 4

NetVanta 1560-48

Brand: ADTRAN Pages: 8

Brand: Rukra Pages: 3

Brand: Epson Pages: 2

Brand: Abtus Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands